First Release Candidate of PowerDNS Recursor 4.9.0

Jun 15, 2023

We are proud to announce the first release candidate of PowerDNS Recursor 4.9.0.

Compared to the previous major (4.8) release of PowerDNS Recursor, this release contains the following major changes:

  • The performance impact of metrics collection has been reduced by using lock-free non-atomic thread-local counters.
  • The packet cache is sharded and shared by all threads.
  • The TTL of negative answers in the packet cache can now be controlled separately from positive and failure answers.
  • The rec_control trace_regex command writes the generated trace information to a specified file instead of the general log. The trace information contains more precise timestamps and DNSSEC validation information.
  • If extended-resolution-errors is enabled EDNS errors are now generated in more cases, specifically when authoritative servers for a zone are unreachable or when synthesising answers by e.g. using the aggressive NSEC cache.
  • The aggressive NSEC cache has been changed not to store NSEC3 entries which cover only a small fraction of possible names. This also allows switching off the aggressive cache for NSEC3 only.
  • It is now possible to switch off root-refreshing completely.
  • Proper handling of security policies that restrict the use of specific DNSSEC algorithms on RHEL9 derived systems.

Feedback is appreciated!

As a follow-up to the shared packet cache, the default way the recursor distributes requests over worker threads has now been changed to let the operating system kernel do that, by changing the defaults of pdns-distributes-queries to no and reuseport to yes. Though our testing has shown benefits to this approach, we have seen that in some rare cases (depending on OS and client traffic patterns) this can have negative consequences: the queries are not distributed equally over the worker threads. If you are running this pre-release, we would appreciate your feedback to be able to confirm the change of defaults benefits the vast majority of cases. Watch the periodic statistics printed by the recursor to see if the worker threads process about roughly amounts of queries. Especially if you see an imbalance, send us details about the OS, hardware and configuration.

As always, there are also many smaller bug fixes and improvements, please refer to the changelog for additional details. When upgrading do not forget to check the upgrade guide.

Please send us all feedback and issues you might have via the mailing list, or in case of a bug, via GitHub.

The tarball (signature) is available from our download server and packages for several distributions are available from our repository.

With the future final 4.9.0 release, the 4.6.x releases will be EOL and the 4.7.x and 4.8.x releases will go into critical fixes only mode. Consult the EOL policy for more details.

We would also like to mention that with the 4.5 release we stopped supporting systems using 32-bit time. This includes many 32-bit Linux platforms.

We are grateful to the PowerDNS community for the reporting of bugs, issues, feature requests, and especially to the submitters of fixes and implementations of features.


About the author

Otto Moerbeek

Otto Moerbeek

Senior Developer at PowerDNS


Related Articles

PowerDNS Recursor 5.1.0-beta1 Released

We are proud to announce the first beta release of PowerDNS Recursor 5.1.0!

Otto Moerbeek Jun 6, 2024

PowerDNS Recursor 5.0.6 Released

Today we have released PowerDNS Recursor 5.0.6. This release is a maintenance release. The most important change is that the...

Otto Moerbeek Jun 5, 2024

PowerDNS Authoritative Server 4.9.1

This is release 4.9.1 of the Authoritative Server. It contains a collection of small fixes. A detailed list of changes can...

Peter van Dijk May 28, 2024

PowerDNS Recursor 5.1.0-alpha1 Released

We are proud to announce the first alpha release of PowerDNS Recursor 5.1.0!

Otto Moerbeek May 15, 2024