Download PowerDNS Recursor 3.3

PowerDNS is a dns server with a database as back-end, which makes it easy to manage a large number of dns entries. In late April 2006, the developers decided to release the two parts that make up PowerDNS, a recursor and an authoritative name server. This allows a new version to be released faster, according to the developers. The developers released PowerDNS Recursor 3.3 after three release candidates. The announcement of this release looks like this:

Hi everybody,

We’re proud to announce the release of the PowerDNS Recursor 3.3! It can be downloaded from or via the following direct links:
pdns-recursor-3.3.tar.bz2
deb/pdns-recursor_3.3-1_i386.deb
deb/pdns-recursor_3.3-1_amd64.deb
rpm/pdns-recursor-3.3-1.i386.rpm
rpm/pdns-recursor-3.3-1.x86_64.rpm

There you will also find PGP signatures of this release (add .sig), based on the same key that has signed this message.

A version of the release notes with clickable links to changes, can also be found on http://doc.powerdns.com/changelog.html#CHANGELOG-RECURSOR-3-3

Version 3.3 fixes a number of small but persistent issues, rounds off our IPv6 %link-level support and adds an important feature for many users of the Lua scripts.

In addition, scalability on Solaris 10 has been improved.

Bug fixes:

• ‘dist-recursor’ script was not compatible with pure POSIX /bin/sh, discovered by Simon Kirby. Fix in commit 1545.
• Simon Bedford, Brad Dameron and Laurient Papier discovered relatively high TCP/IP loads could cause TCP/IP service to shut down over time. Addressed in commits 1546, 1640, 1652, 1685, 1698. Additional information provided by Zwane Mwaikambo, Nicholas Miell and Jeff Roberson. Testing by Christian Hofstaedtler and Michael Renner.
• The PowerDNS Recursor could not read the ‘root zone’ (this is something else than the root hints) because of an unquoted TXT record. This has now been addressed, allowing operators to hardcode the root zone. This can improve security if the root zone used is kept up to date. Change in commit 1547.
• A return of an old bug, when a domain gets new nameservers, but the old nameservers continue to contain a copy of the domain, PowerDNS could get ‘stuck’ with the old servers. Fixed in commit 1548.
• Discovered & reported by Alexander Gall of SWITCH, the Recursor used to try to resolve ‘AXFR’ records over UDP. Fix in commit 1619.
• The Recursor embedded authoritative server messed up parsing a record like ‘@IN MX 15 @’. Spotted by Aki Tuomi, fix in commit 1621.
• The Recursor embedded authoritative server messed up parsing really really long lines. Spotted by Marco Davids, fix in commit 1624, commit 1625.
• Packet cache was not DNS class correct. Spotted by “Robin”, fix in commit 1688.
• The packet cache would cache some NXDOMAINS for too long. Solving this bug exposed an underlying oddity where the initial NXDOMAIN response had an overly long (untruncated) TTL, whereas all the next ones would be ok. Solved in commit 1679, closing ticket 281. Especially important for RBL operators. Fixed after some nagging by Alex Broens (thanks).

Improvements:

• The priming of the root now uses more IPv6 addresses. Change in commit 1550, closes ticket 287. Also, the IPv6 address of I.ROOT-SERVERS.NET was added in commit 1650.
• The rec_control dump-cache command now also dumps the ‘negative query’ cache. Code in commit 1713.
• PowerDNS Recursor can now bind to fe80 IPv6 space with ‘%eth0’ link selection. Suggested by Darren Gamble, implemented with help from Niels Bakker. Change in commit 1620.
• Solaris on x86 has a long standing bug in port_getn(), which we now work around. Spotted by ‘Dirk’ and ‘AS’. Solution suggested by the Apache runtime library, update in commit 1622.
• New runtime statistic: ‘tcp-clients’ which lists the number of currently active TCP/IP clients. Code in commit 1623.
• Deal better with UltraDNS style CNAME redirects containing SOA records. Spotted by Andy Fletcher from UK Dedicated in ticket 303, fix in commit 1628.
• The packet cache, which has ‘ready to use’ packets containing answers, now artificially ages the ready to use packets. Code in commit 1630.
• Lua scripts can now indicate that certain queries will have ‘variable’ answers, which means that the packet cache will not touch these answers. This is great for overriding some domains for some users, but not all of them. Use setvariable() in Lua to indicate such domains. Code in commit 1636.
• Add query statistic called ‘dont-outqueries’, plus add IPv6 address :: and IPv4 address 0.0.0.0 to the default “dont-query” set, preventing the Recursor from talking to itself. Code in commit 1637.
• Work around a gcc 4.1 bug, still in wide use on common platforms. Code in commit 1653.
• Add ‘ARCHFLAGS’ to PowerDNS Recursor Makefile, easing 64 bit compilation on mainly 32 bit platforms (and vice versa).
• Under rare circumstances, querying the Recursor for statistics under very high load could lead to a crash (although this has never been observed). Bad code removed & good code unified in commit 1675.
• Spotted by Jeff Sipek, the rec_control manpage did not list the new get-all command. commit 1677.
• On some platforms, it may be better to have PowerDNS itself distribute queries over threads (instead of leaving it up to the kernel). This experimental feature can be enabled with the ‘pdns-distributes-queries’ setting. Code in commit 1678 and beyond. Speeds up Solaris measurably.
• Cache cleaning code was cleaned up, unified and expanded to cover the ‘negative cache’, which used to be cleaned rather bluntly. Code in commit 1702, further tweaks in commit 1712, spotted by Darren Gamble, Imre Gergely and Christian Kovacic.

Changes between RC1, RC2 and RC3.

• RC2: Fixed linking on RHEL5/CENTOS5, which both ship with a gcc compiler that claims to support atomic operations, but doesn’t. Code in commit 1714. Spotted by ‘Bas’ and Imre Gergely.
• RC2: Negative query cache was configured to grow too large, and was not cleaned efficiently. Code in commit 1712, spotted by Imre Gergely.
• RC3: Root failed to be renewed automatically, relied on fallback to make this happen. Code in commit 1716, spotted by Detlef Peeters.