Re: [Pdns-users] PDNS Recursor domain not resolved!

[Federico Olivieri]

Ok, works fine with pdns 4.0.0.1!
Great!

Federico



2016-07-11 8:08 GMT+01:00 Pieter Lexis :

> Hi Federico,
>
> On Sun, 10 Jul 2016 21:39:11 +0100
> Federico Olivieri  wrote:
>
> > Sorry for the missed information. I'm using 0.0.946g76d75e3-1pdns.jessie
> on
> > Raspbian. I' ll try to collect come some logs and I'll come back to you.
> In
> > the meantime would be nice have 4.0 forked into RaspBian repo
>
> A newer version for Raspbian has been added to the repository on Friday.
> This
> build is a few eeeks newer and contains many DNSSEC improvements. Please
> update
> and try again. Let us know if you still experience issues.
>
> Best regards,
>
> Pieter
> --
> Pieter Lexis
> PowerDNS.COM BV -- https://www.powerdns.com
> ___
> Pdns-users mailing list
> Pdns-users@mailman.powerdns.com
> https://mailman.powerdns.com/mailman/listinfo/pdns-users
>
___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/pdns-users

Re: [Pdns-users] [Pdns-announce] PowerDNS Authoritative Server 4.0.0 released

[Keresztes Péter-Zoltán]

Hello, 

Does GeoIP backend work with mysql backend on pdns authoritative 4.0.0? I know 
old release did not supported the two together.

Regards,
Peter
> On 11 Jul 2016, at 20:32, Michael Ströder  wrote:
> 
>> ived and supported LDAP

___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/pdns-users

Re: [Pdns-users] [Pdns-announce] PowerDNS Authoritative Server 4.0.0 released

[Michael Ströder]

Pieter Lexis wrote:
>  * A revived and supported LDAP backend (ldap).

Thanks! :-)

CIao, Michael.




smime.p7s
Description: S/MIME Cryptographic Signature
___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/pdns-users

Re: [Pdns-users] PowerDNS Recursor 4.0.0 for i386 Architecture?

[Pieter Lexis]

Hi Scott,

On Mon, 11 Jul 2016 12:15:19 -0400
"Scott Hollenbeck"  wrote:

> Are there any plans for i386 support?

There are currently no plans to create i386 packages, as that is an architecture
that is fading in popularity and an earlier survey of repositories indicatied 
that
downloads for i386 were less than 1 percent of the amd64 downloads. However,
compiling on i386 is still supported, so you can install this yourself. Or wait
for you distribution to catch up.

Best regards,

Pieter

-- 
Pieter Lexis
PowerDNS.COM BV -- https://www.powerdns.com
___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/pdns-users

[Pdns-users] PowerDNS Recursor 4.0.0 for i386 Architecture?

[Scott Hollenbeck]

I just installed PowerDNS Recursor 4.0.0 on an amd64 server and all went
well. I also have an i386 server and it looks like the repository isn't set
up to support that architecture - all I see in
https://repo.powerdns.com/ubuntu/dists/trusty-rec-40/main/ is a folder names
binary-amd64. Are there any plans for i386 support?

Thank you,
Scott

___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/pdns-users

[Pdns-users] PowerDNS Recursor 4.0.0 released

[Pieter Lexis]

Hello everybody,

We are pleased to announce the availability of the PowerDNS Recursor 4.0.0. As 
announced, the Recursor was part of the great PowerDNS 4.x Spring Cleaning. And 
it was indeed kind of grand. More about the 4.0.0 release process can be found 
on our blog[1].

We changed many things internally to the nameserver:

 * Moved to C++ 2011, a cleaner more powerful version of C++ that has allowed 
us to improve the quality of implementation in many places.
 * Implemented dedicated infrastructure for dealing with DNS names that is 
fully “DNS Native” and needs less escaping and unescaping.
 * Switched to binary storage of DNS records in all places.
 * Moved ACLs to a dedicated Netmask Tree.
 * Implemented a version of RCU for configuration changes
 * Instrumented our use of the memory allocator, reduced number of malloc calls 
substantially.
 * The Lua hook infrastructure was redone using LuaWrapper; old scripts will no 
longer work, but new scripts are easier to write under the new interface.

Due to these changes, PowerDNS Recursor 4.0.0 is almost an order of magnitude 
faster than the 3.7 branch.

