From 1204728ba88a150133bd5c56b865f2875510974c Mon Sep 17 00:00:00 2001 From: bert hubert Date: Thu, 17 Apr 2014 12:28:03 +0200 Subject: [PATCH] candidate 3.6 recursor release notes --- pdns/docs/pdns.xml | 180 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 180 insertions(+) diff --git a/pdns/docs/pdns.xml b/pdns/docs/pdns.xml index 58fdfe544e..f99c0486fc 100644 --- a/pdns/docs/pdns.xml +++ b/pdns/docs/pdns.xml @@ -93,6 +93,173 @@ Beyond PowerDNS 2.9.20, the Authoritative Server and Recursor are released separately. + PowerDNS Recursor version 3.6 + + + UNRELEASED + + + + New features: + + + + Lots of work on the JSON API, based on Aki Tuomi's 'yahttp'. Documentation & demo forthcoming. + + + + + Lua modules can now use 'pdnslog(INFO..'), as described in t1074, implemented in g674a305 + + + + + Adopt any-to-tcp feature to the recursor. Based on a patch by Winfried Angele. Closes t836, g56b4d21 and ge661a20. + + + + + g2c78bd5: implement built-in statistics dumper using the 'carbon' protocol, which is also understood by metronome (our mini-graphite). Use 'carbon-server', 'carbon-ourname' and 'carbon-interval' settings. + + + + + + New setting 'udp-truncation-threshold' to configure from how many bytes we should truncate. ga09a8ce. + + + + + Proper support for CHaos class for CHAOS TXT queries. gc86e1f2, addition for lua in gf94c53d, some warnings + in g438db54 however. + + + + + Added support for Lua scripts to drop queries w/o further processing. g0478c54. + + + + + Kevin Holly added qtype statistics to recursor and rec_control (get-qtypelist) (g79332bf) + + + + + Add support for include-files in configuration, also reload ACLs and zones defined in them (g829849d, g242b90e, g302df81). + + + + + + Paulo Anes contributed server-down-max-fails which helps combat Recursive DNS based amplification attacks. + Described in this post. Also comes with new metric 'failed-host-entries' in g406f46f. + + + + + + Improvements: + + + + To aid in limiting DoS attacks, when truncating a response, we actually truncate all the way + so only the question remains. Suggested in t1092, code in gadd935a. + + + + + Update to embedded PolarSSL, plus remove previous AES implementation and shift to PolarSSL (ge22d9b4, g990ad9a) + + + + + g92c0733 moves various Lua magic constants into an enum namespace. + + + + + set group and supplementary groups before chroot (g6ee50ce, t1198). + + + + + g4e9a20e: raise our socket buffer setting so it no longer generates a warning about lowering it. + + + + + SIGUSR2 turns on a 'trace' of all DNS traffic, a second SIGUSR2 now turns it off again. g4f217ce. + + + + + Various fixes for Lua 5.2. + + + + + g81859ba: No longer attempt to answer questions coming in from port 0, reply would not reach them anyhow. Thanks +to Niels Bakker and 'sid3windr' for insight & debugging. Closes t844. + + + + + gb1a2d6c: now, I'm not one to get OCD over things, but that log message about stats based on 1801 seconds got to + me. 1800 now. + + + + + Fixes: + + + + g2f22827: Fix statistics and stability when running with pdns-distributes-queries. + + + + + g6196f90: avoid merging old and new additional data, fixes an issue caused by weird (but proably legal) Akamai behaviour + + + + + g3a8a4d6: make sure we don't exceed the number of available filedescriptors for mthreads. Raises performance + in case of DoS. See this post for further details. + + + + + g7313fe6: implement indexed packet cache wiping for recursor, orders of magnitude faster. Important + when reloading all zones, which causes massive cache cleaning. + + + + + rec_control get-all would include 'cache-bytes' and 'packetcache-bytes', which were expensive operations, + too expensive for frequent polling. Removed in g8e42d27. + + + + + + All old workarounds for supporting Windows of the XP era have been removed. + + + + + Add (theoretical) support for 64 bit bigendian DNSSEC processing (g0c37420). + + + + + Fix issues on S390X based systems which have unsigned characters (g916a0fd) + + + + + PowerDNS Authoritative Server version 3.3.1 Version 3.3.1 of the PowerDNS Authoritative Server is a major upgrade if you are coming from 2.9.x. There are also some important changes if you are coming from 3.0, 3.1 or 3.2. Please refer to , , , and for important information on @@ -14536,6 +14703,19 @@ sql> insert into domainmetadata (domain_id, kind, content) values (6, 'TSIG-ALLO + + server-down-max-fails + server-down-throttle-time + + + If a server has not responded in any way this many times in a row, no longer send it any queries + for server-down-throttle-time seconds. Afterwards, we will try a new packet, and if that also + gets no response at all, we again throttle for server-down-throttle-time-seconds. Even a single + reponse packet will drop the block. Available and on by default since 3.6. + + + + server-id -- 2.47.2