[Pdns-users] PowerDNS Recursor Security Advisory 2024-02: if recursive forwarding is configured, crafted responses can lead to a denial of service in Recursor
Dear user, Please find below a security advisory, relating to PowerDNS Recursor 4.8.7, 4.9.4 and 5.0.3 only. When using recursive forwarding, a crafted response from an upstream server can cause a Denial of Service in the Recursor. = PowerDNS Security Advisory 2024-02: if recursive forwarding is configured, crafted responses can lead to a denial of service in Recursor CVE: CVE-2024-25583 Date: 24th of April 2024. Affects: PowerDNS Recursor 4.8.7, 4.9.4 and 5.0.3, earlier versions are not affected Not affected: PowerDNS Recursor 4.8.8, 4.9.5 and 5.0.4 Severity: High (only when using recursive forwarding) Impact: Denial of service Exploit: This problem can be triggered by an attacker publishing a crafted zone Risk of system compromise: None Solution: Upgrade to patched version When using recursive forwarding, a crafted response from an upstream server can cause a Denial of Service in the Recursor. The default configuration of the Recursor does not use recursive forwarding and is not affected. CVSS Score: 7.5, only for configurations using recursive forwarding, see https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H=3.1 The remedy is to update to a patched version. signature.asc Description: This is a digitally signed message part ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
[Pdns-users] PowerDNS Authoritative Server 4.9.0
Hello! This is release 4.9.0 of the Authoritative Server. It brings a few new features, and a collection of small improvements and fixes. Some internals have been reworked to support the new features. A detailed list of changes can be found in the [1]changelog. Please make sure to read the [2]Upgrade Notes before upgrading. If you install (not upgrade to) this version on Debian or Ubuntu, please read [3]this ticket about broken configs first. The [4]tarball ([5]signature) is available at [6]downloads.powerdns.com. Packages for various distributions are available from [7]repo.powerdns.com. Please send us all feedback and issues you might have via the [8]mailing list, or in case of a bug, via [9]GitHub. Note that per our [10]End of life policy, the release of version 4.9 marks the end of support for version 4.6. References 1. https://doc.powerdns.com/authoritative/changelog/4.9.html#change-4.9.0 2. https://doc.powerdns.com/authoritative/upgrading.html 3. https://github.com/PowerDNS/pdns/issues/13708 4. https://downloads.powerdns.com/releases/pdns-4.9.0.tar.bz2 5. https://downloads.powerdns.com/releases/pdns-4.9.0.tar.bz2.sig 6. https://downloads.powerdns.com/releases/ 7. https://repo.powerdns.com/ 8. https://mailman.powerdns.com/mailman/listinfo/pdns-users 9. https://github.com/PowerDNS/pdns/issues/new/choose 10. https://doc.powerdns.com/authoritative/appendices/EOL.html signature.asc Description: This is a digitally signed message part ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
[Pdns-users] PowerDNS Authoritative Server 4.9.0-beta2
Hello! This is release 4.9.0-beta2 (beta1 was not released, due to a tagging mistake) of the Authoritative Server. It brings a few new features, and a collection of small improvements and fixes. Some internals have been reworked to support the new features. A detailed list of changes can be found in the [1]changelog. Please make sure to read the [2]Upgrade Notes before upgrading. If you install (not upgrade to) this version on Debian or Ubuntu, please read [3]this ticket about broken configs first. The [4]tarball ([5]signature) is available at [6]downloads.powerdns.com. Packages for various distributions are available from [7]repo.powerdns.com. Please send us all feedback and issues you might have via the [8]mailing list, or in case of a bug, via [9]GitHub. References 1. https://doc.powerdns.com/authoritative/changelog/4.9.html#change-4.9.0-beta2 2. https://doc.powerdns.com/authoritative/upgrading.html 3. https://github.com/PowerDNS/pdns/issues/13708 4. https://downloads.powerdns.com/releases/pdns-4.9.0-beta2.tar.bz2 5. https://downloads.powerdns.com/releases/pdns-4.9.0-beta2.tar.bz2.sig 6. https://downloads.powerdns.com/releases/ 7. https://repo.powerdns.com/ 8. https://mailman.powerdns.com/mailman/listinfo/pdns-users 9. https://github.com/PowerDNS/pdns/issues/new/choose Kind regards, -- Peter van Dijk PowerDNS.com B.V. - https://www.powerdns.com/ signature.asc Description: This is a digitally signed message part ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
Re: [Pdns-users] PowerDNS Authoritative Server 4.9.0-alpha1
On Fri, 2024-01-12 at 14:13 +0100, Peter van Dijk via Pdns-announce wrote: > https://doc.powerdns.com/authoritative/changelog/4.8.html#change-4.9.0-alpha1 This, of course, should be https://doc.powerdns.com/authoritative/changelog/4.9.html#change-4.9.0-alpha1 Thanks to Frank Louwers for noticing. Kind regards, -- Peter van Dijk PowerDNS.com B.V. - https://www.powerdns.com/ signature.asc Description: This is a digitally signed message part ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
[Pdns-users] PowerDNS Authoritative Server 4.9.0-alpha1
Hello! This is release 4.9.0-alpha1 of the Authoritative Server. It brings a few new features, and a collection of small improvements and fixes. Some internals have been reworked to support the new features. A detailed list of changes can be found in the [4]changelog. If you install (not upgrade to) this version on Debian or Ubuntu, please read [2]this ticket about broken configs first. Please make sure to read the [5]Upgrade Notes before upgrading. The [6]tarball ([7]signature) is available at [8]downloads.powerdns.com. Packages for various distributions are available from [9]repo.powerdns.com. Please send us all feedback and issues you might have via the [10]mailing list, or in case of a bug, via [11]GitHub. References 1. https://doc.powerdns.com/authoritative/upgrading.html 2. https://github.com/PowerDNS/pdns/issues/13708 4. https://doc.powerdns.com/authoritative/changelog/4.8.html#change-4.9.0-alpha1 5. https://doc.powerdns.com/authoritative/upgrading.html 6. https://downloads.powerdns.com/releases/pdns-4.9.0.tar.bz2 7. https://downloads.powerdns.com/releases/pdns-4.9.0.tar.bz2.sig 8. https://downloads.powerdns.com/releases/ 9. https://repo.powerdns.com/ 10. https://mailman.powerdns.com/mailman/listinfo/pdns-users 11. https://github.com/PowerDNS/pdns/issues/new/choose Kind regards, -- Peter van Dijk PowerDNS.com B.V. - https://www.powerdns.com/ signature.asc Description: This is a digitally signed message part ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
Re: [Pdns-users] URL redirect with PDNS Authoritative
On Fri, 2024-01-12 at 10:25 +0100, Peter van Dijk via Pdns-users wrote: > If you want to build this feature, and keep all data in one place (the > PowerDNS database), you could use disabled=1 records with some convenient > type (TXT, URI, etc.) that your webservice can look up. You could also use comments in the database for this. Kind regards, -- Peter van Dijk PowerDNS.com B.V. - https://www.powerdns.com/ ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
Re: [Pdns-users] URL redirect with PDNS Authoritative
On Fri, 2024-01-12 at 09:42 +0100, Andrea Biancalani via Pdns-users wrote: > is there any way to set a record in PDNS authoritative server that > allow web URL redirect? Not really. > Example: example.com IN WR https://example.net/subpage/... > > Reading official documentation, WR record type seems not to be > supported actually and URI is not intended for this purposes. > > Exist any way to not have an external webservice to answer queries and > redirect with 301 traffic? Any lua scripting code out there? > A long time ago, PowerDNS had 30% of this feature - I think we called it 'URL' and not 'WR' back then. If PowerDNS saw that record, it would serve a static A record from the config. Then, you still needed an external webservice to take the requests and look inside the PowerDNS database to generate 301s. There is no suitable webserver -inside- PowerDNS for generating redirects; CloudNS also has to run a name server -and- a web server to provide this feature. If you want to build this feature, and keep all data in one place (the PowerDNS database), you could use disabled=1 records with some convenient type (TXT, URI, etc.) that your webservice can look up. You'd still need to provide A/ records, or perhaps a CNAME or ALIAS to manage the IP of your webservice in one place. Kind regards, -- Peter van Dijk PowerDNS.com B.V. - https://www.powerdns.com/ ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
[Pdns-users] PowerDNS Authoritative Server 4.8.4
Hello! This is the release of Authoritative Server 4.8.4. In Authoritative Server 4.8, the LMDB backend gains a new Lightning Stream-compatible schema, which requires a data migration (this is automatic, and there is no migration back to the old schema). LMDB backend users should pay extra attention to the [1]Upgrade Notes. [2]Lightning Stream is an [3]open source data syncer that allows multiple nodes to sync LMDB (Lightning Memory-Mapped Database) data to and from an S3 (compatible) bucket. This has particular advantages in distributed and/or large-scale applications (i.e. ~1 million records), making DNS replication much, much easier to manage. We are excited about how Lightning Stream simplifies running multiple distributed PowerDNS Authoritative servers, with full support for keeping record data and DNSSEC keys in sync, from multiple writers. Release 4.8.4 contains a few bug fixes, and one new feature for Docker users. A detailed list of changes can be found in the [4]changelog. Please make sure to read the [5]Upgrade Notes before upgrading. The [6]tarball ([7]signature) is available at [8]downloads.powerdns.com. Packages for various distributions are available from [9]repo.powerdns.com. Please send us all feedback and issues you might have via the [10]mailing list, or in case of a bug, via [11]GitHub. References 1. https://doc.powerdns.com/authoritative/upgrading.html 2. https://doc.powerdns.com/lightningstream 3. https://github.com/PowerDNS/lightningstream 4. https://doc.powerdns.com/authoritative/changelog/4.8.html#change-4.8.4 5. https://doc.powerdns.com/authoritative/upgrading.html 6. https://downloads.powerdns.com/releases/pdns-4.8.4.tar.bz2 7. https://downloads.powerdns.com/releases/pdns-4.8.4.tar.bz2.sig 8. https://downloads.powerdns.com/releases/ 9. https://repo.powerdns.com/ 10. https://mailman.powerdns.com/mailman/listinfo/pdns-users 11. https://github.com/PowerDNS/pdns/issues/new/choose Kind regards, -- Peter van Dijk PowerDNS.com B.V. - https://www.powerdns.com/ signature.asc Description: This is a digitally signed message part ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
[Pdns-users] package build instructions (was: Re: PDNS repos request)
On Thu, 2023-10-05 at 17:45 +0200, Peter van Dijk via Pdns-users wrote: > On Tue, 2023-10-03 at 20:38 +0300, Alex Pavlov via Pdns-users wrote: > > Hello To all PDNS admins, > > > > Recently the older PDNS repos were deleted from official PDNS Repo > > website. > > The distros for Ubuntu 16.x (Xenial) and 18.x (Bionic) were wiped out > > without any link to “archives” or “old releases”. > > As indicated by another reply in this thread, yes, those releases are > EOL, and thus we do not publish packages for them. > > It's easy to rebuild these packages for yourself if you really need them: We now have more extensive documentation at https://github.com/PowerDNS/pdns/blob/master/BUILDING-PACKAGES.md - with this, it should be easy to build the packages you need, without running into dependency troubles. Kind regards, -- Peter van Dijk PowerDNS.com B.V. - https://www.powerdns.com/ ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
Re: [Pdns-users] PDNS repos request
On Tue, 2023-10-03 at 20:38 +0300, Alex Pavlov via Pdns-users wrote: > Hello To all PDNS admins, > > Recently the older PDNS repos were deleted from official PDNS Repo > website. > The distros for Ubuntu 16.x (Xenial) and 18.x (Bionic) were wiped out > without any link to “archives” or “old releases”. As indicated by another reply in this thread, yes, those releases are EOL, and thus we do not publish packages for them. It's easy to rebuild these packages for yourself if you really need them: 1. clone our git repo (https://github.com/PowerDNS/pdns) 2. check out the version you want 3. update submodules (git submodule update --init --recursive) 4. run builder/build.sh to see what arguments it supports 5. then run builder/build.sh with the arguments you want (for example, builder/build.sh -m recursor ubuntu-bionic) Kind regards, -- Peter van Dijk PowerDNS.com B.V. - https://www.powerdns.com/ ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
[Pdns-users] PowerDNS Authoritative Server 4.8.3
Hello! This is the release of Authoritative Server 4.8.3. In Authoritative Server 4.8, the LMDB backend gains a new Lightning Stream-compatible schema, which requires a data migration (this is automatic, and there is no migration back to the old schema). LMDB backend users should pay extra attention to the [1]Upgrade Notes. [2]Lightning Stream is an [3]open source data syncer that allows multiple nodes to sync LMDB (Lightning Memory-Mapped Database) data to and from an S3 (compatible) bucket. This has particular advantages in distributed and/or large-scale applications (i.e. ~1 million records), making DNS replication much, much easier to manage. We are excited about how Lightning Stream simplifies running multiple distributed PowerDNS Authoritative servers, with full support for keeping record data and DNSSEC keys in sync, from multiple writers. Release 4.8.3 contains one bug fix (in ixfrdist), one workaround for a bug in MySQL client libraries, and one new feature (default-catalog-zone). A detailed list of changes can be found in the [4]changelog. Please make sure to read the [5]Upgrade Notes before upgrading. The [6]tarball ([7]signature) is available at [8]downloads.powerdns.com. Packages for various distributions are available from [9]repo.powerdns.com. Please send us all feedback and issues you might have via the [10]mailing list, or in case of a bug, via [11]GitHub. References 1. https://doc.powerdns.com/authoritative/upgrading.html 2. https://doc.powerdns.com/lightningstream 3. https://github.com/PowerDNS/lightningstream 4. https://doc.powerdns.com/authoritative/changelog/4.8.html#change-4.8.3 5. https://doc.powerdns.com/authoritative/upgrading.html 6. https://downloads.powerdns.com/releases/pdns-4.8.3.tar.bz2 7. https://downloads.powerdns.com/releases/pdns-4.8.3.tar.bz2.sig 8. https://downloads.powerdns.com/releases/ 9. https://repo.powerdns.com/ 10. https://mailman.powerdns.com/mailman/listinfo/pdns-users 11. https://github.com/PowerDNS/pdns/issues/new/choose Kind regards, -- Peter van Dijk PowerDNS.com B.V. - https://www.powerdns.com/ signature.asc Description: This is a digitally signed message part ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
[Pdns-users] delivery problems for mailman.powerdns.com
Hello dear readers, recently, mailman.powerdns.com ended up listed on a few RBLs. This caused a lot of email to bounce, and eventually Mailman unsubscribed many people from pdns-users. We have requested delisting where we could find URLs to do so, and hope that the situation will improve. If you used to get email from one of our lists, but no longer do, please resubscribe at https://mailman.powerdns.com/mailman/listinfo/ We also have a vibrant community on IRC, where you can discuss PowerDNS - see https://www.powerdns.com/powerdns-community for more information. Besides that, we have recently started trialing GitHub Discussions. I would not call it lively yet, but perhaps that will change! https://github.com/PowerDNS/pdns/discussions/ Our apologies for the inconvenience. Kind regards, -- Peter van Dijk PowerDNS.com B.V. - https://www.powerdns.com/ ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
[Pdns-users] PowerDNS Authoritative Server 4.8.2
