Softpedia >Linux >Internet >DNS >PowerDNS >  Changelog

PowerDNS Changelog

What's new in PowerDNS 4.2.1

Jan 8, 2020
  • New Features:
  • Add SLAVE-RENOTIFY zone metadata support (Matti Hiljanen)
  • References: pull request 8549
  • Add configurable timeout for inbound AXFR (Matti Hiljanen)
  • References: pull request 8547
  • Add CentOS 8 as builder target
  • References: pull request 8428
  • gmysql backend, add an option to send the SSL capability flag
  • References: pull request 8341
  • Improvements:
  • API: reduce number of database connections (Kees Monshouwer)
  • References: pull request 8457
  • Register a few known RR types and remove an unknown one
  • References: pull request 8546
  • bindbackend: use metadata for also-notifies as well (Matti Hiljanen)
  • References: pull request 8548
  • pdnsutil increase-serial: under SOA-EDIT=INCEPTION-EPOCH, bump as if it is EPOCH
  • References: #8218, pull request 8508
  • API: optionally do not return dnssec info in domain list (Christian Hofstaedtler)
  • References: pull request 8541
  • Basic validation of $GENERATE parameters
  • References: pull request 8454
  • Bug Fixes:
  • LUA view: do not crash on empty IP list
  • References: #8572, pull request 8589
  • API: Accept headers without spaces
  • References: pull request 8576
  • Avoid database state-related SERVFAILs after a LUA error
  • References: #8299, pull request 8570
  • Just before 4.2.0, some SQL-related fixes broke edit-zone and other features with the LMDB backend. This has been fixed now. (backport by Kees Monshouwer)
  • References: #8134, pull request 8568
  • rfc2136, pdnsutil: somewhat improve duplicate record handling
  • References: #8217, pull request 8507

New in PowerDNS 4.2.0 (Sep 9, 2019)

  • LUA RECORDS:
  • An important new feature is the support for Lua Records, which make the following possible, from any backend (even BIND, and LMDB!):
  • @ IN LUA A "ifportup(443, {'52.48.64.3', '45.55.10.200'})"
  • This will poll the named IP addresses (in the background) and only serve up hosts that are available. Far more powerful constructs are possible, for example to pick servers from regional pools close to the user, except if all servers in that pool are down. It is also possible to do traffic engineering based on subnets or AS numbers. A simple example:
  • @ IN LUA A ( "ifportup(443, {'52.48.64.3', '45.55.10.200'}, {selector='closest'})
  • For more about this feature, please head to the documentation.
  • IXFRDIST:
  • A new tool ixfrdist transfers zones from an authoritative server and re-serves these zones over AXFR and IXFR. It checks the SOA serial for all configured domains and downloads new versions to disk. This makes it possible for hundreds of PowerDNS Recursors (or authoritative servers) to slave an (RPZ) zone from a single server, without overwhelming providers like our friends over at Spamhaus/Deteque and Farsight.
  • UDP FRAGMENTATION:
  • In accordance with the preliminary plans for DNS Flag Day 2020, this release lowers the default for udp-truncation-threshold from 1680 to 1232. This avoids most cases of UDP fragmentation, leading to better performance and security.
  • LMDB BACKEND:
  • Another new feature in 4.2.0 is the LMDB backend. As an in-process, memory mapped database, it should provide performance superior to most other backends. It supports master and slave operation and is fully DNSSEC capable. Sadly, just before 4.2.0, a fix for other backends somewhat broke the LMDB backend. Slaving zones works, and loading zones with pdnsutil works, but finer-grained tools like ‘pdnsutil edit-zone’ do not. We hope to fix this in an upcoming 4.2.x release soon! If you want to try the LMDB backend, please review the two known bugs to avoid any surprises.
  • DEPRECATIONS:
  • 4.2 will see the removal of the poorly documented ‘autoserial’ feature. This removal decision was not taken lightly but as noted, its removal allows us to fix other bugs. Autoserial was holding us back. We realise it is no fun when a feature disappears, but since Authoritative Server 4.1 is still around, you can still use that if you require ‘autoserial’.
  • In compliance with the new Algorithm Implementation Requirements and Usage Guidance for DNSSEC RFC, support for ECC-GOST signing, validation, and support for GOST DS digests have all been removed.

