Software Update: PowerDNS 2.9.7

PowerDNS is a pure DNS server with a database as back-end. The big advantage of this is that when you have to manage a large number of DNS entries, this can be done a lot easier. Version 2.9.7 was recently released and has the following release notes:

This is a sweeping release in the sense of cleanup. There are some new features but mostly a lot of cleanup going on. Hiding inside is the bind2backend, the next generation of the bind backend. A work in progress. Those of you with overlapping zones, as mentioned in the changelog of 2.9.6, are invited to check it out by replacing launch=bind by launch=bind2 and renaming all bind- parameters to bind2-. Be aware that if you run with many small zones, this backend is faster, but if you run with a few large ones, it is slower. This will improve.

Features:

• Mark Bergsma contributed query-local-address which allows the operator to select which source address to use. This is useful on servers with multiple source addresses and the operating system selecting an unintended one, leading to remotes denying access.
• PowerDNS can now perform AAAA additional processing optionally, turned on by setting do-ipv6-additional-processing. Thanks to Stephane Bortzmeyer for pointing out the need.
• Bind2backend, which is almost in compliance with the new IETF AXFR-clarify (some would say ‘redefinition’) draft.

  This backend is not ready for primetime but you may want to try it if you currently have overlapping zones and note problems. An overlapping zone would be having “ipv6.powerdns.com” and “powerdns.com” zones on one server.

Improvements:

• Zone2sql would happily try to read from a directory and not give a useful error about this.
• PowerDNS now reports the case where it can’t figure out any IP address of slave nameservers for a zone
• Removed receiver-threads setting which was experimental and in fact only made things worse.
• LDAP backend updates from its author Norbert Sendetzky. Reverse lookups should work now too.
• An error message about unparseable packets did not include the originating IP address (fixed by Mark Bergsma)
• PowerDNS can now be started via path resolution while running with a guardian. Suggested by Maurice Nonnekes.
• pdns_recursor moved to sbin (reported by Norbert Sendetzky)
• Retuned some logger errorlevels, a lot of master/slave chatter was logged as ‘Error’. Reported by Willem de Groot.

Bug fixed:

• zone2sql did not remove trailing dots in SOA records.
• ldapbackend did not include utility.hh which caused compilation problems on Solaris (reported by Remco Post)
• pdns_control could leave behind remnants in case PowerDNS was not running (reported by dG)
• Incoming AXFR did not work on Solaris and other big-endian systems (Willem de Groot helped debugging this long standing problem).
• Recursor could crash on convoluted CNAME loops. Thanks to Dan Faerch for delivering coredumps.
• Silly ‘wuh’ debugging output in zone2sql and bindbackend removed (spotted by Ivo van der Wijk)
• Recursor neglected to differentiate between negative cache of NXDOMAIN and NOERROR, leading to problems with IPv6 enabled Windows clients. Thanks to Stuart Walsh for reporting this and testing the fix.
• PowerDNS set the ‘aa’ bit on serving NS records in a zone for which it was authoritative. Most implementations drop the ‘aa’ bit in this case and Stephane Bortzmeyer informed us of this. PowerDNS now also drops the ‘aa’ bit in this case.
• The webserver tended to fail after prolonged operation on FreeBSD, this was due to an uninitialized timeout, other platforms were lucky. Thanks to GP de Boer for helping debug this.
• getAnswers() in dnspacket.cc could be forced to read bytes beyond the end of the packet, leading to crashes in the PowerDNS recursor. This is an ongoing project that needs more work. Reported by Dan Faerch, with a coredump proving the problem.

[break]The following downloads are ready:
Unix/Win32 GPL Sources
Linux Debian Static
Linux RPM Static (Generic RPM, Redhat 6.x and 7.x)