We are proud to announce the first alpha release of PowerDNS Recursor 5.4.0!
Compared to the latest 5.3 release, this pre-release includes the following changes:
- DNS cookies are supported for outgoing connections to authoritative servers. This greatly reduces the effectiveness of (spoofing) attacks. This feature currently is disabled by default, but will be enabled by default in a future release.
- The server certificate associated with an outgoing DoT connection can optionally be validated.
- The emitting of OpenTelemetry trace data can is now controlled by conditions based on properties of the incoming query. The trace data itself is also more elaborate, enabling more insight in the resolving process.
- Queries using query type ANY from clients and to authoritative servers are now forced to use TCP by default.
As always, there are also many smaller bug fixes and improvements, please refer to the changelog for additional details. When upgrading do not forget to check the upgrade guide.
Please send us all feedback and issues you might have via the mailing list, or in case of a bug, via GitHub. In particular we would like to see feedback regarding the new DNS cookie support feature.
The tarball (signature) is available from our download server and packages for several distributions are available from our repository.
Older release trains are supported for one year after the following major release. Consult the EOL policy for more details.
We are grateful to the PowerDNS community for the reporting of bugs, issues, feature requests, and especially to the submitters of fixes and implementations of features.
