./net/powerdns-recursor, PowerDNS resolver/recursing nameserver

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: CURRENT, Version: 4.0.5, Package name: pdns-recursor-4.0.5, Maintainer: pkgsrc-users

The PowerDNS recursor is part of the source tarball of the main PowerDNS
distribution, but it is released separately. Starting from the version 3.0
pre-releases, there are zero known bugs or issues with the recursor. It is
known to power the resolving needs of over 2 million internet connections.

PowerDNS recursor can gets names from /etc/hosts.


Required to build:
[devel/boost-headers] [pkgtools/cwrappers]

Master sites:

SHA1: 2f9fcab4a759ed4f21f8f1233b91ad6ef8b5545e
RMD160: 3cf3594ab6ede39a1400cb21e2905217d735bc4e
Filesize: 1041.157 KB

Version history: (Expand)


CVS history: (Expand)


   2017-07-03 15:02:38 by Joerg Sonnenberger | Files touched by this commit (4)
Log message:
Make Bart write "I will not ignore autoconf warnings" a thousand times.
While here, don't include the configure arguments in the binary to avoid
the wrkdir references.
   2017-06-15 09:15:57 by Filip Hajny | Files touched by this commit (3) | Package updated
Log message:
Update net/powerdns-recursor to 4.0.5.

Enhancements
- Add the 2017 DNSSEC root key
- Add support for RPZ wildcarded target names.
- Speed up RPZ zone loading and add a zoneSizeHint parameter to
  rpzFile and rpzMaster for faster reloads
- Make the RPZ summary consistent and log additions/removals at debug
  level, not info
- Update Ed25519 algorithm number and mnemonic and hook up to the
  Recursor
- Add use-incoming-edns-subnet option to process and pass along ECS
  and fix some ECS bugs in the process
- Refuse to start with chroot set in a systemd env
- Handle exceptions raised by closesocket() to prevent process
  termination
- Document missing top-pub-queries and top-pub-servfail-queries
  commands for rec_control
- IPv6 address for g.root-servers.net added
- Log outgoing queries / incoming responses via protobuf

Bug fixes
- Correctly lowercase the TSIG algorithm name in hash computation
- Clear the RPZ NS IP table when clearing the policy, this prevents
  false positives
- Fix cache-only queries against a forward-zone
- Only delegate if NSes are below apex in auth-zones
- Remove hardcoding of port 53 for TCP/IP forwarded zones in recursor
- Make sure labelsToAdd is not empty in getZoneCuts()
- Wait until after daemonizing to start the outgoing protobuf thread,
  prevents hangs when the protobuf server is not available
- Ensure (re)priming the root never fails
- Don't age the root, fixes a regression from 3.x
- Fix exception when sending a protobuf message for an empty question
- LuaWrapper: Allow embedded NULs in strings received from Lua
- Fix coredumps on illumos/SmartOS
- StateHolder: Allocate (and copy if needed) before taking the lock
- SuffixMatchNode: Fix insertion issue for an existing node
- Fix negative port detection for IPv6 addresses on 32-bit systems
   2017-05-23 01:41:52 by Joerg Sonnenberger | Files touched by this commit (2)
Log message:
Merge patch from powerdns package to avoid ordering nullptrs.
   2017-05-03 10:38:46 by Jonathan Perkin | Files touched by this commit (95)
Log message:
Convert CXXFLAGS setting C++ standard to USE_LANGUAGES.
   2017-03-31 21:41:13 by Filip Hajny | Files touched by this commit (3)
Log message:
powerdns-recursor also needs the segfault fix for SunOS. PKGREVISION++
   2017-03-24 19:45:44 by Filip Hajny | Files touched by this commit (1)
Log message:
Requires pkg-config to build properly
   2017-03-09 14:43:49 by Filip Hajny | Files touched by this commit (18) | Package removed
Log message:
Update net/powerdns-recursor to 4.0.4.

