A release of the PowerDNS Recursor 4.6 caching DNS server is available, which is responsible for recursive name resolution. PowerDNS Recursor is built on the same codebase as PowerDNS Authoritative Server, but PowerDNS recursive and authoritative DNS servers are developed through different development cycles and released as separate products. The project code is distributed under the GPLv2 license.
The server provides tools for remote statistics collection, supports instant restart, has a built-in engine for connecting Lua handlers, fully supports DNSSEC, DNS64, RPZ (Response Policy Zones), allows you to connect blacklists. It is possible to write the resolving results as BIND zone files. To ensure high performance, modern connection multiplexing mechanisms in FreeBSD, Linux and Solaris (kqueue, epoll, /dev/poll) are used, as well as a high-performance DNS packet parser capable of processing tens of thousands of parallel requests.
In the new version:
- Added the “Zone to Cache” function, which allows you to periodically retrieve a DNS zone and insert its contents into the cache, so that the cache is always in a “hot” state and contains data associated with the zone. The function can be used with any type of zone, including root. Zone retrieval can be done using DNS AXFR, HTTP, HTTPS, or via loading from a local file.
- It is possible to reset entries from the cache upon receipt of incoming notify requests.
- Added support for encrypting calls to DNS servers using DoT (DNS over TLS). By default, DoT is enabled when you specify port 853 for the DNS Forwarder or when you explicitly list DNS servers through the dot-to-auth-names parameter. Certificate verification is not yet performed, as is automatic switching to DoT and its support by the DNS server (these features will be enabled after approval by the standardization committee).
- The code for establishing outgoing TCP connections has been rewritten, and the ability to reuse connections has been added. To reuse TCP (and DoT) connections, connections are no longer closed immediately after processing a request, but are left open for some time (the behavior is controlled by the tcp-out-max-idle-ms setting).
- The range of collected and exported metrics with statistics and information for monitoring systems has been expanded.
- Added an experimental Event Tracing feature that allows you to get detailed information about the execution time of each resolution stage.
Source: opennet.ru