Software Update: PowerDNS Recursor 4.0.5

PowerDNS is a dns server with a database as backend, which makes it easy to manage a large number of dns entries. The developers have previously decided to release the two parts that make up PowerDNS, a recursor and an authoritative name server, to allow for a faster and more targeted release of a new version, the developers said.

If you do a dns lookup, a recursor will initially start asking this question to a dns root server. This can then redirect to other servers, from where it can redirect to other servers and so on, until finally a server is reached that knows the answer or knows that the look-up is not possible. The latter can be the case if the name does not exist or the servers do not respond. The process of going through different authoritative servers is called recursion. The developers have released PowerDNS Recursor 4.0.5. The changes in this release are as follows:

PowerDNS Recursor 4.0.5

This release adds ed25519 (algorithm 15) support for DNSSEC and adds the 2017 DNSSEC root key. If you do DNSSEC validation, this upgrade is mandatory to continue validating after October 2017.

Bug fixes

• Correctly lowercase the TSIG algorithm name in hash computation, fixes #4942
• Clear the RPZ NS IP table when clearing the policy, this prevents false positives
• Fix cache-only queries against a forward-zone, fixes #5211
• Only delegate if NSes are below apex in auth-zones, fixes #4771
• Remove hardcoding of port 53 for TCP/IP forwarded zones in recursor, fixes #4799
• Make sure labelsToAdd is not empty in getZoneCuts()
• Wait until after daemonizing to start the outgoing protobuf thread, prevents hangs when the protobuf server is not available
• Ensure (re)priming the root never fails
• Don’t age the root, fixes a regression from 3.x
• Fix exception when sending a protobuf message for an empty question
• LuaWrapper: Allow embedded NULs in strings received from Lua
• Fix coredumps on illumos/SmartOS, fixes #4579
• StateHolder: Allocate (and copy if needed) before taking the lock
• SuffixMatchNode: Fix insertion issue for an existing node
• Fix negative port detection for IPv6 addresses on 32-bit systems

Additions and Enhancements

• Add support for RPZ wildcarded target names. Fixes #5237
• Speed ​​up RPZ zone loading and add a zoneSizeHint parameter to rpzFile and rpzMaster for faster reloads
• Make the RPZ summary consistent (Fixes #4342) and log additions/removals at debug level, not info
• Add the 2017 root key
• Update Ed25519 algorithm number and mnemonic and hook up to the Recursor
• Add use-incoming-edns-subnet option to process and pass along ECS ​​and fix some ECS bugs in the process
• Refuse to start with chroot set in a systemd env (Fixes #4848)
• Handle exceptions raised by closesocket() to prevent process termination
• Document missing top-pub-queries and top-pub-servfail-queries commands for rec_control
• IPv6 address for g.root-servers.net added
• Log outgoing queries / incoming responses via protobuf