PowerDNS Recursor 4.0.4
=======================

Change highlights include:

- Check TSIG signature on IXFR (Security Advisory 2016-04)
- Don't parse spurious RRs in queries when we don't need them
  (Security Advisory 2016-02)
- Add 'max-recursion-depth' to limit the number of internal recursion
- Wait until after daemonizing to start the RPZ and protobuf threads
- On RPZ customPolicy, follow the resulting CNAME
- Make the negcache forwarded zones aware
- Cache records for zones that were delegated to from a forwarded zone
- DNSSEC: don't go bogus on zero configured DSs
- DNSSEC: NSEC3 optout and Bogus insecure forward fixes
- DNSSEC: Handle CNAMEs at the apex of secure zones to other secure
  zones

PowerDNS Recursor 4.0.3
=======================

Bug fixes
- Call gettag() for TCP queries
- Fix the use of an uninitialized filtering policy
- Parse query-local-address before lua-config-file
- Fix accessing an empty policyCustom, policyName from Lua
- ComboAddress: don't allow invalid ports
- Fix RPZ default policy not being applied over IXFR
- DNSSEC: Actually follow RFC 7646 ยง2.1
- Add boost context ldflags so freebsd builds can find the libs
- Ignore NS records in a RPZ zone received over IXFR
- Fix build with OpenSSL 1.1.0 final
- Don't validate when a Lua hook took the query
- Fix a protobuf regression (requestor/responder mix-up)

Additions and Enhancements
- Support Boost 1.61+ fcontext
- Add Lua binding for DNSRecord::d_place

PowerDNS Recursor 4.0.2
=======================

Bug fixes
- Set dq.rcode before calling postresolve
- Honor PIE flags.
- Fix build with LibreSSL, for which OPENSSL_VERSION_NUMBER is
  irrelevant
- Don't shuffle CNAME records. (thanks to Gert van Dijk for the
  extensive bug report!)
- Fix delegation-only

Additions and enhancements
- Respect the timeout when connecting to a protobuf server
- allow newDN to take a DNSName in; document missing methods
- expose SMN toString to lua
- Anonymize the protobuf ECS value as well (thanks to Kai Storbeck of
  XS4All for finding this)
- Allow Lua access to the result of the Policy Engine decision, skip
  RPZ, finish RPZ implementation
- Remove unused DNSPacket::d_qlen
- RPZ: Use query-local-address(6) by default (thanks to Oli Schacher
  of switch.ch for the feature request)
- Move the root DNSSEC data to a header file

PowerDNS Recursor 4.0.1
=======================

Bug fixes
- Improve DNSSEC record skipping for non dnssec queries (Kees
  Monshouwer)
- Don't validate zones from the local auth store, go one level down
  while validating when there is a CNAME
- Don't go bogus on islands of security
- Check all possible chains for Insecures
- Don't go Bogus on a CNAME at the apex
- RPZ: default policy should also override local data RRs
- Fix a crash when the next name in a chained query is empty and
  rec_control current-queries is invoked

Improvements
- OpenSSL 1.1.0 support (Christian Hofstaedtler)
- Fix warnings with gcc on musl-libc (James Taylor)
- Also validate on +DO
- Fail to start when the lua-dns-script does not exist
- Add more Netmask methods for Lua (Aki Tuomi)
- Validate DNSSEC for security polling
- Turn on root-nx-trust by default and log-common-errors=off
- Allow for multiple trust anchors per zone
- Fix compilation warning when building without Protobuf

PowerDNS Recursor 4.0.0
=======================

- Moved to C++ 2011, a cleaner more powerful version of C++ that has
  allowed us to improve the quality of implementation in many places.
- Implemented dedicated infrastructure for dealing with DNS names that
  is fully "DNS Native" and needs less escaping and unescaping.
- Switched to binary storage of DNS records in all places.
- Moved ACLs to a dedicated Netmask Tree.
- Implemented a version of RCU for configuration changes
- Instrumented our use of the memory allocator, reduced number of
  malloc calls substantially.
- The Lua hook infrastructure was redone using LuaWrapper; old scripts
  will no longer work, but new scripts are easier to write under the
  new interface.
- DNSSEC processing: if you ask for DNSSEC records, you will get them.
- DNSSEC validation: if so configured, PowerDNS perform DNSSEC
  validation of your answers.
- Completely revamped Lua scripting API that is "DNSName" native and
  therefore far less error prone, and likely faster for most commonly
  used scenarios.
- New asynchronous per-domain, per-ip address, query engine.
- RPZ (from file, over AXFR or IXFR) support.
- All caches can now be wiped on suffixes, because of canonical
  ordering.
- Many, many more relevant performance metrics, including upstream
  authoritative performance measurements.
- EDNS Client Subnet support, including cache awareness of
  subnet-varying answers.
   2016-06-08 12:16:57 by Jonathan Perkin | Files touched by this commit (89)
Log message:
Remove the stability entity, it has no meaning outside of an official context.