gdnsd

Source tarball available at: https://github.com/gdnsd/gdnsd/releases/ 2.2.0 - 2014-12-30 *** Bugfixes: * fix for zero-length configuration strings causing assertion failure in developer-debug builds * fix for crash/assertfail if ... [More] admin_state file contents are defined by the user as an array instead of a hash * restored the logging of monitored state transitions, which was omitted in earlier 2.x releases but present in 1.x. *** Features: * If the admin_state file exists but doesn't parse correctly, that will now be a fatal error for startup or checkconf. Previously the error was logged but startup/checkconf was successful. * plugin_geoip: Support for MaxMind GeoIP2 databases. Requires libmaxminddb at build time to enable, which is a new optional build dependency. * plugin_geoip: Added v6->v4 translations for 64:ff9b::/96, the 'Well Known Prefix' from RFC6052 used for e.g. NAT64. * The http stats server now supports atomic flush-after-fetch behavior if given the query argument '?f=1', so that the stat counts are 'since last flush' instead of 'since startup'. The flushed state is shared between all clients using the argument. Does not affect stats for clients not using the argument. * New optional compile-time dependency on libunwind. If available, dmn_assert() in developer builds and certain fatal errors in production builds will produce stack backtraces before terminating the process. * Security is a little tighter by default now on Linux due to prctl() PR_SET_NO_NEW_PRIVS, which may interfere with existing plugin_extmon configurations if they're running privileged binaries (set[ug]id, capabilities). If this interferes with your configuration, it can be disabled via the global option 'weaker_security => true'. * The shipped gdnsd.service systemd unit file now defaults to more secure settings (e.g. private tmp, no homedir access, readonly system fs, no device access, etc). These can be overridden by the user without editing the defaults in e.g. /etc/systemd/system/gdnsd.d/custom.conf. *** Other: * The range, default, and effects of the zones_rfc1035_quiesce option have changed. The zones_rfc1035_min_quiesce option is now deprecated and useless and will generate a harmless warning on startup. This shouldn't be a pragmatic issue for most users. * Related to the above: the code no longer makes heuristic attempts to determine the effective filesystem timestamp accuracy of the zones directory on startup by writing temporary test files to it. * A warning is now generated if the 'zones_rfc1035_auto' option is not set explicitly, because the default value is likely to change from 'true' to 'false' in a future version. * The 'listen => scan' feature is now deprecated, but continues to function and issues a deprecation warning when used. Please either migrate to 'listen => any' (the current default) or file a bug indicating why that doesn't work for your platform/use-case! * Ragel 6.x is now a hard build dependency for all builds. Previously it was required for building from git, but not from tarballs. * Perl version dependency has been raised from 5.8.1 to 5.10.1 * Testsuite now also requires JSON::PP (which comes with Perl 5.13.9+, but may need to be installed for older ones). * sysd/gdnsd.service is now always generated in the build tree from the template, even if --without-systemdsystemunitdir and/or no systemd detected at all, to give more options for how packagers handle things. * Minor plugin API updates (most would just need a recompile). * A number of less-visible refactorings for quality and/or performance. [Less]

Source tarball available at: https://github.com/gdnsd/gdnsd/releases/ 2.1.0 - 2014-10-14 *** Bugfixes: * Fixed JSON stats output (was malformed; missing commas in the service state portion of the output). * Several relatively-benign ... [More] deficiencies related to daemonization, logging, and/or process control were fixed throughout the source tree. * Path MTU Discovery is now properly disabled on UDPv6 sockets * Syslog output was not being generated if compiled using --with-systemd, but not actually running under systemd. (obviated/fixed by the changes below) *** Systemd build/install changes: * The --with-systemd configure flag no longer exists, there is no dependency on systemd libraries or headers, and all Linux builds inherently support detecting systemd and being compatible with it. * Support for systemd watchdog timers was removed as the gdnsd implementation served zero functional purpose other than to add more systemd-related code bloat. * A (path-templated) unit file for gdnsd is now generated and installed on applicable systems. If gdnsd will be run as a systemd service, this unit file *must* be used! Some of the settings within are critical to the proper operation of gdnsd under systemd. The installation path can be