./net/powerdns-recursor, PowerDNS resolver/recursing nameserver

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: CURRENT, Version: 4.1.4, Package name: pdns-recursor-4.1.4, Maintainer: pkgsrc-users

The PowerDNS recursor is part of the source tarball of the main PowerDNS
distribution, but it is released separately. Starting from the version 3.0
pre-releases, there are zero known bugs or issues with the recursor. It is
known to power the resolving needs of over 2 million internet connections.

PowerDNS recursor can gets names from /etc/hosts.


Required to run:
[lang/lua52]

Required to build:
[devel/boost-headers] [pkgtools/cwrappers]

Master sites:

SHA1: 8fd2a65f2869569b77516f858c34afc283fb5524
RMD160: cf3dead4bbea3c45bf915e33188e1b35a6c530b0
Filesize: 1195.664 KB

Version history: (Expand)


CVS history: (Expand)


   2018-09-04 12:22:38 by Filip Hajny | Files touched by this commit (2) | Package updated
Log message:
net/powerdns-recursor: Update to 4.1.4.

Improvements

- Split pdns_enable_unit_tests.
- Add a new max-udp-queries-per-round setting.
- Fix warnings reported by gcc 8.1.0.
- Tests: replace awk command by perl.
- Allow the snmp thread to retrieve statistics.

Bug Fixes

- Don’t account chained queries more than once.
- Make rec_control respect include-dir.
- Load lua scripts only in worker threads.
- Purge all auth/forward zone data including subtree.
   2018-05-23 12:34:58 by Filip Hajny | Files touched by this commit (2) | Package updated
Log message:
net/powerdns-recursor: Update to 4.1.3.

Improvements
- Add a subtree option to the API cache flush endpoint.
- Use a separate, non-blocking pipe to distribute queries.
- Move carbon/webserver/control/stats handling to a separate thread.
- Add _raw versions for QName / ComboAddresses to the FFI API.
- Update copyright years to 2018
- Fix a warning on botan >= 2.5.0.

Bug Fixes
- Count a lookup into an internal auth zone as a cache miss.
- Don’t increase the DNSSEC validations counters when running with
  process-no-validate.
- Respect the AXFR timeout while connecting to the RPZ server.
- Increase MTasker stacksize to avoid crash in exception unwinding
- Use the SyncRes time in our unit tests when checking cache validity
- Add -rdynamic to C{,XX}FLAGS when we build with LuaJIT.
- Delay the loading of RPZ zones until the parsing is done, fixing a
  race condition.
- Reorder includes to avoid boost L conflict.
   2018-04-05 10:15:02 by Filip Hajny | Files touched by this commit (2) | Package updated
Log message:
net/powerdns-recursor: Update to 4.1.2.

New Features
- Add FFI version of gettag().

Improvements
- Add the option to set the AXFR timeout for RPZs.
- IXFR: correct behavior of dealing with DNS Name with multiple
  records and speed up IXFR transaction.
- Add RPZ statistics endpoint to the API.

Bug Fixes
- Retry loading RPZ zones from server when they fail initially.
- Fix ECS-based cache entry refresh code.
- Fix ECS-specific NS AAAA not being returned from the cache.
   2018-01-22 20:21:46 by Filip Hajny | Files touched by this commit (2) | Package updated
Log message:
Update net/powerdns-recursor to 4.1.1.

Improvements
- Don't process records for another class than IN

Bug Fixes
- Correctly handle ancestor delegation NSEC{,3} for children.
  (CVE-2018-1000003)
- Fix the computation of the closest encloser for positive answers.
- Pass the correct buffer size to arecvfrom().
- Fix to make primeHints threadsafe, otherwise there's a small chance
  on startup that the root-server IPs will be incorrect.
- Don't validate signature for "glue" CNAME, since anything else than
  the initial CNAME can't be considered authoritative.
   2018-01-02 13:23:55 by Filip Hajny | Files touched by this commit (7) | Package updated
Log message:
Update net/powerdns-recursor to 4.1.0.
Lua support no longer optional.

PowerDNS Recursor 4.1.0
===========================================================

- Improved DNSSEC support
- Improved documentation
- Improved RPZ support
- Improved EDNS Client Subnet support
- Support for Botan 2.x (and removal of support for Botan 1.10)
- SNMP support
- Lua engine has gained access to more parts of the recursor
- CPU affinity can now be specified
- TCP Fast Open support
- New performance metrics

Full changelog:

  https://doc.powerdns.com/recursor/changelog/4.1.html

PowerDNS Recursor 4.0.7
===========================================================

- Insufficient validation of DNSSEC signatures (CVE-2017-15090)
- Cross-Site Scripting in the web interface (CVE-2017-15092)
- Configuration file injection in the API (CVE-2017-15093)
- Memory leak in DNSSEC parsing (CVE-2017-15094)

Bug fixes
- Update rec_control manpage
- Check in the detected OpenSSL/libcrypto for ECDSA
- Make more specific Netmasks < to less specific ones
- Fix validation at the exact RRSIG inception or expiration time
- Lowercase all outgoing qnames when lowercase-outgoing is set
- Fix libatomic detection on ppc64
- Edit configname definition to include the 'config-name' argument

Improvements
- Extract nested exception from Luawrapper
- Use explicit yes for default-enabled settings
- Throw an error when lua-conf-file can't be loaded
- get-remote-ring's "other" report should only have two items.
- PowerDNS sdig does not truncate trailing bits of EDNS Client Subnet
  mask
- Only increase no-packet-error on the first read
- Add support for Botan 2.x
- Add more information to recursor cache dumps
- Fix typo in two log messages
- Add help text on autodetecting systemd support
- Be more resilient with broken auths
- Remove pdns.PASS and pdns.TRUNCATE
- Improve dnsbulktest experience in travis for more robustness
- Create socket-dir from init-script
- b.root renumbering, effective 2017-10-24
- Don't retry security polling too often when it fails
   2017-09-03 10:53:18 by Thomas Klausner | Files touched by this commit (165)
Log message:
Follow some redirects.
   2017-08-02 22:15:42 by Filip Hajny | Files touched by this commit (4) | Package updated
Log message:
Update net/powerdns-recursor to 4.0.6

Bug fixes
- Use the incoming ECS for cache lookup if use-incoming-edns-subnet is
  set
- when making a netmask from a comboaddress, we neglected to zero the
  port. This could lead to a proliferation of netmasks.
- Don't take the initial ECS source for a scope one if EDNS is off
- also set d_requestor without Lua: the ECS logic needs it
- Fix IXFR skipping the additions part of the last sequence
- Treat requestor's payload size lower than 512 as equal to 512
- make URI integers 16 bits, fixes ticket #5443
- unbreak quoting

Improvements
- EDNS Client Subnet becomes compatible with the packet cache, using
  the existing variable answer facility.
- Remove just enough entries from the cache, not one more than asked
- Move expired cache entries to the front so they are expunged
- changed IPv6 addr of b.root-servers.net
- e.root-servers.net has IPv6 now
- hello decaf signers (ED25519 and ED448)
- don't use the libdecaf ed25519 signer when libsodium is enabled
  (Kees Monshouwer)
- do not hash the message in the ed25519 signer (Kees Monshouwer)
- Disable use-incoming-edns-subnet by default
   2017-07-03 15:02:38 by Joerg Sonnenberger | Files touched by this commit (4)
Log message:
Make Bart write "I will not ignore autoconf warnings" a thousand times.
While here, don't include the configure arguments in the binary to avoid
the wrkdir references.