Hello! This is the release of Authoritative Server 4.8.2. In Authoritative Server 4.8, the LMDB backend gains a new Lightning Stream-compatible schema, which requires a data migration (this is automatic, and there is no migration back to the old schema). LMDB backend users should pay extra attention to the [1]Upgrade Notes. [2]Lightning Stream is an [3]open source data syncer that allows multiple nodes to sync LMDB (Lightning Memory-Mapped Database) data to and from an S3 (compatible) bucket. This has particular advantages in distributed and/or large-scale applications (i.e. ~1 million records), making DNS replication much, much easier to manage. We are excited about how Lightning Stream simplifies running multiple distributed PowerDNS Authoritative servers, with full support for keeping record data and DNSSEC keys in sync, from multiple writers. Release 4.8.2 contains a small collection of fixes and improvements. A full list of changes can be found in the [4]changelog. Please make sure to read the [5]Upgrade Notes before upgrading. The [6]tarball ([7]signature) is available at [8]downloads.powerdns.com. Packages for various distributions are available from [9]repo.powerdns.com. Please send us all feedback and issues you might have via the [10]mailing list, or in case of a bug, via [11]GitHub. References 1. https://doc.powerdns.com/authoritative/upgrading.html 2. https://doc.powerdns.com/lightningstream 3. https://github.com/PowerDNS/lightningstream 4. https://doc.powerdns.com/authoritative/changelog/4.8.html#change-4.8.2 5. https://doc.powerdns.com/authoritative/upgrading.html 6. https://downloads.powerdns.com/releases/pdns-4.8.2.tar.bz2 7. https://downloads.powerdns.com/releases/pdns-4.8.2.tar.bz2.sig 8. https://downloads.powerdns.com/releases/ 9. https://repo.powerdns.com/ 10. https://mailman.powerdns.com/mailman/listinfo/pdns-users 11. https://github.com/PowerDNS/pdns/issues/new/choose Kind regards, -- Peter van Dijk PowerDNS.com B.V. - https://www.powerdns.com/ signature.asc Description: This is a digitally signed message part ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
[Pdns-users] PowerDNS Authoritative Server 4.8.1
Hello! This is the release of Authoritative Server 4.8.1. In Authoritative Server 4.8, the LMDB backend gains a new Lightning Stream-compatible schema, which requires a data migration (this is automatic, and there is no migration back to the old schema). LMDB backend users should pay extra attention to the [1]Upgrade Notes. [2]Lightning Stream is an [3]open source data syncer that allows multiple nodes to sync LMDB (Lightning Memory-Mapped Database) data to and from an S3 (compatible) bucket. This has particular advantages in distributed and/or large-scale applications (i.e. ~1 million records), making DNS replication much, much easier to manage. We are excited about how Lightning Stream simplifies running multiple distributed PowerDNS Authoritative servers, with full support for keeping record data and DNSSEC keys in sync, from multiple writers. Release 4.8.1 contains a small collection of fixes and improvements. A full list of changes can be found in the [4]changelog. Please make sure to read the [5]Upgrade Notes before upgrading. The [6]tarball ([7]signature) is available at [8]downloads.powerdns.com. Packages for various distributions are available from [9]repo.powerdns.com. Please send us all feedback and issues you might have via the [10]mailing list, or in case of a bug, via [11]GitHub. References 1. https://doc.powerdns.com/authoritative/upgrading.html 2. https://doc.powerdns.com/lightningstream 3. https://github.com/PowerDNS/lightningstream 4. https://doc.powerdns.com/authoritative/changelog/4.8.html#change-4.8.1 5. https://doc.powerdns.com/authoritative/upgrading.html 6. https://downloads.powerdns.com/releases/pdns-4.8.1.tar.bz2 7. https://downloads.powerdns.com/releases/pdns-4.8.1.tar.bz2.sig 8. https://downloads.powerdns.com/releases/ 9. https://repo.powerdns.com/ 10. https://mailman.powerdns.com/mailman/listinfo/pdns-users 11. https://github.com/PowerDNS/pdns/issues/new/choose Kind regards, -- Peter van Dijk PowerDNS.COM BV - https://www.powerdns.com/ signature.asc Description: This is a digitally signed message part ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
Re: [Pdns-users] Unable to edit domainmetadata with API
On Fri, 2023-06-30 at 17:25 +0530, Shailendra Gautam via Pdns-users wrote: > Hi, > > I'd like to edit the domain metadata SOA-EDIT-API to EPOCH but the API > doesn't allow it, however I can edit SOA-EDIT kind. Is that a bug? Both items are available on the Zone object - https://doc.powerdns.com/authoritative/http-api/zone.html#zone Kind regards, -- Peter van Dijk PowerDNS.COM BV - https://www.powerdns.com/ ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
[Pdns-users] First Release Candidate of PowerDNS Recursor 4.9.0
We are proud to announce the first release candidate of PowerDNS Recursor 4.9.0. Compared to the previous major (4.8) release of PowerDNS Recursor, this release contains the following major changes: * The performance impact of metrics collection has been reduced by using lock-free non-atomic thread-local counters. * The packet cache is sharded and shared by all threads. * The TTL of negative answers in the packet cache can now be controlled separately from positive and failure answers. * The rec_control trace_regex command writes the generated trace information to a specified file instead of the general log. The trace information contains more precise timestamps and DNSSEC validation information. * If [1]extended-resolution-errors is enabled EDNS errors are now generated in more cases, specifically when authoritative servers for a zone are unreachable or when synthesising answers by e.g. using the aggressive NSEC cache. * The aggressive NSEC cache has been changed not to store NSEC3 entries which cover only a small [2]fraction of possible names. This also allows switching off the aggressive cache for NSEC3 only. * It is now possible to switch off [3]root-refreshing completely. * Proper handling of security policies that [4]restrict the use of specific DNSSEC algorithms on RHEL9 derived systems. Feedback is appreciated! As a follow-up to the shared packet cache, the default way the recursor distributes requests over worker threads has now been changed to let the operating system kernel do that, by changing the defaults of [5]pdns-distributes-queries to no and [6]reuseport to yes. Though our testing has shown benefits to this approach, we have seen that in some rare cases (depending on OS and client traffic patterns) this can have negative consequences: the queries are not distributed equally over the worker threads. If you are running this pre-release, we would appreciate your feedback to be able to confirm the change of defaults benefits the vast majority of cases. Watch the periodic statistics printed by the recursor to see if the worker threads process about roughly amounts of queries. Especially if you see an imbalance, send us details about the OS, hardware and configuration. As always, there are also many smaller bug fixes and improvements, please refer to the [7]changelog for additional details. When upgrading do not forget to check the [8]upgrade guide. Please send us all feedback and issues you might have via the [9]mailing list, or in case of a bug, via [10]GitHub. The [11]tarball ([12]signature) is available from our download [13]server and packages for several distributions are available from our [14]repository. With the future final 4.9.0 release, the 4.6.x releases will be EOL and the 4.7.x and 4.8.x releases will go into critical fixes only mode. Consult the EOL [15]policy for more details. We would also like to mention that with the 4.5 release we stopped supporting systems using 32-bit time. This includes many 32-bit Linux platforms. We are grateful to the PowerDNS community for the reporting of bugs, issues, feature requests, and especially to the submitters of fixes and implementations of features. References 1. https://docs.powerdns.com/recursor/settings.html#extended-resolution-errors 2. https://docs.powerdns.com/recursor/settings.html#aggressive-cache-min-nsec3-hit-ratio 3. https://docs.powerdns.com/recursor/settings.html#hint-file 4. https://docs.powerdns.com/recursor/settings.html#dnssec-disabled-algorithms 5. https://docs.powerdns.com/recursor/settings.html#pdns-distributes-queries 6. https://docs.powerdns.com/recursor/settings.html#reuseport 7. https://doc.powerdns.com/recursor/changelog/4.9.html#change-4.9.0-rc1 8. https://docs.powerdns.com/recursor/upgrade.html 9. https://mailman.powerdns.com/mailman/listinfo/pdns-users 10. https://github.com/PowerDNS/pdns/issues/new/choose 11. https://downloads.powerdns.com/releases/pdns-recursor-4.9.0-rc1.tar.bz2 12. https://downloads.powerdns.com/releases/pdns-recursor-4.9.0-rc1.tar.bz2.sig 13. https://downloads.powerdns.com/releases/ 14. https://repo.powerdns.com/ 15. https://docs.powerdns.com/recursor/appendices/EOL.html signature.asc Description: This is a digitally signed message part ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
[Pdns-users] NOTE! debian/ubuntu package signing keys need to be refreshed
As several people noted on this list and on https://github.com/PowerDNS/pdns/issues/12894, we let our release signing keys expire. I have now extended the expiry by 3 years and we will deploy a more robust solution before -that- time passes. You can either redownload the keys from the same place, or, if you're using apt-key, try "apt-key adv --refresh-keys --keyserver keyserver.ubuntu.com" Please let us know if you run into any additional trouble. Many apologies for the inconvenience. Kind regards, -- Peter van Dijk PowerDNS.COM BV - https://www.powerdns.com/ ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
[Pdns-users] PowerDNS Authoritative Server 4.8.0, with Lightning Stream support
Hello! This is the release of Authoritative Server 4.8.0. In Authoritative Server 4.8, the LMDB backend gains a new Lightning Stream-compatible schema, which requires a data migration (this is automatic, and there is no migration back to the old schema). LMDB backend users should pay extra attention to the [1]Upgrade Notes. [2]Lightning Stream is an [3]open source data syncer that allows multiple nodes to sync LMDB (Lightning Memory-Mapped Database) data to and from an S3 (compatible) bucket. This has particular advantages in distributed and/or large-scale applications (i.e. ~1 million records), making DNS replication much, much easier to manage. We are excited about how Lightning Stream simplifies running multiple distributed PowerDNS Authoritative servers, with full support for keeping record data and DNSSEC keys in sync, from multiple writers. 4.8.0 improves on the logic for dealing with domains existing twice in the database when two Lightning Stream nodes manage to add it at the same time. It also contains a few other fixes. A full list of changes can be found in the [4]changelog. Please make sure to read the [5]Upgrade Notes before upgrading. The [6]tarball ([7]signature) is available at [8]downloads.powerdns.com. Packages for various distributions are available from [9]repo.powerdns.com. Please send us all feedback and issues you might have via the [10]mailing list, or in case of a bug, via [11]GitHub. References 1. https://doc.powerdns.com/authoritative/upgrading.html 2. https://doc.powerdns.com/lightningstream 3. https://github.com/PowerDNS/lightningstream 4. https://doc.powerdns.com/authoritative/changelog/4.8.html#change-4.8.0 5. https://doc.powerdns.com/authoritative/upgrading.html 6. https://downloads.powerdns.com/releases/pdns-4.8.0.tar.bz2 7. https://downloads.powerdns.com/releases/pdns-4.8.0.tar.bz2.sig 8. https://downloads.powerdns.com/releases/ 9. https://repo.powerdns.com/ 10. https://mailman.powerdns.com/mailman/listinfo/pdns-users 11. https://github.com/PowerDNS/pdns/issues/new/choose Kind regards, -- Peter van Dijk PowerDNS.COM BV - https://www.powerdns.com/ signature.asc Description: This is a digitally signed message part ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
[Pdns-users] Authoritative Server 4.8.0-beta1, with Lightning Stream support
Hello! This is the first Beta release for Authoritative Server 4.8.0. In Authoritative Server 4.8, the LMDB backend gains a new Lightning Stream-compatible schema, which requires a data migration (this is automatic, and there is no migration back to the old schema). LMDB backend users should pay extra attention to the [1]Upgrade Notes. [2]Lightning Stream is an [3]open source data syncer that allows multiple nodes to sync LMDB (Lightning Memory-Mapped Database) data to and from an S3 (compatible) bucket. This has particular advantages in distributed and/or large-scale applications (i.e. ~1 million records), making DNS replication much, much easier to manage. We are excited about how Lightning Stream simplifies running multiple distributed PowerDNS Authoritative servers, with full support for keeping record data and DNSSEC keys in sync, from multiple writers. 4.8.0-beta1 adds logic to deal with domains existing twice in the database when two Lightning Stream nodes manage to add it at the same time. It also contains a few other fixes. A full list of changes can be found in the [4]changelog. Please make sure to read the [5]Upgrade Notes before upgrading. The [6]tarball ([7]signature) is available at [8]downloads.powerdns.com. Packages for various distributions are available from [9]repo.powerdns.com. Please send us all feedback and issues you might have via the [10]mailing list, or in case of a bug, via [11]GitHub. References 1. https://doc.powerdns.com/authoritative/upgrading.html 2. https://doc.powerdns.com/lightningstream 3. https://github.com/PowerDNS/lightningstream 4. https://doc.powerdns.com/authoritative/changelog/4.8.html#change-4.8.0-beta1 5. https://doc.powerdns.com/authoritative/upgrading.html 6. https://downloads.powerdns.com/releases/pdns-4.8.0-beta1.tar.bz2 7. https://downloads.powerdns.com/releases/pdns-4.8.0-beta1.tar.bz2.sig 8. https://downloads.powerdns.com/releases/ 9. https://repo.powerdns.com/ 10. https://mailman.powerdns.com/mailman/listinfo/pdns-users 11. https://github.com/PowerDNS/pdns/issues/new/choose signature.asc Description: This is a digitally signed message part ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
Re: [Pdns-users] order of Comments in the MySQL-Backend
Hello Markus, On Thu, 2023-04-20 at 12:48 +, Markus Ehrlicher via Pdns-users wrote: > Hello together, > > I’m not sure, if this is a real problem or my thinking is wrong in this > case, so I will try to describe as best as possible ;) > > We’re currently using PDNS Auth-Servers in version 4.7.3 with MySQL- > Backend. In our management-interface (PowerDNS-Admin), we’re using the > comment-feature and in the past I noticed, that the order of this > comments in a zone is sometimes wrong. I found out, that this only > appears, when multiple records for the same name exists (for example, > multiple TXT-Records for @). Comments in the database are per RRset, not per record. Any ordering, or relation to specific records, you might see in a frontend, would be pure luck. Kind regards, -- Peter van Dijk PowerDNS.COM BV - https://www.powerdns.com/ ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
[Pdns-users] PowerDNS Authoritative Server 4.7.4
Hello, This is the release of version 4.7.4 of the Authoritative Server. It contains various bug fixes, some performance improvements, and one new feature (pdnsutil list-member-zones). A full list of changes can be found in the [1]changelog. Please make sure to read the [2]Upgrade Notes before upgrading. The [3]tarball ([4]signature) is available at [5]downloads.powerdns.com. Packages for various distributions are available from [6]repo.powerdns.com. Please send us all feedback and issues you might have via the [7]mailing list, or in case of a bug, via [8]GitHub. References [1] https://doc.powerdns.com/authoritative/changelog/4.7.html#change-4.7.4 [2] https://doc.powerdns.com/authoritative/upgrading.html [3] https://downloads.powerdns.com/releases/pdns-4.7.4.tar.bz2 [4] https://downloads.powerdns.com/releases/pdns-4.7.4.tar.bz2.sig [5] https://downloads.powerdns.com/releases/ [6] https://repo.powerdns.com/ [7] https://mailman.powerdns.com/mailman/listinfo/pdns-users [8] https://github.com/PowerDNS/pdns/issues/new/choose Kind regards, -- Peter van Dijk PowerDNS.COM BV - https://www.powerdns.com/ signature.asc Description: This is a digitally signed message part ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
Re: [Pdns-users] Rcode 3 NXDOMAIN for existing CNAME
