Software Update: PowerDNS Authoritative Server 4.0.4

Spread the love

PowerDNS is a dns server with a database as back-end, which makes it easy to manage a large number of dns entries. The developers previously decided to release the two parts that make up PowerDNS, a recursor and an authoritative name server, so that they can release a new version more quickly and in a more targeted way, the developers said. The authoritative name server will only respond to a dns lookup if it pertains to the domains for which it is responsible. The developers have released PowerDNS Authoritative Server 4.0.4. The changes in this release are as follows:

PowerDNS Authoritative Server 4.0.4

This release features a fix for the ed25519 signer. This signer hashed the message before signing, resulting in unverifiable signatures. Also on the Elliptic Curve front, support was added for ED448 (DNSSEC algorithm 16) by using libdecaf.

Bug fixes

  • #5423: Don’t hash the message in the ed25519 signer
  • #5445: Make URI integers 16 bits, fixes #5443
  • #5346: configure.ac: Corrects syntax error in test statement on existance of libcrypto_ecdsa
  • #5440: configure.ac: Fix quoting issue fixes #5401
  • #4824: configure.ac: Check in the detected OpenSSL/libcrypto for ECDSA
  • #5016: configure.ac: Check if we can link against libatomic if needed
  • #5341: Fix typo in ldapbackend.cc from issue #5091
  • #5289: Sort NSEC record case insensitive
  • #5378: Make sure NSEC order names are always lower case
  • #4781: API: correctly take TTL from first record even if we are at the last comment
  • #4901: Fix AtomicCounter unit tests on 32-bit
  • #4911: Fix negative port detection for IPv6 addresses on 32-bit
  • #4508: Remove support for ‘right’ timezones, as this code turned out to be broken
  • #4961: Lowercase the TSIG algorithm name in hash computation
  • #5048: Handle exceptions raised by closesocket()
  • #5297: Don’t leak on signing errors during outgoing AXFR; signpipe stumbles over interrupted rrsets; fix memory leak in gmysql backend
  • #5450: TinyCDB backend: Don’t leak a CDB object in case of bogus data

Improvements

  • #5071: ODBC backend: Allow query logging
  • #5441: Add ED25519 (algo 15) and ED448 (algo 16) support with libdecaf signer
  • #5325: YaHTTP: Sync with upstream changes
  • #5298: Send a notification to all slave servers after every dnsupdate
  • #5317: Add option to set a global lua-axfr-script value
  • #5130: dnsreplay: Add –source-ip and –source-port options
  • #5085: calidns: Use the correct socket family (IPv4 / IPv6)
  • #5170: Add an option to allow AXFR of zones with a different (higher/lower) serial
  • #4622: API: Make trailing dot handling consistent with pdnsutil
  • #4762: SuffixMatchNode: Fix insertion issue for an existing node
  • #4861: Do not resolve the NS-records for NOTIFY targets if the “only-notify” whitelist is empty, as a target will never match an empty whitelist.
  • #5378: Improve the AXFR DNSSEC freshness check; Ignore NSEC3PARAM metadata in an unsigned zone
  • #5297: Create additional reuseport sockets before dropping privileges; remove transaction in pgpsql backend

Version number 4.0.4
Release status Final
Operating systems Linux, BSD, macOS, Solaris, UNIX
Website PowerDNS
Download
License type GPL
You might also like