overriden from the pkg-config-based default via --with-systemdsystemunitdir=DIR. Generation and installation can be avoided on systems which have systemd installed via --without-systemdsystemunitdir. *** syslog/stdio behavior (relevant mostly for initscripts): * New commandline flag "-x" suppresses syslog output completely. (This is intended for testsuites and linting invocations of checkconf and such, not for runtime use). * When the gdnsd binary hasn't fully daemonized yet (meaning the initial process has not yet exited, regardless of command/mode), Info- and Debug- level messages are output to stdout, while messages of severity Warning and higher are output to stderr (unless we're running under systemd, in which case we stop using stdio as soon as syslog is open to avoid journal duplicates). Everything is mirrored to syslog regardless unless the -x cmdline flag is used. * If you don't want any gdnsd command output interfering with e.g. your consistent ANSI-colored init system output, redirect both to /dev/null. If you'd rather not have "normal" noise, but would still like errors and serious issues to show through to the user, just direct stdout to /dev/null. * (The previous behavior was nothing to stdout, warning+ to stderr and sometimes info and debug to stderr as well, but sometimes nothing was output to any stdio anywhere, and was inconsistent depending on flags/command/situation). *** Misc changes: * Documentation added for log_stats option * Final stats output at daemon shutdown restored; was removed during a refactor some time ago and I forgot to get it working again. * Lots of misc improvements to the build and qa stuff. Notably the default build will now use aggressive security-hardening flags on modern GNU(-like) toolchains which support them. *** The canonical HTTP and git-clone URL locations for the project have changed to http://github.com/gdnsd/gdnsd . The old URLs and git remotes will work correctly for some time, but not indefinitely. [Less]

Source tarball available at: https://github.com/gdnsd/gdnsd/releases/ 2.1.0 - 2014-10-14 *** Bugfixes: * Fixed JSON stats output (was malformed; missing commas in the service state portion of the output). * Several relatively-benign ... [More] deficiencies related to daemonization, logging, and/or process control were fixed throughout the source tree. * Path MTU Discovery is now properly disabled on UDPv6 sockets * Syslog output was not being generated if compiled using --with-systemd, but not actually running under systemd. (obviated/fixed by the changes below) *** Systemd build/install changes: * The --with-systemd configure flag no longer exists, there is no dependency on systemd libraries or headers, and all Linux builds inherently support detecting systemd and being compatible with it. * Support for systemd watchdog timers was removed as the gdnsd implementation served zero functional purpose other than to add more systemd-related code bloat. * A (path-templated) unit file for gdnsd is now generated and installed on applicable systems. If gdnsd will be run as a systemd service, this unit file *must* be used! Some of the settings within are critical to the proper operation of gdnsd under systemd. The installation path can be overriden from the pkg-config-based default via --with-systemdsystemunitdir=DIR. Generation and installation can be avoided on systems which have systemd installed via --without-systemdsystemunitdir. *** syslog/stdio behavior (relevant mostly for initscripts): * New commandline flag "-x" suppresses syslog output completely. (This is intended for testsuites and linting invocations of checkconf and such, not for runtime use). * When the gdnsd binary hasn't fully daemonized yet (meaning the initial process has not yet exited, regardless of command/mode), Info- and Debug- level messages are output to stdout, while messages of severity Warning and higher are output to stderr (unless we're running under systemd, in which case we stop using stdio as soon as syslog is open to avoid journal duplicates). Everything is mirrored to syslog regardless unless the -x cmdline flag is used. * If you don't want any gdnsd command output interfering with e.g. your consistent ANSI-colored init system output, redirect both to /dev/null. If you'd rather not have "normal" noise, but would still like errors and serious issues to show through to the user, just direct stdout to /dev/null. * (The previous behavior was nothing to stdout, warning+ to stderr and sometimes info and debug to stderr as well, but sometimes nothing was output to any stdio anywhere, and was inconsistent depending on flags/command/situation). *** Misc changes: * Documentation added for log_stats option * Final stats output at daemon shutdown restored; was removed during a refactor some time ago and I forgot to get it working again. * Lots of misc improvements to the build and qa stuff. Notably the default build will now use aggressive security-hardening flags on modern GNU(-like) toolchains which support them. *** The canonical HTTP and git-clone URL locations for the project have changed to http://github.com/gdnsd/gdnsd . The old URLs and git remotes will work correctly for some time, but not indefinitely. [Less]