On Tue, 2023-03-21 at 16:57 +0100, Peter Thomassen via Pdns-users wrote: > Well, if you ask for the xNAME (e.g. CNAME) record, then you'll get that > (with a NOERROR code). So by issuing an xNAME query in addition to the record > type you're interested in, you can learn whether the NXDOMAIN is due to the > queried name not existing, or due to the CNAME chain target not existing. > > However, I doubt this is a reasonable approach for your ACME client. It would be a weird workaround, when the better approach is to make the ACME client just understand rcodes correctly :) Cheers, Peter ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
[Pdns-users] Authoritative Server 4.8.0-alpha1, with Lightning Stream support
Hello! This is the first Alpha release for Authoritative Server 4.8.0. In this release, the LMDB backend gains a new Lightning Stream-compatible schema, which requires a data migration (this is automatic, and there is no migration back to the old schema). LMDB backend users should pay extra attention to the [1]Upgrade Notes. [2]Lightning Stream is an [3]open source data syncer that allows multiple nodes to sync LMDB (Lightning Memory-Mapped Database) data to and from an S3 (compatible) bucket. This has particular advantages in distributed and/or large-scale applications (i.e. ~1 million records), making DNS replication much, much easier to manage. We are excited about how Lightning Stream simplifies running multiple distributed PowerDNS Authoritative servers, with full support for keeping record data and DNSSEC keys in sync, from multiple writers. A full list of changes can be found in the [4]changelog. Please make sure to read the [5]Upgrade Notes before upgrading. The [6]tarball ([7]signature) is available at [8]downloads.powerdns.com. Packages for various distributions are available from [9]repo.powerdns.com. Please send us all feedback and issues you might have via the [10]mailing list, or in case of a bug, via [11]GitHub. References 1. https://doc.powerdns.com/authoritative/upgrading.html 2. https://doc.powerdns.com/lightningstream 3. https://github.com/PowerDNS/lightningstream 4. https://doc.powerdns.com/authoritative/changelog/4.8.html#change-4.8.0-alpha1 5. https://doc.powerdns.com/authoritative/upgrading.html 6. https://downloads.powerdns.com/releases/pdns-4.8.0-alpha1.tar.bz2 7. https://downloads.powerdns.com/releases/pdns-4.8.0-alpha1.tar.bz2.sig 8. https://downloads.powerdns.com/releases/ 9. https://repo.powerdns.com/ 10. https://mailman.powerdns.com/mailman/listinfo/pdns-users 11. https://github.com/PowerDNS/pdns/issues/new/choose signature.asc Description: This is a digitally signed message part ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
Re: [Pdns-users] pdns_recursor issue
Hi Arien, On Thu, 2023-01-26 at 13:30 +0100, Arien Vijn via Pdns-users wrote: > Greetings, > > We recently upgraded pdns_recursor from version 4.4.5 to 4.8.0. It seems that > we run in into the following issue ever since. > > 1/ Client queries for an A-record for xdsl-serviceweb.kpn.com. > 2/ Recursor queries the domain tree and receives the CNAME-record that points > to: xdsl-c-serviceweb.gslb.kpn.com. from the authoritative DNS server. > 3/ Recursor queries and receives the subsequent an A-record from the > authoritative DNS server for that A-record. > 4/ Recursor answers the client mentioned in 1/. > > So far so good, until the A-record of xdsl-c-serviceweb.gslb.kpn.com. expires > out of the 'main record cache' but not from the 'main packet cache'. The > CNAME remains in both caches. Please note this excerpt from: rec_control > dump-cache below: After some brief investigation we somewhat suspect this is aggressive NSEC caching. Can you see if aggressive-nsec-cache-size=0 makes the problem go away? Kind regards, -- Peter van Dijk PowerDNS.COM BV - https://www.powerdns.com/ ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
Re: [Pdns-users] Reloading metadata with bind-backend & sqlite
On Mon, 2022-12-19 at 14:29 +0100, Thib D via Pdns-users wrote: > Hi, > > Apologies for the misunderstanding, > > I was mentioning this warning from the pdns docs, but I'm not sure this > also applies to bind-backend + sqlite setups: > > It is not possible to replace the sqlite3 database file while > > PowerDNS is running. Specifically, using rsync to distribute sqlite3 > > databases does not work without stopping PowerDNS first and > > restarting it after the change. It does also apply. It generally applies to almost all applications that use SQLite. > My goal here is to be able to modify/add either cryptokeys or metadata > for a zone without having to restart PowerDNS. > However, the sqlite database I am using on top of the bind backend is > read-only and provided from elsewhere (a distant server). You'll have to update the local database file in a way that doesn't break sqlite's active handle on it. (I don't have any tricks ready for that, sorry.) Kind regards, -- Peter van Dijk PowerDNS.COM BV - https://www.powerdns.com/ ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
[Pdns-users] PowerDNS Authoritative Server 4.5.5, 4.6.4 and 4.7.3 Released
Hello, Today we have released maintenance updates of PowerDNS Authoritative Server 4.5.5, 4.6.4 and 4.7.3, containing fixes for a few minor issues. For more details on the other fixes, consult the changelogs available at [1]4.5.5, [2]4.6.4, [3]4.7.3. The source tarballs ([4]4.5.5, [5]4.6.4, [6]4.7.3) and signatures ([7]4.5.5, [8]4.6.4, [9]4.7.3) are available from our download [10]server. Packages for various distributions are available from our [11]repository. Note that PowerDNS Authoritative Server 4.4.x and older releases are End of Life. Consult the [12]EOL policy for more details. We would also like to repeat that starting with the 4.5 release branch we stopped supporting systems using 32-bit time. This includes most 32-bit Linux platforms. We are grateful to the PowerDNS community for the reporting of bugs, issues, feature requests, and especially to the submitters of fixes and implementations of features. Please send us all feedback and issues you might have via the [13]mailing list, or in case of a bug, via [14]GitHub. References 1. https://docs.powerdns.com/authoritative/changelog/4.5.html#change-4.5.5 2. https://docs.powerdns.com/authoritative/changelog/4.6.html#change-4.6.4 3. https://docs.powerdns.com/authoritative/changelog/4.7.html#change-4.7.3 4. https://downloads.powerdns.com/releases/pdns-4.5.5.tar.bz2 5. https://downloads.powerdns.com/releases/pdns-4.6.4.tar.bz2 6. https://downloads.powerdns.com/releases/pdns-4.7.3.tar.bz2 7. https://downloads.powerdns.com/releases/pdns-4.5.5.tar.bz2.sig 8. https://downloads.powerdns.com/releases/pdns-4.6.4.tar.bz2.sig 9. https://downloads.powerdns.com/releases/pdns-4.7.3.tar.bz2.sig 10. https://downloads.powerdns.com/releases/ 11. https://repo.powerdns.com/ 12. https://docs.powerdns.com/authoritative/appendices/EOL.html 13. https://mailman.powerdns.com/mailman/listinfo/pdns-users 14. https://github.com/PowerDNS/pdns/issues/new/choose signature.asc Description: This is a digitally signed message part ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
[Pdns-users] FOSDEM 2023 DNS Devroom Call for Presentations
Hello DNS enthusiasts and other developers, After three earlier successful and packed DNS devrooms at FOSDEM 2018, 2019, and 2020, we are happy to announce a half-day DNS devroom at FOSDEM 2023. As with the previous events, we hope to host talks anywhere from hardcore protocol stuff, to practical sessions for programmers that are not directly involved with DNS but may have to deal with DNS in their day to day coding or system administrators responsible for DNS infrastructure. We have been allotted a room on Saturday the 4th of February 2023, from 15:00 to 19:00 (CET). If you have something you’d like to share with your fellow developers, please head to pentabarf at https://penta.fosdem.org/submission/FOSDEM23. Examples of topics are measuring, monitoring, DNS libraries, anecdotes on how you’ve (ab)used the DNS, and group discussions of upcoming technologies. For the upcoming technologies, we're looking for submissions on Applications Doing DNS (ADD), SVCB/HTTPS records and applications thereof, and stub-resolver configuration. Here’s the 2020 schedule, for your inspiration: https://archive.fosdem.org/2020/schedule/track/dns/. We expect to schedule 30 minutes per talk, including questions, but if you need more or less time, we can discuss this. The deadline for submissions is December 7th 2022. If you have a FOSDEM Pentabarf account from a previous year, please use that account. Reach out to dns-devroom-mana...@fosdem.org if you run into any trouble. this CfP lives online at https://blog.powerdns.com/2022/11/11/fosdem-2023-dns-developer-room-call-for-participation/ - any important changes will be posted at least there See you there! Cheers, The FOSDEM 2023 DNS Devroom organizers ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
[Pdns-users] dnsdist 1.7.3 released
Hello! We are very happy to release dnsdist 1.7.3 today, a maintenance release with no functional changes. This release strictly serves to bring dnsdist packages to our EL9 and Ubuntu Jammy repositories, and upgrades the dnsdist Docker image from Debian buster to Debian bullseye, as buster is officially EOL. Please see the dnsdist [1]website for the more complete [2]changelog and the current documentation. Please send us all feedback and issues you might have via the [3]mailing list, or in case of a bug, via [4]GitHub. We are grateful to the PowerDNS community for the reporting of bugs, issues, feature requests, and especially to the submitters of fixes and implementations of features. The release [5]tarball and its [6]signature are available on the downloads website, and packages for several distributions are available from our [7]repository. References 1. https://dnsdist.org/ 2. https://dnsdist.org/changelog.html#change-1.7.3 3. https://mailman.powerdns.com/mailman/listinfo/dnsdist 4. https://github.com/PowerDNS/pdns/issues/new/choose 5. https://downloads.powerdns.com/releases/dnsdist-1.7.3.tar.bz2 6. https://downloads.powerdns.com/releases/dnsdist-1.7.3.tar.bz2.sig 7. https://repo.powerdns.com/ Kind regards, -- Peter van Dijk PowerDNS.COM BV - https://www.powerdns.com/ signature.asc Description: This is a digitally signed message part ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
[Pdns-users] PowerDNS Authoritative Server 4.7.2
Hello, This is the release of version 4.7.2 of the Authoritative Server. Just one day after releasing version 4.7.1, we realised an important fix was missing from it. Specifically, AXFR clients (secondaries) can get very busy checking for updates on primaries, or could miss updates entirely. 4.7.2 fixes this. A full list of changes can be found in the [1]changelog. Please make sure to read the [2]Upgrade Notes before upgrading. The [3]tarball ([4]signature) is available at [5]downloads.powerdns.com. Packages for various distributions are available from [6]repo.powerdns.com. Please send us all feedback and issues you might have via the [7]mailing list, or in case of a bug, via [8]GitHub. References [1] https://doc.powerdns.com/authoritative/changelog/4.7.html#change-4.7.2 [2] https://doc.powerdns.com/authoritative/upgrading.html [3] https://downloads.powerdns.com/releases/pdns-4.7.2.tar.bz2 [4] https://downloads.powerdns.com/releases/pdns-4.7.2.tar.bz2.sig [5] https://downloads.powerdns.com/releases/ [6] https://repo.powerdns.com/ [7] https://mailman.powerdns.com/mailman/listinfo/pdns-users [8] https://github.com/PowerDNS/pdns/issues/new/choose Kind regards, -- Peter van Dijk PowerDNS.COM BV - https://www.powerdns.com/ signature.asc Description: This is a digitally signed message part ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
[Pdns-users] [Pdns-announce] PowerDNS Authoritative Server 4.7.1
Hello, This is the release of version 4.7.0 of the Authoritative Server. After 4.7.0 (quite recently) was released, we realised the SQL schema update files were missing. 4.7.1 corrects this. It also contains a few small fixes in the catalog zones implementation. A full list of changes can be found in the [1]changelog. Please make sure to read the [2]Upgrade Notes before upgrading. The [3]tarball ([4]signature) is available at [5]downloads.powerdns.com. Packages for various distributions are available from [6]repo.powerdns.com. Please send us all feedback and issues you might have via the [7]mailing list, or in case of a bug, via [8]GitHub. References [1] https://doc.powerdns.com/authoritative/changelog/4.7.html#change-4.7.1 [2] https://doc.powerdns.com/authoritative/upgrading.html [3] https://downloads.powerdns.com/releases/pdns-4.7.1.tar.bz2 [4] https://downloads.powerdns.com/releases/pdns-4.7.1.tar.bz2.sig [5] https://downloads.powerdns.com/releases/ [6] https://repo.powerdns.com/ [7] https://mailman.powerdns.com/mailman/listinfo/pdns-users [8] https://github.com/PowerDNS/pdns/issues/new/choose Kind regards, -- Peter van Dijk PowerDNS.COM BV - https://www.powerdns.com/ signature.asc Description: This is a digitally signed message part ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
Re: [Pdns-users] NXDOMAIN for noon authoritative zone
Hello Riccardo, On Fri, 2022-10-28 at 14:37 +, Riccardo Brunetti via Pdns-users wrote: > Thanks for your answer. > Maybe I found the issue: > > mysql> select * from records where domain_id=13203; > +--+---+--+--+- > -+--+--+--+ > ---+--+ > | id | domain_id | name | type | > content > | ttl | prio | disabled | ordername | auth | > +--+---+--+--+- > -+--+--+--+ > ---+--+ > | 6309 | 13203 | . | SOA | a.misconfigured.powerdns.server > hostmaster 2020032401 10800 3600 604800 3600 | 3600 | 0 | 0 | > NULL | 1 | > +--+---+--+--+- > -+--+--+--+ > ---+--+ > 1 row in set (0.00 sec) > There is an entry (probably a mistake with some API call) which shows a > bad SOA entry in a domain with only a "." in the "name" column. That would explain the NXDOMAINs. > In fact, the query for a non existent domain returns something like: > > # dig @my-dns-server-IP non-existent-domain I asked you, once on-list, once off-list, to show unedited data. Please respect this next time you ask something. For more information, see https://blog.powerdns.com/2016/01/18/open-source-support-out-in-the-open/ > Do you think it's safe to simply remove it? > > update records set disabled=1 where id=6309; > delete from records where id=6309; The update is not very useful if you're going to delete it right after. Don't forget to also delete it from the domains table. Perhaps pdnsutil is a safer approach. Kind regards, -- Peter van Dijk PowerDNS.COM BV - https://www.powerdns.com/ ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
Re: [Pdns-users] NXDOMAIN for noon authoritative zone
Hi Riccardo, On Fri, 2022-10-28 at 09:11 +, Riccardo Brunetti via Pdns-users wrote: > Hello. > We have a powerdns server which is authoritative for some zones, let's > say zoneA and zoneB > If we send a dns query for a zoneC we get NXDOMAIN answer instead of > REFUSED. > > Is this the correct behavior or we are making some configuration > mistake? > pdns version: 4.5.2 That is not correct behaviour, so it sounds like a configuration (or database content) mistake. Can you show (unedited!) dig output for the good and the bad queries? Kind regards, -- Peter van Dijk PowerDNS.COM BV - https://www.powerdns.com/ ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
[Pdns-users] PowerDNS Authoritative Server 4.7.0
