4.2.1
This release fixes several bugs and makes a few features more robust or intuitive. It also contains a few performance improvements for API users.
New Features
Add SLAVE-RENOTIFY zone metadata support
Add configurable timeout for inbound AXFR
Add CentOS 8 as builder target
gmysql backend, add an option to send the SSL capability flag
Improvements
API: reduce number of database connections
Register a few known RR types and remove an unknown one
bindbackend: use metadata for also-notifies as well
pdnsutil increase-serial: under SOA-EDIT=INCEPTION-EPOCH, bump as if it is EPOCH
API: optionally do not return dnssec info in domain list
Basic validation of $GENERATE parameters
Bug Fixes
LUA view: do not crash on empty IP list
API: Accept headers without spaces
Avoid database state-related SERVFAILs after a LUA error
Just before 4.2.0, some SQL-related fixes broke edit-zone and other features with the LMDB backend. This has been fixed now.
rfc2136, pdnsutil: somewhat improve duplicate record handling
4.2.0
Compared to the last release candidate, one more bug has been fixed.
The LMDB backend is incomplete in this version. Slaving zones works, loading zones with pdnsutil works, but more fine grained edits (using edit-zone, or the REST API) fail. We hope to fix this soon in a 4.2.x release.
For an overview of features new since 4.1.x, please see the 4.2.0 announcement blog post.
Bug Fixes
bind getAllDomains: ignore per-zone exceptions
PowerDNS Authoritative Server 4.1.0
===========================================================
- Improved performance: 400% speedup in some scenarios
- Crypto API: DNSSEC fully configurable via RESTful API
- Improved documentation
- Database related improvements
- Enhanced tooling
- Support for TCP Fast Open
- Support for non-local bind
- Support for Botan 2.x (and removal of support for Botan 1.10)
- Our packages now ship with PKCS #11 support.
- Recursor passthrough removal
Full changelog:
https://doc.powerdns.com/authoritative/changelog/4.1.html
PowerDNS Authoritative Server 4.0.5
===========================================================
Fixes
- Fix for missing check on API operations (CVE-2017-15091)
- Bindbackend: do not corrupt data supplied by other backends in
getAllDomains
- API: prevent sending nameservers list and zone-level NS in rrsets
- gpgsql: make statement names actually unique
- Fix remotebackend params
- Fix godbc query logging
- For create-slave-zone, actually add all slaves, and not only first n
times
- Fix a regression in axfr-rectify + test
- When making a netmask from a comboaddress, we neglected to zero the
port
- Fix libatomic detection on ppc64
- Catch DNSName exception in the Zoneparser
- Publish inactive KSK/CSK as CDNSKEY/CDS
- Handle AFSDB record separately due to record structure.
- Treat requestor's payload size lower than 512 as equal to 512
- Correctly purge entries from the caches after a transfer
- Handle a signing pipe worker dying with work still pending
- Ignore SOA-EDIT for PRESIGNED zones.
- Check return value for all getTSIGKey calls.
Improvements
- Fix ldap-strict autoptr feature, including a test
- mydnsbackend: Add getAllDomains
- Stubresolver: Use only recursor setting if given
- LuaWrapper: Allow embedded NULs in strings received from Lua
- sdig: Clarify that the ednssubnet option takes "subnet/mask"
- Tests: Ensure all required tools are available
- PowerDNS sdig does not truncate trailing bits of EDNS Client Subnet
mask
- LuaJIT 2.1: Lua fallback functionality no longer uses Lua namespace
- Add support for Botan 2.x
- Ship ldapbackend schema files in tarball
- Collection of schema changes
- Fix typo in two log messages
- Add help text on autodetecting systemd support
- Use a unique pointer for bind backend's d_of
- Fix some of the issues found by @jpmens
This is a security release fixing CVE-2015-5230.
Bug fixes:
- Avoid superfluous backend recycling
- Removal of dnsdist from the authoritative server distribution
- Add EDNS unknown version handling and tests EDNS unknown version handling
Improvements:
- Update YaHTTP to v0.1.7
- Make trailing/leading spaces stand out in pdnssec check_zone
- GCC 5.2 support and sync boost.m4 macro with upstream
- Log answer packets only if log-dns-details is enabled
pkgsrc changes:
- SQLite 2.x support no longer exists
- SQLite 3.x support cannot be compiled outside the main package because
of how symbols are distributed, so making it a compile time option
for net/powerdns now.
Too many changes since 2.9.22.5 (over 2 years ago), see the full changelog:
http://doc.powerdns.com/md/changelog/
Upgrade notes:
- PowerDNS 3.4 comes with a mandatory database schema upgrade coming from
any previous 3.x release.
- PowerDNS 3.1 introduces native SQLite3 support for storing key material for
DNSSEC in the bindbackend. With this change, support for bind+gsql-setups
('hybrid mode') has been dropped.
- PowerDNS 3.0 introduces full DNSSEC support which requires changes
to database schemas. By default, old non-DNSSEC schema is assumed.
Please see the docs on upgrading for particular steps that need to be taken:
http://doc.powerdns.com/md/authoritative/upgrading/
The PowerDNS nameserver is a modern, advanced and high performance
authoritative-only nameserver. It is written from scratch and conforms
to all the relevant DNS standards documents. PowerDNS is open source.
The PowerDNS nameserver utilizes a flexible backend architecture that
can access DNS information from any data source. This includes file
formats, BIND zone files, relational databases or LDAP directories.
This packages provides the PostgreSQL backend module.
The PowerDNS nameserver is a modern, advanced and high performance
authoritative-only nameserver. It is written from scratch and conforms
to all the relevant DNS standards documents. PowerDNS is open source.
The PowerDNS nameserver utilizes a flexible backend architecture that
can access DNS information from any data source. This includes file
formats, BIND zone files, relational databases or LDAP directories.
This packages provides the MySQL backend module.
