Hello everybody, We are proud and happy to announce the release of the PowerDNS Authoritative Server version 4.0.0. This release has a great number of new features and improvements compared to PowerDNS Authoritative Server 3.4. More about the 4.0.0 releases can be found on our blog[1].
Many of the changes are on the inside and were part of the great “spring cleaning“: * Moved to C++ 2011, a cleaner more powerful version of C++ that has allowed us to improve the quality of implementation in many places. * Implemented dedicated infrastructure for dealing with DNS names that is fully “DNS Native” and needs less escaping and unescaping. * Due to this, the PowerDNS Authoritative Server can now serve DNSSEC-enabled root-zones. * All backends derived from the Generic SQL backend use prepared statements. * Both the server and pdns_control do the right thing when chroot‘ed. * Caches are now fully canonically ordered, which means entries can be wiped on suffix in all places In addition to this cleanup, the following new and exciting features have been added: * A revived and supported ODBC backend (godbc). * A revived and supported LDAP backend (ldap). * Support for CDS/CDNSKEY and RFC 7344 key-rollovers. * Support for the ALIAS record. * The webserver and API are no longer experimental. * The API-path has moved to /api/v1 * DNSUpdate is no longer experimental. * ECDSA (algorithm 13 and 14) supported without in-tree cryptographic libraries (provided by OpenSSL). * Experimental support for ed25519 DNSSEC signatures (when compiled with libsodium support). * Many new pdnsutil commands, e.g. * help command now produces the help * Warns if the configuration file cannot be read * Does not check disabled records with check-zone unless verbose mode is enabled * create-zone command creates a new zone * add-record command to add records * delete-rrset and replace-rrset commands to delete and add rrsets * edit-zone command that spawns $EDITOR with the zone contents in zonefile format regardless of the backend used (blogpost) * GeoIP backend has gained many features, and can now e.g. run based on explicit netmasks not present in the GeoIP databases With new features come removals. The following backends have been dropped in 4.0.0: * LMDB. * Geo (use the improved GeoIP instead). Other important changes and deprecations include: * pdnssec has been renamed to pdnsutil. * Support for the PolarSSL/MbedTLS, Crypto++ and Botan cryptographic libraries have been dropped in favor of the (faster) OpenSSL libcrypto (except for GOST, which is still provided by Botan). * ECDSA P256 SHA256 (algorithm 13) is now the default algorithm when securing zones. * The PowerDNS Authoritative Server now listens by default on all IPv6 addresses. * Several superfluous queries have been dropped from the Generic SQL backends, if you use a non-standard SQL schema, please review the new defaults * * insert-ent-query, insert-empty-non-terminal-query, insert-ent-order-query have been replaced by one query named insert-empty-non-terminal-order-query * insert-record-order-query has been dropped, insert-record-query now sets the ordername (or NULL) * insert-slave-query has been dropped, insert-zone-query now sets the type of zone * The INCEPTION, INCEPTION-WEEK and EPOCH SOA-EDIT metadata values are marked as deprecated and will be removed in 4.1.0 We would like to thank everybody who contributed ideas, code, testing and comments during our journey toward 4.0.0. By name we like to thank (in no particular order): * Aki Tuomi * Kees Monshouwer * Christian Hofstaedtler * Jan-Piet Mens * Ruben Kerkhof * Ruben d’Arco * Mark Zealey * Pavel Boldin * Mark Schouten Compared to RC2, the following bug fixes are included (changelog with clickable links is available[2]: - #4071 Abort on backend failures at startup and retry while running (Kees Monshouwer) - #4099 Don’t leak TCP connection descriptor if pthread_create() failed - #4137 gsqlite3: Check whether foreign keys should be turned on (Aki Tuomi) And the following improvements were added: - #3051 Better error message for unfound new slave domains - #4123 check-zone: warn on mismatch between algo and NSEC mode The tarball is on the downloads site[3] (sig[4]), and packages for Debian Jessie, Ubuntu Trusty, Wily and Xenial, CentOS 6 and 7, SUSE Linux Enterprise 12.1 and Raspbian Jessie are available from our repositories [5]. Best regards, Pieter and the PowerDNS team 1 - https://blog.powerdns.com/2016/07/11/welcome-to-powerdns-4-0-0 2 - https://doc.powerdns.com/md/changelog/#powerdns-authoritative-server-400 3 - https://downloads.powerdns.com/releases/pdns-4.0.0.tar.bz2 4 - https://downloads.powerdns.com/releases/pdns-4.0.0.tar.bz2.sig 5 - https://repo.powerdns.com/ -- Pieter Lexis PowerDNS.COM BV -- https://www.powerdns.com _______________________________________________ Pdns-dev mailing list Pdns-dev@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-dev