 * DNSSEC processing: if you ask for DNSSEC records, you will get them.
 * DNSSEC validation: if so configured, PowerDNS perform DNSSEC validation of 
your answers.
 * Completely revamped Lua scripting API that is “DNSName” native and therefore 
far less error prone, and likely faster for most commonly used scenarios. Loads 
and indexes a 1 million domain custom policy list in a few seconds.
 * New asynchronous per-domain, per-ip address, query engine. This allows 
PowerDNS to consult an external service in realtime to determine client or 
domain status. This could for example mean looking up actual customer identity 
from a DHCP server based on IP address (option 82 for example).
 * RPZ (from file, over AXFR or IXFR) support. This loads the largest Spamhaus 
zone in 5 seconds on our hardware, containing around 2 million instructions.
 * All caches can now be wiped on suffixes, because of canonical ordering.
 * Many, many more relevant performance metrics, including upstream 
authoritative performance measurements (‘is it me or the network that is slow’).
 * EDNS Client Subnet support, including cache awareness of subnet-varying 
answers.

DNSSEC

As stated in the features section above, the PowerDNS Recursor now has DNSSEC 
processing and experimental DNSSEC validation support.

DNSSEC processing means the nameserver will return RRSIG records when requested 
to do so by the client (by means of the DO-bit) and will always retrieve the 
RRSIGs even if the client does not ask for. It will perform validation and set 
the AD-bit in the response if the client requests validation.

In fullblown DNSSEC-mode, the PowerDNS Recursor will validate the answers and 
set the AD-bit in validated answers if the client requests it and will SERVFAIL 
on bogus answers to all clients.

The DNSSEC support is marked experimental, but functional at the moment, as it 
has 2 limitations:

 * Negative answers validated but the NSEC(3) proof is not fully checked.
 * Zones that have a CNAME at the apex (which is ‘wrong’ anyway) validate as 
Bogus.

If you run with DNSSEC enabled and notice broken domains, do file an issue.

Changes compared to Release Candidate 1

This release features the following fixes compared to rc1 (clickable changelog 
is available [2]):

 * #3989 Fix usage of std::distance() in DNSName::isPartOf() (signed/unsigned 
comparisons)
 * #4017 Fix building without Lua. Add isTcp to dq.
 * #4023 Actually log on dnssec=log-fail
 * #4028 DNSSEC fixes (NSEC casing, send DO-bit over TCP, DNSSEC trace 
additions)
 * #4052 Don’t fail configure on missing fcontext.hpp
 * #4096 Don’t call commit() if we skipped all the records

It has the following improvements:

 * #3400 Enable building on OpenIndiana
 * #4016 Log protobuf messages for cache hits. Add policy tags in gettag()
 * #4040 Allow DNSSEC validation when chrooted
 * #4094 Sort included html files for improved reproducibility (Christian 
Hofstaedtler)

And these additions:

 * #3981 Import Javascript sources for libs shipped with Recursor (Christian 
Hofstaedtler)
 * #4012 add tags support to ProtobufLogger.py
 * #4032 Set the existing policy tags in dq for {pre,post}resolve
 * #4077 Add DNSSEC validation statistics
 * #4090 Allow reloading the lua-config-file at runtime
 * #4097 Allow logging DNSSEC bogus in any mode
 * #4125 Add protobuf fields for the query’s time in the response

Getting the Recursor

The tarball is here[3](sig[4]), and packages for Debian Jessie, Ubuntu Trusty, 
Wily and Xenial, CentOS 6 and 7, SUSE Linux Enterprise 12.1 and Raspbian Jessie 
are available from our repositories[5].

We would like to that everybody who helped with ideas, code and testing the 
Recursor.

Best regards,

Pieter and the PowerDNS team

1 - https://blog.powerdns.com/2016/07/11/welcome-to-powerdns-4-0-0/
2 - 

[Pdns-users] Welcome to PowerDNS 4.0.0!

[bert hubert]

(if your mail environment does not format this post correctly, please try: 
http://blog.powerdns.com/2016/07/11/welcome-to-powerdns-4-0-0 
 )

Welcome to PowerDNS 4.0.0!
Today a rather epic journey ends. In this post, we describe how 4.0.0 came to 
be, what we did, what we added, but also answer the big question: should I 
deploy PowerDNS 4?  And enable DNSSEC validation? Finally.. to celebrate, we’ll 
be handing out vouchers for FREE PowerDNS 4.0.0 Coffee (or tea) mugs! 