New in PowerDNS 4.1.10 (Jun 21, 2019)

  • PowerDNS Security Advisory 2019-04 (CVE-2019-10162)
  • PowerDNS Security Advisory 2019-05 (CVE-2019-10163)

New in PowerDNS 4.1.8 (May 23, 2019)

  • #7604: Correctly interpret an empty AXFR response to an IXFR query,
  • #7610: Fix replying from ANY address for non-standard port,
  • #7609: Fix rectify for ENT records in narrow zones,
  • #7607: Do not compress the root,
  • #7608: Fix dot stripping in setcontent(),
  • #7605: Fix invalid SOA record in MySQL which prevented the authoritative server from starting,
  • #7603: Prevent leak of file descriptor if running out of ports for incoming AXFR,
  • #7602: Fix API search failed with “Commands out of sync; you can’t run this command now”,
  • #7509: Plug mysql_thread_init memory leak,
  • #7567: EL6: fix CXXFLAGS to build with compiler optimizations.

New in PowerDNS 4.1.6 (Feb 10, 2019)

  • #7279: Prevent more than one CNAME/SOA record in the same RRset

New in PowerDNS 4.1.5 (Nov 14, 2018)

  • Improvements:
  • Apply alias scopemask after chasing (#6976)
  • Release memory in case of error in the openssl ecdsa constructor (#6917)
  • Switch to devtoolset 7 for el6 (#7118, #7040)
  • Bug Fixes:
  • Crafted zone record can cause a denial of service (CVE-2018-10851, #7149)
  • Packet cache pollution via crafted query (CVE-2018-14626, #7149)
  • Fix compilation with libressl 2.7.0+ (#6948, #6943)
  • Actually truncate truncated responses (#6913)

New in PowerDNS 4.1.3 (May 24, 2018)

  • Improvements:
  • #6239, #6559: pdnsutil: use new domain in b2bmigrate (Aki Tuomi)
  • #6130: Update copyright years to 2018 (Matt Nordhoff)
  • #6312, #6545: Lower ‘packet too short’ loglevel
  • Bug Fixes:
  • #6441, #6614: Restrict creation of OPT and TSIG RRsets
  • #6228, #6370: Fix handling of user-defined axfr filters return values
  • #6584, #6585, #6608: Prevent the GeoIP backend from copying NetMaskTrees around, fixes slow-downs in certain configurations (Aki Tuomi)
  • #6654, #6659: Ensure alias answers over TCP have correct name

New in PowerDNS 4.1.2 (May 15, 2018)

  • Improvements:
  • API: increase serial after dnssec related updates
  • Dnsreplay: bail out on a too small outgoing buffer
  • lower ‘packet too short’ loglevel
  • Make check-zone error on rows that have content but shouldn’t
  • avoid an isane amount of new backend connections during an axfr
  • Report unparseable data in stoul invalid_argument exception
  • recheck serial when axfr is done
  • add tcp support for alias
  • Bug Fixes:
  • allocate new statements after reconnecting to postgresql
  • bindbackend: only compare ips in ismaster() (Kees Monshouwer)
  • Rather than crash, sheepishly report no file/linenum
  • Document undocumented config vars
  • prevent cname + other data with dnsupdate

New in PowerDNS 4.1.1 (Feb 28, 2018)

