Download PowerDNS Recursor 5.0.2
PowerDNS is a DNS server with a database as a backend, making it easy to manage a large number of DNS entries. The developers previously decided to release the two parts that make up PowerDNS, a recursor and an authoritative name server, separately, allowing a new version to be released faster and in a more targeted manner, the developers said.
When you perform a DNS lookup, a recursor initially starts by asking the lookup query to a DNS root server. This can then redirect to other servers, from which redirects can be made to other servers and so on, until eventually a server is reached that knows the answer or knows that the look-up is not possible. The latter may occur if the name does not exist or the servers do not respond. The process of going through different authoritative servers is called recursion. The developers released PowerDNS Recursor version 5.0 at the beginning of this year and now a first update has been released that should fix some security issues.
PowerDNS Recursor 5.0.2
Bug fixes
- Security advisory 2024-01: CVE-2023-50387 and CVE-2023-50868. Ref: pull request 13782
PowerDNS Recursor 5.0.1
Released: 10th of January 2024, with no changes compared to the second release candidate. Version 5.0.0 was never released publicly.
PowerDNS Recursor 5.0.0-rc2
Improvements
- Warn that disabling structured logging is now deprecated. Ref: #13567, pull request 13645
Bug fixes
- Fix handling of RUNTIME_DIRECTORY and NOD dirs. Ref: #13588, #13612, pull request 13646
PowerDNS Recursor 5.0.0-rc1
Improvements
- Remove experimental warnings for YAML. Ref: pull request 13557
- Disallow (by answering Refused) RD=0 by default. Ref: #13386, pull request 13507
- Make syncres code clang-tidy. Ref: pull request 13434
- Introduce a setting to allow RPZ duplicates, including a dup handling fix. Ref: #12842, pull request 13501
- Update new b-root-server.net addresses in built-in hints. Ref: pull request 13387
- Change default of nsec3-max-iterations to 50. Ref: pull request 13478
- Warn if truncation occurred dumping the trace. Ref: pull request 13477
Bug fixes
- A single NSEC3 record covering everything is a special case. Ref: #13542, pull request 13543
- Document outgoing query counts better, including a small fix. Ref: #13463, pull request 13511
- Take into account throttled queries when determining if we had a cache hit. Ref: #13483, pull request 13497
- Correctly apply outgoing.tcp_max_queries bound. Ref: #13467, pull request 13480
PowerDNS Recursor 5.0.0-beta1
Improvements
- Be more memory efficient handling RPZ updates. Ref: pull request 13462
- Change default of extended-resolution-errors setting to true. Ref: pull request 13464
- Move a few settings from recursor to outgoing section. Ref: pull request 13455
- For structured logging always log addresses including port. Ref: pull request 13446
- Teach configure to check for cargo version and require >= 1.64. Ref: pull request 13438
- Tidy cache and only copy values if non-expired entry was found. Ref: #12612, pull request 13410
- Add endbr64 instructions in the right spots for OpenBSD/amd64. Ref: #13430, pull request 13430, pull request 13432
- Handle stack memory on NetBSD as on OpenBSD (Tom Ivar Helbekkmo). Ref: pull request 13408
Bug fixes
- Fix ubsan error: using a value of 80 for bool. Ref: pull request 13468
- Handle serve stale logic in getRootNXTrust(). Ref: #13383, pull request 13409
PowerDNS Recursor 5.0.0-alpha2
Improvements
- Convert API managed config from old style to YAML if YAML settings are active. Ref: #12679, #13233, pull request 13362
- If we miss glue–but not for all NS records–try to resolve the missing address records. Ref: pull request 13364
- Make QName Minimization parameters from RFC 9156 settable. Ref: pull request 13296
- In accordance with RFC 2181 10.3: don't allow NS records to point to aliases. Ref: pull request 13312