But first, a round of thanks. PowerDNS Authoritative Server 4.0.0 and PowerDNS 
Recursor 4.0.0 are the biggest releases in our history. This would not have 
been possible without the help of a lot of people. The PowerDNS community 
continues to be the stuff of dreams.

We believe in being an open company 
 and producing powerful 
technology as open source. We are extremely grateful to be part of such a 
wonderful community that enables us together to make the internet and our 
software even greater.  Thanks to you, this is the most powerful version of 
PowerDNS ever, and one we feel can be relied upon to serve your needs!

Secondly, we’d like to thank our supported users (customers) too. Through their 
efforts, we were able to cram even more features into PowerDNS 4.0.0 than 
originally anticipated. Specifically, RPZ, IXFR and DNSSEC validation have been 
fast-tracked and enabled by (sadly) anonymous but very large PowerDNS customers.

Additionally, a shout out to Spamhaus, Farsight and ThreatSTOP who all made 
their wonderful RPZ feeds freely available for interoperability testing.

Finally, we are grateful for your understanding. PowerDNS 4.0.0 was a major 
‘spring cleaning 
‘ operation 
that took 16 months. It is rare for software projects to be granted the time to 
revisit and cleanup old code. We trust it was worth the wait!

THE HISTORY

In February 2015 we announced our plans for the 4.x.x branch of PowerDNS 
.
 Late May of that year, we asked for your help determining the roadmap for 
4.x.x 
,
 and we got a lot of feedback from that. Late June we published the outcome of 
that process 
.

At the end of 2015 we launched the 4.0.0 Technology Preview releases 

 (including dnsdist), where we noted:

A few months into the development, various users and customers suddenly chimed 
in on absolutely mandatory features we had somehow missed. Because of that, 4.x 
both under- and over-delivers.

During the 4.0.0 release process, we have stayed in close touch with our users 
and customers. And although we would have liked to have stuck to our roadmap, 
inevitably, some absolutely mandatory requirements came up. We spent most of 
early 2016 working with large (future) deployments to ensure 4.0.0 delivered 
what they needed (and deployed!).

So what did we do? You can read the full details in the release notes (auth 
link 
,
 recursor link 
), but 
here in short:

SPRING CLEANING

Over time, most software projects keep adding features, but sadly also a lot of 
complexity and “cruft”. For us, 4.0.0 was a “spring cleaning 
” exercise. We 
removed a lot of ancient code, tons of workarounds, loads of no longer relevant 
optimisations, non-functional backends and otherwise outdated code. We switched 
to C++2011, which allowed us to benefit from its enhanced features to make our 
code briefer and better 
.

THINGS WE ADDED

Full DNSSEC in the PowerDNS Recursor (Authoritative had this since 3.x)
RPZ in Recursor, tested to work with Spamhaus, Farsight Security and ThreatSTOP.
IXFR slaving in Authoritative and Recursor (for RPZ)
ODBC (Microsoft SQL Server & Azure) and LDAP backends are fully supported again 
in Authoritative
Vastly improved Lua modules in Recursor, including the ability to 
asynchronously query reputation servers or databases (!)
EDNS Client Subnet support in Recursor (Authoritative supported this in 3.x.x 
too)
GEOIP backend enhanced, for example to support countries but also direct 
subnets for source dependent answers
All caches can now be wiped for whole subtrees
Powerful new metrics that point out performance and operational problems (fd 
usage, memory usage, network responsiveness, kernel dropped packets)

Re: [Pdns-users] Problem with powerdns

[bert hubert]

On Mon, Jul 11, 2016 at 10:38:13AM +, Jordan Cook wrote:
> On Mon, Jul 11, 2016 at 11:25:05AM +, Aki Tuomi wrote:
> >
> >Try pdnsutil check-zone 
> >
> >Aki
> 
> Nope, nothing for the records with problems :(

Jordan,

Try pdnsutil check-all-zones. If that doesn't show us anything interesting,
please post the output of 'pdnsutil show-zone domain.com' and 'pdnsutil
list-zone domain.com'.

