| Index | index by Group | index by Distribution | index by Vendor | index by creation date | index by Name | Mirrors | Help | Search |
| Name: pdns-recursor | Distribution: openSUSE Tumbleweed |
| Version: 5.2.5 | Vendor: openSUSE |
| Release: 1.1 | Build date: Thu Aug 14 03:49:02 2025 |
| Group: Productivity/Networking/DNS/Servers | Build host: reproducible |
| Size: 15098501 | Source RPM: pdns-recursor-5.2.5-1.1.src.rpm |
| Packager: http://bugs.opensuse.org | |
| Url: https://www.powerdns.com/ | |
| Summary: Modern, advanced and high performance recursing/non authoritative nameserver | |
PowerDNS Recursor is a non authoritative/recursing DNS server. Use this
package if you need a dns cache for your network.
Authors:
--------
http://www.powerdns.com
GPL-2.0-or-later
* Thu Aug 14 2025 Marcus Rueckert <mrueckert@suse.de>
- update to 5.2.5 (CVE-2025-30192 boo#246841)
https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2025-04.html
https://doc.powerdns.com/recursor/changelog/5.1.html#change-5.1.4
https://doc.powerdns.com/recursor/changelog/5.1.html#change-5.1.6
https://doc.powerdns.com/recursor/changelog/5.1.html#change-5.1.7
https://doc.powerdns.com/recursor/changelog/5.2.html#change-5.2.0
https://doc.powerdns.com/recursor/changelog/5.2.html#change-5.2.1
https://doc.powerdns.com/recursor/changelog/5.2.html#change-5.2.2
https://doc.powerdns.com/recursor/changelog/5.2.html#change-5.2.3
https://doc.powerdns.com/recursor/changelog/5.2.html#change-5.2.4
https://doc.powerdns.com/recursor/changelog/5.2.html#change-5.2.5
- reenable snmp support ( we had the BR but not the configure flag)
- add missing BR for fstrm and libcurl
- enable NOD support (new BR libboost_filesystem-devel)
- enable luajit where possible
* Sat Mar 22 2025 Andreas Stieger <andreas.stieger@gmx.de>
- update to 5.1.3:
* Implement rfc6303 special zones (mostly v6 reverse mappings)
* Distinguish OS imposed limits from app imposed limits,
specifically on chains.
* Tue Nov 05 2024 Marcus Rueckert <mrueckert@suse.de>
- update to 5.1.2 (boo#1231292 CVE-2024-25590)
https://doc.powerdns.com/recursor/changelog/5.1.html#change-5.1.2
- drop powerdns-5_1_1-2_fix-build-with-boost-1_86_0.patch included
in update
* Sun Sep 29 2024 Marcus Rueckert <mrueckert@suse.de>
- update to 5.1.1
https://doc.powerdns.com/recursor/changelog/5.1.html#change-5.1.1
https://doc.powerdns.com/recursor/changelog/5.0.html#change-5.0.8
- add powerdns-5_1_1-2_fix-build-with-boost-1_86_0.patch from arch
linux to fix building with boost 1.86
- refreshed cargo_build_fix.patch
- track series file for easier patching
- no more conf.dist file. I think we should switch the default
config in the package to the yaml format maybe
* Sat May 25 2024 Andreas Stieger <andreas.stieger@gmx.de>
- update to 5.0.5:
* Do not count RRSIGs using unsupported algorithms toward RRSIGs
limit
* Correctly count NSEC3s considered when chasing the closest
encloser.
* Let NetmaskGroup parse dont-throttle-netmasks, allowing
negations.
* Fix types of two YAML settings (incoming.edns_padding_from,
incoming.proxy_protocol_from) that should be sequences of
subnets
* Fix trace=fail regression and add regression test for it
* Wed Apr 24 2024 Adam Majer <adam.majer@suse.de>
- update to 5.0.4:
* fixes a case when a crafted responses can lead to a denial of
service in Recursor if recursive forwarding is configured
(bsc#1223262, CVE-2024-25583)
- changes in 5.0.3
* Log if a DNSSEC related limit was hit if log_bogus is set
* Reduce RPZ memory usage by not keeping the initially loaded
RPZs in memory
* Fix the zoneToCache regression introduced by 5.0.2 security
update
* Tue Feb 13 2024 Adam Majer <adam.majer@suse.de>
- update to 5.0.2
* fixes crafted DNSSEC records in a zone can lead to a denial
of service in Recursor
https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2024-01.html
(bsc#1219823, bsc#1219826, CVE-2023-50387, CVE-2023-50868)
* Fri Feb 09 2024 Adam Majer <adam.majer@suse.de> 5.0.1
- update to 5.0.1
https://doc.powerdns.com/recursor/changelog/5.0.html#change-5.0.1
For upgrade from 4.9.x, see
https://doc.powerdns.com/recursor/upgrade.html#to-5-0-0-and-master
- cargo_build_fix.patch: add cargo_build parameters to Makefile...