Source tarball available at: https://github.com/gdnsd/gdnsd/releases/ 2.1.0 - 2014-10-14 *** Bugfixes: * Fixed JSON stats output (was malformed; missing commas in the service state portion of the output). * Several relatively-benign ... [More] deficiencies related to daemonization, logging, and/or process control were fixed throughout the source tree. * Path MTU Discovery is now properly disabled on UDPv6 sockets * Syslog output was not being generated if compiled using --with-systemd, but not actually running under systemd. (obviated/fixed by the changes below) *** Systemd build/install changes: * The --with-systemd configure flag no longer exists, there is no dependency on systemd libraries or headers, and all Linux builds inherently support detecting systemd and being compatible with it. * Support for systemd watchdog timers was removed as the gdnsd implementation served zero functional purpose other than to add more systemd-related code bloat. * A (path-templated) unit file for gdnsd is now generated and installed on applicable systems. If gdnsd will be run as a systemd service, this unit file *must* be used! Some of the settings within are critical to the proper operation of gdnsd under systemd. The installation path can be overriden from the pkg-config-based default via --with-systemdsystemunitdir=DIR. Generation and installation can be avoided on systems which have systemd installed via --without-systemdsystemunitdir. *** syslog/stdio behavior (relevant mostly for initscripts): * New commandline flag "-x" suppresses syslog output completely. (This is intended for testsuites and linting invocations of checkconf and such, not for runtime use). * When the gdnsd binary hasn't fully daemonized yet (meaning the initial process has not yet exited, regardless of command/mode), Info- and Debug- level messages are output to stdout, while messages of severity Warning and higher are output to stderr (unless we're running under systemd, in which case we stop using stdio as soon as syslog is open to avoid journal duplicates). Everything is mirrored to syslog regardless unless the -x cmdline flag is used. * If you don't want any gdnsd command output interfering with e.g. your consistent ANSI-colored init system output, redirect both to /dev/null. If you'd rather not have "normal" noise, but would still like errors and serious issues to show through to the user, just direct stdout to /dev/null. * (The previous behavior was nothing to stdout, warning+ to stderr and sometimes info and debug to stderr as well, but sometimes nothing was output to any stdio anywhere, and was inconsistent depending on flags/command/situation). *** Misc changes: * Documentation added for log_stats option * Final stats output at daemon shutdown restored; was removed during a refactor some time ago and I forgot to get it working again. * Lots of misc improvements to the build and qa stuff. Notably the default build will now use aggressive security-hardening flags on modern GNU(-like) toolchains which support them. *** The canonical HTTP and git-clone URL locations for the project have changed to http://github.com/gdnsd/gdnsd . The old URLs and git remotes will work correctly for some time, but not indefinitely. [Less]

Source tarball available at: https://github.com/gdnsd/gdnsd/releases/ 2.1.0 - 2014-10-14 *** Bugfixes: * Fixed JSON stats output (was malformed; missing commas in the service state portion of the output). * Several relatively-benign ... [More] deficiencies related to daemonization, logging, and/or process control were fixed throughout the source tree. * Path MTU Discovery is now properly disabled on UDPv6 sockets * Syslog output was not being generated if compiled using --with-systemd, but not actually running under systemd. (obviated/fixed by the changes below) *** Systemd build/install changes: * The --with-systemd configure flag no longer exists, there is no dependency on systemd libraries or headers, and all Linux builds inherently support detecting systemd and being compatible with it. * Support for systemd watchdog timers was removed as the gdnsd implementation served zero functional purpose other than to add more systemd-related code bloat. * A (path-templated) unit file for gdnsd is now generated and installed on applicable systems. If gdnsd will be run as a systemd service, this unit file *must* be used! Some of the settings within are critical to the proper operation of gdnsd under