PowerDNS Changelog

New in version 3.4.1

November 10th, 2014
  • commit dcd6524, commit a8750a5, commit 7dc86bf, commit 2fda71f: PowerDNS now polls the security status of a release at startup and periodically. More detail on this feature, and how to turn it off, can be found in Section 2, “Security polling”.
  • commit 5fe6dc0: API: Replace HTTP Basic auth with static key in custom header (X-API-Key)
  • commit 4a95ab4: Use transaction for pdnssec increase-serial
  • commit 6e82a23: Don’t empty ordername during pdnssec increase-serial
  • commit 535f4e3: honor SOA-EDIT while considering “empty IXFR” fallback, fixes ticket 1835. This fixes slaving of signed zones to IXFR-aware slaves like NSD or BIND.

New in version 3.4 (October 16th, 2014)

  • This is a performance, feature, bugfix and conformity update to 3.3.1 and any earlier version. It contains a huge amount of work by various contributors, to whom we are very grateful.

New in version 3.3.1 (January 27th, 2014)

  • direct-dnskey is no longer experimental, thanks Kees Monshouwer & co for extensive testing (commit e4b36a4).
  • Handle signals during poll (commit 5dde2c6).
  • commit 7538e56: Fix zone2{sql,json} exit codes
  • commit 7593c40: geobackend: fix possible nullptr deref
  • commit 3506cc6: gpsqlbackend: don't append empty dbname=/user= values to connect string
  • gpgsql queries were simplified through the use of casting (commit 9a6e39c).
  • commit a7aa9be: Replace hardcoded make with variable
  • commit e4fe901: make sure to run PKG_PROG_PKG_CONFIG before the first PKG_* usage
  • commit 29bf169: fix hmac-md5 TSIG key lookup
  • commit c4e348b: fix 64+ character TSIG keys
  • commit 00a7b25: Fix comparison between signed and unsigned by using uint32_t for inception on INCEPTION-EPOCH
  • commit d3f6432: fix building on os x 10.9, thanks Martijn Bakker.
  • We now allow building against Lua 5.2 (commit bef3000, commit 2bdd03b, commit 88d9e99).
  • commit fa1f845: autodetect MySQL 5.5+ connection charset
  • When misconfigured using 'right' timezones, a bug in (g)libc gmtime breaks our signatures. Fixed in commit e4faf74 by Kees Monshouwer by implementing our own gmtime_r.
  • When sending SERVFAIL due to a CNAME loop, don't uselessly include the CNAMEs (commit dfd1b82).
  • Build fixes for platforms with 'weird' types (like s390/s390x): commit c669f7c (details), commit 07b904e and commit 2400764.
  • Support for += syntax for options, commit 98dd325 and others.
  • commit f8f29f4: nproxy: Add missing chdir("/") after chroot()
  • commit 2e6e9ad: fix for "missing" libmysqlclient on RHEL/CentOS based systems
  • pdnssec check-zone improvements in commit 5205892, commit edb255f, commit 0dde9d0, commit 07ee700, commit 79a3091, commit 08f3452, commit bcf9daf, commit c9a3dd7, commit 6ebfd08, commit fd53bd0, commit 7eaa83a, commit e319467, ,
  • NSEC/NSEC3 fixes in commit 3191709, commit f75293f, commit cd30e94, commit 74baf86, commit 1fa8b2b
  • The webserver could crash when the ring buffers were resized, fixed in commit 3dfb45f.
  • commit 213ec4a: add constraints for name to pg schema
  • commit f104427: make domainmetadata queries case insensitive
  • commit 78fc378: no label compression for name in TSIG records
  • commit 15d6ffb: pdnssec now outputs ZSK DNSKEY records if experimental-direct-dnskey support is enabled (renamed to direct-dnskey before release!)
  • commit ad67d0e: drop cryptopp from static build as libcryptopp.a is broken on Debian 7, which is what we build on
  • commit 7632dd8: support polarssl 1.3 externally.
  • Remotebackend was fully updated in various commits.
  • commit 82def39: SOA-EDIT: fix INCEPTION-INCREMENT handling
  • commit a3a546c: add innodb-read-committed option to gmysql settings.
  • commit 9c56e16: actually notice timeout during AXFR retrieve, thanks hkraal

New in version 3.1 RC1 (March 24th, 2012)

  • This version fixes important DNSSEC issues, addresses memory use, and contains a vast amount of improvements and bugfixes.

New in version 3.0.1 (January 11th, 2012)

  • This version is identical to 3.0, except with a fix for CVE-2012-0206 aka PowerDNS Security Notification 2012-01. An upgrade is recommended.

New in version 3.0 RC3 (July 19th, 2011)

  • This release brings full support for DNSSEC, with automated signing, rollovers, and key maintenance.
  • The goal is to allow existing PowerDNS installations to start serving DNSSEC with as little hassle as possible, while maintaining performance and achieving high levels of security.
  • Other new features include TSIG, a MyDNS-compat backend, also-notify, master/slave over IPv6, a bulk parallel slaving engine, MongoDB support, and Lua zone editing.

New in version 3.0 RC1 (April 8th, 2011)

  • This release brings full support for DNSSEC, with automated signing, rollovers, and key maintenance.
  • The goal is to allow existing PowerDNS installations to start serving DNSSEC with as little hassle as possible, while maintaining performance and achieving high levels of security.
  • Other new features include TSIG, a MyDNS-compat backend, also-notify, master/slave over IPv6, a bulk parallel slaving engine, and Lua zone editing.

New in version 2.9.22 (January 28th, 2009)

  • This version brings a reasonable amount of new features, combined with vast performance increases for large setups.
  • In addition, significant numbers of bugs and issues have been addressed.
  • This is a much recommended upgrade.

New in version 2.9.22 RC2 (November 30th, 2008)

  • Compared to 2.9.21, this version offers a massive performance boost for installations running with high cache-TTLs or a large packet cache, in many cases of an order of magnitude.
  • Additionally, a large number of bugs were addressed, some features were added, and overall many areas saw improvements.
  • RC2 fixes important issues compared to RC1.