Cookies op Tweakers

Tweakers maakt gebruik van cookies, onder andere om de website te analyseren, het gebruiksgemak te vergroten en advertenties te tonen. Door gebruik te maken van deze website, of door op 'Ga verder' te klikken, geef je toestemming voor het gebruik van cookies. Wil je meer informatie over cookies en hoe ze worden gebruikt, bekijk dan ons cookiebeleid.

Meer informatie

Door , , 3 reacties
Bron: PowerDNS

PowerDNS is een dns-server met een database als backend, waardoor het beheer van een groot aantal dns-entry's op een gemakkelijke manier kan plaatsvinden. De ontwikkelaars hebben eind april 2006 besloten om de twee delen waaruit PowerDNS bestaat, een recursor en een authoritative nameserver, apart uit te geven. Hierdoor kan men sneller een nieuwe versie uitbrengen, aldus de ontwikkelaars. De ontwikkelaars hebben zojuist versie 3.2 van PowerDNS Recursor uitgebracht waarbij iedereen wordt aangeraden om deze update uit te voeren. De aankondiging van deze uitgave ziet er als volgt uit:

PowerDNS Recursor 3.2 Available

Please find below the release notes of the PowerDNS Recursor version 3.2!

Compared to RC1 and RC2 this version mostly contains compilation and platform fixes (for Solaris and CentOS4/RHEL4), as well as improved statistics, diagnostics and '--help' output, and assorted small useability fixes.

RC1 and RC2 are already deployed in a number of large places, and it appears to be holding up well. In addition, a number of future users have performed stringent testing and performance measurements, and it appears this version works satisfactorily.

It is also observed that this release candidate provides for vastly improved performance compared to 3.1.7.*, even bringing us close to the very impressive numbers measured by users of the Nominum Vantio and Nominum CNS software. On modern hardware, the PowerDNS Recursor may in fact be faster, and certainly better value for money. For more details, please see below.

The PowerDNS Recursor 3.2 releases is a highly recommended upgrade.

We are very interested in hearing your experiences, and if there are any issues, please let us know.

Please note that the 'universal' RPMs are, in fact, too new for RHEL4 and derived distributions. It is expected that in the coming week, RHEL4-compatible RPMs will be announced.

(Nominum, Nominum CNS & Nominum Vantio are trademarks owned by Nominum)

Release notes:

Version with clickable links http://doc.powerdns.com/changelog.html#CHANGELOG-RECURSOR-3-2

Warning!
Lua scripts from version 3.1.7.* are fully compatible with version 3.2. However, scripts written for development snapshot releases, are NOT. Please see Section 12.7 for details!

The 3.2 release is the first major release of the PowerDNS Recursor in a long time. Partly this is because 3.1.7.* functioned very well, and delivered satisfying performance, partly this is because in order to really move forward, some heavy lifting had to be done.

As always, we are grateful for the large PowerDNS community that is actively involved in improving the quality of our software, be it by submitting patches, by testing development versions of our software or helping debug interesting issues. We specifically want to thank Stefan Schmidt and Florian Weimer, who both over the years have helped remendously in keeping PowerDNS fast, stable and secure.

This version of the PowerDNS Recursor contains a rather novel form of lock-free multithreading, a situation that comes close to the old '--fork' trick, but allows the Recursor to fully utilize multiple CPUs, while delivering unified statistics and operational control.

In effect, this delivers the best of both worlds: near linear scaling, with almost no administrative overhead.

Compared to 'regular multithreading', whereby threads cooperate more closely, more memory is used, since each thread maintains its own DNS cache. However, given the economics, and the relatively limited total amount of memory needed for high performance, this price is well worth it.

In practical numbers, over 40,000 queries/second sustained performance has now been measured by a third party, with a 100.0% packet response rate. This means that the needs of around 400,000 residential connections can now be met by a single commodity server.

In addition to the above, the PowerDNS Recursor is now providing resolver service for many more Internet users than ever before. This has brought with it 24/7 Service Level Agreements, and 24/7 operational monitoring by networking personnel at some of the largest telecommunications companies in the world.