* Fri Aug 25 2023 Adam Majer <adam.majer@suse.de> 4.9.1
- update to 4.9.1
* The setting of policy tags for packet cache hist has been fixed.
Previously, packet cache hits would not contain policy tags set in
the Lua gettags(-ffi) intercept functions.
* The retrieval of RPZ zones could fail in situations where a read of
the chunk length from the IXFR TCP stream would produce an
incomplete result.
- enable DSN-over-TLS (DoT) via OpenSSL
For complete list of changes, see
https://doc.powerdns.com/recursor/changelog/4.9.html#change-4.9.1
For upgrades since 4.8.x and earlier, see
https://doc.powerdns.com/recursor/upgrade.html
* Tue Apr 04 2023 Adam Majer <adam.majer@suse.de>
- update to 4.8.4
* Deterred spoofing attempts can lead to authoritative servers
being marked unavailable (bsc#1209897, CVE-2023-26437)
* Tue Mar 07 2023 Adam Majer <adam.majer@suse.de> 4.8.3
- update to 4.8.3
* Fix serve-stale logic to not cause intermittent high CPU load by:
+ correcting the removal of a negative cache entry,
+ correcting the serve-stale main loop regarding exception handling,
+ correctly handle negcache entries with serve-state status.
- changes in version 4.8.2
* Make cache cleaning of record an negative cache more fair
* Do not report “not decreasing socket buf size” as an error
* Do not use “message” as key, it has a special meaning to systemd-journal
* Add the ‘parse packet from auth’ error message to structured logging
* Refresh of negcache stale entry might use wrong qtype
* Do not chain ECS enabled queries
* Properly encode json string containing binary data
* Fri Jan 20 2023 Adam Majer <adam.majer@suse.de>
- update to 4.8.1
* Avoid unbounded recursion when retrieving DS records from some
misconfigured domains. (bsc#1207342, CVE-2023-22617)
* Mon Dec 12 2022 Michael Ströder <michael@stroeder.com>
- update to 4.8.0 with these major changes:
* Structured Logging has been implemented for almost all
subsystems.
* Optional Serve Stale functionality has been implemented,
providing resilience against connectivity problems towards
authoritative servers.
* Optional Record Locking has been implemented, providing an extra
layer of protection against spoofing attempts at the price of
reduced cache efficiency.
* Internal tables used to track information about authoritative
servers are now shared instead of per-thread, resulting in
better performance and lower memory usage.
* EDNS padding of outgoing DoT queries has been implemented,
providing better privacy protection.
* Metrics have been added about the protobuf and dnstap logging
subsystems and the rcodes received from authoritative
servers.
* Fri Nov 25 2022 Michael Ströder <michael@stroeder.com>
- update to 4.7.4
* Fix compilation of the event ports multiplexer. #12046, PR#12231
* Correct skip record condition in processRecords. #12198, PR#12230
* Also consider recursive forward in the “forwarded DS should not end up in negCache code.” #12189, #12199, PR#12227
* Timout handling for IXFRs as a client. #12125, PR#12190
* Detect invalid bytes in makeBytesFromHex(). #12066, PR#12173
* Log invalid RPZ content when obtained via IXFR. #12081, PR#12171
* When an expired NSEC3 entry is seen, move it to the front of the expiry queue. #12038, PR#12168
* Tue Sep 20 2022 Michael Ströder <michael@stroeder.com>
- update to 4.7.3
* Improvements
- For zones having many NS records, we are not interested in all so take a sample. #11904, PR#11936
- Also check qperq limit if throttling happened, as it increases counters. #11848, PR#11897
* Bug Fixes
- Failure to retrieve DNSKEYs of an Insecure zone should not be fatal. #11890, PR#11940
- Fix recursor not responsive after Lua config reload. #11850, PR#11879
- Clear the caches after loading authzones. #11843, PR#11847
- Resize answer length to actual received length in udpQueryResponse. #11773, PR#11774
* Wed Aug 24 2022 Adam Majer <adam.majer@suse.de>
- Bump requires to newer Boost, effectively disabling support for SLE-12
* Tue Aug 23 2022 Michael Ströder <michael@stroeder.com>
- update to 4.7.2
* incomplete exception handling related to protobuf message generation.