Hello, This is the release of version 4.7.0 of the Authoritative Server. 4.7.0 brings support for [1]Catalog Zones, developed by Kees Monshouwer. As part of that development, the freshness checks in the Primary code were reworked, reducing them from doing potentially thousands of SQL queries (if you have thousands of domains) to only a few. Installations with lots of domains will benefit greatly from this, even without using catalog zones. 4.7.0 also brings back GSS-TSIG support, previously removed for quality reasons, now reworked with many stability improvements. Other things of note: * LUA records, when queried over TCP, can now re-use a Lua state, giving a serious performance boost. * lmdbbackend databases now get a UUID assigned, making it easy for external software to spot if a database was completely replaced * lmdbbackend databases now optionally use random IDs for objects * a new LUA function called ifurlextup, and improvements in other LUA record functions * autoprimary management in pdnsutil and the HTTP API * in beta, a key roller daemon, currently not packaged A full list of changes can be found in the [2]changelog. Please make sure to read the [3]Upgrade Notes before upgrading. The [4]tarball ([5]signature) is available at [6]downloads.powerdns.com. Packages for various distributions are available from [7]repo.powerdns.com. Please send us all feedback and issues you might have via the [8]mailing list, or in case of a bug, via [9]GitHub. References [1] https://doc.powerdns.com/authoritative/catalog.html [2] https://doc.powerdns.com/authoritative/changelog/4.7.html#change-4.7.0 [3] https://doc.powerdns.com/authoritative/upgrading.html [4] https://downloads.powerdns.com/releases/pdns-4.7.0.tar.bz2 [5] https://downloads.powerdns.com/releases/pdns-4.7.0.tar.bz2.sig [6] https://downloads.powerdns.com/releases/ [7] https://repo.powerdns.com/ [8] https://mailman.powerdns.com/mailman/listinfo/pdns-users [9] https://github.com/PowerDNS/pdns/issues/new/choose Kind regards, -- Peter van Dijk PowerDNS.COM BV - https://www.powerdns.com/ signature.asc Description: This is a digitally signed message part ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
Re: [Pdns-users] pdns-recursor (4.6) empty response after expiration of the TTL of the cached record
On Thu, 2022-09-22 at 09:27 +0200, Leeflangetje via Pdns-users wrote: > dig @ns1 riecis.nl A If you happen to have a contact at RIEC/riecis, please point them to https://www.sidn.nl/nieuws-en-blogs/agressief-cache-gebruik-levert-snelheidswinst-en-efficientie-op-voor-validerende-resolvers The failure you observed is a long standing problem with many domains hosted on the minvenj.nl name servers. Kind regards, -- Peter van Dijk PowerDNS.COM BV - https://www.powerdns.com/ ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
[Pdns-users] First release candidate for PowerDNS Authoritative Server 4.7.0
Hello, This is the first release candidate for Authoritative Server 4.7.0. We hope it will also be the last :-) 4.7.0 brings support for [1]Catalog Zones, developed by Kees Monshouwer. As part of that development, the freshness checks in the Primary code were reworked, reducing them from doing potentially thousands of SQL queries (if you have thousands of domains) to only a few. Installations with lots of domains will benefit greatly from this, even without using catalog zones. 4.7.0 also brings back GSS-TSIG support, previously removed for quality reasons, now reworked with many stability improvements. Other things of note: * LUA records, when queried over TCP, can now re-use a Lua state, giving a serious performance boost. * lmdbbackend databases now get a UUID assigned, making it easy for external software to spot if a database was completely replaced * lmdbbackend databases now optionally use random IDs for objects * a new LUA function called ifurlextup, and improvements in other LUA record functions * autoprimary management in pdnsutil and the HTTP API * in beta, a key roller daemon, currently not packaged A full list of changes can be found in the [2]changelog. Please make sure to read the [3]Upgrade Notes before upgrading. The [4]tarball ([5]signature) is available at [6]downloads.powerdns.com. Packages for various distributions are available from [7]repo.powerdns.com. Please send us all feedback and issues you might have via the [8]mailing list, or in case of a bug, via [9]GitHub. References [1] https://doc.powerdns.com/authoritative/catalog.html [2] https://doc.powerdns.com/authoritative/changelog/4.7.html#change-4.7.0-rc1 [3] https://doc.powerdns.com/authoritative/upgrading.html [4] https://downloads.powerdns.com/releases/pdns-4.7.0-rc1.tar.bz2 [5] https://downloads.powerdns.com/releases/pdns-4.7.0-rc1.tar.bz2.sig [6] https://downloads.powerdns.com/releases/ [7] https://repo.powerdns.com/ [8] https://mailman.powerdns.com/mailman/listinfo/pdns-users [9] https://github.com/PowerDNS/pdns/issues/new/choose signature.asc Description: This is a digitally signed message part ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
[Pdns-users] PowerDNS Authoritative Server 4.7.0-beta2
Hello, today we released the first Beta release for Authoritative Server 4.7.0, even though it is called beta2. (beta1 was never released because of bugs found during the release process). 4.7.0 brings support for [1]Catalog Zones, developed by Kees Monshouwer. As part of that development, the freshness checks in the Primary code were reworked, reducing them from doing potentially thousands of SQL queries (if you have thousands of domains) to only a few. Installations with lots of domains will benefit greatly from this, even without using catalog zones. 4.7.0 also brings back GSS-TSIG support, previously removed for quality reasons, now reworked with many stability improvements. Other things of note: * LUA records, when queried over TCP, can now re-use a Lua state, giving a serious performance boost. * lmdbbackend databases now get a UUID assigned, making it easy for external software to spot if a database was completely replaced * lmdbbackend databases now optionally use random IDs for objects * a new LUA function called ifurlextup, and improvements in other LUA record functions * autoprimary management in pdnsutil and the HTTP API A full list of changes can be found in the [2]changelog. Please make sure to read the [3]Upgrade Notes before upgrading. The [4]tarball ([5]signature) is available at [6]downloads.powerdns.com. Packages for various distributions are available from [7]repo.powerdns.com. Please send us all feedback and issues you might have via the [8]mailing list, or in case of a bug, via [9]GitHub. References [1] https://doc.powerdns.com/authoritative/catalog.html [2] https://doc.powerdns.com/authoritative/changelog/4.7.html#change-4.7.0-beta2 [3] https://doc.powerdns.com/authoritative/upgrading.html [4] https://downloads.powerdns.com/releases/pdns-4.7.0-beta2.tar.bz2 [5] https://downloads.powerdns.com/releases/pdns-4.7.0-beta2.tar.bz2.sig [6] https://downloads.powerdns.com/releases/ [7] https://repo.powerdns.com/ [8] https://mailman.powerdns.com/mailman/listinfo/pdns-users [9] https://github.com/PowerDNS/pdns/issues/new/choose signature.asc Description: This is a digitally signed message part ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
[Pdns-users] PowerDNS Authoritative Server 4.6.3
Hello! Today we published release 4.6.3 of the Authoritative Server.It contains a few bug fixes, and marks the appearance of Ubuntu Jammy packages for the 4.6 branch. Please find a full list in the [1]changelog. Please make sure to read the [2]Upgrade Notes before upgrading. The [3]tarball ([4]signature) is available at [5]downloads.powerdns.com and packages for various Linux distributions are available from [6]repo.powerdns.com. Please send us all feedback and issues you might have via the [7]mailing list, or in case of a bug, via [8]GitHub. References 1. https://doc.powerdns.com/authoritative/changelog/4.6.html#change-4.6.3 2. https://doc.powerdns.com/authoritative/upgrading.html 3. https://downloads.powerdns.com/releases/pdns-4.6.3.tar.bz2 4. https://downloads.powerdns.com/releases/pdns-4.6.3.tar.bz2.sig 5. https://downloads.powerdns.com/releases/ 6. https://repo.powerdns.com/ 7. https://mailman.powerdns.com/mailman/listinfo/pdns-users 8. https://github.com/PowerDNS/pdns/issues/new/choose Kind regards, -- Peter van Dijk PowerDNS.COM BV - https://www.powerdns.com/ signature.asc Description: This is a digitally signed message part ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
Re: [Pdns-users] Powerdns Alpine authoritative server 4.5.4 series missing zone2sql , zone2json binary
Hello Varsha, On Thu, 2022-04-28 at 16:32 +0530, Rain Musings via Pdns-users wrote: > Background: > We are using the powerdns alpine distribution in docker images . > We were previously using 4.0.8 powerdns which came with the zone2sql > , zone2json utility. > These utilities are used by our wrapper scripts to dynamically update > zone details when input zone files are updated. > > Issue: > We recently moved to Powerdns 4.5.4 version that comes with Alpine > 3.15 version. We see that the zone2* utilities are missing. Is this > intentional? > > Can you tell us how we can compile these utility programs and use it > ? zone2* are in pdns-tools. Here's a convenient trick: / # apk add cmd:zone2sql fetch https://dl-cdn.alpinelinux.org/alpine/v3.15/main/x86_64/APKINDEX.tar.gz fetch https://dl-cdn.alpinelinux.org/alpine/v3.15/community/x86_64/APKINDEX.tar.gz (1/9) Installing libgcc (10.3.1_git20211027-r0) (2/9) Installing boost1.77-program_options (1.77.0-r1) (3/9) Installing ca-certificates (20211220-r0) (4/9) Installing brotli-libs (1.0.9-r5) (5/9) Installing nghttp2-libs (1.46.0-r0) (6/9) Installing libcurl (7.80.0-r1) (7/9) Installing libsodium (1.0.18-r0) (8/9) Installing libstdc++ (10.3.1_git20211027-r0) (9/9) Installing pdns-tools (4.5.4-r0) Executing busybox-1.34.1-r5.trigger Executing ca-certificates-20211220-r0.trigger OK: 21 MiB in 23 packages Kind regards, -- Peter van Dijk PowerDNS.COM BV - https://www.powerdns.com/ ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
[Pdns-users] [Pdns-announce] PowerDNS Authoritative Server 4.6.2
Hello! Today we published release 4.6.2 of the Authoritative Server. It contains a carefully selected set of new features, plus a few bug fixes. Please find a full list in the [1]changelog. Please make sure to read the [2]Upgrade Notes before upgrading. The [3]tarball ([4]signature) is available at [5]downloads.powerdns.com and packages for various Linux distributions are available from [6]repo.powerdns.com. Please send us all feedback and issues you might have via the [7]mailing list, or in case of a bug, via [8]GitHub. References 1. https://doc.powerdns.com/authoritative/changelog/4.6.html#change-4.6.2 2. https://doc.powerdns.com/authoritative/upgrading.html 3. https://downloads.powerdns.com/releases/pdns-4.6.2.tar.bz2 4. https://downloads.powerdns.com/releases/pdns-4.6.2.tar.bz2.sig 5. https://downloads.powerdns.com/releases/ 6. https://repo.powerdns.com/ 7. https://mailman.powerdns.com/mailman/listinfo/pdns-users 8. https://github.com/PowerDNS/pdns/issues/new/choose Kind regards, -- Peter van Dijk PowerDNS.COM BV - https://www.powerdns.com/ signature.asc Description: This is a digitally signed message part ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
Re: [Pdns-users] ixfrdist and AA flag when querying for SOA record
Hello David, On Wed, 2022-02-23 at 13:56 +, GAVARRET, David via Pdns-users wrote: > Is it normal for ixfrdist, considering its main usage of zone > transfer, that it does not handle the ‘AA’ flag the same way the > backend pdns server acts ? Or am I not using ixfrdist like it > should ? That looks like an oversight on our end. Can you file a bug via https://github.com/PowerDNS/pdns/issues/new/choose ? Thanks! Kind regards, -- Peter van Dijk PowerDNS.COM BV - https://www.powerdns.com/ ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
Re: [Pdns-users] PowerDNS Slave with DNSSEC and subdomain
Hello Benjamin, On Wed, 2022-02-16 at 17:48 +0100, Benjamin Rechsteiner via Pdns-users wrote: > However, we get the following error message on the slave server (4.5.3) > during check-all-zones: > > [Warning] 'dev.foobar.ch|RRSIG' in zone 'foobar.ch' is occluded by a > delegation at 'dev.foobar.ch' [Error] Following record is auth=1, run > > does anyone have an idea how we can solve the problem? It's a bug in pdnsutil, but it's all harmless. Tracked at https://github.com/PowerDNS/pdns/issues/7568 Kind regards, -- Peter van Dijk PowerDNS.COM BV - https://www.powerdns.com/ ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
[Pdns-users] Authoritative Server 4.7.0-alpha1
Hello! this is the first Alpha release for Authoritative Server 4.7.0. It brings a couple of new features into the hands of our users early. New features: * lmdbbackend databases now get a UUID assigned, making it easy for external software to spot if a database was completely replaced * lmdbbackend databases now optionally use random IDs for objects * a new LUA function called ifurlextup * autoprimary management in pdnsutil and the HTTP API A full list of changes can be found in the [1]changelog. Please make sure to read the [2]Upgrade Notes before upgrading. The [3]tarball ([4]signature) is available at [5]downloads.powerdns.com. Packages for various distributions are available from [6]repo.powerdns.com. Please send us all feedback and issues you might have via the [7]mailing list, or in case of a bug, via [8]GitHub. References 1. https://doc.powerdns.com/authoritative/changelog/4.7.html#change-4.7.0-alpha1 2. https://doc.powerdns.com/authoritative/upgrading.html 3. https://downloads.powerdns.com/releases/pdns-4.7.0-alpha1.tar.bz2 4. https://downloads.powerdns.com/releases/pdns-4.7.0-alpha1.tar.bz2.sig 5. https://downloads.powerdns.com/releases/ 6. https://repo.powerdns.com/ 7. https://mailman.powerdns.com/mailman/listinfo/pdns-users 8. https://github.com/PowerDNS/pdns/issues/new/choose Kind regards, -- Peter van Dijk PowerDNS.COM BV - https://www.powerdns.com/ signature.asc Description: This is a digitally signed message part ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
Re: [Pdns-users] Does PowerDNS ignore SOA expiry time
Hello Stefan, On Fri, 2022-02-04 at 10:44 +, Stefan Becker via Pdns-users wrote: > I wonder if zones can expire when using PowerDNS as secondary nameserver. So, > when a zone cannot be updated from its primary due to any communication error > will the zone then expire or will it still work? PowerDNS ignores SOA expiry time. There's a bit of discussion at https://github.com/PowerDNS/pdns/issues/11185, where I realised we should at least document that we ignore it. Kind regards, -- Peter van Dijk PowerDNS.COM BV - https://www.powerdns.com/ ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
[Pdns-users] Moving CentOS 8 builds to Oracle Linux 8
As you might be aware, CentOS 8 has reached End of Life on December 31st 2021 [1]. Furthermore, yesterday, CentOS 8 actually disappeared from the distribution mirrors. While we had made plans for this [2], we failed to execute those plans until now. This means we will need to switch build environments on some of our supported branches (Recursor and Authoritative 4.4/4.5/4.6, and dnsdist 1.5/1.6/1.7) mid release cycle. We are making those changes this week. In mid-2021, we did extensive testing of building and running on the various CentOS alternatives, and came to one very clear conclusion – while the resulting binaries were not always bit for bit identical, the differences were uninteresting. Because of this, we believe users will not notice this change in our build environment at all and can continue to run our packages on their RHEL-derivative of choice. However, just in case incompatible changes pop up, we are not switching the 7 build environment at this time. [1] https://www.centos.org/news-and-events/1322-october-centos-dojo-videos/ [2] https://github.com/PowerDNS/pdns/issues/11056 Kind regards, -- Peter van Dijk PowerDNS.COM BV - https://www.powerdns.com/ signature.asc Description: This is a digitally signed message part ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
Re: [Pdns-users] [LdapBackend] avoid writing PdnsDomainNotifiedSerial
Hello Michael, On Fri, 2022-01-21 at 17:10 +0100, Michael Ströder via Pdns-users wrote: > I have a very tiny and simple setup of PowerDNS Authorative server(s) > 4.5.3 with LDAP backend using native OpenLDAP replication. Each pdns > instance asks a single local LDAP server (via ldapi://). No need for > AXFR or IXFR or anything similar fancy in this setup. Also no LDAP > fail-over to multiple replicas. > > pdns tries to write attribute PdnsDomainNotifiedSerial even though it is > IMHO not needed in my setup. It fails because the LDAP server is > deliberately configured to not allow write access from the pdns service. > Also a pure read-only consumer replica does not accept write operations. > > Which configuration setting can I tweak to suppress writing > PdnsDomainNotifiedSerial? primary=no / master=no should do the trick. Kind regards, -- Peter van Dijk PowerDNS.COM BV - https://www.powerdns.com/ ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
Re: [Pdns-users] Is the update protocol between supermaster and superslave pdnsversion agnostic?