In order to facilitate such operation, more statistics are now provided that allow the visual verification of proper PowerDNS Recursor operation. As an example of this there are now graphs that plot how many queries were dropped by the operating system because of a CPU overload, plus statistics that can be monitored to determine if the PowerDNS deployment is under a spoofing attack.

All in all, this is a large and important PowerDNS Release, paving the way for further innovation.

Note
This release removes support for the 'fork' multi-processor option. In addition, the default is now to spawn two threads. This has been done in such a way that total memory usage will remain identical, so each thread will use half of the allocated maximum number of cache entries.

Changes between RC2 and -release:
  • 'Make install' when an existing configuration file contained a 'fork' statement has been fixed. Spotted by Darren Gamble, code in commit 1534.
  • Reloading a non-existant allow-from-file caused the control thread to stop working. Spotted by Imre Gergely, code in commit 1532.
  • Parser got confused by reading en empty line in auth-forward-zones. Spotted by Imre Gergely, code in commit 1533.
  • David Gavarret discovered undocumented and not-working settings to set the owner, group and access modes of the control socket. Code by Aki Tuomi and documentation in commit 1535. Fixup in commit 1536 for FreeBSD as found by Ralf van der Enden.
  • Tiny improvement possibly solving an issue on Solaris 10's completion port event multiplexer (commit 1537).
Changes between RC1 and RC2:
  • Compilation on Solaris 10 has been fixed (various patchlevels had different issues), code in commit 1522.
  • Compatibility with CentOS4/RHEL4 has been restored, the gcc and glibc versions shipped with this distribution contain a Thread Local Storage bug which we now work around. Thanks to Darren Gamble and Imre Gergely for debugging this issue, code in commit 1527.
  • A failed setuid operation, because of misconfiguration, would result in a crash instead of an error message. Fixed in commit 1523.
  • Imre Gergely discovered that PowerDNS was doing spurious root repriming when invalidating nssets. Fixed in commit 1531.
  • Imre Gergely discovered our rrd graphs had not been changed for the new multithreaded world, and did not allow scaling beyond 200% cpu use. In addition, CPU usage graphs did not add up correctly. Implemented in commit 1524.
  • Andreas Jakum discovered the description of 'max-packetcache-entries' and 'forward-zones-recurse' was wrong in the output of '--help' and '--config'. In addition, some stray backup files made it into the RC1 release. Addressed in commit 1529.
Full release notes follow, including some overlap with the incremental release notes above.