systemd. The installation path can be overriden from the pkg-config-based default via --with-systemdsystemunitdir=DIR. Generation and installation can be avoided on systems which have systemd installed via --without-systemdsystemunitdir. *** syslog/stdio behavior (relevant mostly for initscripts): * New commandline flag "-x" suppresses syslog output completely. (This is intended for testsuites and linting invocations of checkconf and such, not for runtime use). * When the gdnsd binary hasn't fully daemonized yet (meaning the initial process has not yet exited, regardless of command/mode), Info- and Debug- level messages are output to stdout, while messages of severity Warning and higher are output to stderr (unless we're running under systemd, in which case we stop using stdio as soon as syslog is open to avoid journal duplicates). Everything is mirrored to syslog regardless unless the -x cmdline flag is used. * If you don't want any gdnsd command output interfering with e.g. your consistent ANSI-colored init system output, redirect both to /dev/null. If you'd rather not have "normal" noise, but would still like errors and serious issues to show through to the user, just direct stdout to /dev/null. * (The previous behavior was nothing to stdout, warning+ to stderr and sometimes info and debug to stderr as well, but sometimes nothing was output to any stdio anywhere, and was inconsistent depending on flags/command/situation). *** Misc changes: * Documentation added for log_stats option * Final stats output at daemon shutdown restored; was removed during a refactor some time ago and I forgot to get it working again. * Lots of misc improvements to the build and qa stuff. Notably the default build will now use aggressive security-hardening flags on modern GNU(-like) toolchains which support them. *** The canonical HTTP and git-clone URL locations for the project have changed to http://github.com/gdnsd/gdnsd . The old URLs and git remotes will work correctly for some time, but not indefinitely. [Less]

The project github URL (and all related github links) is changing from: https://github.com/blblack/gdnsd/ to: https://github.com/gdnsd/gdnsd/ Basically, the repo is moving to a Github Organization-level role account instead of my personal github ... [More] account. The purpose is to allow me to upload experimental branches in my personal fork without affecting the state of the “main” repo, and to be able to sanely do fork + pull-req traffic against forks of the main repo other than my own, (e.g. paravoid’s fork for debian packaging). There remains no real “organization” in the true sense of the word behind the gdnsd project :) I’ll refrain from creating a gdnsd fork at blblack/gdnsd for a while to avoid conflict (and github will continue to redirect http and git-clone requests for the old path to the new location so long as I do so). Users who clone/fork this repo should update the remotes of any git clones by replacing “blblack/gdnsd” with “gdnsd/gdnsd” in the relevant .git/config file. [Less]

The project github URL (and all related github links) is changing from: https://github.com/blblack/gdnsd/ to: https://github.com/gdnsd/gdnsd/ Basically, the repo is moving to a Github Organization-level role account instead of my personal github ... [More] account. The purpose is to allow me to upload experimental branches in my personal fork without affecting the state of the “main” repo, and to be able to sanely do fork + pull-req traffic against forks of the main repo other than my own, (e.g. paravoid’s fork for debian packaging). There remains no real “organization” in the true sense of the word behind the gdnsd project :) I’ll refrain from creating a gdnsd fork at blblack/gdnsd for a while to avoid conflict (and github will continue to redirect http and git-clone requests for the old path to the new location so long as I do so). Users who clone/fork this repo should update the remotes of any git clones by replacing “blblack/gdnsd” with “gdnsd/gdnsd” in the relevant .git/config file. [Less]

Source tarball available at: https://github.com/gdnsd/gdnsd/releases/ 2.0.0 - 2014-10-02 *** Commandline / Signal changes: * The signal for zone data reloads is now SIGUSR1, not SIGHUP. * The action "reload" has been renamed to ... [More] "reload-zones", and sends the new SIGUSR1 signal. * The action "force-reload" has been removed. Replace it with invocations of "restart" if that's what you need. * The point of the above changes is to free up SIGHUP and "reload" for future reuse for a new reload behavior, but get the compatibility breaking out of the way now with the major version bump. *** Other * The hacky support for attempting fast reloads under systemd has been removed completely. It's not worth the pain, and better ideas are coming in the long run. * UDP requests with a source