  • Backport: forbid label compression in alias wire format
  • Include unistd.h for chroot(2) et al. (Florian Obser)
  • Auth: fix out of bounds exception in caa processing, fixes #6089
  • Add the missing include to mplexer.hh for struct timeval
  • Auth: init openssl and libsodium before chrooting in pdnsutil
  • Auth: always bind the results array after executing a mysql statement
  • Ldap: fix getdomaininfo() to set this as di.backend (Grégory Oestreicher)
  • Ldapbackend: fix listing zones incl. axfr (Chris Hofstaedtler)
  • Ixfr: correct behavior of dealing with dns name with multiple records (Leon Xu)

New in PowerDNS 4.1.0 (Dec 27, 2017)

  • This release features prominent contributions from our community. We’d like to highlight the tireless work of Kees Monshouwer in improving the Authoritative Server based on his huge experience scaling PowerDNS to millions of DNSSEC production zones. Christian Hofstaedtler and Jan-Piet Mens contributed massively as well in many different places. Also a round of thanks to Grégory Oestreicher for revamping and reviving the LDAP backend. Wolfgang Studier, “#MrM0nkey”, Tudor Soroceanu and Benjamin Zengin delivered the DNSSEC management API, as part of their studies at TU Berlin.
  • We have tried to list everyone else in the full changelog, and we are very grateful for all the work and testing PowerDNS has received from the community!
  • Improved performance: 4x speedup in some scenarios:
  • More than a year ago, the RIPE NCC benchmarked several nameserver implementations, and found PowerDNS was not a performant root-server. Although PowerDNS is great at serving millions of zones, we’d like to be fast on smaller zones as well. Results of this optimization spree are described here, and also in this longer article “Optimizing optimizing: some insights that led to a 400% speedup of PowerDNS”. Kees Monshouwer’s cache (re)work has been vital to attaining this performance improvement.
  • Crypto API: DNSSEC fully configurable via RESTful API:
  • Our RESTful HTTP API has gained support for DNSSEC & key management. This API is “richer than most” since it is aware of DNSSEC semantics, and therefore allows you to manipulate zones without having to think about DNSSEC details. The API will do the right thing. This work was contributed by Wolfgang Studier, #MrM0nkey, Tudor Soroceanu and Benjamin Zengin as part of their work over at TU Berlin.
  • Database related: reconnection and 64 bit id fields:
  • Database servers sometimes disconnect after shorter or longer idle periods. This could confuse both PowerDNS and database client libraries under some quiet conditions. 4.1 contains enhanced reconnection logic that we believe solves all associated problems. In a pleasing development, one PowerDNS user has a database so large they exceeded a 32 bit id counter, which has now been made 64 bit.
  • Improved documentation:
  • Our Pieter Lexis invested a ton of time improving not only the contents but also the appearance and search of our documentation. Take a look at https://doc.powerdns.com/authoritative/ and know you can easily edit our documentation via GitHub’s built in editor.
  • Recursor passthrough removal:
  • This will impact many installations, and we realize this may be painful, but it is necessary. Previously, the PowerDNS Authoritative Server contained a facility for sending recursion desired queries to a resolving backend, possibly after first consulting its local cache. This feature (‘recursor=’) was frequently confusing and also delivered inconsistent results, for example when a query ended up referring to a CNAME that was outside of the Authoritative Server’s knowledge. To migrate from a 3.0 or 4.0 era PowerDNS Authoritative Server with a ‘recursor’ statement in the configuration file, please see Migrating from using recursion on the Authoritative Server to using a Recursor.
  • Miscellaneous:
  • Support was added for TCP Fast Open. Non-local bind is now supported. pdnsutil check-zone will now warn about more errors or unlikely configurations. Our packages now ship with PKCS #11 support (which previously required a recompilation). Improved integration with systemd logging (timestamp removal).

