Changelogs for 4.1.x ==================== .. changelog:: :version: 4.1.14 :released: September 2nd 2020 This release contains the fix for :doc:`PowerDNS Security Advisory 2020-05 <../security-advisories/powerdns-advisory-2020-05>` (CVE-2020-17482) .. change:: :tags: Bug Fixes :pullreq: 9500 Raise an exception on invalid hex content in unknown records. .. changelog:: :version: 4.1.13 :released: August 9th 2019 This is a bugfix release for high traffic setups using the pipebackend or remotebackend. .. change:: :tags: Bug Fixes :pullreq: 8157 gpgsqlbackend: add missing schema file to Makefile (tcely) .. change:: :tags: Bug Fixes :pullreq: 8162 stop using select() in places where FDs can be >1023 .. changelog:: :version: 4.1.12 :released: 4.1.12 was skipped due to a packaging issue. .. changelog:: :version: 4.1.11 :released: August 1st 2019 This release contains the updated PostgreSQL schema for PowerDNS Security Advisory :doc:`2019-06 <../security-advisories/powerdns-advisory-2019-06>` (CVE-2019-10203). Upgrading is not enough - you need to manually apply the schema change: ``ALTER TABLE domains ALTER notified_serial TYPE bigint USING CASE WHEN notified_serial >= 0 THEN notified_serial::bigint END;`` .. change:: :tags: Bug Fixes :pullreq: 8144 Update PostgreSQL schema for 2019-06. .. changelog:: :version: 4.1.10 :released: June 21st 2019 This release and 4.1.9 together fix the following security advisories: - PowerDNS Security Advisory :doc:`2019-04 <../security-advisories/powerdns-advisory-2019-04>` (CVE-2019-10162) - PowerDNS Security Advisory :doc:`2019-05 <../security-advisories/powerdns-advisory-2019-05>` (CVE-2019-10163) .. change:: :tags: Bug Fixes :pullreq: 7964 Do not exit on exception parsing names of name servers to notify. .. changelog:: :version: 4.1.9 :released: June 19th 2019 .. change:: :tags: Bug Fixes :pullreq: 7663 Do not exit on exception resolving addresses to notify. .. change:: :tags: Bug Fixes :pullreq: 7829 Avoid very busy looping on lots of notifies. .. change:: :tags: New Features :pullreq: 7922 Add an option to disable superslaving. .. change:: :tags: Bug Fixes :pullreq: 7921 In gsql ``getAllDomainMetadata``, actually get all domain metadata. This makes DNSSEC metadata work with ``pdnsutil b2b-migrate``. .. changelog:: :version: 4.1.8 :released: March 22nd 2019 .. change:: :tags: Bug Fixes :pullreq: 7604 :tickets: 7494 Correctly interpret an empty AXFR response to an IXFR query. .. change:: :tags: Bug Fixes :pullreq: 7610 :tickets: 7341 Fix replying from ANY address for non-standard port. .. change:: :tags: Bug Fixes, Internals :pullreq: 7609 :tickets: 7580 Fix rectify for ENT records in narrow zones. .. change:: :tags: Bug Fixes :pullreq: 7607 :tickets: 7472 Do not compress the root. .. change:: :tags: Bug Fixes :pullreq: 7608 :tickets: 7459 Fix dot stripping in ``setcontent()``. .. change:: :tags: Bug Fixes, MySQL :pullreq: 7605 :tickets: 7496 Fix invalid SOA record in MySQL which prevented the authoritative server from starting. .. change:: :tags: Bug Fixes, Internals :pullreq: 7603 :tickets: 7294 Prevent leak of file descriptor if running out of ports for incoming AXFR. .. change:: :tags: Bug Fixes, API :pullreq: 7602 :tickets: 7546 Fix API search failed with "Commands out of sync; you can't run this command now". .. change:: :tags: Bug Fixes, MySQL :pullreq: 7509 :tickets: 7517 Plug ``mysql_thread_init`` memory leak. .. change:: :tags: Bug Fixes, Internals :pullreq: 7567 EL6: fix ``CXXFLAGS`` to build with compiler optimizations. .. changelog:: :version: 4.1.7 :released: March 18th 2019 This