On Mon, 2022-01-17 at 15:59 +0100, Leeflangetje via Pdns-users wrote: > I have a setup with pretty old pdns servers (4.2). > > One hidden master that serves a number of internet-facing authorative > servers which act as superslaves. > > I want to upgrade the lot to the latest version, but preferably without > any downtime. > > One way to do that (hopefuly) is to upgrade each internet facing > superslave over a period of time, and upgrade the hidden master as the > last one. > > This will only work if the updates from the hidden master to the > superslaves are also recognized and processed as usual , even when de > superslaves run on a recent version (> 4.2) and the hidden master does > not. > > Is this the case? Yes. A supermaster does not even know it is a supermaster; in fact, a supermaster does not even have to be PowerDNS. So you can upgrade in any order you like. Kind regards, -- Peter van Dijk PowerDNS.COM BV - https://www.powerdns.com/ ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
[Pdns-users] Authoritative Server 4.6.0
Hello! after a very useful beta/RC period in which we received some excellent bug reports, we released Authoritative Server version 4.6.0 today. Version 4.6.0 mostly brings small improvements and fixes, but there are three notable new features: * support for incoming PROXY headers * support for EDNS cookies * autoprimary management via pdnsutil and the API A note to downstream packagers: we removed the randombackend. You may need to adjust your ./configure call and perhaps some file listings. Support for PROXY headers allows you to put a load balancer (such as dnsdist) in front of the Authoritative Server, while still having the Auth see the actual IPs of clients talking to it. EDNS Cookies allow resolvers that support it to have an extra layer of authentication on their communication with the Authoritative Server. Compared to 4.6.0-alpha1, the major user visible change is the new NSEC3PARAM settings - check the upgrade docs below for more information. Besides that, various bugs have been fixed. A full list of changes can be found in the [1]changelog. Please make sure to read the [2]Upgrade Notes before upgrading. The [3]tarball ([4]signature) is available at [5]downloads.powerdns.com. Packages for various distributions are available from [6]repo.powerdns.com. Please send us all feedback and issues you might have via the [7]mailing list, or in case of a bug, via [8]GitHub. References 1. https://doc.powerdns.com/authoritative/changelog/4.6.html#change-4.6.0 2. https://doc.powerdns.com/authoritative/upgrading.html 3. https://downloads.powerdns.com/releases/pdns-4.6.0.tar.bz2 4. https://downloads.powerdns.com/releases/pdns-4.6.0.tar.bz2.sig 5. https://downloads.powerdns.com/releases/ 6. https://repo.powerdns.com/ 7. https://mailman.powerdns.com/mailman/listinfo/pdns-users 8. https://github.com/PowerDNS/pdns/issues/new/choose Kind regards, -- Peter van Dijk PowerDNS.COM BV - https://www.powerdns.com/ signature.asc Description: This is a digitally signed message part ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
[Pdns-users] PowerDNS Authoritative Server 4.5.3
Hello! Today we published release 4.5.3 of the Authoritative Server. It contains several robustness fixes for the LMDB backend, and for the zone cache. Please find a full list in the [1]changelog. Please make sure to read the [2]Upgrade Notes before upgrading. The [3]tarball ([4]signature) is available at [5]downloads.powerdns.com and packages for various Linux distributions are available from [6]repo.powerdns.com. Please send us all feedback and issues you might have via the [7]mailing list, or in case of a bug, via [8]GitHub. References 1. https://doc.powerdns.com/authoritative/changelog/4.5.html#change-4.5.3 2. https://doc.powerdns.com/authoritative/upgrading.html 3. https://downloads.powerdns.com/releases/pdns-4.5.3.tar.bz2 4. https://downloads.powerdns.com/releases/pdns-4.5.3.tar.bz2.sig 5. https://downloads.powerdns.com/releases/ 6. https://repo.powerdns.com/ 7. https://mailman.powerdns.com/mailman/listinfo/pdns-users 8. https://github.com/PowerDNS/pdns/issues/new/choose Kind regards, -- Peter van Dijk PowerDNS.COM BV - https://www.powerdns.com/ signature.asc Description: This is a digitally signed message part ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
[Pdns-users] First Release Candidate for Authoritative Server 4.6.0
Hello! Today we released the first Release Candidate for Authoritative Server version 4.6.0. Version 4.6.0 mostly brings small improvements and fixes, but there are three notable new features: * support for incoming PROXY headers * support for EDNS cookies * autoprimary management via pdnsutil and the API A note to downstream packagers: we removed the randombackend. You may need to adjust your ./configure call and perhaps some file listings. Support for PROXY headers allows you to put a load balancer (such as dnsdist) in front of the Authoritative Server, while still having the Auth see the actual IPs of clients talking to it. EDNS Cookies allow resolvers that support it to have an extra layer of authentication on their communication with the Authoritative Server. Compared to 4.6.0-alpha1, the major user visible change is the new NSEC3PARAM settings - check the upgrade docs below for more information. Besides that, various bugs have been fixed. A full list of changes can be found in the [1]changelog. Please make sure to read the [2]Upgrade Notes before upgrading. The [3]tarball ([4]signature) is available at [5]downloads.powerdns.com. Packages for various distributions are available from [6]repo.powerdns.com. Please send us all feedback and issues you might have via the [7]mailing list, or in case of a bug, via [8]GitHub. References 1. https://doc.powerdns.com/authoritative/changelog/4.6.html#change-4.6.0-rc1 2. https://doc.powerdns.com/authoritative/upgrading.html 3. https://downloads.powerdns.com/releases/pdns-4.6.0-rc1.tar.bz2 4. https://downloads.powerdns.com/releases/pdns-4.6.0-rc1.tar.bz2.sig 5. https://downloads.powerdns.com/releases/ 6. https://repo.powerdns.com/ 7. https://mailman.powerdns.com/mailman/listinfo/pdns-users 8. https://github.com/PowerDNS/pdns/issues/new/choose Kind regards, -- Peter van Dijk PowerDNS.COM BV - https://www.powerdns.com/ ___ Pdns-announce mailing list pdns-annou...@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-announce signature.asc Description: This is a digitally signed message part ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
[Pdns-users] First Beta Release for Authoritative Server 4.6.0
Hello! Today we released the first Beta version for Authoritative Server version 4.6.0. Version 4.6.0 mostly brings small improvements and fixes, but there are two notable new features: * support for incoming PROXY headers * support for EDNS cookies A note to downstream packagers: we removed the randombackend. You may need to adjust your ./configure call and perhaps some file listings. Support for PROXY headers allows you to put a load balancer (such as dnsdist) in front of the Authoritative Server, while still having the Auth see the actual IPs of clients talking to it. EDNS Cookies allow resolvers that support it to have an extra layer of authentication on their communication with the Authoritative Server. Compared to 4.6.0-alpha1, the major user visible change is the new NSEC3PARAM settings - check the upgrade docs below for more information. Besides that, various bugs have been fixed. A full list of changes can be found in the [1]changelog. Please make sure to read the [2]Upgrade Notes before upgrading. The [3]tarball ([4]signature) is available at [5]downloads.powerdns.com. Packages for various distributions are available from [6]repo.powerdns.com. Please send us all feedback and issues you might have via the [7]mailing list, or in case of a bug, via [8]GitHub. References 1. https://doc.powerdns.com/authoritative/changelog/4.6.html#change-4.6.0-beta1 2. https://doc.powerdns.com/authoritative/upgrading.html 3. https://downloads.powerdns.com/releases/pdns-4.6.0-beta1.tar.bz2 4. https://downloads.powerdns.com/releases/pdns-4.6.0-beta1.tar.bz2.sig 5. https://downloads.powerdns.com/releases/ 6. https://repo.powerdns.com/ 7. https://mailman.powerdns.com/mailman/listinfo/pdns-users 8. https://github.com/PowerDNS/pdns/issues/new/choose Kind regards, -- Peter van Dijk PowerDNS.COM BV - https://www.powerdns.com/ signature.asc Description: This is a digitally signed message part ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
[Pdns-users] PowerDNS Authoritative Server 4.4.2
Hello! We are proud to announce version 4.4.2 of the Authoritative Server. This releases fixes one issue: * RFC2136/nsupdate: apply new TTL to whole RRset, not only to the added record Please find a full list in the [1]changelog. Please make sure to read the [2]Upgrade Notes before upgrading. The [3]tarball ([4]signature) is available at [5]downloads.powerdns.com and packages for various Linux distributions are available from [6]repo.powerdns.com. Please send us all feedback and issues you might have via the [7]mailing list, or in case of a bug, via [8]GitHub. References 1. https://doc.powerdns.com/authoritative/changelog/4.4.html#change-4.4.2 2. https://doc.powerdns.com/authoritative/upgrading.html 3. https://downloads.powerdns.com/releases/pdns-4.4.2.tar.bz2 4. https://downloads.powerdns.com/releases/pdns-4.4.2.tar.bz2.sig 5. https://downloads.powerdns.com/releases/ 6. https://repo.powerdns.com/ 7. https://mailman.powerdns.com/mailman/listinfo/pdns-users 8. https://github.com/PowerDNS/pdns/issues/new/choose signature.asc Description: This is a digitally signed message part ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
Re: [Pdns-users] Disable DNSSEC Digest Type
Hello Dave, On Fri, 2021-11-19 at 12:24 +0200, Dave Strydom via Pdns-users wrote: > Is there a way to prevent or disable 'pdnsutil secure-zone' generating the DS > record with the SHA-1 digest type and only generate the SHA-256 and SHA-384? secure-zone does not generate DSes, it only generates keys. DSes are generated by show-zone, by the API, etcetera, when a user asks for them. Those DSes are not stored by PowerDNS. Now, if your question is, is there a way to prevent show-zone from generating SHA-1 DSes, the current answer is no. Can I ask why you want this? Kind regards, -- Peter van Dijk PowerDNS.COM BV - https://www.powerdns.com/ ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
[Pdns-users] PowerDNS Authoritative Server 4.5.2
Hello! Today we published release 4.5.2 of the Authoritative Server. It contains several robustness fixes for the bindbackend, and for SOA handling. These fixes are especially important for zone cache users. Please find a full list in the [1]changelog. Please make sure to read the [2]Upgrade Notes before upgrading. The [3]tarball ([4]signature) is available at [5]downloads.powerdns.com and packages for various Linux distributions are available from [6]repo.powerdns.com. Please send us all feedback and issues you might have via the [7]mailing list, or in case of a bug, via [8]GitHub. References 1. https://doc.powerdns.com/authoritative/changelog/4.5.html#change-4.5.2 2. https://doc.powerdns.com/authoritative/upgrading.html 3. https://downloads.powerdns.com/releases/pdns-4.5.2.tar.bz2 4. https://downloads.powerdns.com/releases/pdns-4.5.2.tar.bz2.sig 5. https://downloads.powerdns.com/releases/ 6. https://repo.powerdns.com/ 7. https://mailman.powerdns.com/mailman/listinfo/pdns-users 8. https://github.com/PowerDNS/pdns/issues/new/choose Kind regards, -- Peter van Dijk PowerDNS.COM BV - https://www.powerdns.com/ signature.asc Description: This is a digitally signed message part ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
Re: [Pdns-users] SERVFAIL responses on malformed subdomain query
On Thu, 2021-10-14 at 16:01 +0200, Remi Gacogne via Pdns-users wrote: > On 10/14/21 15:52, Thib D via Pdns-users wrote: > > It seems like pdns auth servers are answering SERVFAIL queries when the > > subdomain is malformed in the query. It is testable on powerdns.com > > <http://powerdns.com> domain - which I assume is hosted on a pdns-auth > > backend. > > > That behaviour can be configured via the 8bit-dns parameter [1], which > default to false. It used to be an issue for some PowerDNS backends but > my understanding is that it should be safe to turn it on nowadays. > > [1]: https://doc.powerdns.com/authoritative/settings.html#bit-dns I am not sure it is safe to turn on with the SQL backends today. Our test suite does not cover it, so we can't guarantee correct operation. Kind regards, -- Peter van Dijk PowerDNS.COM BV - https://www.powerdns.com/ ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
[Pdns-users] First Alpha Release for Authoritative Server 4.6.0
Hello! Today we released the first Alpha version for Authoritative Server version 4.6.0. Version 4.6.0 mostly brings small improvements and fixes, but there are two notable new features: * support for incoming PROXY headers * support for EDNS cookies A note to downstream packagers: we removed the randombackend. You may need to adjust your ./configure call and perhaps some file listings. Support for PROXY headers allows you to put a load balancer (such as dnsdist) in front of the Authoritative Server, while still having the Auth see the actual IPs of clients talking to it. EDNS Cookies allow resolvers that support it to have an extra layer of authentication on their communication with the Authoritative Server. A full list of changes can be found in the [1]changelog. Please make sure to read the [2]Upgrade Notes before upgrading. The [3]tarball ([4]signature) is available at [5]downloads.powerdns.com. Packages for various distributions are available from [6]repo.powerdns.com. Please send us all feedback and issues you might have via the [7]mailing list, or in case of a bug, via [8]GitHub. References 1. https://doc.powerdns.com/authoritative/changelog/4.6.html#change-4.6.0-alpha1 2. https://doc.powerdns.com/authoritative/upgrading.html 3. https://downloads.powerdns.com/releases/pdns-4.6.0-alpha1.tar.bz2 4. https://downloads.powerdns.com/releases/pdns-4.6.0-alpha1.tar.bz2.sig 5. https://downloads.powerdns.com/releases/ 6. https://repo.powerdns.com/ 7. https://mailman.powerdns.com/mailman/listinfo/pdns-users 8. https://github.com/PowerDNS/pdns/issues/new/choose signature.asc Description: This is a digitally signed message part ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
Re: [Pdns-users] pdns-recursor suddenly started to answer with content from . zone instead of what is configured in forward.zones.