New in PowerDNS 4.0.0 (Jul 12, 2016)

  • Many of the changes are on the inside and were part of the great “spring cleaning“:
  • Moved to C++ 2011, a cleaner more powerful version of C++ that has allowed us to improve the quality of implementation in many places.
  • Implemented dedicated infrastructure for dealing with DNS names that is fully “DNS Native” and needs less escaping and unescaping. Due to this, the PowerDNS Authoritative Server can now serve DNSSEC-enabled root-zones.
  • All backends derived from the Generic SQL backend use prepared statements.
  • Both the server and pdns_control do the right thing when chroot‘ed.
  • Caches are now fully canonically ordered, which means entries can be wiped on suffix in all places
  • In addition to this cleanup, the following new and exciting features have been added:
  • A revived and supported ODBC backend (godbc).
  • A revived and supported LDAP backend (ldap).
  • Support for CDS/CDNSKEY and RFC 7344 key-rollovers.
  • Support for the ALIAS record.
  • The webserver and API are no longer experimental. The API-path has moved to /api/v1
  • DNSUpdate is no longer experimental.
  • ECDSA (algorithm 13 and 14) supported without in-tree cryptographic libraries (provided by OpenSSL).
  • Experimental support for ed25519 DNSSEC signatures (when compiled with libsodium support).
  • Many new pdnsutil commands, e.g.
  • help command now produces the help
  • Warns if the configuration file cannot be read
  • Does not check disabled records with check-zone unless verbose mode is enabled
  • create-zone command creates a new zone
  • add-record command to add records
  • delete-rrset and replace-rrset commands to delete and add rrsets
  • edit-zone command that spawns $EDITOR with the zone contents in zonefile format regardless of the backend used (blogpost)
  • GeoIP backend has gained many features, and can now e.g. run based on explicit netmasks not present in the GeoIP databases
  • With new features come removals. The following backends have been dropped in 4.0.0:
  • LMDB.
  • Geo (use the improved GeoIP instead).
  • Other important changes and deprecations include:
  • pdnssec has been renamed to pdnsutil.
  • Support for the PolarSSL/MbedTLS, Crypto++ and Botan cryptographic libraries have been dropped in favor of the (faster) OpenSSL libcrypto (except for GOST, which is still provided by Botan).
  • ECDSA P256 SHA256 (algorithm 13) is now the default algorithm when securing zones.
  • The PowerDNS Authoritative Server now listens by default on all IPv6 addresses.
  • Several superfluous queries have been dropped from the Generic SQL backends, if you use a non-standard SQL schema, please review the new defaults
  • insert-ent-query, insert-empty-non-terminal-query, insert-ent-order-query have been replaced by one query named insert-empty-non-terminal-order-query
  • insert-record-order-query has been dropped, insert-record-query now sets the ordername (or NULL)
  • insert-slave-query has been dropped, insert-zone-query now sets the type of zone
  • The INCEPTION, INCEPTION-WEEK and EPOCH SOA-EDIT metadata values are marked as deprecated and will be removed in 4.1.0

New in PowerDNS 3.4.9 (May 17, 2016)

  • commit 4627ea0, commit 8350828: use OpenSSL for ECDSA signing where available (Kees Monshouwer)
  • commit 558ff84: allow common signing key (Kees Monshouwer)
  • commit 280d665: Add a disable-syslog setting
  • commit 58d6ab6: fix SOA caching with multiple backends (Kees Monshouwer)
  • commit e9e413f, commit 6af4652: whitespace-related zone parsing fixes ticket #3568
  • commit 7473a5e: bindbackend: fix, set domain in list() (Kees Monshouwer)

New in PowerDNS 3.4.7 (Nov 13, 2015)

  • The biggest fixes are improved negative caching and preventing a crash that could happen during the AXFR of a zone with many MX records of different priorities.

New in PowerDNS 3.4.4 (Apr 25, 2015)

  • The most important part of this update is a fix for CVE-2015-1868.

