(via: https://blog.powerdns.com/2019/07/15/powerdns-recursor-4-2-0-released/)
July 15, 2019
PowerDNS Recursor 4.2.0 Released
We’re proud to announce version 4.2.0 for the PowerDNS Recursor 4.2 release
train.
The 4.2.0 release of the PowerDNS Recursor brings a lot of small, incremental
changes over the 4.1.x releases. We expect little operational impact when
upgrading from 4.1.x. However, several new features have been implemented and
some features have changed.
This release was made possible by contributions from: Gibheer, cclauss, Aki
Tuomi, Ruben, Doug Freed, Richard Gibson, Peter Gervai, Oli, Josh Soref, Rens
Houben, Kirill Ponomarev, Kees Monshouwer, Matt Nordhoff, OSSO B.V., phonedph1,
Rafael Buchbinder, Ruben Kerkhof, spirillen, Tom Ivar Helbekkmo and Chris
Hofstaedtler. Thanks!
DNS Flag Day
The 4.2.0 release of the PowerDNS Recursor removes several workarounds for
authoritative servers that respond badly to EDNS(0) queries. This is part of a
multi-vendor effort known as DNS flag day to move the DNS ecosystem forward by
being less lenient on non-conforming implementations.
XPF Support
This release adds support for DNS X-Proxied-For (draft-bellis-dnsop-xpf-04).
This technique is roughly equivalent to HTTP’s X-Forwarded-For header, it can
communicate the IP address and port of the original requestor from a
loadbalancer/frontend (like dnsdist) to the backend server. This can allow the
backend server to make decisions regarding that specific client. XPF is
disabled by default and can be enabled by setting the xpf-allow-from setting to
the source IP address of the front-end proxy and setting xpf-rr-code to the
code of the resource record used by the frontend.
EDNS Client Subnet Improvements
More granularity has been added for the users of EDNS Client Subnet. The new
ecs-add-for setting can be set to a list of netmasks for which the requestor’s
IP address should be used as the EDNS Client Subnet for outgoing queries. For
IP addresses not on this list, the PowerDNS Recursor will use the
ecs-scope-zero-address instead, which matches the behavior of 4.1.x. Valid
incoming ECS values from use-incoming-edns-subnet are not replaced.
New and Updated Settings
Sites that process large numbers of queries per second (100k+), may benefit
from the new distributor-threads setting. This can be used in combination with
pdns-distributes-queries=yes to spawn multiple threads that will pick up
incoming queries and distribute them over the worker threads.
For several statistics, the PowerDNS Recursor uses a public suffix list to
group queries. Before, this list was built into the binary and only updated for
every release. This release adds the public-suffix-list-file setting that
allows operators to supply their own public suffix list. This option is unset
by default, which means the built-in list is used.
Over the last years it has become clear that many networks on the internet lose
large UDP packets, leading to authoritative servers being seen as dead from the
recursor’s perspective. To ensure return packets from authoritative servers
have a better chance of reaching the recursor, the edns-outgoing-bufsize
setting’s default has changed from 1680 to 1232. 1232 was chosen because it is
the largest DNS response that can be carried on an IPv6 link with the IPv6
minimal MTU (1280). In tandem with this change, the udp-truncation-threshold
that decides when to truncate responses to clients has also been changed from
1680 to 1232.
Changes since release candidate 2
There have been some minor changes since release candidate 2:
#8074: Make sure we always compile with BOOST_CB_ENABLE_DEBUG set to 0
#8052: Limit compression pointers to 14 bits
#8009: Fix the export of only outgoing queries or incoming responses
#8005: Clear CMSG_SPACE(sizeof(data)) in cmsghdr to appease valgrind
Please see the changelog[1] for details.
Release cycles
Starting with this release, we intend to move to 6 month release cycles. This
means the next release of PowerDNS recursor (4.3) is scheduled for January
2020. We will support a release for two cycles (one year). After that, a
release will only get security fixes for one more cycle and then move to end of
life status. Starting with the upcoming releases, our other two open source
products dnsdist and the authoritative server will also move to a 6 month cycle
with the same support periods.
Specific information can be found in the end of life statement.
Availability
The tarball[2] (signature[3]) is available at downloads.powerdns.com and
packages for CentOS 6 and 7, Debian Stretch and Buster, Ubuntu Xenial and
Bionic are available from repo.powerdns.com. We no longer build Debian Jessie
and Trusty packages.
We would like the PowerDNS community for continued support, feedback, bug fixes
and submitted features.
Please send us all feedback and issues you might have via the mailing list[4],
or in case of a bug, via GitHub[5].
[1] https://doc.powerdns.com/recursor/changelog/4.2.html#change-4.2.0
[2] https://downloads.powerdns.com/releases/pdns-recursor-4.2.0.tar.bz2
[3] https://downloads.powerdns.com/releases/pdns-recursor-4.2.0.tar.bz2.sig
[4] https://mailman.powerdns.com/mailman/listinfo/pdns-users
[5] https://github.com/PowerDNS/pdns/issues/new
--
kind regards,
Otto Moerbeek
PowerDNS Developer
signature.asc
Description: PGP signature
_______________________________________________ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