port of zero will now count as UDP "recvfail" in stats and will not be processed for reply. Previously we tried to reply to these and ended up failing the related sendmsg call and incrementing "sendfail". * Default 'max_edns_response' raised from 1280 to 1410. * UDP socket buffer default negotiation improvements * Various perf tweaks and code cleanups *** Please read the 2.0.0-beta news below for everything else that's changed since 1.x. 2.0.0-beta - 2014-09-10 *** This is a beta release to get more people to try it in tarball form prior to the official 2.0.0 release. Please do not release stable distro packages based on this release! *** General feature changes: * Static address RR-sets in zonefiles are no longer limited to 256 RRs per-family * Dynamic address RR-sets from plugins are no longer limited to 64 RRs per-family. * The default 'listen' setting is now 'any', which listens on the IPv4 and IPv6 (if available) ANY-addresses 0.0.0.0 and [::]. The previous interface-scanning mode can be enabled via 'listen = scan'. * New TTL-related options: max_ttl, min_ttl, and max_ncache_ttl cause clamping (and warning) of zone TTL values. There is a hard maximum on max_ttl of 268435455 (2^28-1, ~8.5 years). * New config option 'max_edns_response' to cap edns0 response sizes to a value smaller than that advertised by clients, defaults to 1280. * The timeout parameter of a service_type now defaults to half of the specified interval. * New service_types plugin "extfile" - allows for the consumption of outside monitoring data via disk file in vscf format. * Experimental support for djbdns zonefiles * IPv6 runtime support is now a requirement, and the related option monitor_force_v6_up was removed. * Output data from the stats http listener has changed, please update any parsers. *** Dynamic address resolution changes: * The 'DYNC' rr-type can now dynamically return address or CNAME data at the plugin's discretion. * The zonefile syntax for the TTLs of DYNA and DYNC RRs has changed. It now accepts the form MAX[/MIN], where MIN defaults to half of MAX. * The TTL behavior for DYNA/DYNC has changed substantially: Previously the zonefile TTL would be served as-is for 'UP' resources, and cut in half for 'DANGER' or 'DOWN' resources. Now, an internal TTL is calculated based on the minimum time to the next state change between 'UP' and 'DOWN' according to the normal monitoring intervals and anti-flap code. This internal TTL is then clamped to the maximum and minimum TTL values from the relevant zonefile RR. * In cases where multiple monitored resources participate in a plugin's decision and/or response (e.g. multifo), the internal TTL will generally be the minimum of all involved internal monitoring TTLs. *** Service monitoring changes: * CNAMEs can now be monitored entities in the general sense. Note that this does not imply resolving external CNAMEs for direct service checks, at least not with any current plugins. It just means things like extmon/extfile can provide custom monitor feedback, and they can be administrated through the admin_state interface described below. * plugin_static now also acts as a monitoring plugin. It sets a fixed up/down value and optionally a fixed internal TTL value. * The extmon, extfile, static, and null plugins support the monitoring of CNAME resources. * The metafo, geoip, and weighted plugins make use of CNAME monitoring for their CNAME-based resources. * Monitored service states are now labeled with just their service_type and address (or CNAME), but not the plugin and/or resource name which (first) configured them. * Empty service_types ('service_types = []') is now legal, and suppresses the use of the default 'up' service_type. * The 'DANGER' state no longer exists in the built-in monitoring system. A resource is either 'UP' or 'DOWN' at any given time. The monitoring algorithms and thresholds haven't changed; 'DANGER' just isn't exposed as a separate state from 'UP'. * plugin_extmon: the value 'fail_once' for the option 'helper_failure_action' no longer exists, as it no longer makes sense without a visible DANGER state. The new default is 'stasis'. * The special service_type 'danger' no longer exists. * The special service_type 'none' as an alias for 'up' no longer exists. Use 'up' instead. * The special default service_type 'default' (which used plugin_http) no longer exists. The new default is 'up'. *** Administrative state-forcing: * All monitored entities can be administratively forced UP or DOWN (optionally, with a specific monitored TTL) at runtime. * Additionally, plugins can register virtual entities which have no separate real monitoring, but can be administratively forced into a non-default state. * The current virtual entities in use are the datacenters of plugin_metafo and plugin_geoip. In the plugin_geoip case, there are two levels of state-forcing for datacenters: at the per-resource level or the map level. The more-specific per-resource level state takes precedence over the map- level state, and both override any state from lower-level monitored (or forced) resources within a datacenter. * The mechanism for forcing state is via writing to a file named e.g. /var/lib/gdnsd/admin_state in vscf format with lines like "192.0.2.