Software Update: PowerDNS Recursor 3.6.2

PowerDNS is a dns server with a database as back-end, which makes it easy to manage a large number of dns entries. The developers previously decided to release the two parts that make up PowerDNS, a recursor and an authoritative name server, separately. This means that a new version can be released faster and more specifically, according to the developers.

If you do a dns lookup, a recursor will initially start asking this question to a dns root server. This can then redirect to other servers, from where it can redirect to other servers, and so on, until finally a server is reached that knows the answer or knows that the look-up is not possible. The latter can be the case if the name does not exist or the servers do not respond.

The process of going through different authoritative servers is called recursion. The developers released PowerDNS Recursor 3.6.2 a few days ago. The announcement of this release looks like this:

PowerDNS Recursor 3.6.2

Version 3.6.2 is a bugfix update to 3.6.1. A list of changes since 3.6.1 follows.

• commit ab14b4f: expedite servfail generation for ezdns-like failures (fully abort query resolving if we hit more than 50 outqueries)
• commit 42025be: PowerDNS now polls the security status of a release at startup and periodically. More detail on this feature, and how to turn it off, can be found in Section 2, “Security polling”.
• commit 5027429: We did not transmit the right ‘local’ socket address to Lua for TCP/IP queries in the recursor. In addition, we would attempt to lookup a filedescriptor that wasn’t there in an unlocked map which could conceivably lead to crashes. Closes ticket 1828, thanks Winfried for reporting
• commit 752756c: Sync embedded yahttp copy. API: Replace HTTP Basic auth with static key in custom header
• commit 6fdd40d: add missing #include

PowerDNS Recursor 3.6.1

Version 3.6.1 is a mandatory security upgrade to 3.6.0! PowerDNS Recursor 3.6.0 could crash with a specific sequence of packets. For more details, see Section 13, “PowerDNS Security Advisory 2014-01: PowerDNS Recursor 3.6.0 can be crashed remotely”. PowerDNS Recursor 3.6.1 was very well tested, and is in full production already, so it should be a safe upgrade. In addition to various fixes related to this potential crash, 3.6.1 fixes a few minor issues and adds a debugging feature:

• We could not encode IPv6 AAAA records that mapped to IPv4 addresses in some cases (:ffff.1.2.3.4). Fixed in commit c90fcbd , closing ticket 1663.
• Improve systemd startup timing with respect to network availability (commit cf86c6a), thanks to Morten Stevens.
• Realtime telemetry can now be enabled at runtime, for example with ‘rec_control carbon-server 82.94.213.34 ourname1234’. This ties in to our existing carbon-server and carbon-ourname settings, but now at runtime. This specific invocation will make your stats appear automatically on our public telemetry server.