./net/powerdns-recursor, PowerDNS resolver/recursing nameserver

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: CURRENT, Version: 4.1.1, Package name: pdns-recursor-4.1.1, Maintainer: pkgsrc-users

The PowerDNS recursor is part of the source tarball of the main PowerDNS
distribution, but it is released separately. Starting from the version 3.0
pre-releases, there are zero known bugs or issues with the recursor. It is
known to power the resolving needs of over 2 million internet connections.

PowerDNS recursor can gets names from /etc/hosts.


Required to run:
[lang/lua52]

Required to build:
[devel/boost-headers] [pkgtools/cwrappers]

Master sites:

SHA1: 3df4b51cfcd6e4d1de3c3b833daa92b14c51c1c7
RMD160: cac9744006f40def049155fdafb3d66b6434d68a
Filesize: 1195.844 KB

Version history: (Expand)


CVS history: (Expand)


   2018-01-22 20:21:46 by Filip Hajny | Files touched by this commit (2) | Package updated
Log message:
Update net/powerdns-recursor to 4.1.1.

Improvements
- Don't process records for another class than IN

Bug Fixes
- Correctly handle ancestor delegation NSEC{,3} for children.
  (CVE-2018-1000003)
- Fix the computation of the closest encloser for positive answers.
- Pass the correct buffer size to arecvfrom().
- Fix to make primeHints threadsafe, otherwise there's a small chance
  on startup that the root-server IPs will be incorrect.
- Don't validate signature for "glue" CNAME, since anything else than
  the initial CNAME can't be considered authoritative.
   2018-01-02 13:23:55 by Filip Hajny | Files touched by this commit (7) | Package updated
Log message:
Update net/powerdns-recursor to 4.1.0.
Lua support no longer optional.

PowerDNS Recursor 4.1.0
===========================================================

- Improved DNSSEC support
- Improved documentation
- Improved RPZ support
- Improved EDNS Client Subnet support
- Support for Botan 2.x (and removal of support for Botan 1.10)
- SNMP support
- Lua engine has gained access to more parts of the recursor
- CPU affinity can now be specified
- TCP Fast Open support
- New performance metrics

Full changelog:

  https://doc.powerdns.com/recursor/changelog/4.1.html

PowerDNS Recursor 4.0.7
===========================================================

- Insufficient validation of DNSSEC signatures (CVE-2017-15090)
- Cross-Site Scripting in the web interface (CVE-2017-15092)
- Configuration file injection in the API (CVE-2017-15093)
- Memory leak in DNSSEC parsing (CVE-2017-15094)

Bug fixes
- Update rec_control manpage
- Check in the detected OpenSSL/libcrypto for ECDSA
- Make more specific Netmasks < to less specific ones
- Fix validation at the exact RRSIG inception or expiration time
- Lowercase all outgoing qnames when lowercase-outgoing is set
- Fix libatomic detection on ppc64
- Edit configname definition to include the 'config-name' argument

Improvements
- Extract nested exception from Luawrapper
- Use explicit yes for default-enabled settings
- Throw an error when lua-conf-file can't be loaded
- get-remote-ring's "other" report should only have two items.
- PowerDNS sdig does not truncate trailing bits of EDNS Client Subnet
  mask
- Only increase no-packet-error on the first read
- Add support for Botan 2.x
- Add more information to recursor cache dumps
- Fix typo in two log messages
- Add help text on autodetecting systemd support
- Be more resilient with broken auths
- Remove pdns.PASS and pdns.TRUNCATE
- Improve dnsbulktest experience in travis for more robustness
- Create socket-dir from init-script
- b.root renumbering, effective 2017-10-24
- Don't retry security polling too often when it fails
   2017-09-03 10:53:18 by Thomas Klausner | Files touched by this commit (165)
Log message:
Follow some redirects.
   2017-08-02 22:15:42 by Filip Hajny | Files touched by this commit (4) | Package updated
Log message:
Update net/powerdns-recursor to 4.0.6

Bug fixes
- Use the incoming ECS for cache lookup if use-incoming-edns-subnet is
  set
- when making a netmask from a comboaddress, we neglected to zero the
  port. This could lead to a proliferation of netmasks.
- Don't take the initial ECS source for a scope one if EDNS is off
- also set d_requestor without Lua: the ECS logic needs it
- Fix IXFR skipping the additions part of the last sequence
- Treat requestor's payload size lower than 512 as equal to 512
- make URI integers 16 bits, fixes ticket #5443
- unbreak quoting

Improvements
- EDNS Client Subnet becomes compatible with the packet cache, using
  the existing variable answer facility.
- Remove just enough entries from the cache, not one more than asked
- Move expired cache entries to the front so they are expunged
- changed IPv6 addr of b.root-servers.net
- e.root-servers.net has IPv6 now
- hello decaf signers (ED25519 and ED448)
- don't use the libdecaf ed25519 signer when libsodium is enabled
  (Kees Monshouwer)
- do not hash the message in the ed25519 signer (Kees Monshouwer)
- Disable use-incoming-edns-subnet by default
   2017-07-03 15:02:38 by Joerg Sonnenberger | Files touched by this commit (4)
Log message:
Make Bart write "I will not ignore autoconf warnings" a thousand times.
While here, don't include the configure arguments in the binary to avoid
the wrkdir references.
   2017-06-15 09:15:57 by Filip Hajny | Files touched by this commit (3) | Package updated
Log message:
Update net/powerdns-recursor to 4.0.5.

Enhancements
- Add the 2017 DNSSEC root key
- Add support for RPZ wildcarded target names.
- Speed up RPZ zone loading and add a zoneSizeHint parameter to
  rpzFile and rpzMaster for faster reloads
- Make the RPZ summary consistent and log additions/removals at debug
  level, not info
- Update Ed25519 algorithm number and mnemonic and hook up to the
  Recursor
- Add use-incoming-edns-subnet option to process and pass along ECS
  and fix some ECS bugs in the process
- Refuse to start with chroot set in a systemd env
- Handle exceptions raised by closesocket() to prevent process
  termination
- Document missing top-pub-queries and top-pub-servfail-queries
  commands for rec_control
- IPv6 address for g.root-servers.net added
- Log outgoing queries / incoming responses via protobuf

Bug fixes
- Correctly lowercase the TSIG algorithm name in hash computation
- Clear the RPZ NS IP table when clearing the policy, this prevents
  false positives
- Fix cache-only queries against a forward-zone
- Only delegate if NSes are below apex in auth-zones
- Remove hardcoding of port 53 for TCP/IP forwarded zones in recursor
- Make sure labelsToAdd is not empty in getZoneCuts()
- Wait until after daemonizing to start the outgoing protobuf thread,
  prevents hangs when the protobuf server is not available
- Ensure (re)priming the root never fails
- Don't age the root, fixes a regression from 3.x
- Fix exception when sending a protobuf message for an empty question
- LuaWrapper: Allow embedded NULs in strings received from Lua
- Fix coredumps on illumos/SmartOS
- StateHolder: Allocate (and copy if needed) before taking the lock
- SuffixMatchNode: Fix insertion issue for an existing node
- Fix negative port detection for IPv6 addresses on 32-bit systems
   2017-05-23 01:41:52 by Joerg Sonnenberger | Files touched by this commit (2)
Log message:
Merge patch from powerdns package to avoid ordering nullptrs.
   2017-05-03 10:38:46 by Jonathan Perkin | Files touched by this commit (95)
Log message:
Convert CXXFLAGS setting C++ standard to USE_LANGUAGES.