New in PowerDNS 3.4.3 (Mar 18, 2015)

  • Bug fixes:
  • commit ceb49ce: pdns_control: exit 1 on unknown command (Ruben Kerkhof)
  • commit 1406891: evaluate KSK ZSK pairs per algorithm (Kees Monshouwer)
  • commit 3ca050f: always set di.notified_serial in getAllDomains (Kees Monshouwer)
  • commit d9d09e1: pdns_control: don’t open socket in /tmp (Ruben Kerkhof)
  • New features:
  • commit 2f67952: Limit who can send us AXFR notify queries (Ruben Kerkhof)
  • Improvements:
  • commit d7bec64: respond REFUSED instead of NOERROR for “unknown zone” situations
  • commit ebeb9d7: Check for Lua 5.3 (Ruben Kerkhof)
  • commit d09931d: Check compiler for relro support instead of linker (Ruben Kerkhof)
  • commit c4b0d0c: Replace PacketHandler with UeberBackend where possible (Christian Hofstaedtler)
  • commit 5a85152: PacketHandler: Share UeberBackend with DNSSECKeeper (Christian Hofstaedtler)
  • commit 97bd444: fix building with GCC 5
  • Experimental API changes (Christian Hofstaedtler):
  • commit ca44706: API: move shared DomainInfo reader into it’s own function
  • commit 102602f: API: allow writing to domains.account field
  • commit d82f632: API: read and expose domain account field
  • commit 2b06977: API: be more strict when parsing record contents
  • commit 2f72b7c: API: Reject unknown types (TYPE0)
  • commit d82f632: API: read and expose domain account field

New in PowerDNS 3.4.2 (Feb 15, 2015)

  • Improvements:
  • commit 73004f1: implement CORS for the HTTP API
  • commit 4d9c289: qtype is now case insensitive in API and database
  • commit 13af5d8, commit 223373a, commit 1d5a68d, commit 705a73f, commit b418d52: Allow (optional) PIE hardening
  • commit 2f86f20: json-api: remove priority from json
  • commit cefcf9f: backport remotebackend fixes
  • commit 920f987, commit dd8853c: Support Lua 5.3
  • commit 003aae5: support single-type ZSK signing
  • commit 1c57e1d: Potential fix for ticket #1907, we now try to trigger libgcc_s.so.1 to load before we chroot. I can’t reproduce the bug on my local system, but this “should” help.
  • commit 031ab21: update polarssl to 1.3.9
  • Bug fixes:
  • commit 60b2b7c, commit d962fbc: refuse overly long labels in names
  • commit a64fd6a: auth: limit long version strings to 63 characters and catch exceptions in secpoll
  • commit fa52e02: pdnssec: fix ttl check for RRSIG records
  • commit 0678b25: fix up latency reporting for sub-millisecond latencies (would clip to 0)
  • commit d45c1f1: make sure we don’t throw an exception on “pdns_control show” of an unknown variable
  • commit 63c8088: fix startup race condition with carbon thread already trying to broadcast uninitialized data
  • commit 796321c: make qsize-q more robust
  • commit 407867c: Kees Monshouwer discovered we count corrupt packets and EAGAIN situations as validly received packets, skewing the udp questions/answers graphs on auth.
  • commit f06d069: make latency & qsize reporting ‘live’. Plus fix that we only reported the qsize of the first distributor.
  • commit 2f3498e: fix up statbag for carbon protocol and function pointers
  • commit 0f2f999: get priority from table in Lua axfrfilter; fixes ticket #1857
  • commit 96963e2, commit bbcbbbe, commit d5c9c07: various backends: fix records pointing at root
  • commit e94c2c4: remove additional layer of trailing . stripping, which broke MX records to the root in the BIND backend. Should close ticket #1243.
  • commit 8f35ba2: api: use uncached results for getKeys()
  • commit c574336: read ALLOW-AXFR-FROM from the backend with the metadata
  • Minor changes:
  • commit 1e39b4c: move manpages to section 1
  • commit b3992d9: secpoll: Replace ~ with _
  • commit 9799ef5: only zones with an active ksk are secure
  • commit d02744f: api: show keys for zones without active ksk
  • New features:
  • commit 1b97ba0: add signatures metric to auth, so we can plot signatures/second
  • commit 92cef2d: pdns_control: make it posible to notify all zones at once
  • commit f648752: JSON API: provide flush-cache, notify, axfr-receive
  • commit 02653a7: add ‘bench-db’ to do very simple database backend performance benchmark
  • commit a83257a: enable callback based metrics to statbas, and add 5 such metrics: uptime, sys-msec, user-msec, key-cache-size, meta-cache-size, signature-cache-size
  • Performance improvements:
  • commit a37fe8c: better key for packetcache
  • commit e5217bb: don’t do time(0) under signature cache lock
  • commit d061045, commit 135db51, commit 7d0f392: shard the packet cache, closing ticket #1910.
  • commit d71a712: with thanks to Jack Lloyd, this works around the default Botan allocator slowing down for us during production use.