(CVE-2022-37428, bsc#1202664)
* Fri Jul 08 2022 Michael Ströder <michael@stroeder.com>
- update to 4.7.1
* Improvements
- Allow generic format while parsing zone files for ZoneToCache.
References: #11724, #11726, pull request 11750
- Force gzip compression for debian packages (Zash). #11735, PR#11740
* Bug Fixes
- Run tasks from housekeeping thread in the proper way, causing queued
DoT probes to run more promptly. #11692, PR#11748
* Mon May 30 2022 Michael Ströder <michael@stroeder.com>
- update to 4.7.0
* A configurable way of adding Additional records to answers sent
to the client, so the client does not have to ask for these
records.
* The step sizes for Query Minimization are now computed following to
guidelines in [2]RFC 9156.
* The Recursor now schedules tasks to resolve IPv6 addresses of name
servers not learned by glue records. This has the consequence that,
if applicable, name servers will be contacted over IPv6 more often.
* An experimental implementation of unilateral [3]DoT probing. This
allows the Recursor to learn if a an authoritative servers supports
DoT.
* Recursor has gained a way to fall back to the parent NS set if
contacting servers in the child NS set does not lead to an answer.
This works around some broken authoritative servers configurations.
* ZONEMD validation of the zones retrieved by the [5]Zone to Cache,
providing integrity guarantees for the zone retrieved.
* The table recording round trip times of authoritative server IP
addresses is now shared between threads to make it more effective
and to reduce its memory footprint.
* A Lua FFI hook for post-resolve interception: [6]postresolve_ffi,
providing a very fast way to do post-resolve Lua scripting.
* Mon Apr 04 2022 Michael Ströder <michael@stroeder.com>
- update to 4.6.2
* Improvements
- Allow disabling of processing the root hints.
- References: #11283, pull request 11360
- Log an error if pdns.DROP is used as rcode in Lua callbacks.
- References: #11288, pull request 11361
- A CNAME answer on DS query should abort DS retrieval.
- References: #11245, pull request 11358
- Reject non-apex NSEC(3)s that have both the NS and SOA bits set.
- References: #11225, pull request 11357
- Fix build with OpenSSL 3.0.0.
- References: pull request 11260
- Shorter thread names.
- References: #11137, pull request 11170
- Two more features to print (DoT and scrypt).
- References: #11109, pull request 11169
* Bug Fixes
- Be more careful using refresh mode only for the record asked.
- References: #11371, pull request 11418
- Use the Lua context stored in SyncRes when calling hooks.
- References: #11300, pull request 11380
- QType ADDR is supposed to be used internally only.
- References: #11338, pull request 11363
- If we get NODATA on an AAAA in followCNAMERecords, try native dns64.
- References: #11327, pull request 11362
- Initialize isNew before calling a exception throwing function.
- References: #11257, pull request 11359
* Mon Mar 28 2022 Adam Majer <adam.majer@suse.de>
- fix building against sle-12 backports with gcc-9
- remove obsolete BR on protobuf
- add bundled information to the spec file
- boost_context.patch: Boost.Context detection fix on SLE12
* Fri Mar 25 2022 Adam Majer <adam.majer@suse.de>
- update to 4.6.1
fixes incomplete validation of incoming IXFR transfer in
the Recursor. It applies to setups retrieving one or more RPZ
zones from a remote server if the network path to the server
is not trusted. (bsc#1197525, CVE-2022-27227)
/etc/pdns/recursor.conf /etc/pdns/recursor.yml-dist /usr/lib/systemd/system/pdns-recursor.service /usr/lib/systemd/system/pdns-recursor@.service /usr/sbin/pdns_recursor /usr/sbin/rcpdns-recursor /usr/sbin/rec_control /usr/share/doc/packages/pdns-recursor /usr/share/doc/packages/pdns-recursor/README /usr/share/licenses/pdns-recursor /usr/share/licenses/pdns-recursor/COPYING /usr/share/man/man1/pdns_recursor.1.gz /usr/share/man/man1/rec_control.1.gz
Generated by rpm2html 1.8.1
Fabrice Bellet, Sat Nov 1 23:04:32 2025