-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Warning: Version 3.4.2 of the PowerDNS Authoritative Server is a major upgrade if you are coming from 2.9.x. Additionally, if you are coming from any 3.x version (including 3.3.1), there is a mandatory SQL schema upgrade. Please refer to the Upgrade documentation for important information on correct and stable operation, as well as notes on performance and memory use.
Find the downloads on our download page, https://www.powerdns.com/downloads.html This is a performance and bugfix update to 3.4.1 and any earlier version. For high traffic setups, including those using DNSSEC, upgrading to 3.4.2 may show tremendous performance increases. Please let us know. We would like to thank Patrik Wallström of IIS, Kees Monshouwer and Fredrik Eriksson of Loopia for working with us on solving several issues that only became apparent on a 750000 domain (!) DNSSEC installation, the last of which we could eventually trace to memory fragmentation in the secure allocator of our cryptography library. This bug chase, which lasted for over a month, led to numerous other improvements, like better statistical metrics for plotting (actual CPU usage, uptime, key cache size, signatures/s) and the 'sharding' of our internal caches to better support multi-CPU operations. A list of changes since 3.4.1 follows. Please see the full clickable changelog at https://doc.powerdns.com/md/changelog/#powerdns-authoritative-server-342 Improvements: * implement CORS for the HTTP API * qtype is now case insensitive in API and database * Allow (optional) PIE hardening * json-api: remove priority from json * backport remotebackend fixes * Support Lua 5.3 * support single-type ZSK signing * Potential fix for ticket #1907, we now try to trigger libgcc_s.so.1 to load before we chroot. I can't reproduce the bug on my local system, but this "should" help. * update polarssl to 1.3.9 Bug fixes: * refuse overly long labels in names * auth: limit long version strings to 63 characters and catch exceptions in secpoll * pdnssec: fix ttl check for RRSIG records * fix up latency reporting for sub-millisecond latencies (would clip to 0) * make sure we don't throw an exception on "pdns_control show" of an unknown variable * fix startup race condition with carbon thread already trying to broadcast uninitialized data * make qsize-q more robust * Kees Monshouwer discovered we count corrupt packets and EAGAIN situations as validly received packets, skewing the udp questions/answers graphs on auth. * make latency & qsize reporting 'live'. Plus fix that we only reported the qsize of the first distributor. * fix up statbag for carbon protocol and function pointers * get priority from table in Lua axfrfilter; fixes ticket #1857 * various backends: fix records pointing at root * remove additional layer of trailing . stripping, which broke MX records to the root in the BIND backend. Should close ticket #1243. * api: use uncached results for getKeys() * read ALLOW-AXFR-FROM from the backend with the metadata Minor changes: * move manpages to section 1 * secpoll: Replace ~ with _ * only zones with an active ksk are secure * api: show keys for zones without active ksk New features: * add signatures metric to auth, so we can plot signatures/second * pdns_control: make it posible to notify all zones at once * JSON API: provide flush-cache, notify, axfr-receive * add 'bench-db' to do very simple database backend performance benchmark * enable callback based metrics to statbags, and add 5 such metrics: uptime, sys-msec, user-msec, key-cache-size, meta-cache-size, signature-cache-size Performance improvements: * better key for packetcache * don't do time(0) under signature cache lock * shard the packet cache, closing ticket #1910. * with thanks to Jack Lloyd, this works around the default Botan allocator slowing down for us during production use. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iEYEARECAAYFAlTQpEIACgkQHF7pkNLnFXU9PQCdE8SOyKnZv5L1cNeykn41Hgl8 NxQAoOwPNyqohboVjI5tCy8L7Uy6tedB =VXFO -----END PGP SIGNATURE----- _______________________________________________ Pdns-users mailing list [email protected] http://mailman.powerdns.com/mailman/listinfo/pdns-users
