./net/powerdns-recursor, PowerDNS resolver/recursing nameserver

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]

Branch: CURRENT, Version: 4.0.4, Package name: pdns-recursor-4.0.4, Maintainer: pkgsrc-users

The PowerDNS recursor is part of the source tarball of the main PowerDNS
distribution, but it is released separately. Starting from the version 3.0
pre-releases, there are zero known bugs or issues with the recursor. It is
known to power the resolving needs of over 2 million internet connections.

PowerDNS recursor can gets names from /etc/hosts.

Required to build:
[devel/boost-headers] [pkgtools/cwrappers]

Master sites:

SHA1: e3d2f18e0ea929e425bc9da4256f76331797f691
RMD160: 12b1b7239156d9b898199c02a1edd6875301a7b1
Filesize: 1025.973 KB

Version history: (Expand)

CVS history: (Expand)

   2017-03-24 19:45:44 by Filip Hajny | Files touched by this commit (1)
Log message:
Requires pkg-config to build properly
   2017-03-09 14:43:49 by Filip Hajny | Files touched by this commit (18) | Package removed
Log message:
Update net/powerdns-recursor to 4.0.4.

PowerDNS Recursor 4.0.4

Change highlights include:

- Check TSIG signature on IXFR (Security Advisory 2016-04)
- Don't parse spurious RRs in queries when we don't need them
  (Security Advisory 2016-02)
- Add 'max-recursion-depth' to limit the number of internal recursion
- Wait until after daemonizing to start the RPZ and protobuf threads
- On RPZ customPolicy, follow the resulting CNAME
- Make the negcache forwarded zones aware
- Cache records for zones that were delegated to from a forwarded zone
- DNSSEC: don't go bogus on zero configured DSs
- DNSSEC: NSEC3 optout and Bogus insecure forward fixes
- DNSSEC: Handle CNAMEs at the apex of secure zones to other secure

PowerDNS Recursor 4.0.3

Bug fixes
- Call gettag() for TCP queries
- Fix the use of an uninitialized filtering policy
- Parse query-local-address before lua-config-file
- Fix accessing an empty policyCustom, policyName from Lua
- ComboAddress: don't allow invalid ports
- Fix RPZ default policy not being applied over IXFR
- DNSSEC: Actually follow RFC 7646 ยง2.1
- Add boost context ldflags so freebsd builds can find the libs
- Ignore NS records in a RPZ zone received over IXFR
- Fix build with OpenSSL 1.1.0 final
- Don't validate when a Lua hook took the query
- Fix a protobuf regression (requestor/responder mix-up)

Additions and Enhancements
- Support Boost 1.61+ fcontext
- Add Lua binding for DNSRecord::d_place

PowerDNS Recursor 4.0.2

Bug fixes
- Set dq.rcode before calling postresolve
- Honor PIE flags.
- Fix build with LibreSSL, for which OPENSSL_VERSION_NUMBER is
- Don't shuffle CNAME records. (thanks to Gert van Dijk for the
  extensive bug report!)
- Fix delegation-only

Additions and enhancements
- Respect the timeout when connecting to a protobuf server
- allow newDN to take a DNSName in; document missing methods
- expose SMN toString to lua
- Anonymize the protobuf ECS value as well (thanks to Kai Storbeck of
  XS4All for finding this)
- Allow Lua access to the result of the Policy Engine decision, skip
  RPZ, finish RPZ implementation
- Remove unused DNSPacket::d_qlen
- RPZ: Use query-local-address(6) by default (thanks to Oli Schacher
  of switch.ch for the feature request)
- Move the root DNSSEC data to a header file

PowerDNS Recursor 4.0.1

Bug fixes
- Improve DNSSEC record skipping for non dnssec queries (Kees
- Don't validate zones from the local auth store, go one level down
  while validating when there is a CNAME
- Don't go bogus on islands of security
- Check all possible chains for Insecures
- Don't go Bogus on a CNAME at the apex
- RPZ: default policy should also override local data RRs
- Fix a crash when the next name in a chained query is empty and
  rec_control current-queries is invoked

- OpenSSL 1.1.0 support (Christian Hofstaedtler)
- Fix warnings with gcc on musl-libc (James Taylor)
- Also validate on +DO
- Fail to start when the lua-dns-script does not exist
- Add more Netmask methods for Lua (Aki Tuomi)
- Validate DNSSEC for security polling
- Turn on root-nx-trust by default and log-common-errors=off
- Allow for multiple trust anchors per zone
- Fix compilation warning when building without Protobuf

PowerDNS Recursor 4.0.0

- Moved to C++ 2011, a cleaner more powerful version of C++ that has
  allowed us to improve the quality of implementation in many places.
- Implemented dedicated infrastructure for dealing with DNS names that
  is fully "DNS Native" and needs less escaping and unescaping.
- Switched to binary storage of DNS records in all places.
- Moved ACLs to a dedicated Netmask Tree.
- Implemented a version of RCU for configuration changes
- Instrumented our use of the memory allocator, reduced number of
  malloc calls substantially.
- The Lua hook infrastructure was redone using LuaWrapper; old scripts
  will no longer work, but new scripts are easier to write under the
  new interface.
- DNSSEC processing: if you ask for DNSSEC records, you will get them.
- DNSSEC validation: if so configured, PowerDNS perform DNSSEC
  validation of your answers.
- Completely revamped Lua scripting API that is "DNSName" native and
  therefore far less error prone, and likely faster for most commonly
  used scenarios.
- New asynchronous per-domain, per-ip address, query engine.
- RPZ (from file, over AXFR or IXFR) support.
- All caches can now be wiped on suffixes, because of canonical
- Many, many more relevant performance metrics, including upstream
  authoritative performance measurements.
- EDNS Client Subnet support, including cache awareness of
  subnet-varying answers.
   2016-06-08 12:16:57 by Jonathan Perkin | Files touched by this commit (89)
Log message:
Remove the stability entity, it has no meaning outside of an official context.
   2016-06-08 11:46:05 by Jonathan Perkin | Files touched by this commit (47)
Log message:
Change the service_bundle name to "export" to reduce diffs between the
original manifest.xml file and the output from "svccfg export".
   2015-11-04 01:35:47 by Alistair G. Crooks | Files touched by this commit (748)
Log message:
Add SHA512 digests for distfiles for net category