New in PowerDNS 3.4.1 (Nov 10, 2014)

  • commit dcd6524, commit a8750a5, commit 7dc86bf, commit 2fda71f: PowerDNS now polls the security status of a release at startup and periodically. More detail on this feature, and how to turn it off, can be found in Section 2, “Security polling”.
  • commit 5fe6dc0: API: Replace HTTP Basic auth with static key in custom header (X-API-Key)
  • commit 4a95ab4: Use transaction for pdnssec increase-serial
  • commit 6e82a23: Don’t empty ordername during pdnssec increase-serial
  • commit 535f4e3: honor SOA-EDIT while considering “empty IXFR” fallback, fixes ticket 1835. This fixes slaving of signed zones to IXFR-aware slaves like NSD or BIND.

New in PowerDNS 3.4 (Oct 16, 2014)

  • This is a performance, feature, bugfix and conformity update to 3.3.1 and any earlier version. It contains a huge amount of work by various contributors, to whom we are very grateful.

New in PowerDNS 3.3.1 (Jan 27, 2014)

  • direct-dnskey is no longer experimental, thanks Kees Monshouwer & co for extensive testing (commit e4b36a4).
  • Handle signals during poll (commit 5dde2c6).
  • commit 7538e56: Fix zone2{sql,json} exit codes
  • commit 7593c40: geobackend: fix possible nullptr deref
  • commit 3506cc6: gpsqlbackend: don't append empty dbname=/user= values to connect string
  • gpgsql queries were simplified through the use of casting (commit 9a6e39c).
  • commit a7aa9be: Replace hardcoded make with variable
  • commit e4fe901: make sure to run PKG_PROG_PKG_CONFIG before the first PKG_* usage
  • commit 29bf169: fix hmac-md5 TSIG key lookup
  • commit c4e348b: fix 64+ character TSIG keys
  • commit 00a7b25: Fix comparison between signed and unsigned by using uint32_t for inception on INCEPTION-EPOCH
  • commit d3f6432: fix building on os x 10.9, thanks Martijn Bakker.
  • We now allow building against Lua 5.2 (commit bef3000, commit 2bdd03b, commit 88d9e99).
  • commit fa1f845: autodetect MySQL 5.5+ connection charset
  • When misconfigured using 'right' timezones, a bug in (g)libc gmtime breaks our signatures. Fixed in commit e4faf74 by Kees Monshouwer by implementing our own gmtime_r.
  • When sending SERVFAIL due to a CNAME loop, don't uselessly include the CNAMEs (commit dfd1b82).
  • Build fixes for platforms with 'weird' types (like s390/s390x): commit c669f7c (details), commit 07b904e and commit 2400764.
  • Support for += syntax for options, commit 98dd325 and others.
  • commit f8f29f4: nproxy: Add missing chdir("/") after chroot()
  • commit 2e6e9ad: fix for "missing" libmysqlclient on RHEL/CentOS based systems
  • pdnssec check-zone improvements in commit 5205892, commit edb255f, commit 0dde9d0, commit 07ee700, commit 79a3091, commit 08f3452, commit bcf9daf, commit c9a3dd7, commit 6ebfd08, commit fd53bd0, commit 7eaa83a, commit e319467, ,
  • NSEC/NSEC3 fixes in commit 3191709, commit f75293f, commit cd30e94, commit 74baf86, commit 1fa8b2b
  • The webserver could crash when the ring buffers were resized, fixed in commit 3dfb45f.
  • commit 213ec4a: add constraints for name to pg schema
  • commit f104427: make domainmetadata queries case insensitive
  • commit 78fc378: no label compression for name in TSIG records
  • commit 15d6ffb: pdnssec now outputs ZSK DNSKEY records if experimental-direct-dnskey support is enabled (renamed to direct-dnskey before release!)
  • commit ad67d0e: drop cryptopp from static build as libcryptopp.a is broken on Debian 7, which is what we build on
  • commit 7632dd8: support polarssl 1.3 externally.
  • Remotebackend was fully updated in various commits.
  • commit 82def39: SOA-EDIT: fix INCEPTION-INCREMENT handling
  • commit a3a546c: add innodb-read-committed option to gmysql settings.
  • commit 9c56e16: actually notice timeout during AXFR retrieve, thanks hkraal

