Software Update: PowerDNS Authoritative Server 4.0.3 / 3.4.11

PowerDNS is a dns server with a database as back-end, which makes it easy to manage a large number of dns entries. The developers have previously decided to release the two parts that make up PowerDNS, a recursor and an authoritative name server, so that a new version can be released more quickly and in a more targeted way, the developers say. The authoritative name server will only respond to a dns lookup if it pertains to the domains for which this server is responsible. The developers have released PowerDNS Authoritative Server 4.0.3 and 3.4.11. The changes of these releases look like this:

PowerDNS Authoritative Server 4.0.3

This release fixes an issue when using multiple backends, where one of the backends is the BIND backend. This regression was introduced in 4.0.2.

bug fix:

• #4905: Revert “auth: In Bind2Backend::lookup(), use the zoneId when we have it”

PowerDNS Authoritative Server 4.0.2

This release fixes PowerDNS Security Advisories 2016-02, 2016-03, 2016-04 and 2016-05 and includes a fix for a memory leak in the Postgresql backend.

Bug fixes

• commit f61af48: Don’t parse spurious RRs in queries when we don’t need them (Security Advisory 2016-02)
• commit 592006d: Don’t exit if the webserver can’t accept a connection (Security Advisory 2016-03)
• commit e85acc6: Check TSIG signature on IXFR (Security Advisory 2016-04)
• commit 3b1e4a2: Correctly check unknown record content size (Security Advisory 2016-05)
• commit 9ecbf02: ODBC backend: actually prepare statements
• commit a4d607b: Fix incorrect length check in DNSName when extracting qtype or qclass
• commit c816fe3: Fix a possible memory leak in the web server
• #4287: Better handling of invalid serial
• #4306: Limit size of mysql cell to 128 kilobytes
• #4314: Overload fix: make overload-queue-length work as intended again, add test for it.
• #4317: Improve root zone performance
• #4319: pipe: SERVFAIL when needed
• #4360: Make sure mariadb (mysql on centos/rhel) is started before pdns (42wim)
• #4387: ComboAddress: don’t allow invalid ports
• #4459: Plug memory leak in postgresql backend (Christian Hofstaedtler)
• #4544: Fix a stack-based off-by-one write in the HTTP remote backend
• #4755: calidns: Don’t crash if we don’t have enough ‘unknown’ queries remaining

Additions and Enhancements

• commit 1238e06: disable negative getSOA caching if the negcache_ttl is 0 (Kees Monshouwer)
• commit 3a0bded, commit 8c879d4, commit 8c03126, commit 5656e12 and commit c1d283d: Improve PacketCache cleaning (Kees Monshouwer)
• #4261: Strip trailing dot in PTR content (Kees Monshouwer)
• #4269: contrib: simple bash completion for pdnsutil (j0ju)
• #4272: Bind backend: update status message on reload, keep the existing zone on failure
• #4274: report DHCID type (Kees Monshouwer)
• #4310: Fix build with LibreSSL, for which OPENSSL_VERSION_NUMBER is irrelevant
• #4323: Speedup DNSName creation
• #4335: fix TSIG for single thread distributor (Kees Monshouwer)
• #4346: change default for any-to-tcp to yes (Kees Monshouwer)
• #4356: Don’t look up the packet cache for TSIG-enabled queries
• #4403: (auth) Fix build with OpenSSL 1.1.0 final (Christian Hofstaedtler)
• #4442: geoipbackend: Fix minor naming issue (Aki Tuomi)
• #4454: pdnsutil: create-slave-zone accept multiple masters (Hannu Ylitalo)
• #4541: Backport of #4542: API: search should not return ENTs (Christian Hofstaedtler)
• #4754: In Bind2Backend::lookup(), use the zoneId when we have it

PowerDNS Authoritative Server 3.4.11

This release fixes PowerDNS Security Advisories 2016-02, 2016-03, 2016-04 and 2016-05.

Changes since 3.4.10:

• commit ee79a63: Don’t parse spurious RRs in queries when we don’t need them (Security Advisory 2016-02)
• commit 2d37fd7: Don’t exit if the webserver can’t accept a connection (Security Advisory 2016-03)
• commit 37d66d8: Fix TSIG computation (Security Advisory 2016-04)
• commit f82f0f6: Correctly check unknown record content size (Security Advisory 2016-05)
• commit 0e612c1: Fix a possible memory leak in the webserver
• commit b4c5d8f: Lowercase the qname in getDomainInfo() and isMaster()
• commit c9713e8: Don’t look up the packet cache for TSIG-enabled queries
• commit a6292e6: Fix a stack-based off-by-one write in the HTTP remote backend