Hello Thomas, On Tue, 2021-09-21 at 13:53 +0200, Thomas Mieslinger via Pdns-users wrote: > dog.80 IN NSEC domains. NS DS RRSIG NSEC This looks like aggressive NSEC reuse ( https://datatracker.ietf.org/doc/html/rfc8198) and/or NXDOMAIN: There Really Is Nothing Underneath ( https://datatracker.ietf.org/doc/html/rfc8020). Can you try aggressive-nsec-cache-size=0 (on 4.5.1) and/or nothing-below-nxdomain=no (4.3.5 and 4.5.1) please? Kind regards, -- Peter van Dijk PowerDNS.COM BV - https://www.powerdns.com/ ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
Re: [Pdns-users] bind backend zones not registered with zone cache
Hello Christof, On Sun, 2021-08-01 at 22:03 +0200, Christof Meerwald via Pdns-users wrote: > So the problem only seems to occur when also launching the gsqlite3 > backend in addition to the bind backend. I am mainly using the bind > backend for the zone data and gsqlite3 for DNSSEC. > > > launch=bind,gsqlite3 > > bind-hybrid > > gsqlite3-database=/var/lib/powerdns/pdns.db > gsqlite3-dnssec In your gsqlite3 database, every zone (that has DNSSEC data) has a numeric ID (domains.id). In the bindbackend, every zone also has an ID (generated counting from 1 at startup and when you add a zone). Without the zone cache, hybrid mode can deal with those IDs not matching. But in the zone cache, one zone has one ID. The zone cache is filled first from bind, then from gsqlite3, so gsqlite3 IDs end up in the zone cache - and likely those are wrong, and then your BIND data is no longer found. Then, when you add-zone, that overwrites the zone->ID mapping in the zone cache with the BIND id, which makes that zone work. In short, hybrid mode and the zone cache do not play well together. In your case, perhaps bind-dnssec-db (which uses an sqlite3 database as well, although with a slightly different schema) might be a simpler setup that avoids the problem. Can you file a ticket? We should probably disable the zone cache (or error on startup) if bind-hybrid is enabled. Kind regards, -- Peter van Dijk PowerDNS.COM BV - https://www.powerdns.com/ ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
Re: [Pdns-users] returning a TXT record consisting only of digits from lua backend
Hi Christof, On Sun, 2021-08-01 at 21:49 +0200, Christof Meerwald via Pdns-users wrote: > Sorry, when saying lua backend I actually mean lua2backend: > > pdns-backend-lua2 4.5.1-1pdns.focal > > > > Better yet, can you show some config and code? > > I was basically just testing my Let's Encrypt ACME-DNS verification: > > https://svn.cmeerw.net/src/pdns-acme-backend/trunk/acmebackend.lua > > which should just return the contents of a file as the TXT record. > > Unfortunately, I was testing with a file containg "1234" - this didn't > work, but when changing the file contents to something like "A1234" > it suddenly started working. I can confirm this is due to how lua_isnumber works. Perhaps you can file a ticket so we can see if we can do something smarter there. Changing line 11 (by my count) to data[#data + 1] = '"' .. l .. '"' makes your code work for me. Kind regards, -- Peter van Dijk PowerDNS.COM BV - https://www.powerdns.com/ ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
Re: [Pdns-users] bind backend zones not registered with zone cache
Hello Christof, On Tue, 2021-07-27 at 19:21 +0200, Christof Meerwald via Pdns-users wrote: > After adding a zone with > > pdns bind-add-zone example.com /etc/dns/example.com.dns > > I could query that zone. > > To me it seems there really is a call to "g_zoneCache.add" missing for > those zones added from the "bind-config" file. Can anyone confirm > that? The zones loaded from your config should be available because pdns calls `Bind2Backend::getAllDomains` during startup, and this works for me here. Can you share your config? Kind regards, -- Peter van Dijk PowerDNS.COM BV - https://www.powerdns.com/ ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
Re: [Pdns-users] returning a TXT record consisting only of digits from lua backend
Hello Christof, On Wed, 2021-07-28 at 22:49 +0200, Christof Meerwald via Pdns-users wrote: > it seems to be impossible to return a "TXT" record that only contains > digits from the lua backend (something like "1234"). > > Any attempt results in "boost::bad_get: failed value get using > boost::get". > > I guess this is a side-effect of how lua_isnumber is specified: > "Returns 1 if the value at the given index is a number or a string > convertible to a number, and 0 otherwise." what version of the auth, and what backend? We dropped the luabackend some time ago, a few versions after we gained the lua2backend. Better yet, can you show some config and code? Kind regards, -- Peter van Dijk PowerDNS.COM BV - https://www.powerdns.com/ ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
[Pdns-users] security advisory 2021-01 for PowerDNS Authoritative Server 4.5.0
Hello, today we have released PowerDNS Authoritative Server 4.5.1, fixing a remotely triggered crash present in version 4.5.0. No other versions are affected. Tarballs and signatures are available at https://downloads.powerdns.com/releases/, and a single patch is available at https://downloads.powerdns.com/patches/2021-01/. However, 4.5.1 contains no other changes. Please find the full text of the advisory below. PowerDNS Security Advisory 2021-01: Specific query crashes Authoritative Server - CVE: CVE-2021-36754 - Date: July 26th, 2021 - Affects: PowerDNS Authoritative version 4.5.0 - Not affected: 4.4.x and below, 4.5.1 - Severity: High - Impact: Denial of service - Exploit: This problem can be triggered via a specific query packet - Risk of system compromise: None - Solution: Upgrade to 4.5.1, or filter queries in ``dnsdist`` PowerDNS Authoritative Server 4.5.0 (and the alpha/beta/rc1/rc2 prereleases that came before it) will crash with an uncaught out of bounds exception if it receives a query with QTYPE 65535. The offending code was not present in earlier versions, and they are not affected. Users that cannot upgrade immediately, but do have dnsdist in place, can use dnsdist to filter such queries before they do harm, with something like ``addAction(QTypeRule(65535), RCodeAction(DNSRCode.REFUSED))``. When the PowerDNS Authoritative Server is run inside a supervisor like supervisord or systemd, an uncaught exception crash will lead to an automatic restart, limiting the impact to a somewhat degraded service. We would like to thank Reinier Schoof and Robin Geuze of TransIP for noticing crashes in production, immediately letting us know, and helping us figure out what was happening. signature.asc Description: This is a digitally signed message part ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
Re: [Pdns-users] DDoS attack with random A requests causes SQL backend overload
On Fri, 2021-07-16 at 12:08 +0200, Thomas Mieslinger via Pdns-users wrote: > Suggestions from older threads (Klaus Darrilon): > - Put that zone in a more efficent Backend (he suggested lmdb) Good idea. > - Put that zone in a more efficent Software (he suggested nsd) and use > dnsdist to route the traffic to the alternate Software Also a good idea. > Very old suggestion: > - Use a firewall uint32 match to lock out queries to the attacked zone. Should work, bit more work to manage. > Crazy idea: > - enable DNSSec on that zone > - setup pdns recursor or similar add delegate the zone to it > - pdns-recursor should now be able to efficiently calculate the > NXDOMAINs based on NSEC/NSEC3 information Recursor can do that, but it cannot serve the zone to the world. It is not an Authoritative server. So, sadly, this suggestion does not work. Kind regards, -- Peter van Dijk PowerDNS.COM BV - https://www.powerdns.com/ ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
[Pdns-users] PowerDNS Authoritative Server 4.5.0
Hello! PowerDNS Authoritative Server 4.5.0 was released today. Version 4.5.0 mostly brings small improvements and fixes, but there are two notable new features: * The ‘zone cache’, which allows PowerDNS to keep a list of zones in memory, updated periodically. With this cache, PowerDNS can avoid hitting the database with queries for unknown domains. In some setups, and some attack scenarios, this can make a serious performance difference. Users of backends with dynamically generated zones may want to disable this or at least read the upgrade notes extremely carefully. Many thanks to Chris Hofstaedtler for implementing this. This work by Chris was supported by RcodeZero DNS. * Priority ordering in the AXFR queue in PowerDNS running as a secondary. Some users with a lot of domains (>100k) sometimes found real changes waiting behind signature refreshes on Thursdays. With the new ordering, those real changes can ‘skip the line’ and get deployed on your secondaries faster. Many thanks to Robin Geuze of TransIP for implementing this. Since 4.5.0-beta1, the zone cache is enabled by default. A full list of changes can be found in the [1]changelog. Please make sure to read the [2]Upgrade Notes before upgrading. With version 4.5.0, support for platforms with a time_t type smaller than 64 bits is dropped. This means that we do not build packages for Raspberry Pi OS. The [3]tarball ([4]signature) is available at [5]downloads.powerdns.com. Packages for various distributions are available from [6]repo.powerdns.com. Please send us all feedback and issues you might have via the [7]mailing list, or in case of a bug, via [8]GitHub. 1. https://doc.powerdns.com/authoritative/changelog/4.5.html#change-4.5.0 2. https://doc.powerdns.com/authoritative/upgrading.html 3. https://downloads.powerdns.com/releases/pdns-4.5.0.tar.bz2 4. https://downloads.powerdns.com/releases/pdns-4.5.0.tar.bz2.sig 5. https://downloads.powerdns.com/releases/ 6. https://repo.powerdns.com/ 7. https://mailman.powerdns.com/mailman/listinfo/pdns-users 8. https://github.com/PowerDNS/pdns/issues/new/choose signature.asc Description: This is a digitally signed message part ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
[Pdns-users] Second Release Candidate for PowerDNS AUthoritative Server 4.5.0
Hello! Today we released the second, and hopefully last, Release Candidate for Authoritative Server version 4.5.0. Please try it! Version 4.5.0 mostly brings small improvements and fixes, but there are two notable new features: * The ‘zone cache’, which allows PowerDNS to keep a list of zones in memory, updated periodically. With this cache, PowerDNS can avoid hitting the database with queries for unknown domains. In some setups, and some attack scenarios, this can make a serious performance difference. Many thanks to Chris Hofstaedtler for implementing this. * Priority ordering in the AXFR queue in PowerDNS running as a secondary. Some users with a lot of domains (>100k) sometimes found real changes waiting behind signature refreshes on Thursdays. With the new ordering, those real changes can ‘skip the line’ and get deployed on your secondaries faster. Many thanks to Robin Geuze for implementing this. Since 4.5.0-beta1, the zone cache is enabled by default. A full list of changes can be found in the [1]changelog. Please make sure to read the [2]Upgrade Notes before upgrading. With version 4.5.0, support for platforms with a time_t type smaller than 64 bits is dropped. This means that we do not build packages for Raspberry Pi OS. The [3]tarball ([4]signature) is available at [5]downloads.powerdns.com. Packages for various distributions are available from [6]repo.powerdns.com. Please send us all feedback and issues you might have via the [7]mailing list, or in case of a bug, via [8]GitHub. 1. https://doc.powerdns.com/authoritative/changelog/4.5.html#change-4.5.0-rc2 2. https://doc.powerdns.com/authoritative/upgrading.html 3. https://downloads.powerdns.com/releases/pdns-4.5.0-rc2.tar.bz2 4. https://downloads.powerdns.com/releases/pdns-4.5.0-rc2.tar.bz2.sig 5. https://downloads.powerdns.com/releases/ 6. https://repo.powerdns.com/ 7. https://mailman.powerdns.com/mailman/listinfo/pdns-users 8. https://github.com/PowerDNS/pdns/issues/new/choose signature.asc Description: This is a digitally signed message part ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
[Pdns-users] First Release Candidate for PowerDNS Authoritative Server 4.5.0
Hello! Today we released the first Release Candidate for Authoritative Server version 4.5.0. Version 4.5.0 mostly brings small improvements and fixes, but there is one notable new feature: the zone cache. The zone cache allows PowerDNS to keep a list of zones in memory, updated periodically. With this cache, PowerDNS can avoid hitting the database with queries for unknown domains. In some setups, and some attack scenarios, this can make a serious performance difference. Since 4.5.0-beta1, the zone cache is enabled by default. A full list of changes can be found in the [1]changelog. Please make sure to read the [2]Upgrade Notes before upgrading. With version 4.5.0, support for platforms with a time_t type smaller than 64 bits is dropped. This means that we do not build packages for Raspberry Pi OS. The [3]tarball ([4]signature) is available at [5]downloads.powerdns.com. Packages for various distributions are available from [6]repo.powerdns.com. Please send us all feedback and issues you might have via the [7]mailing list, or in case of a bug, via [8]GitHub. 1. https://doc.powerdns.com/authoritative/changelog/4.5.html#change-4.5.0-rc1 2. https://doc.powerdns.com/authoritative/upgrading.html 3. https://downloads.powerdns.com/releases/pdns-4.5.0-rc1.tar.bz2 4. https://downloads.powerdns.com/releases/pdns-4.5.0-rc1.tar.bz2.sig 5. https://downloads.powerdns.com/releases/ 6. https://repo.powerdns.com/ 7. https://mailman.powerdns.com/mailman/listinfo/pdns-users 8. https://github.com/PowerDNS/pdns/issues/new/choose Kind regards, -- Peter van Dijk PowerDNS.COM BV - https://www.powerdns.com/ signature.asc Description: This is a digitally signed message part ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
Re: [Pdns-users] Timeout error: Error from remote in receive(): Resource temporarily unavailable
On Mon, 2021-06-14 at 13:32 +0800, Jackson Yap via Pdns-users wrote: > We found the cause. > > The issue for the timeout is due to some domains’ nameservers in the record > cannot be resolved. > How can we disable the resolving of NS records in the DNS zones to avoid such > resolving stucking the PDNS notify process? Without resolving the NS records, PowerDNS does not know where to send the NOTIFYs, and thus cannot send them. However, it's not great that pdns_control is waiting for this, because, as you have seen, this can take quite some time. You could file a request at https://github.com/PowerDNS/pdns/issues/new/choose to make the behaviour smarter - perhaps delaying the resolving until after pdns_control has returned? I don't know yet. > Unable to queue notification of domain ‘xxx.com’: nameservers do not resolve! I doubt you own xxx.com. Please do not edit log messages, at all, when asking for help here. To understand why, please see https://blog.powerdns.com/2016/01/18/open-source-support-out-in-the-open/ Kind regards, -- Peter van Dijk PowerDNS.COM BV - https://www.powerdns.com/ ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
Re: [Pdns-users] Master Support with LDAP Backend
On Wed, 2021-06-02 at 14:44 +0300, Nikolaos Milas via Pdns-users wrote: > On 19/5/2021 9:40 μ.μ., Nikolaos Milas via Pdns-users wrote: > > > By the way, the LDAP backend documentation states "Master (support): > > No", yet there is a section (Master Mode) with configuration for > > Master operation.These changes will allow master operation in the > > future, or rather master support (i.e. Zone Change Notifications and > > AXFRs) is in fact available? It is in fact available. The 'No' is wrong. I have just merged a documentation fix for that (should be visible in a few minutes). Kind regards, -- Peter van Dijk PowerDNS.COM BV - https://www.powerdns.com/ ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
[Pdns-users] PowerDNS Authoritative Server 4.5.0-alpha1
Hello! Today we released the first Alpha version for Authoritative Server version 4.5.0. Version 4.5.0 mostly brings small improvements and fixes, but there is one notable new feature: the zone cache. The zone cache allows PowerDNS to keep a list of zones in memory, updated periodically. With this cache, PowerDNS can avoid hitting the database with queries for unknown domains. In some setups, and some attack scenarios, this can make a serious performance difference. A full list of changes can be found in the [1]changelog. Please make sure to read the [2]Upgrade Notes before upgrading. With version 4.5.0, support for platforms with a time_t type smaller than 64 bits is dropped. This means that we do not build packages for Raspberry Pi OS. The [3]tarball ([4]signature) is available at [5]downloads.powerdns.com. Packages for various distributions are available from [6]repo.powerdns.com. Please send us all feedback and issues you might have via the [7]mailing list, or in case of a bug, via [8]GitHub. 1. https://doc.powerdns.com/authoritative/changelog/4.5.html#change-4.5.0-alpha1 2. https://doc.powerdns.com/authoritative/upgrading.html 3. https://downloads.powerdns.com/releases/pdns-4.5.0-alpha1.tar.bz2 4. https://downloads.powerdns.com/releases/pdns-4.5.0-alpha1.tar.bz2.sig 5. https://downloads.powerdns.com/releases/ 6. https://repo.powerdns.com/ 7. https://mailman.powerdns.com/mailman/listinfo/pdns-users 8. https://github.com/PowerDNS/pdns/issues/new/choose Kind regards, -- Peter van Dijk PowerDNS.COM BV - https://www.powerdns.com/ signature.asc Description: This is a digitally signed message part ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
Re: [Pdns-users] Dig @127.0.0.1 gives status servfail
On Sat, 2021-05-22 at 16:16 -0500, von lon via Pdns-users wrote: > When i do the command "Dig @127.0.0.1" i get a response called servfail when > i do the command "sudo systemctl status pdns" i get "Backend reported > permanent error which prevented lookup (GSQLBackend lookup query:Could not > prepare statement: SELECT content,ttl,prio,type,domain_id,disabled,name,auth > FROM records WHERE disabled=0 and type=? and name=?: Unknown column > 'disabled' in 'field list'), aborting > Backend error: GSQLBackend lookup query:Could not prepare statement: SELECT > content,ttl,prio,type,domain_id,disabled,name,auth FROM records WHERE > disabled=0 and type=? and name=?: Unknown column 'disabled' in 'field list' " > so i think this is causeing the problem but i dont know how to fix it. I am > using the latest version of powerdns i think. I am on raspbian 10 using > gmysql. I got this using apt. And. I turned my firewall off to see if that > was the problem but it wasnt the problem. You're using an SQL schema from before version 3.4.0, with a pdns version after 3.4.0. Please see https://github.com/PowerDNS/pdns/tree/master/modules/gmysqlbackend for the schema updates you need to apply. Kind regards, -- Peter van Dijk PowerDNS.COM BV - https://www.powerdns.com/ ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
Re: [Pdns-users] Upgrading Auth Server directly from 4.1.14 to 4.4.1
On Wed, 2021-05-19 at 21:40 +0300, Nikolaos Milas via Pdns-users wrote: > By the way, the LDAP backend documentation states "Master (support): > No", yet there is a section (Master Mode) with configuration for Master > operation.These changes will allow master operation in the future, or > rather master support (i.e. Zone Change Notifications and AXFRs) is in > fact available? When master support was added (in 2016!) it looks like we forgot to update that bit of the docs. I'll fix it, thanks! Kind regards, -- Peter van Dijk PowerDNS.COM BV - https://www.powerdns.com/ ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
Re: [Pdns-users] another rrset question
On Sun, 2021-04-25 at 07:17 -0700, Larry Wapnitsky via Pdns-users wrote: > example error: > > RRset pod.wapnitsky.com. IN TXT: Conflicts with pre-existing RRset What RRsets already exist at 'pod'? Kind regards, -- Peter van Dijk PowerDNS.COM BV - https://www.powerdns.com/ ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
Re: [Pdns-users] Upgrade path
Hello Larry, On Wed, 2021-04-14 at 21:13 +0200, Larry Wapnitsky via Pdns-users wrote: > I'm currently on 4.2 from the Ubuntu repos, and am looking to upgrade to > 4.5 so I can get the Prometheus metrics. I've run the upgrade in my lab > today and, after some db troubles, got pdns up and running. I'm curious, > though, if this was the proper upgrade path, as this seems to have broken > powerdns admin. > > Advice on the proper upgrade path is welcome. Very good that you did it in a lab first! The proper upgrade path is to read everything at https://docs.powerdns.com/authoritative/upgrading.html from 4.2 to 4.5, and see what applies to you. You say you had database troubles - anything not covered in that document? If so, perhaps we can improve the text. As for powerdns admin, I have no experience with it; other readers might, so perhaps you can share more details about in what way it is broken. Kind regards, -- Peter van Dijk PowerDNS.COM BV - https://www.powerdns.com/ ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
Re: [Pdns-users] Error using pdnsutil with MySQL backend
On Mon, 2021-04-12 at 12:38 +, tach yon via Pdns-users wrote: > # change zone check to have conditional on status > gmysql-info-zone-query=select id,name,master,last_check,notified_serial,type > from domains where name='%s' and status='A' The original query in 4.1 is select id,name,master,last_check,notified_serial,type,account from domains where name=? Compared to that, you have used %s instead of ? (which explains your error), and you forgot the 'account' column (which you will probably run into once you fix the ? ) Also, please note that 4.1.x is End Of Life ( https://doc.powerdns.com/authoritative/appendices/EOL.html). We strongly suggest upgrading to 4.4, as 4.2 will also go End Of Life within a month or two. Kind regards, -- Peter van Dijk PowerDNS.COM BV - https://www.powerdns.com/ ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
Re: [Pdns-users] How to list zones by account?