- Do not use Qname Minimization for infrastructure queries. Ref: #8646, pull request 13295
- Implement probabilistic un-throttle. Ref: pull request 13289
- Put files generated by settings/generate.py into tarball so package builds do not have to run it. Ref: pull request 13290
- Fix packet cache submit refresh task logic. Ref: #13266, pull request 13278
- Allow loglevel to be set to levels < 3. Ref: #13264, pull request 13277
- Move tcp-in processing to dedicated thread(s). Ref: #8394, pull request 13195
Bug fixes
- If serving stale, wipe CNAME records from cache when we get a NODATA negative response for them. Ref: #12395, pull request 13353
- Fix Coverity 1522436 potential dereference of null return value. Ref: pull request 13363
- Fix log messages text and levels. Ref: pull request 13303, pull request 13311
- Fix sysconfdir handling in new settings code. Ref: #13259, pull request 13276
- Fix Coverity 1519054: Using invalid iterator. Ref: pull request 13250
PowerDNS Recursor 5.0.0-alpha1
Improvements
- Rewrite settings code, introducing YAML settings file, using Rust and generated code to implement YAML processing. Ref: pull request 13008
- Make aggressive cache pruning more effective and more fair. Ref: pull request 13209
- Remove make_tuple and make_pair (Rosen Penev). Ref: pull request 13208
- Rec: fix a few unused argument warnings (depending on features enabled). Ref: pull request 13190
- Change the default for building with net-snmp from auto to no. Ref: pull request 13168
- Channel: Make the blocking parameters of the object queue explicit. Ref: #13147, pull request 13155
- Do not assume the records are in a particular order when determining if an answer is NODATA. Ref: pull request 13102
- Document default for web server loglevel (Frank Louwers). Ref: pull request 13111
- Remove unused sysv init files. Ref: pull request 13087
- Fixes a few performance issues reported by Coverity. Ref: pull request 13092
- Highlight why regression tests failed with github annotation (Josh Soref). Ref: pull request 13074
- Switch from deprecated ::set output (Josh Soref). Ref: pull request 13073
- Use backticks in rec_control(1) (Josh Soref). Ref: pull request 13067
- Clarify why bulk test is failing (Josh Soref). Ref: pull request 13068
- Set TTL in getFakePTRRecords. Ref: #13011, pull request 13043
- Update settings.rst – clarify edns-subnet-allow-list (Seth Arnold). Ref: pull request 13032
- Dnsheader: Switch from bitfield to uint16_t whenever possible. Ref: pull request 13026
- Clarify log message for NODATA/NXDOMAIN without AA (Håkan Lindqvist). Ref: pull request 12805
- Use arc4random only for random values. Ref: pull request 12913, pull request 12931, pull request 12999, pull request 13001, pull request 13022, pull request 13175, pull request 15197
- Update base Debian version in Docker docs (Italo Cunha). Ref: pull request 12851
- Delint pdns recursor.cc. Ref: pull request 12917
- Include qname when logging skip of step 4 of qname minimization (Doug Freed). Ref: pull request 12957
- Fix a set of move optimizations, as suggested by Coverity. Ref: pull request 12952
- Silence Coverity 1462719 Unchecked return value from library. Ref: pull request 12934
- Fix compile warnings. Ref: pull request 12930
- Dns random: add method to get full 32-bits of randomness. Ref: pull request 12913
- Reformatt and delint arguments.cc and arguments.hh. Ref: pull request 12808
Bug fixes
- Remove Before=nss-lookup.target line from unit file. Ref: pull request 13210
- TCPIOHandler: Fix a race when creating the first TLS connections. Ref: pull request 13167
- Rec: Include cstdint in mtasker_ucontext.cc, noted by @zeha. Ref: pull request 13174
| Version number | 5.0.2 |
| Release status | Final |
| Operating systems | Linux, BSD, macOS, Solaris, UNIX |
| Website | PowerDNS |
| Download | https://downloads.powerdns.com/releases/ |
| License type | Prerequisites (GNU/BSD/etc.) |