./net/powerdns, Modern, advanced and high performance nameserver

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: CURRENT, Version: 4.0.4, Package name: powerdns-4.0.4, Maintainer: pkgsrc-users

The PowerDNS nameserver is a modern, advanced and high performance
authoritative-only nameserver. It is written from scratch and conforms
to all the relevant DNS standards documents. PowerDNS is open source.

The PowerDNS nameserver utilizes a flexible backend architecture that
can access DNS information from any data source. This includes file
formats, Bind zone files, relational databases or LDAP directories.

See the net/powerdns-* packages for additional backend modules.


Required to run:
[devel/boost-libs]

Required to build:
[devel/boost-headers] [devel/ragel] [pkgtools/cwrappers]

Package options: bind, pipe, random

Master sites:

SHA1: 27a7421d363e2d8c6dac1404a8c1c96bc6e93f46
RMD160: b21f87c79162d3a6b1952d96093088ede17e9690
Filesize: 1289.382 KB

Version history: (Expand)


CVS history: (Expand)


   2017-06-23 19:12:54 by Filip Hajny | Files touched by this commit (4) | Package updated
Log message:
Update net/powerdns* to 4.0.4.

This release features a fix for the ed25519 signer. This signer hashed the
message before signing, resulting in unverifiable signatures. Also on the
Elliptic Curve front, support was added for ED448 (DNSSEC algorithm 16)
by using libdecaf.

Bug fixes

- Do not hash the message in the ed25519 signer
- Make URI integers 16 bits, fixes #5443
- configure.ac: Corrects syntax error in test statement on existance
   of libcrypto_ecdsa
- configure.ac: Fix quoting issue fixes #5401
- configure.ac: Check in the detected OpenSSL/libcrypto for ECDSA
- configure.ac: Check if we can link against libatomic if needed
- Fix typo in ldapbackend.cc from issue #5091
- Sort NSEC record case insensitive
- Make sure NSEC ordernames are always lower case
- API: correctly take TTL from first record even if we are at
  the last comment
- Fix AtomicCounter unit tests on 32-bit
- Fix negative port detection for IPv6 addresses on 32-bit
- Remove support for 'right' timezones, as this code turned out to be broken
- Lowercase the TSIG algorithm name in hash computation
- Handle exceptions raised by closesocket()
- Don't leak on signing errors during outgoing AXFR; signpipe stumbles over
  interrupted rrsets; fix memory leak in gmysql backend
- TinyCDB backend: Don't leak a CDB object in case of bogus data

Improvements
- ODBC backend: Allow query logging
- Add ED25519 (algo 15) and ED448 (algo 16) support with libdecaf signer
- YaHTTP: Sync with upstream changes
- Send a notification to all slave servers after every dnsupdate
- Add option to set a global lua-axfr-script value
- dnsreplay: Add --source-ip and --source-port options
- calidns: Use the correct socket family (IPv4 / IPv6)
- Add an option to allow AXFR of zones with a different (higher/lower) serial
- API: Make trailing dot handling consistent with pdnsutil
- SuffixMatchNode: Fix insertion issue for an existing node
- Do not resolve the NS-records for NOTIFY targets if the "only-notify"
  whitelist is empty, as a target will never match an empty whitelist.
- Improve the AXFR DNSSEC freshness check; Ignore NSEC3PARAM metadata in
  an unsigned zone
- Create additional reuseport sockets before dropping privileges; remove
  transaction in pgpsql backend
   2017-04-30 03:22:04 by Ryo ONODERA | Files touched by this commit (612) | Package updated
Log message:
Recursive revbump from boost update
   2017-04-22 23:04:05 by Adam Ciarcinski | Files touched by this commit (670) | Package updated
Log message:
Revbump after icu update
   2017-03-29 13:46:04 by Filip Hajny | Files touched by this commit (3) | Package updated
Log message:
Fix SunOS segfaults. Bump PKGREVISION.
   2017-03-24 16:14:14 by Joerg Sonnenberger | Files touched by this commit (2)
Log message:
Fix build with clang: ISO C++ says nullptr has no relation operators
defined.
   2017-03-09 14:52:34 by Filip Hajny | Files touched by this commit (1)
Log message:
Import powerdns-odbc 4.0.3.

This packages provides the ODBC backend module to PowerDNS.
   2017-03-09 14:50:07 by Filip Hajny | Files touched by this commit (1)
Log message:
Import powerdns-geoip 4.0.3.

This packages provides the GeoIP backend module to PowerDNS.
   2017-03-09 14:32:54 by Filip Hajny | Files touched by this commit (29) | Package removed
Log message:
Update net/powerdns to 4.0.3.

pkgsrc changes:

- Remove options for cryptopp and geoip (the latter to go into a
  separate package).
- Clean up a lot of patches that do not seem to be needed anymore.