Hello, On Sat, 2021-04-03 at 21:32 -0600, Team 1035 via Pdns-users wrote: > Hi team -- I'm trying to list zones by account. Is there any way to do this > other than loading every zone and then filtering? The search endpoint doesn't > seem to consider account. > > Even if I maintain my own mapping of "account" to zones, there also doesn't > seem to be any way to return a group of any zones. > > Or to ask a more general question, does PowerDNS support the notion of > multi-tenancy? Where zones may be owned by customers/tenants and I want to > filter by only that tenant? PowerDNS itself does not really support multitenancy; the concept is that we provide just enough glue for frontends/middlewares to be able to support multitenancy. Being able to list domains by account would make sense in that context. You can file a feature request at https://github.com/PowerDNS/pdns/issues/new/choose (or, of course, submitting code would be even better!) Kind regards, -- Peter van Dijk PowerDNS.COM BV - https://www.powerdns.com/ ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
Re: [Pdns-users] Could not update pdns authoritive server
Hello Pierrick, On Thu, 2021-04-01 at 15:44 +0200, Pierrick CHOVELON via Pdns-users wrote: > Hi there, > > I'm struggling for updating one authoritive server from 4.1.6 version to 4.4. > I'm following this link as I always do, https://repo.powerdns.com/ I'm on a > Debian 10 server. Debian 10 is Debian Buster. > pdns-backend-bind/inconnu 4.2.3-1pdns.stretch amd64 [pouvant être mis à jour > depuis : 4.1.6-3] > pdns-server/inconnu 4.2.3-1pdns.stretch amd64 [pouvant être mis à jour depuis > : 4.1.6-3] Stretch is Debian 9. You should put 'buster' in your sources.list.d file. Kind regards, -- Peter van Dijk PowerDNS.COM BV - https://www.powerdns.com/ ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
[Pdns-users] Recursor 4.3.7 released
Hello! Today we are releasing PowerDNS Recursor 4.3.7. This release fixes a bug where the wrong TTL could be used when inserting records into the packet cache. Additionally, the recursor no longer resolves unneeded names when chasing CNAME records if QName Minimization is enabled. Please refer to the [1]4.3.7 changelog for details. The [2]4.3.7 tarball ([3]signature) is available at [4]downloads.powerdns.com and packages for various Linux distributions are available from [5]repo.powerdns.com. 4.1 and older releases are EOL, refer to the [6]documentation for details about our release cycles. Please send us all feedback and issues you might have via the [7]mailing list, or in case of a bug, via [8]GitHub. References 1. https://doc.powerdns.com/recursor/changelog/4.3.html#change-4.3.7 2. https://downloads.powerdns.com/releases/pdns-recursor-4.3.7.tar.bz2 3. https://downloads.powerdns.com/releases/pdns-recursor-4.3.7.tar.bz2.sig 4. https://downloads.powerdns.com/releases/ 5. https://repo.powerdns.com/ 6. https://docs.powerdns.com/recursor/appendices/EOL.html 7. https://mailman.powerdns.com/mailman/listinfo/pdns-users 8. https://github.com/PowerDNS/pdns/issues/new/choose Kind regards, -- Peter van Dijk PowerDNS.COM BV - https://www.powerdns.com/ signature.asc Description: This is a digitally signed message part ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
Re: [Pdns-users] Recursor address in Dnstap messages
Hello Hans, On Fri, 2021-03-19 at 10:08 +0100, Hans Seidel via Pdns-users wrote: > Hello, > > we are using the message logging via Dnstap of the PowerDNS Recursor > (version 4.4.2). Since we have several instances that send us log > messages, we want to distinguish the different instances via their IP > address. I assumed that recursors IP address is set in the > query_address field of the Dnstap massage but it is not set at all. You're right, the code does not set it. How about the identity field? Is that set in the feeds you get? > Is there an option to set/add the recursor IP address to the Dnstap > messages? Not right now, the code simply is not there - filing a feature request via https://github.com/PowerDNS/pdns/issues/new/choose is always possible, of course, but first I'd like to see if the identity field might work for you. Kind regards, -- Peter van Dijk PowerDNS.COM BV - https://www.powerdns.com/ ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
Re: [Pdns-users] API Bug(?) with Postgres backend when inserting rr containg dots
Hello Ferdinand, On Tue, 2021-03-16 at 16:40 +0100, Ferdinand Goldmann via Pdns-users wrote: > Mar 16 15:48:10 pdns[67880]: [webserver] > 759b42ae-4c22-42be-a961-6b27805d9171 HTTP ISE for > "/api/v1/servers/localhost/zones/ferdl.test.": Exception: GSQLBackend unable > to insert empty non-terminal rr 'name.ferdl.test' in domain_id 86: Fatal > error during query: insert into records > (type,domain_id,disabled,name,ordername,auth,ttl,prio,content) values > (null,$1,false,$2,$3,$4,null,null,null): ERROR: null value in column "type" > violates not-null constraint DETAIL: Failing row contains (4835479, 86, > name.ferdl.test, null, null, null, null, f, null, t). There is no NOT NULL constraint on records.type in the pgsql schema we ship and document. Can you see if you somehow got a constraint into your schema some other way? Kind regards, -- Peter van Dijk PowerDNS.COM BV - https://www.powerdns.com/ ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
[Pdns-users] PowerDNS Authoritative Server 4.3.2
Hello, We are happy to announce version 4.3.2 of the Authoritative Server. This release fixes latency calculations to match the approach used in 4.4.0, to make comparisons between 4.3 and 4.4 more useful. It also contains a few build-related improvements. Please find a full list in the [1]changelog. The [2]tarball ([3]signature) is available at [4]downloads.powerdns.com and packages for various Linux distributions are available from [5]repo.powerdns.com. Please send us all feedback and issues you might have via the [6]mailing list, or in case of a bug, via [7]GitHub. References 1. https://doc.powerdns.com/authoritative/changelog/4.3.html#change-4.3.2 2. https://downloads.powerdns.com/releases/pdns-4.3.2.tar.bz2 3. https://downloads.powerdns.com/releases/pdns-4.3.2.tar.bz2.sig 4. https://downloads.powerdns.com/releases/ 5. https://repo.powerdns.com/ 6. https://mailman.powerdns.com/mailman/listinfo/pdns-users 7. https://github.com/PowerDNS/pdns/issues/new/choose Kind regards, -- Peter van Dijk PowerDNS.COM BV - https://www.powerdns.com/ signature.asc Description: This is a digitally signed message part ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
Re: [Pdns-users] [EXT] Re: Buiding powerdns container images with podman
On Thu, 2021-03-04 at 12:50 +0100, Cheikh Dieng wrote: > > g++: fatal error: Killed signal terminated program cc1plus > > compilation terminated. This usually means you ran out of memory. Can you check dmesg? Kind regards, -- Peter van Dijk PowerDNS.COM BV - https://www.powerdns.com/ ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
Re: [Pdns-users] Buiding powerdns container images with podman
Hello, On Wed, 2021-03-03 at 19:21 +0100, Cheikh Dieng via Pdns-users wrote: > Hello Peter, > Thanks for you response. > For the 1rs Question: I split it in many step. > I have to install to powerdns with ldap backend (plugin). What are the > options during the images podman built processus to configure this backend ? I recommend not doing it during build. You have several options: (1) once it is built, make a second image, starting with FROM powerdns- auth, and add your config there (2) mount your config into /etc/powerdns in the runtime container (3) learn about the (undocumented) templating in the startup script > > For the 2nd question: > I'm using : > commit c923c0f7e1b0dd7e00f1f8c736c9b376910241c0 (HEAD -> master, > origin/master, origin/HEAD) > Merge: b472d9c1d 67b02e399 > Author: Otto Moerbeek > Date: Wed Feb 24 17:39:20 2021 +0100 > > Merge pull request #10111 from omoerbeek/rec-drop-from-lua > > rec: Handle policy (if needed) after postresolve and document the hooks > better This commit also builds for me without problems. Did you change anything? Kind regards, -- Peter van Dijk PowerDNS.COM BV - https://www.powerdns.com/ ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
Re: [Pdns-users] Buiding powerdns container images with podman
Hello, On Fri, 2021-02-26 at 11:48 +0100, Cheikh Dieng via Pdns-users wrote: > 1st question: > How can i add new dns entry (ie new Server) for building new docker > images. What's the file I should use? for new entries before the buid > process ? I'm sorry, I don't understand this question. What do you mean? Can you ask it in a different way? > 2nd question: > The buid with podman failed (./builder/build.sh -v centos-8-amd64) > due to error message: > > configure.ac:10: installing 'build-aux/compile' > configure.ac:13: installing 'build-aux/config.guess' > configure.ac:13: installing 'build-aux/config.sub' > configure.ac:5: installing 'build-aux/install-sh' > configure.ac:5: installing 'build-aux/missing' > ext/ipcrypt/Makefile.am: installing 'build-aux/depcomp' > parallel-tests: installing 'build-aux/test-driver' > configure.ac:329: error: required file 'pdns/pdns.init.in' not found > autoreconf: automake failed with exit status: 1 > STEP 21: FROM alpine:3.10 AS pdns-recursor > STEP 22: ARG BUILDER_CACHE_BUSTER= > Error: error building at STEP "RUN > /pdns-authoritative/builder/helpers/set-configure-ac-version.sh && > autoreconf -v -i --force && ./configure --disable-lua-records > --disable-ixfrdist --wi thout-modules > --without-dynmodules --disable-dependency-tracking && make dist": > error while running runtime: exit status 1 > ERROR: Build failed > = I tried 'builder/build.sh -v centos-8-amd64` with `podman-docker` installed (which provides a symlink from docker to podman) and the build succeeded for me. This is on git master at revision 440f13b9197cd05ffbf3c19d427ef7ecbea6498e - what version did you test? Kind regards, -- Peter van Dijk PowerDNS.COM BV - https://www.powerdns.com/ ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
Re: [Pdns-users] [EXT] Re: PowerDNS Authoritative Server 4.4.1
On Fri, 2021-02-19 at 09:11 +, Brian Candler wrote: > On 19/02/2021 09:01, Peter van Dijk via Pdns-users wrote: > > > Our plan: > > * reinstate 4.4 (and older, I think) for Stretch soon > > * communicate clearly > > * most likely not release 4.5 for Stretch > > * remove Stretch again somewhere late in 2021 > > That all sounds very reasonable to me, thank you. Having both current > and previous releases usable is helpful, and I'm fine with Stretch being > dropped soon after Bullseye has been released. > > BTW, stretch is (and was) still listed in the index page at > repo.powerdns.com, and there are still 4.4.0 stretch packages at > https://repo.powerdns.com/debian/pool/main/p/pdns/ > > So from an end-user's point of view it doesn't appear that the repos > were "deleted", but rather that no new packages were published. You're right, just like the communication, this was badly planned and badly executed. Thank you for the reminder :) Kind regards, -- Peter van Dijk PowerDNS.COM BV - https://www.powerdns.com/ ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
Re: [Pdns-users] PowerDNS Authoritative Server 4.4.1
Hello Brian, On Mon, 2021-02-08 at 13:41 +, Brian Candler via Pdns-users wrote: > On 08/02/2021 11:23, Peter van Dijk via Pdns-users wrote: > > On Mon, 2021-02-08 at 12:07 +0100, Peter van Dijk wrote: > > > is available at downloads.powerdns.com and packages for CentOS 7 and 8, > > > Debian Buster, Ubuntu Xenial, Bionic and Focal are available from > > > repo.powerdns.com. > > > > Correction: because Xenial is almost End-of-Life, the last supported > > PowerDNS Authoritative version for it is 4.3.x, and there are no 4.4.x > > packages for Ubuntu Xenial. > > What about Debian Stretch? I am running > pdns-server_4.4.0-1pdns.stretch_amd64.deb, but there's no 4.4.1 package. > Stretch has predicted EOL LTS of ~2022. Last year, we decided not to support Debian LTS, because every distro we support comes with a ton of work. Then when Stretch went (non-LTS) EOL, we deleted the repos. However, we completely failed to communicate any of this. Sorry about that! Our plan: * reinstate 4.4 (and older, I think) for Stretch soon * communicate clearly * most likely not release 4.5 for Stretch * remove Stretch again somewhere late in 2021 Apologies for the mess. Kind regards, -- Peter van Dijk PowerDNS.COM BV - https://www.powerdns.com/ ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
Re: [Pdns-users] PowerDNS Authoritative Server 4.4.1
On Mon, 2021-02-08 at 12:07 +0100, Peter van Dijk wrote: > is available at downloads.powerdns.com and packages for CentOS 7 and 8, > Debian Buster, Ubuntu Xenial, Bionic and Focal are available from > repo.powerdns.com. Correction: because Xenial is almost End-of-Life, the last supported PowerDNS Authoritative version for it is 4.3.x, and there are no 4.4.x packages for Ubuntu Xenial. Kind regards, -- Peter van Dijk PowerDNS.COM BV - https://www.powerdns.com/ signature.asc Description: This is a digitally signed message part ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
[Pdns-users] PowerDNS Authoritative Server 4.4.1
Hello! We are proud to announce version 4.4.1 of the Authoritative Server. This releases fixes several small issues discovered since the release of 4.4.0. Please find a full list in the changelog. < https://doc.powerdns.com/authoritative/changelog/4.4.html#change-4.4.1 > Please make sure to read the Upgrade Notes before upgrading. < https://doc.powerdns.com/authoritative/upgrading.html > The tarball < https://downloads.powerdns.com/releases/pdns-4.4.1.tar.bz2> (signature < https://downloads.powerdns.com/releases/pdns-4.4.1.tar.bz2.sig>;) is available at downloads.powerdns.com and packages for CentOS 7 and 8, Debian Buster, Ubuntu Xenial, Bionic and Focal are available from repo.powerdns.com. Please send us all feedback and issues you might have via the mailing list, or in case of a bug, via GitHub. Kind regards, -- Peter van Dijk PowerDNS.COM BV - https://www.powerdns.com/ signature.asc Description: This is a digitally signed message part ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
Re: [Pdns-users] Question about upgrade notes 4.3.x to 4.4.0
Hello Steinar, On Fri, 2021-01-22 at 17:15 +0100, Steinar Haug via Pdns-users wrote: > Quick question about PowerDNS 4.4.0 and the 4.3.x to 4.4.0 upgrade > notes at > > https://doc.powerdns.com/authoritative/upgrading.html > > I'm running 4.3.0 with the BIND backend, and planning to upgrade to > 4.4.0. I don't see the BIND backend mentioned in the upgrade notes, > and therefore assume that there are no database related changes. Can > anybody confirm this? That is correct! The last schema change was from 4.2.0 to 4.3.0. Kind regards, -- Peter van Dijk PowerDNS.COM BV - https://www.powerdns.com/ ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
Re: [Pdns-users] TCP nameserver had error, cycling backend: innodb-read-committed=no
Hello, On Sat, 2021-01-09 at 18:26 +0100, Gert van Dijk via Pdns-users wrote: > It seems that this error message is triggered whenever PowerDNS cannot > connect to the database at the first attempt, but it succeeds a second > time. [1] The second time it tries to connect without transaction > isolation enabled which may suggest that is the cause but that does > not seem a causality necessarily. Since you report the same error with > that turned off completely (recommended to leave it on by the way), > this indicates a different (more generic) connection error and thus a > misleading message. Excellent insight, indeed likely correct. > I'm not totally sure here, but I've seen log output of AXFR transfers > that indicate a new connection for each zone transfer rather than a > limited size connection pool. Yes! > If true, that means with > max-tcp-connections=5000 (seems like a huge value to me for an > isolated server) you need to accommodate for the same amount of > connections from PowerDNS to your database backend. Plus headroom. When a client disconnects from MySQL, the connection slot is not immediately freed, and any connection that then comes in 'over the limit' is rudely rejected. (Also, in previous pdns versions, you might see two DB connections per AXFR client, but I think we fixed that.) (In the past I've deployed haproxy in front of MySQL, with haproxy set to a slightly lower concurrency - this works because haproxy holds on to 'over limit' client connections until there is room again.) > Having to accommodate for > 1024 simultaneous MySQL connections from > one service seems like a design error for your use case in a broader > sense or you may want to look at using a mysql-proxy service that > pools the connections for you (in case PowerDNS in fact does open a > new connection for each zone transfer). Indeed. Kind regards, -- Peter van Dijk PowerDNS.COM BV - https://www.powerdns.com/ ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