release fixes the following security advisory: - PowerDNS Security Advisory :doc:`2019-03 <../security-advisories/powerdns-advisory-2019-03>` (CVE-2019-3871) .. change:: :tags: Bug Fixes :pullreq: 7577 Insufficient validation in the HTTP remote backend (CVE-2019-3871, PowerDNS Security Advisory :doc:`2019-03 <../security-advisories/powerdns-advisory-2019-03>`) .. changelog:: :version: 4.1.6 :released: January 31st 2019 .. change:: :tags: Bug Fixes :pullreq: 7279 Prevent more than one CNAME/SOA record in the same RRset. .. changelog:: :version: 4.1.5 :released: November 6th 2018 This release fixes the following security advisories: - PowerDNS Security Advisory :doc:`2018-03 <../security-advisories/powerdns-advisory-2018-03>` (CVE-2018-10851) - PowerDNS Security Advisory :doc:`2018-05 <../security-advisories/powerdns-advisory-2018-05>` (CVE-2018-14626) .. change:: :tags: Bug Fixes :pullreq: 7149 Crafted zone record can cause a denial of service (CVE-2018-10851, PowerDNS Security Advisory :doc:`2018-03 <../security-advisories/powerdns-advisory-2018-03>`) .. change:: :tags: Bug Fixes :pullreq: 7149 Packet cache pollution via crafted query (CVE-2018-14626, PowerDNS Security Advisory :doc:`2018-05 <../security-advisories/powerdns-advisory-2018-05>`) Additionally there are some other minor fixes and improvements listed below. .. change:: :tags: Improvements, Internals :pullreq: 6976 Apply alias scopemask after chasing .. change:: :tags: Improvements, Internals :pullreq: 6917 Release memory in case of error in the openssl ecdsa constructor .. change:: :tags: Bug Fixes, Internals :pullreq: 6948 :tickets: 6943 Fix compilation with libressl 2.7.0+ .. change:: :tags: Bug Fixes, Internals :pullreq: 6913 Actually truncate truncated responses .. change:: :tags: Improvements, Internals :pullreq: 7118 :tickets: 7040 Switch to devtoolset 7 for el6 .. changelog:: :version: 4.1.4 :released: August 29th 2018 .. change:: :tags: Improvements :pullreq: 6590 Fix warnings reported by gcc 8.1.0. .. change:: :tags: Improvements :pullreq: 6842, 6844, 6648 :tickets: 6632 Make the gmysql backend future-proof. (Chris Hofstaedtler) * Use future-proof statement for transaction isolation * Allow compiling against MySQL 8 client header files * Workaround MariaDB pretending to be MySQL .. change:: :tags: Improvements :pullreq: 6686 :tickets: 6685 Initialize some missed qtypes. (Chris Hofstaedtler) .. change:: :tags: Bug Fixes :pullreq: 6691 :tickets: 4457 ``pdns_control notify``: handle slave without renotify properly. (Chris Hofstaedtler) .. change:: :tags: Bug Fixes :pullreq: 6738 :tickets: 6736 Reset the TSIG state between queries. .. change:: :tags: Bug Fixes :pullreq: 6857 Remove SOA-check backoff on incoming notify and fix lock handling. (Klaus Darilion) .. change:: :tags: Bug Fixes :pullreq: 6858 Fix an issue where updating a record via DNS-UPDATE in a child zone that also exists in the parent zone, we would incorrectly apply the update to the parent zone. .. change:: :tags: Bug Fixes, API :pullreq: 6780 Avoid concurrent records/comments iteration from running out of sync. .. change:: :tags: Bug Fixes :pullreq: 6677 :tickets: 6676 Geoipbackend: check ``geoip_id_by_addr_gl`` and ``geoip_id_by_addr_v6_gl`` return value. (Aki Tuomi) .. change:: :tags: Bug Fixes, API :pullreq: 6816 Fix a crash in the API when adding records .. changelog:: :version: 4.1.3 :released: 24th of May 2018 This release contains several small fixes to the GeoIP backend. The most prominent fix being one where the backend would be slow when thousands of network masks were configured