*/http => DOWN/300", or "geoip/map3/dc-us => UP". As shown in the first example, glob patterns are allowed for matching entity names. *** Daemonization changes: * The argument "-d <rootdir>" has been replaced by "-c <cfgdir>", e.g. "gdnsd -c /etc/gdnsd start", with a default of ${sysconfdir}/gdnsd. * Two new configuration options for run_dir and state_dir to override the autoconf-based defaults of e.g. [/var]/run/gdnsd and /var/lib/gdnsd, respectively. It's probably better to change these via ./configure args in the normal case; this is mostly for testsuite-like stuff or multiple instances on a single machine. * Direct, inbuilt support for chroot() has been removed. There are much better security container options out there today that can be configured externally to wrap gdnsd and/or limit its privileges. Use them! * debug-mode is now enabled on the commandline via "-D", and even production builds now produce some level of debug log output. * "startfg" has been replaced with the flag "-f", which can be used with any of the start or restart -like actions to remain in the foreground. * initgroups() is now called during privdrop operations, allowing the daemon to have the secondary group permissions assigned to its user in /etc/group or equivalent. * Foreground daemons participate fully in all other aspects of daemonization (e.g. privdrop and pidfile locking) * It is possible to properly restart a daemon instance from background to foreground and back again; meaning "-f restart" can take over from a regular daemon into the foreground, and then a regular "restart" in another terminal can replace the foreground daemon with a new background one. * Restarts are now even more seamless than they were before. All expensive operations are completed before attempting to kill the previous daemon instance (even monitor initialization), leaving only the timing gap of waiting for the old daemon to exit in response to its death signal before binding the listening sockets in the new daemon, however: * In cases where SO_REUSEPORT works, the new daemon's listeners will be bound just *before* sending that death signal to reduce lost requests even further. Note that you'll probably still lose a handful of requests that were in the old daemon's socket buffers at the time of its death. *** Trivial, previously-deprecated incompatibilities: * plugin_weighted: no longer allows 'cnames' alongside 'addrs_v4' or 'addrs_v6' in the same resource. * plugin_weighted: the pointless 'cnames' singleton substanza is no longer supported; just place the entries directly in the top level of the resource. * The 'late_bind_secs' option was removed. * The 'tcp_clients_per_socket' option is removed. Use 'tcp_clients_per_thread' instead. * The 'disble_tcp' option is removed. Use 'tcp_threads = 0' instead. * The 'zones_rfc1035_strict_startup' option is removed. Use 'zones_strict_startup' instead. * plugin_extmon: %%IPADDR%% replaced by %%ITEM%% * Direct support for the SPF RR-type (99) has been removed. *** Other misc incompatibilities * The plugin API has changed substantially; any third-party plugins will need substantial source-level updates. See the gdnsd-plugin-api docs. * Support for the old, experimental edns-client-subnet option code 0x50fa has been removed; gdnsd now only supports the official, IANA-assigned option code 0x0008. *** Build changes * libcap is no longer used on Linux * --without-libcap doesn't exist anymore * --with-rootdir doesn't exist anymore * Perl 5.8.1 and "perldoc" is required for building * Preliminary systemd support via --with-systemd [Less]

Source tarball available at: https://github.com/gdnsd/gdnsd/releases/ 2.0.0 - 2014-10-02 *** Commandline / Signal changes: * The signal for zone data reloads is now SIGUSR1, not SIGHUP. * The action "reload" has been renamed to ... [More] "reload-zones", and sends the new SIGUSR1 signal. * The action "force-reload" has been removed. Replace it with invocations of "restart" if that's what you need. * The point of the above changes is to free up SIGHUP and "reload" for future reuse for a new reload behavior, but get the compatibility breaking out of the way now with the major version bump. *** Other * The hacky support for attempting fast reloads under systemd has been removed completely. It's not worth the pain, and better ideas are coming in the long run. * UDP requests with a source port of zero will now count as UDP "recvfail" in