[Pdns-users] PowerDNS Authoritative 4.1.x End Of Life
On Fri, 2020-12-18 at 11:53 +0100, Peter van Dijk wrote: > We are proud to announce version 4.4.0 of the Authoritative Server. This means that versions 4.1.x and older are now End Of Life. Please see our EOL page for more information: https://doc.powerdns.com/authoritative/appendices/EOL.html Kind regards, -- Peter van Dijk PowerDNS.COM BV - https://www.powerdns.com/ signature.asc Description: This is a digitally signed message part ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
[Pdns-users] PowerDNS Authoritative Server 4.4.0
Hello! We are proud to announce version 4.4.0 of the Authoritative Server. This release drops GSS/TSIG support, please see PowerDNS Security Advisory 2020-06 < https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2020-06.html >. Version 4.4.0 brings a bunch of exciting changes: * the LMDB backend now supports long record content, making it production ready for everybody * the SVCB and HTTPS record types are supported, with limited additional processing * transaction handling in the 2136 handler and the HTTP API was again improved a lot, avoiding various spurious issues users may have noticed if they do a lot of changes * a new setting (consistent-backends) offers a roughly 30% speedup, subject to conditions * we finally emit Prometheus metrics! Authoritative 4.3.x was the last release branch with support for CentOS/RHEL 6. Problems running Authoritative 4.4.x on CentOS/RHEL 6 will not be treated as bugs by us. We want to specifically thank Robin Geuze, Kees Monshouwer, Mischan Toosarani-Hausberger, Chris Hofstaedtler, and Kevin Fleming for their contributions to this release. We are also grateful to all other reporters of bugs, issues, feature requests, and submitters of smaller fixes and features. Please make sure to read the Upgrade Notes before upgrading. < https://doc.powerdns.com/authoritative/upgrading.html > The tarball < https://downloads.powerdns.com/releases/pdns-4.4.0.tar.bz2> (signature < https://downloads.powerdns.com/releases/pdns-4.4.0.tar.bz2.sig>) is available at downloads.powerdns.com and packages for CentOS 7 and 8, Debian Stretch and Buster, Ubuntu Xenial, Bionic and Focal are available from repo.powerdns.com. Please send us all feedback and issues you might have via the mailing list, or in case of a bug, via GitHub. Kind regards, -- Peter van Dijk PowerDNS.COM BV - https://www.powerdns.com/ signature.asc Description: This is a digitally signed message part ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
[Pdns-users] First Release Candidate for Authoritative Server 4.4.0
Hello! This is the first Release Candidate for version 4.4.0 of the Authoritative Server. If no trouble surfaces, we will release the actual 4.4.0 within a few weeks. This release drops GSS/TSIG support, please see PowerDNS Security Advisory 2020-06 < https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2020-06.html >. Version 4.4.0 brings a bunch of exciting changes: * the LMDB backend now supports long record content, making it production ready for everybody * the SVCB and HTTPS record types are supported, with limited additional processing * transaction handling in the 2136 handler and the HTTP API was again improved a lot, avoiding various spurious issues users may have noticed if they do a lot of changes * a new setting (consistent-backends) offers a roughly 30% speedup, subject to conditions * we finally emit Prometheus metrics! Authoritative 4.3.x was the last release branch with support for CentOS/RHEL 6. Problems running Authoritative 4.4.x on CentOS/RHEL 6 will not be treated as bugs by us. We want to specifically thank Robin Geuze, Kees Monshouwer, Mischan Toosarani-Hausberger, Chris Hofstaedtler, and Kevin Fleming for their contributions to this release. We are also grateful to all other reporters of bugs, issues, feature requests, and submitters of smaller fixes and features. Please make sure to read the Upgrade Notes before upgrading. < https://doc.powerdns.com/authoritative/upgrading.html > The tarball < https://downloads.powerdns.com/releases/pdns-4.4.0-rc1.tar.bz2> (signature < https://downloads.powerdns.com/releases/pdns-4.4.0-rc1.tar.bz2.sig>;) is available at downloads.powerdns.com and packages for CentOS 7 and 8, Debian Stretch and Buster, Ubuntu Xenial, Bionic and Focal are available from repo.powerdns.com. Please send us all feedback and issues you might have via the mailing list, or in case of a bug, via GitHub. Kind regards, -- Peter van Dijk PowerDNS.COM BV - https://www.powerdns.com/ signature.asc Description: This is a digitally signed message part ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
Re: [Pdns-users] API issue
(resent from correct account - apologies if my previous email also appears eventually) On Sun, 2020-11-22 at 12:24 +0100, Stef Coene via Pdns-users wrote: > Hi, > > I noticed that you can add a record with no content if you specify a > comment. Not exactly - because there is no 'records' array in your request, the existing records (if you have any) are untouched. If you have no test2.test.com/A records, it stays that way. If you had any, they would also stay. > We use the mysql backend. > > This API call works and adds an entry to the comments table: > { >"rrsets": [ > { >"name": "test2.test.com.", >"type": "A", >"ttl": "3600", >"comments": [ > { >"content": "Test command", >"account": "account 1" > } >], >"changetype": "REPLACE" > } >] > } > > I was expecting it would fail because there is no matching entry in the > records table. > > Is this normal behaviour? Yes - comments can exist without records, and records can exist without comments. This makes sure that your comments do not suddenly disappear if your records RRset happens to shrink to zero entries. Kind regards, -- Peter van Dijk PowerDNS.COM BV - https://www.powerdns.com/ ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
Re: [Pdns-users] IXFR request refused response
On Tue, 2020-11-24 at 08:26 +, Brian Candler via Pdns-users wrote: > You could also tell them that https://wiki.opendnssec.org/ is down. They are aware, should come back later today with some luck. Kind regards, -- Peter van Dijk PowerDNS.COM BV - https://www.powerdns.com/ ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
Re: [Pdns-users] IXFR request refused response
On Mon, 2020-11-23 at 14:54 +, Brian Candler via Pdns-users wrote: > On 23/11/2020 13:33, Sebastian Sandberg via Pdns-users wrote: > > I have questions regarding IXFR. I have a problem in my lab where pdns is > > refusing IXFR requests to check current serial of a master zone in pdns. > > This seems to appear when IXFR is requested over UDP. > > Aside: I see in ./docs/modes-of-operation.rst and here: > "PowerDNS itself is currently only able to retrieve updates via IXFR. It can > not serve IXFR updates." > Is that sentence still true, or now obsolete? That sentence is still true, however, IXFR requests over TCP are honored by either a 'nothing has changed' response, or a fallback to full AXFR. So PowerDNS does interoperate correctly with IXFR clients - as long as you do it over TCP. Kind regards, -- Peter van Dijk PowerDNS.COM BV - https://www.powerdns.com/ ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
[Pdns-users] Authoritative Server 4.4.0-beta1
Hello! we are very happy to announce version 4.4.0-beta1 of the Authoritative Server. This release drops GSS/TSIG support, please see PowerDNS Security Advisory 2020-06 < https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2020-06.html >. Version 4.4.0 brings a bunch of exciting changes: * the LMDB backend now supports long record content, making it production ready for everybody * the SVCB and HTTPS record types are supported, with limited additional processing * transaction handling in the 2136 handler and the HTTP API was again improved a lot, avoiding various spurious issues users may have noticed if they do a lot of changes * a new setting (consistent-backends) offers a roughly 30% speedup, subject to conditions * we finally emit Prometheus metrics! Authoritative 4.3.x was the last release branch with support for CentOS/RHEL 6. Problems running Authoritative 4.4.x on CentOS/RHEL 6 will not be treated as bugs by us. We want to specifically thank Robin Geuze, Kees Monshouwer, Mischan Toosarani-Hausberger, Chris Hofstaedtler, and Kevin Fleming for their contributions to this release. We are also grateful to all other reporters of bugs, issues, feature requests, and submitters of smaller fixes and features. Please make sure to read the Upgrade Notes before upgrading. < https://doc.powerdns.com/authoritative/upgrading.html > The tarball < https://downloads.powerdns.com/releases/pdns-4.4.0-beta1.tar.bz2> (signature < https://downloads.powerdns.com/releases/pdns-4.4.0-beta1.tar.bz2.sig>) is available at downloads.powerdns.com and packages for CentOS 7 and 8, Debian Stretch and Buster, Ubuntu Xenial, Bionic and Focal are available from repo.powerdns.com. Please send us all feedback and issues you might have via the mailing list, or in case of a bug, via GitHub. Kind regards, -- Peter van Dijk PowerDNS.COM BV - https://www.powerdns.com/ signature.asc Description: This is a digitally signed message part ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
Re: [Pdns-users] recursor failing to pick up change in master .ca zone file
On Mon, 2020-11-16 at 16:17 +, Brian Candler via Pdns-users wrote: > Or were you getting NXDOMAIN for the query (for a newly-created domain?) > Negative answers are also cached. The .ca SOA record says they can be cached > for one hour: > ;; ANSWER SECTION: > ca.3585INSOAprdpublish04.cira.ca. admin-dns.cira.ca. > 2011161530 1800 900 3456000 3600 One could get even more unlucky: $ for f in $(dig +short ns ca. | sort) ; do echo $f:$(dig +noall +auth a doesnotexist-234234234.ca @$f) ; done any.ca-servers.ca.:ca. 3600 IN SOA prdpublish04.cira.ca. admin-dns.cira.ca. 2011171330 1800 900 3456000 3600 c.ca-servers.ca.:ca. 3600 IN SOA prdpublish04.cira.ca. admin-dns.cira.ca. 2011171330 1800 900 3456000 3600 j.ca-servers.ca.:ca. 3600 IN SOA prdpublish04.cira.ca. admin-dns.cira.ca. 2011171330 1800 900 3456000 3600 x.ca-servers.ca.:ca. 86400 IN SOA prdpublish04.cira.ca. admin-dns.cira.ca. 2011171330 1800 900 3456000 3600 1 of the 4 NSes (as seen from where I am) advertises a full day! Kind regards, -- Peter van Dijk PowerDNS.COM BV - https://www.powerdns.com/ ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
Re: [Pdns-users] Servfail spikes on PowerDNS authoritive
Hi Roman, On Mon, 2020-11-02 at 14:41 +0100, Roman Steinhart via Pdns-users wrote: > Luckily PowerDNS is logging why these servfails occur: > > Exception building answer packet for britishgerbil.aternos.me/DS (Attempt > > to print an unset dnsname) sending out servfail > > But unfortunately, I don't have any clue what this means. > > I also checked our remote backend of course and everything looks fine there. > I don't know if my assumption is correct, but the fact that DS records are > generated by PDNS (in online signing mode) and are affected too I would say > that it's not related to the remote backend? DS records are not generated by PowerDNS - they come from the backend. But specifically, they come from the parent side of a zone cut. Perhaps your backend gets confused by that? Kind regards, -- Peter van Dijk PowerDNS.COM BV - https://www.powerdns.com/ ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
[Pdns-users] Authoritative 4.4.0-alpha3
Hello! we are very happy to announce version 4.4.0-alpha3 of the Authoritative Server. (A painful bug in the LMDB backend was found just as we started the Alpha 2 release process, so we decided to skip right on to Alpha 3, with that bug fixed). This release drops GSS/TSIG support, please see https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2020-06.html Version 4.4.0 brings a bunch of exciting changes: * the LMDB backend now supports long record content, making it production ready for everybody * the SVCB and HTTPS record types are supported, with limited additional processing * transaction handling in the 2136 handler and the HTTP API was again improved a lot, avoiding various spurious issues users may have noticed if they do a lot of changes * a new setting (consistent-backends) offers a roughly 30% speedup, subject to conditions * we finally emit Prometheus metrics! Authoritative 4.3.x was the last release branch with support for CentOS/RHEL 6. Problems running Authoritative 4.4.x on CentOS/RHEL 6 will not be treated as bugs by us. We want to specifically thank Robin Geuze, Kees Monshouwer, Mischan Toosarani-Hausberger, and Chris Hofstaedtler for their contributions to this release. We are also grateful to all other reporters of bugs, issues, feature requests, and submitters of smaller fixes and features. Please make sure to read the Upgrade Notes before upgrading. <https://doc.powerdns.com/authoritative/upgrading.html> The tarball (plus signature) is available at https://downloads.powerdns.com/releases. Packages for CentOS 7 and 8, Debian Stretch and Buster, Ubuntu Xenial, Bionic and Focal are available from https://repo.powerdns.com/ Please send us all feedback and issues you might have via the mailing list, or in case of a bug, via GitHub. <https://github.com/PowerDNS/pdns/issues/new/choose> Kind regards, -- Peter van Dijk PowerDNS.COM BV - https://www.powerdns.com/ signature.asc Description: This is a digitally signed message part ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
Re: [Pdns-users] Implementing virtual domains
On Tue, 2020-09-29 at 12:12 +0100, Robert Mortimer via Pdns-users wrote: > In theory apex DNAME records should work - I've not had that much luck in > getting them to do so. No, DNAME records generate CNAMEs for every name -under- them. They never do anything for their own name. Kind regards, -- Peter van Dijk PowerDNS.COM BV - https://www.powerdns.com/ ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
[Pdns-users] Authoritative 4.4.0-alpha1
Hello! we are very happy to announce version 4.4.0-alpha1 of the Authoritative Server. This release drops GSS/TSIG support, please see https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2020-06.html Version 4.4.0 brings a bunch of exciting changes: * the LMDB backend now supports long record content, making it production ready for everybody * the SVCB and HTTPS record types are supported, with limited additional processing * transaction handling in the 2136 handler and the HTTP API was again improved a lot, avoiding various spurious issues users may have noticed if they do a lot of changes * we finally emit Prometheus metrics! Authoritative 4.3.x was the last release branch with support for CentOS/RHEL 6. Problems running Authoritative 4.4.x on CentOS/RHEL 6 will not be treated as bugs by us. We want to specifically thank Robin Geuze, Kees Monshouwer, Mischan Toosarani-Hausberger, and Chris Hofstaedtler for their contributions to this release. We are also grateful to all other reporters of bugs, issues, feature requests, and submitters of smaller fixes and features. Please make sure to read the Upgrade Notes before upgrading. <https://doc.powerdns.com/authoritative/upgrading.html> The tarball (plus signature) is available at https://downloads.powerdns.com/releases. Packages for CentOS 7 and 8, Debian Stretch and Buster, Ubuntu Xenial, Bionic and Focal are available from https://repo.powerdns.com/ Please send us all feedback and issues you might have via the mailing list, or in case of a bug, via GitHub. <https://github.com/PowerDNS/pdns/issues/new/choose> Kind regards, -- Peter van Dijk PowerDNS.COM BV - https://www.powerdns.com/ signature.asc Description: This is a digitally signed message part ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users