for services. .. change:: :tags: API, Bug Fixes :pullreq: 6614 :tickets: 6441 Restrict creation of OPT and TSIG RRsets .. change:: :tags: Improvements :pullreq: 6559 :tickets: 6239 pdnsutil: use new domain in b2bmigrate (Aki Tuomi) .. change:: :tags: Bug Fixes :pullreq: 6370 :tickets: 6228 Fix handling of user-defined axfr filters return values .. change:: :tags: Improvements :pullreq: 6130 Update copyright years to 2018 (Matt Nordhoff) .. change:: :tags: Bug Fixes, Improvements :pullreq: 6608, 6585 :tickets: 6585, 6584 Prevent the GeoIP backend from copying NetMaskTrees around, fixes slow-downs in certain configurations (Aki Tuomi) .. change:: :tags: Bug Fixes :pullreq: 6659 :tickets: 6654 Ensure alias answers over tcp have correct name .. changelog:: :version: 4.1.2 :released: 8th of May 2018 This is the third release in the 4.1 train. Besides bug fixes, it contains some performance and usability improvements. .. change:: :tags: Improvements, API :pullreq: 6572, 6571 API: increase serial after dnssec related updates (Kees Monshouwer) .. change:: :tags: Tools :pullreq: 6575 Dnsreplay: bail out on a too small outgoing buffer .. change:: :tags: Improvements :pullreq: 6573 :tickets: 6312, 6545 Auth: lower 'packet too short' loglevel .. change:: :tags: Bug Fixes :pullreq: 6570 :tickets: 6021 Auth-bindbackend: only compare ips in ismaster() (Kees Monshouwer) .. change:: :tags: Bug Fixes :pullreq: 6556 :tickets: 6354 Rather than crash, sheepishly report no file/linenum .. change:: :tags: Bug Fixes :pullreq: 6540 :tickets: 6539 Document undocumented config vars .. change:: :tags: Internals :pullreq: 6542 :tickets: 6516, 6516 Move includes around to avoid boost L conflict .. change:: :tags: Internals :pullreq: 6543 :tickets: 6155 Backport: update edns option code list .. change:: :tags: Packages :pullreq: 6546 :tickets: 6286 Backport: debian authoritative packaging fixes for 4.1 .. change:: :tags: Packages :pullreq: 6547 :tickets: 6051, 6062 Fix piddir detection on centos 6 .. change:: :tags: Internals :pullreq: 6548 :tickets: 6487 Auth: link dnspcap2protobuf against librt when needed .. change:: :tags: Internals :pullreq: 6549 :tickets: 6478 Fix a warning on botan >= 2.5.0 .. change:: :tags: Bug Fixes, Postgresql :pullreq: 6551 :tickets: 6464 Auth: allocate new statements after reconnecting to postgresql .. change:: :tags: Internals :pullreq: 6552 :tickets: 6304 Auth 4.1.x: unbreak build .. change:: :tags: Improvements :pullreq: 6553 :tickets: 6297 Make check-zone error on rows that have content but shouldn't .. change:: :tags: Improvements :pullreq: 6554 :tickets: 6427 Auth: avoid an isane amount of new backend connections during an axfr .. change:: :tags: Improvements :pullreq: 6555 :tickets: 6396 Report unparseable data in stoul invalid_argument exception .. change:: :tags: Improvements :pullreq: 6490 :tickets: 6484 Backport: recheck serial when axfr is done .. change:: :tags: Improvements :pullreq: 6337 :tickets: 6331 Backport: add tcp support for alias .. change:: :tags: Bug Fixes :pullreq: 6314 :tickets: 6276 Backport #6276 (auth 4.1.x): prevent cname + other data with dnsupdate .. changelog:: :version: 4.1.1 :released: 16th of February 2018 This is the second release in the 4.1 train. This is a bug-fix only release, with fixes to the LDAP and MySQL backends, the ``pdnsutil`` tool, and PDNS internals. Changes since 4.1.1: .. change:: :tags: Bug Fixes, Internals :pullreq: 6260 :tickets: 6028 Backport: forbid label compression in alias wire format .. change:: :tags: Bug Fixes, Internals :pullreq: 6077 Include unistd.h for