New in PowerDNS 3.1 RC1 (Mar 24, 2012)

  • This version fixes important DNSSEC issues, addresses memory use, and contains a vast amount of improvements and bugfixes.

New in PowerDNS 3.0.1 (Jan 11, 2012)

  • This version is identical to 3.0, except with a fix for CVE-2012-0206 aka PowerDNS Security Notification 2012-01. An upgrade is recommended.

New in PowerDNS 3.0 RC3 (Jul 19, 2011)

  • This release brings full support for DNSSEC, with automated signing, rollovers, and key maintenance.
  • The goal is to allow existing PowerDNS installations to start serving DNSSEC with as little hassle as possible, while maintaining performance and achieving high levels of security.
  • Other new features include TSIG, a MyDNS-compat backend, also-notify, master/slave over IPv6, a bulk parallel slaving engine, MongoDB support, and Lua zone editing.

New in PowerDNS 3.0 RC1 (Apr 8, 2011)

  • This release brings full support for DNSSEC, with automated signing, rollovers, and key maintenance.
  • The goal is to allow existing PowerDNS installations to start serving DNSSEC with as little hassle as possible, while maintaining performance and achieving high levels of security.
  • Other new features include TSIG, a MyDNS-compat backend, also-notify, master/slave over IPv6, a bulk parallel slaving engine, and Lua zone editing.

New in PowerDNS 2.9.22 (Jan 28, 2009)

  • This version brings a reasonable amount of new features, combined with vast performance increases for large setups.
  • In addition, significant numbers of bugs and issues have been addressed.
  • This is a much recommended upgrade.

New in PowerDNS 2.9.22 RC2 (Nov 30, 2008)

  • Compared to 2.9.21, this version offers a massive performance boost for installations running with high cache-TTLs or a large packet cache, in many cases of an order of magnitude.
  • Additionally, a large number of bugs were addressed, some features were added, and overall many areas saw improvements.
  • RC2 fixes important issues compared to RC1.

New in PowerDNS 2.9.22 RC1 (Nov 19, 2008)

  • Compared to 2.9.21, this version offers a massive performance boost for installations running with high cache-TTLs or a large packet cache, in many cases of an order of magnitude.
  • Additionally, a large number of bugs were addressed, some features were added, and overall many areas saw improvements.

New in PowerDNS 2.9.21.2 (Nov 19, 2008)

  • Some (rare) PowerDNS Authoritative Server configurations could be forced to restart themselves remotely.
  • For other configurations, a database reconnect can be triggered remotely.
  • These problems have been fixed.