Thanks!

> This email is 
> confidential and may be privileged. If received in error please notify 
> us and delete the email from your system.
> Gyron reserves the right to 
> monitor all email communications.

Please note you are sending email to a public mailing list, so we are all
assuming this is public data.

Bert
___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/pdns-users

Re: [Pdns-users] Problem with powerdns

[Jordan Cook]

On Mon, Jul 11, 2016 at 11:25:05AM +, Aki Tuomi wrote:
>
>Try pdnsutil check-zone 
>
>Aki

Nope, nothing for the records with problems :(

Gyron Internet Ltd.
Jordan Cook
Junior Network and Systems Engineer
Network and Infrastructure
P: +44 844 826 4000 | F: +44 844 826 4001 | M: +44 7703 739 434
E: jordan.c...@gyron.net | W: www.gyron.net
24/7 Support: +44 844 826 3999
Gyron is an NTT Communications Group Company. Gyron Internet Limited, 
registered company no 4239332 in England and Wales.
Registered office: 3
 Centro, Boundary Way, Hemel Hempstead, HP2 7SU.
This email is 
confidential and may be privileged. If received in error please notify 
us and delete the email from your system.
Gyron reserves the right to 
monitor all email communications.
___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/pdns-users

Re: [Pdns-users] Problem with powerdns

[Aki Tuomi]

On Mon, Jul 11, 2016 at 10:21:03AM +, Jordan Cook wrote:
> Hello,
> 
> I'm running PowerDNS Authoritative Server 4.0.0-alpha2 and we have a few 
> problems.
> 
> We're seing lots of these errors in logs:
> 
> Jul 11 11:18:04 ns01 pdns[31603]: Exception: All data was not consumed
> Jul 11 11:18:04 ns01 pdns[31603]: Exception building answer packet (All data 
> was not consumed) sending out servfail
> 
> It also appears to be responding with NXDOMAIN for records which are in the 
> MySQL Database
> 
> On a side note, the default package for pdns-server on Ubuntu 16.04 seems to 
> be for 4.0.0-alpha2 despite it not being released?
> 
>

Try pdnsutil check-zone 

Aki 
___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/pdns-users

[Pdns-users] Problem with powerdns

[Jordan Cook]

Hello,

I'm running PowerDNS Authoritative Server 4.0.0-alpha2 and we have a few 
problems.

We're seing lots of these errors in logs:

Jul 11 11:18:04 ns01 pdns[31603]: Exception: All data was not consumed
Jul 11 11:18:04 ns01 pdns[31603]: Exception building answer packet (All data 
was not consumed) sending out servfail

It also appears to be responding with NXDOMAIN for records which are in the 
MySQL Database

On a side note, the default package for pdns-server on Ubuntu 16.04 seems to be 
for 4.0.0-alpha2 despite it not being released?



Gyron Internet Ltd.
Jordan Cook
Junior Network and Systems Engineer
Network and Infrastructure
P: +44 844 826 4000 | F: +44 844 826 4001 | M: +44 7703 739 434
E: jordan.c...@gyron.net | W: www.gyron.net
24/7 Support: +44 844 826 3999
Gyron is an NTT Communications Group Company. Gyron Internet Limited, 
registered company no 4239332 in England and Wales.
Registered office: 3
 Centro, Boundary Way, Hemel Hempstead, HP2 7SU.
This email is 
confidential and may be privileged. If received in error please notify 
us and delete the email from your system.
Gyron reserves the right to 
monitor all email communications.
___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/pdns-users

Re: [Pdns-users] PDNS Recursor domain not resolved!

[Pieter Lexis]

Hi Federico,

On Sun, 10 Jul 2016 21:39:11 +0100
Federico Olivieri  wrote:

> Sorry for the missed information. I'm using 0.0.946g76d75e3-1pdns.jessie on
> Raspbian. I' ll try to collect come some logs and I'll come back to you. In
> the meantime would be nice have 4.0 forked into RaspBian repo

A newer version for Raspbian has been added to the repository on Friday. This
build is a few eeeks newer and contains many DNSSEC improvements. Please update
and try again. Let us know if you still experience issues.

Best regards,

Pieter
-- 
Pieter Lexis
PowerDNS.COM BV -- https://www.powerdns.com
___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/pdns-users