PowerDNS Authoritative Server 4.0.3
===================================

- Revert "In 'Bind2Backend::lookup()', use the 'zoneId' when we have it"

PowerDNS Authoritative Server 4.0.2

Security issues fixed:

- 2016-02: Crafted queries can cause abnormal CPU usage
- 2016-03: Denial of service via the web server
- 2016-04: Insufficient validation of TSIG signatures
- 2016-05: Crafted zone record can cause a denial of service

Other highlights:

- Don't parse spurious RRs in queries when we don't need them (Security
  Advisory 2016-02)
- Don't exit if the webserver can't accept a connection (Security
  Advisory 2016-03)
- Check TSIG signature on IXFR (Security Advisory 2016-04)
- Correctly check unknown record content size (Security Advisory
  2016-05)
- ODBC backend: actually prepare statements
- Improve root-zone performance
- Plug memory leak in postgresql backend (Christian Hofstaedtler)
- calidns: Don't crash if we don't have enough 'unknown' queries
  remaining
- Improve PacketCache cleaning (Kees Monshouwer)
- Bind backend: update status message on reload, keep the existing zone
  on failure
- Fix TSIG for single thread distributor (Kees Monshouwer)
- Change default for any-to-tcp to yes (Kees Monshouwer)
- Don't look up the packet cache for TSIG-enabled queries
- Fix build with OpenSSL 1.1.0 final (Christian Hofstaedtler)
- pdnsutil: create-slave-zone accept multiple masters (Hannu Ylitalo)

PowerDNS Authoritative Server 4.0.1
===================================

Bug fixes
- Wait for the connection to the carbon server to be established
- Don't try to deallocate empty PG statements
- Send the correct response when queried for an NSEC directly (Kees
  Monshouwer)
- Don't include bind files if length <= 2 or > sizeof(filename)
- Catch runtime_error when parsing a broken MNAME

Improvements
- Make DNSPacket return a ComboAddredd for local and remote (Aki Tuomi)
- OpenSSL 1.1.0 support (Christian Hofstaedtler)
- Fix typos in a logmessage and exception (Christian Hofsteadtler)
- pdnsutil: Remove checking of ctime and always diff the changes (Hannu
  Ylitalo)
- dnsreplay: Only add Client Subnet stamp when asked
- Use toLogString() for ringAccount (Kees Monshouwer)

Additions
- Add limits to the size of received {A,I}XFR
- Add used filedescriptor statistic (Kees Monshouwer)

PowerDNS Authoritative Server 4.0.0
===================================

- Moved to C++ 2011, a cleaner more powerful version of C++ that has
  allowed us to improve the quality of implementation in many places.
- Implemented dedicated infrastructure for dealing with DNS names that
  is fully "DNS Native" and needs less escaping and unescaping.
- Due to this, the PowerDNS Authoritative Server can now serve
  DNSSEC-enabled root-zones.
- All backends derived from the Generic SQL backend use prepared
  statements.
- Both the server and pdns_control do the right thing when chroot'ed.
- Caches are now fully canonically ordered, which means entries can be
  wiped on suffix in all places
- A revived and supported ODBC backend (godbc).
- A revived and supported LDAP backend (ldap).
- Support for CDS/CDNSKEY and RFC 7344 key-rollovers.
- Support for the ALIAS record.
- The webserver and API are no longer experimental.
- The API-path has moved to /api/v1
- DNSUpdate is no longer experimental.
- ECDSA (algorithm 13 and 14) supported without in-tree cryptographic
  libraries (provided by OpenSSL).
- Experimental support for ed25519 DNSSEC signatures (when compiled with
  libsodium support).
- Many new pdnsutil commands.
- GeoIP backend has gained many features, and can now e.g. run based on
  explicit netmasks not present in the GeoIP databases
- Removed support for LMDB.
- Removed the Geo backened (use the improved GeoIP instead).
- pdnssec has been renamed to pdnsutil.
- Support for the PolarSSL/MbedTLS, Crypto++ and Botan cryptographic
  libraries have been dropped in favor of the (faster) OpenSSL libcrypto
  (except for GOST, which is still provided by Botan).
- ECDSA P256 SHA256 (algorithm 13) is now the default algorithm when
  securing zones.
- The PowerDNS Authoritative Server now listens by default on all IPv6
  addresses.
- Several superfluous queries have been dropped from the Generic SQL
  backends.
- The INCEPTION, INCEPTION-WEEK and EPOCH SOA-EDIT metadata values are
  marked as deprecated and will be removed in 4.1.0