release of an authoritative DNS server , designed to organize the return of DNS zones. By project developers, PowerDNS Authoritative Server serves approximately 30% of the total number of domains in Europe (if we consider only domains with DNSSEC signatures, then 90%). Project code licensed under GPLv2.
PowerDNS Authoritative Server provides the ability to store domain information in a variety of databases, including MySQL, PostgreSQL, SQLite3, Oracle, and Microsoft SQL Server, as well as in LDAP and plain text files in the BIND format. The return of the response can be additionally filtered (for example, to filter out spam) or redirected by connecting your own handlers in Lua, Java, Perl, Python, Ruby, C and C ++. Among the features, there are also tools for remote collection of statistics, including via SNMP or via the Web API (an http server is built in for statistics and management), instant restart, a built-in engine for connecting handlers in the Lua language, the ability to balance load based on the geographic location of the client .
All :
- Added the ability records with handlers in the Lua language, with which you can create sophisticated handlers that take into account AS, subnets, proximity to the user, etc. when returning data. Support for Lua records is implemented for all storage backends, including BIND and LMDB. For example, to return data taking into account the background check of the availability of hosts in the zone configuration, you can now specify:
@ IN LUA A "ifportup(443, {'52.48.64.3', '45.55.10.200'})"
- Added new utility , which allows you to transfer zones from an authoritative server using AXFR and IXFR requests, taking into account the relevance of the transmitted data (for each domain, the SOA number is checked and only new versions of the zone are loaded). The utility allows you to organize zone synchronization on a very large number of secondary and recursive servers without creating a large load on the primary server;
- In preparation for the initiative the value of the udp-truncation-threshold parameter, which is responsible for truncating UDP responses to the client, has been reduced from 1680 to 1232, which should significantly reduce the likelihood of losing UDP packets. The value 1232 is chosen because it is the maximum at which the DNS response size, taking into account IPv6, fits into the minimum MTU value (1280);
- Added a new database-based storage backend . The backend is fully DNSSEC compliant, can be used for both master and slave zones, and provides better performance than most other backends. Just before the release, a change was added to the code that broke the LMDB backend (processing slave zones and loading via pdnsutil works, but commands such as “pdnsutil edit-zone” stopped working. The problems are planned to be fixed in the next corrective release;
- Removed support for a poorly documented "autoserial" feature that was preventing some issues from being fixed. As required (GOST R 34.11-2012 moved to "MUST NOT" category) DNSSEC dropped support for GOST DS hashes and ECC-GOST digital signatures.
Recall that PowerDNS has moved to a six-month development cycle, according to which the next major release of PowerDNS Authoritative Server is expected in February 2020. Updates for major releases will be rolled out over the course of a year, followed by another six months for vulnerability fixes. Thus, support for the PowerDNS Authoritative Server 4.2 branch will last until January 2021.
Source: opennet.ru