Problems found with existing digests:
	Package haproxy distfile haproxy-1.5.14.tar.gz
	159f5beb8fdc6b8059ae51b53dc935d91c0fb51f [recorded]
	da39a3ee5e6b4b0d3255bfef95601890afd80709 [calculated]

Problems found locating distfiles:
	Package bsddip: missing distfile bsddip-1.02.tar.Z
	Package citrix_ica: missing distfile citrix_ica-10.6.115659/en.linuxx86.tar.gz
	Package djbdns: missing distfile djbdns-1.05-test25.diff.bz2
	Package djbdns: missing distfile djbdns-cachestats.patch
	Package djbdns: missing distfile 0002-dnscache-cache-soa-records.patch
	Package gated: missing distfile gated-3-5-11.tar.gz
	Package owncloudclient: missing distfile owncloudclient-2.0.2.tar.xz
	Package poink: missing distfile poink-1.6.tar.gz
	Package ra-rtsp-proxy: missing distfile rtspd-src-
	Package ucspi-ssl: missing distfile ucspi-ssl-0.70-ucspitls-0.1.patch
	Package waste: missing distfile waste-source.tar.gz

Otherwise, existing SHA1 digests verified and found to be the same on
the machine holding the existing distfiles (morden).  All existing
SHA1 digests retained for now as an audit trail.
   2015-06-10 16:40:07 by Filip Hajny | Files touched by this commit (2) | Package updated
Log message:
Update net/powerdns-recursor to 3.7.3 (previous commit was 3.7.2).

PowerDNS Recursor 3.7.3
- Limit the maximum length of a qname
- pdnssec: check for glue and delegations in parent zones
   2015-06-10 16:23:11 by Filip Hajny | Files touched by this commit (1)
Log message:
Add SMF manifest.
   2015-06-10 16:22:29 by Filip Hajny | Files touched by this commit (26) | Package updated
Log message:
Update net/powerdns-recursor to 3.7.3.
Add SMF support.
Defuzz patches.

PowerDNS Recursor 3.7.3
- Limit the maximum length of a qname
- pdnssec: check for glue and delegations in parent zones

PowerDNS Recursor 3.7.2
- Fix handling of forward references in label compressed packets;
  fixes CVE-2015-1868.
- Minor improvements and bugfixes.

PowerDNS Recursor 3.7.1
- New root-nx-trust flag makes PowerDNS generalize NXDOMAIN responses
  from the root-servers
- getregisteredname() for Lua, which turns 'www.bbc.co.uk' into 'bbc.co.uk'
- Lua preoutquery filter
- Lua IP-based filter (ipfilter) before parsing packets
- iputils class for Lua, to quickly process IP addresses and netmasks
  in their native format
- getregisteredname function for Lua, to find the registered domain
  for a given name
- Various new ringbuffers: top-servfail-remotes, top-largeanswer-remotes,
- Minor improvements and bugfixes.

PowerDNS Recursor 3.6.2
- Minor improvements and bugfixes.

PowerDNS Recursor 3.6.1
- Fix for a crash under a specific sequence of packets.

PowerDNS Recursor 3.6.0
- Implement minimum-ttl-override config setting, plus runtime configurability
  via 'rec_control set-minimum-ttl'.
- Lots of work on the JSON API, which is exposed via Aki Tuomi's 'yahttp'.
- Lua modules can now use 'pdnslog(INFO..')
- Adopt any-to-tcp feature to the recursor.
- Implement built-in statistics dumper using the 'carbon' protocol, which
  is also understood by metronome (our mini-graphite). Use 'carbon-server',
  'carbon-ourname' and 'carbon-interval' settings.
- New setting 'udp-truncation-threshold' to configure from how many bytes
  we should truncate. commit a09a8ce.
- Proper support for CHaos class for CHAOS TXT queries.
- Added support for Lua scripts to drop queries w/o further processing.
- Kevin Holly added qtype statistics to recursor and rec_control.
- Add support for include-files in configuration, also reload ACLs and zones
  defined in them.
- Paulo Anes contributed server-down-max-fails which helps combat
  Recursive DNS based amplification attacks.
- Implement "followCNAMERecords" feature in the Lua hooks.
- Minor improvements and bugfixes.

PowerDNS Recursor 3.5.3
- This is a bugfix and performance update to 3.5.2. It brings serious
  performance improvements for dual stack users.

PowerDNS Recursor 3.5.2
- This is a stability and bugfix update to 3.5.1. It contains important
  fixes that improve operation for certain domains.

PowerDNS Recursor 3.5.1
- This is a stability and bugfix update to 3.5.

PowerDNS Recursor 3.5
- The local zone server now understands wildcards.
- The Lua postresolve and nodata hooks.
- A new feature, rec_control trace-regex allows the tracing of lookups
  for specific names
- A new setting, export-etc-hosts-search-suffix, adds a configurable
  suffix to names imported from /etc/hosts
- Minor improvements & bugfixes

PowerDNS Recursor 3.3.1
- Small number of important fixes, adds some memory usage statistics,
  but no new features