stats and will not be processed for reply. Previously we tried to reply to these and ended up failing the related sendmsg call and incrementing "sendfail". * Default 'max_edns_response' raised from 1280 to 1410. * UDP socket buffer default negotiation improvements * Various perf tweaks and code cleanups *** Please read the 2.0.0-beta news below for everything else that's changed since 1.x. 2.0.0-beta - 2014-09-10 *** This is a beta release to get more people to try it in tarball form prior to the official 2.0.0 release. Please do not release stable distro packages based on this release! *** General feature changes: * Static address RR-sets in zonefiles are no longer limited to 256 RRs per-family * Dynamic address RR-sets from plugins are no longer limited to 64 RRs per-family. * The default 'listen' setting is now 'any', which listens on the IPv4 and IPv6 (if available) ANY-addresses 0.0.0.0 and [::]. The previous interface-scanning mode can be enabled via 'listen = scan'. * New TTL-related options: max_ttl, min_ttl, and max_ncache_ttl cause clamping (and warning) of zone TTL values. There is a hard maximum on max_ttl of 268435455 (2^28-1, ~8.5 years). * New config option 'max_edns_response' to cap edns0 response sizes to a value smaller than that advertised by clients, defaults to 1280. * The timeout parameter of a service_type now defaults to half of the specified interval. * New service_types plugin "extfile" - allows for the consumption of outside monitoring data via disk file in vscf format. * Experimental support for djbdns zonefiles * IPv6 runtime support is now a requirement, and the related option monitor_force_v6_up was removed. * Output data from the stats http listener has changed, please update any parsers. *** Dynamic address resolution changes: * The 'DYNC' rr-type can now dynamically return address or CNAME data at the plugin's discretion. * The zonefile syntax for the TTLs of DYNA and DYNC RRs has changed. It now accepts the form MAX[/MIN], where MIN defaults to half of MAX. * The TTL behavior for DYNA/DYNC has changed substantially: Previously the zonefile TTL would be served as-is for 'UP' resources, and cut in half for 'DANGER' or 'DOWN' resources. Now, an internal TTL is calculated based on the minimum time to the next state change between 'UP' and 'DOWN' according to the normal monitoring intervals and anti-flap code. This internal TTL is then clamped to the maximum and minimum TTL values from the relevant zonefile RR. * In cases where multiple monitored resources participate in a plugin's decision and/or response (e.g. multifo), the internal TTL will generally be the minimum of all involved internal monitoring TTLs. *** Service monitoring changes: * CNAMEs can now be monitored entities in the general sense. Note that this does not imply resolving external CNAMEs for direct service checks, at least not with any current plugins. It just means things like extmon/extfile can provide custom monitor feedback, and they can be administrated through the admin_state interface described below. * plugin_static now also acts as a monitoring plugin. It sets a fixed up/down value and optionally a fixed internal TTL value. * The extmon, extfile, static, and null plugins support the monitoring of CNAME resources. * The metafo, geoip, and weighted plugins make use of CNAME monitoring for their CNAME-based resources. * Monitored service states are now labeled with just their service_type and address (or CNAME), but not the plugin and/or resource name which (first) configured them. * Empty service_types ('service_types = []') is now legal, and suppresses the use of the default 'up' service_type. * The 'DANGER' state no longer exists in the built-in monitoring system. A resource is either 'UP' or 'DOWN' at any given time. The monitoring algorithms and thresholds haven't changed; 'DANGER' just isn't exposed as a separate state from 'UP'. * plugin_extmon: the value 'fail_once' for the option 'helper_failure_action' no longer exists, as it no longer makes sense without a visible DANGER state. The new default is 'stasis'. * The special service_type 'danger' no longer exists. * The special service_type 'none' as an alias for 'up' no longer exists. Use 'up' instead. * The special default service_type 'default' (which used plugin_http) no longer exists. The new default is 'up'. *** Administrative state-forcing: * All monitored entities can be administratively forced UP or DOWN (optionally, with a specific monitored TTL) at runtime. * Additionally, plugins can register virtual entities which have no separate real monitoring, but can be administratively forced into a non-default state. * The current virtual entities in use are the datacenters of plugin_metafo and plugin_geoip. In the plugin_geoip case, there are two levels of state-forcing for datacenters: at the per-resource level or the map level. The more-specific per-resource level state takes precedence over the map- level state, and both override any state from lower-level monitored (or forced) resources within a datacenter. * The mechanism for forcing state is via writing to a file named e.g. /var/lib/gdnsd/admin_state in vscf format with lines like "192.0.2.