Improvements:
  • Multithreading, allowing near linear scaling to multiple CPUs or cores. Configured using 'threads=' (many commits). This also deprecates the '--fork' option.
  • Added ability to read a configuration item of a running PowerDNS Recursor using 'rec_control get-parameter' (commit 1243), suggested by Wouter de Jong.
  • Added ability to read all statistics in one go of a running PowerDNS Recursor using 'rec_control get-all' (commit 1496), suggested by Michael Renner.
  • Speedups in packet generation (Commits 1258, 1259, 1262)
  • TCP deferred accept() filter is turned on again for slight DoS protection. Code in commit 1414.
  • PowerDNS Recursor can now do TCP/IP queries to remote IPv6 addresses (commit 1412).
  • Solaris 9 '/dev/poll' support added, Solaris 8 now deprecated. Changes in commit 1421, commit 1422, commit 1424, commit 1413.
  • Lua functions can now also see the address _to_ which a question was sent, using getlocaladdress(). Implemented in commit 1309 and commit 1315.
  • Maximum cache sizes now default to a sensible value. Suggested by Roel van der Made, implemented in commit 1354.
  • Domains can now be forwarded to IPv6 addresses too, using either ::1 syntax or [::1]:25. Thanks to Wijnand Modderman for discovering this issue, fixed in commit 1349.
  • Lua scripts can now load libraries at runtime, for example to calculate md5 hashes. Code by Winfried Angele in commit 1405.
  • Periodic statistics output now includes average queries per second, as well as packet cache numbers (commit 1493).
  • New metrics are available for graphing, plus added to the default graphs (commit 1495, commit 1498, commit 1503)
  • Fix errors/crashes on more recent versions of Solaris 10, where the ports functions could return ENOENT under some circumstances. Reported and debugged by Jan Gyselinck, fixed in commit 1372.
New features:
  • Add pdnslog() function for Lua scripts, so errors or other messages can be logged properly.
  • New settings to set the owner, group and access modes of the control socket (socket-owner, socket-group, socket-mode). Code by Aki Tuomi and documentation in commit 1535. Fixup in commit 1536 for FreeBSD as found by Ralf van der Enden.
  • rec_control now accepts a --timeout parameter, which can be useful when reloading huge Lua scripts. Implemented in commit 1366.
  • Domains can now be forwarded with the 'recursion-desired' bit on or off, using either forward-zones-recurse or by prefixing the name of a zone with a '+' in forward-zones-file. Feature suggested by Darren Gamble, implemented in commit 1451.
  • Access control lists can now be reloaded at runtime (implemented in commit 1457).
  • PowerDNS Recursor can now use a pool of query-local-addresses to further increase resilience against spoofing. Suggested by Ad Spelt, implemented in commit 1426.
  • PowerDNS Recursor now also has a packet cache, greatly speeding up operations. Implemented in commit 1426, commit 1433 and further.
  • Cache can be limited in how long it maximally stores records, for BIND compatibility (TTL limiting), by setting max-cache-ttl.Idea by Winfried Angele, implemented in commit 1438.
  • Cache cleaning turned out to be scanning more of the cache than necessary for cache maintenance. In addition, far more frequent but smaller cache cleanups improve responsiveness. Thanks to Winfried Angele for discovering this issue. (commits 1501, 1507)
  • Performance graphs enhanced with separate CPU load and cache effectiveness plots, plus display of various overload situations (commits 1503)
Compiler/Operating system/Library updates:
  • PowerDNS Recursor can now compile against newer versions of Boost (verified up to and including 1.42.0). Reported & fixed by Darix in commit 1274. Further fixes in commit 1275, commit 1276, commit 1277, commit 1283.
  • Fix compatibility with newer versions of GCC (closes ticket ticket 227, spotted by Ruben Kerkhof, code in commit 1345, more fixes in commit 1394, 1416, 1440).
  • Rrdtool update graph is now compatible with FreeBSD out of the box. Thanks to Bryan Seitz (commit 1517).
  • Fix up Makefile for older versions of Make (commit 1229).
  • Solaris compilation improvements (out of the box, no handwork needed).
  • Solaris 9 MTasker compilation fixes, as suggested by John Levon. Changes in commit 1431.
Bug fixes:
  • Under rare circumstances, the recursor could crash on 64 bit Linux systems running glibc 2.7, as found in Debian Lenny. These circumstances became a lot less rare for the 3.2 release. Discovered by Andreas Jakum and debugged by #powerdns, fix in commit 1519.
  • Imre Gergely discovered that PowerDNS was doing spurious root repriming when invalidating nssets. Fixed in commit 1531.
  • Configuration parser is now resistant against trailing tabs and other whitespace (commit 1242)
  • Fix typo in a Lua error message. Close ticket 210, as reported by Stefan Schmidt (commit 1319).
  • Profiled-build instructions were broken, discovered & fixes suggested by Stefan Schmidt. ticket 239, fix in commit 1462.
  • Fix up duplicate SOA from a remote authoritative server from showing up in our output (commit 1475).
  • All security fixes from 3.1.7.2 are included.
  • Under highly exceptional circumstances on FreeBSD the PowerDNS Recursor could crash because of a TCP/IP error. Reported and fixed by Andrei Poelov in ticket 192, fixed in commit 1280.
  • PowerDNS Recursor can be a root-server again. Error spotted by the ever vigilant Darren Gamble (t229), fix in commit 1458.
  • Rare TCP/IP errors no longer lead to PowerDNS Recursor logging errors or becoming confused. Debugged by Josh Berry of Plusnet PLC. Code in commit 1457.
  • Do not hammer parent servers in case child zones are misconfigured, requery at most once every 10 seconds. Reported & investigated by Stefan Schmidt and Andreas Jakum, fixed in commit 1265.
  • Properly process answers from remote authoritative servers that send error answers without including the original question (commit 1329, commit 1327).
  • No longer spontaneously turn on 'export-etc-hosts' after reloading zones. Discovered by Paul Cairney, reported in ticket 225, addressed in commit 1348.
  • Very abrupt server failure of large numbers of high-volume authoritative servers could trigger an out of memory situation. Addressed in commit 1505.
  • Make timeouts for queries to remote authoritative servers configurable with millisecond granularity. In addition, the old code turned out to consider the timeout expired when the integral number of seconds since 1970 increased by 1 - which *on average* is after 500ms. This might have caused spurious timeouts! New default timeout is 1500ms. See network-timeout setting for more details. Code in commit 1402.
Moderatie-faq Wijzig weergave