*/http => DOWN/300", or "geoip/map3/dc-us => UP". As shown in the first example, glob patterns are allowed for matching entity names. *** Daemonization changes: * The argument "-d <rootdir>" has been replaced by "-c <cfgdir>", e.g. "gdnsd -c /etc/gdnsd start", with a default of ${sysconfdir}/gdnsd. * Two new configuration options for run_dir and state_dir to override the autoconf-based defaults of e.g. [/var]/run/gdnsd and /var/lib/gdnsd, respectively. It's probably better to change these via ./configure args in the normal case; this is mostly for testsuite-like stuff or multiple instances on a single machine. * Direct, inbuilt support for chroot() has been removed. There are much better security container options out there today that can be configured externally to wrap gdnsd and/or limit its privileges. Use them! * debug-mode is now enabled on the commandline via "-D", and even production builds now produce some level of debug log output. * "startfg" has been replaced with the flag "-f", which can be used with any of the start or restart -like actions to remain in the foreground. * initgroups() is now called during privdrop operations, allowing the daemon to have the secondary group permissions assigned to its user in /etc/group or equivalent. * Foreground daemons participate fully in all other aspects of daemonization (e.g. privdrop and pidfile locking) * It is possible to properly restart a daemon instance from background to foreground and back again; meaning "-f restart" can take over from a regular daemon into the foreground, and then a regular "restart" in another terminal can replace the foreground daemon with a new background one. * Restarts are now even more seamless than they were before. All expensive operations are completed before attempting to kill the previous daemon instance (even monitor initialization), leaving only the timing gap of waiting for the old daemon to exit in response to its death signal before binding the listening sockets in the new daemon, however: * In cases where SO_REUSEPORT works, the new daemon's listeners will be bound just *before* sending that death signal to reduce lost requests even further. Note that you'll probably still lose a handful of requests that were in the old daemon's socket buffers at the time of its death. *** Trivial, previously-deprecated incompatibilities: * plugin_weighted: no longer allows 'cnames' alongside 'addrs_v4' or 'addrs_v6' in the same resource. * plugin_weighted: the pointless 'cnames' singleton substanza is no longer supported; just place the entries directly in the top level of the resource. * The 'late_bind_secs' option was removed. * The 'tcp_clients_per_socket' option is removed. Use 'tcp_clients_per_thread' instead. * The 'disble_tcp' option is removed. Use 'tcp_threads = 0' instead. * The 'zones_rfc1035_strict_startup' option is removed. Use 'zones_strict_startup' instead. * plugin_extmon: %%IPADDR%% replaced by %%ITEM%% * Direct support for the SPF RR-type (99) has been removed. *** Other misc incompatibilities * The plugin API has changed substantially; any third-party plugins will need substantial source-level updates. See the gdnsd-plugin-api docs. * Support for the old, experimental edns-client-subnet option code 0x50fa has been removed; gdnsd now only supports the official, IANA-assigned option code 0x0008. *** Build changes * libcap is no longer used on Linux * --without-libcap doesn't exist anymore * --with-rootdir doesn't exist anymore * Perl 5.8.1 and "perldoc" is required for building * Preliminary systemd support via --with-systemd [Less]

Source tarball available at: https://github.com/gdnsd/gdnsd/releases/ 1.11.5 - 2014-09-10 Bugfixes: Remove F_PURE from rfc1035 out-of-zone check This was causing out-of-zone data checks during the loading of rfc1035 ... [More] zonefiles to be skipped sometimes, depending on compiler/optimizations. Change down_thresh min value from 1 to 2. The value "1" leads to buggy behavior, and was never intended to be possible in the state machine's design. Only use EPROTO if it's available. Build-time bugfix for OpenBSD support. Fix Linux version detection for initial 3.x kernels Runtime checks of the Linux kernel version for feature support were failing on 3.x.0 kernel versions which do not include the ".0" in the version string. Deprecations: extmon: add %%ITEM%%, deprecate %%IPADDR%% plugin_weighted: deprecate "cnames" stanza (both of these are to smooth out the 2.x transition) [Less]