Reacties (3)

Kan iemand ook vertellen hoe de prestatie is in tegenstelling tot bijvoorbeeld BIND9.

Is er ook iemand met ervaring met PowerDNS recurosor? Het hele MySQL idee, om je DNS records in op te slaan staat me wel aan.

Gewoon eens gaan proberen!
PowerDNS is in tegenstelling tot BIND opgesplitst. De recursor doet alleen maar je recursie en heeft zelf dus geen records. Dit is bijvoorbeeld ideaal voor de gemiddelde thuisgebruiker die geen eigen DNS records bij wil houden, maar wel een caching DNS server wil draaien. Het is ook heel eenvoudig om standaard alles naar je provider door te sturen.

Daarnaast is er de server die puur en alleen de server is. Deze zal ook geen recursieve queries beantwoorden en is dus bedoeld voor hosting. Deze heeft als interessante feature 'super master'. Dit betekent dat je een PowerDNS slave kan opzetten en naar een super master wijzen. Dan worden alle zones waarvoor de super master een master is automatisch gerepliceerd naar de slave. Als je veel zones host, kan dit je veel tijd besparen omdat je alleen de super master bij hoeft te werken.

Een nadeel is wel dat je niet en de server en recursor op 1 IP kan draaien en je dus een trucje met de recursor moet uithalen om naar de server te wijzen. Dan draai je de server bijvoorbeeld op poort 5300 en recursor op 53. Met een IP restrictie kun je het dan goed afschermen zodat je niet wereldwijd recursor bent. Dit staat echter wel beschreven in de config en anders zijn er ongetwijfeld howtos te vinden.

Door de database verlies je wel dingen tov BIND. Ten eerste zul je $GENERATE moeten missen, wat reverse DNS entries voor een heel subnet vervelend kan maken. Verder vind ik het persoonlijk fijn om bij bind de DNS files met vim bij te werken. Overigens kan BIND ook met een database werken dus daar is het niet uniek in.
Wij gebruiken pdns al jaren komende vanaf Bind. De recursor is erg klein en snel (de "verkoop" kreten kloppen echt). Ook de mysql backend is makkelijk omdat je snel zaken kunt aanpassen met queries. Met Bind hadden wij regelmatig dat de recursor op +70% zat te draaien de pdns recursor komt niet boven de 5% uit.

PS. Ook gebruiken wij de author. powerdns server en wij serveren hier zo'n 17.000 zones.

Op dit item kan niet meer gereageerd worden.



Apple iOS 10 Google Pixel Apple iPhone 7 Sony PlayStation VR AMD Radeon RX 480 4GB Battlefield 1 Google Android Nougat Watch Dogs 2

© 1998 - 2016 de Persgroep Online Services B.V. Tweakers vormt samen met o.a. Autotrack en Carsom.nl de Persgroep Online Services B.V. Hosting door True