chroot(2) et al. (Florian Obser) .. change:: :tags: Bug Fixes, LDAP :pullreq: 6048 Ldap: fix getdomaininfo() to set ``this`` as di.backend (Grégory Oestreicher) .. change:: :tags: Bug Fixes, Improvements :pullreq: 6172 Ixfr: correct behavior of dealing with dns name with multiple records (Leon Xu) .. change:: :tags: Bug Fixes, MySQL :pullreq: 6134 :tickets: 6115 Auth: always bind the results array after executing a mysql statement .. change:: :tags: Bug Fixes, Tools :pullreq: 6129 :tickets: 6125 Auth: init openssl and libsodium before chrooting in pdnsutil .. change:: :tags: Bug Fixes, LDAP :pullreq: 6122 :tickets: 6097, 6060 Ldapbackend: fix listing zones incl. axfr (Chris Hofstaedtler) .. change:: :tags: Bug Fixes, Internals :pullreq: 6103 Auth: fix out of bounds exception in caa processing, fixes #6089 .. change:: :tags: Bug Fixes, Internals :pullreq: 6041 :tickets: 6040 Add the missing include to mplexer.hh for struct timeval .. changelog:: :version: 4.1.0 :released: 30th of November 2017 This is the first release in the 4.1 train. The full release notes can be read `on the blog `_. The 4.1 release is a major upgrade for the Authoritative Server featuring many improvements and speedups: - Improved performance: 400% speedup in some scenarios, - Crypto API: DNSSEC fully configurable via RESTful API, - Improved documentation, - Database related improvements, - Enhanced tooling, - Support for TCP Fast Open, - Support for non-local bind, - Support for Botan 2.x (and removal of support for Botan 1.10), - Our packages now ship with PKCS #11 support. Recursor passthrough removal: This will impact many installations, and we realize this may be painful, but it is necessary. Previously, the PowerDNS Authoritative Server contained a facility for sending recursion desired queries to a resolving backend, possibly after first consulting its local cache. This feature (‘recursor=’) was frequently confusing and also delivered inconsistent results, for example when a query ended up referring to a CNAME that was outside of the Authoritative Server’s knowledge. To read more about this please see the blog post mentioned above or read the :doc:`migration guide <../../guides/recursion>`. Changes since 4.1.0-rc3: .. change:: :tags: DNSSEC, Bug Fixes :pullreq: 5968 Fix hang when PATCHing zone during rectify. .. change:: :tags: Improvements :pullreq: 5976 :tickets: 5974 Report remote IP when SOA query comes back with empty question section. .. change:: :tags: API, Improvements :pullreq: 5964 :tickets: 5862 Make the /cryptokeys endpoint consistently use CryptoKey objects. .. change:: :tags: Removed Features :pullreq: 6004 Remove deprecated SOA-EDIT values: INCEPTION and INCEPTION-WEEK. .. change:: :tags: API, Bug Fixes :pullreq: 6007 Deny cache flush, zone retrieve and notify if the API is read-only. .. changelog:: :version: 4.1.0-rc3 :released: 17th of November 2017 This is the third release candidate of the PowerDNS Authoritative Server in the 4.1 release train. This release features various bug fixes and some improvements to ``pdnsutil``. .. change:: :tags: Bug Fixes :pullreq: 5905 Use 302 redirects in the webserver for ringbuffer reset or resize. With the current 301 redirect it is only possible to reset or resize once. Every next duplicate action is replaced by the destination cached in the browser. .. change:: :tags: Tools, Bug Fixes :pullreq: 5884 :tickets: 5849 Fix messages created by ``pdnsutil generate-tsig-key``. .. change:: :tags: Internals, Improvements :pullreq: 5616 Better support for deleting entries in NetmaskTree and NetmaskGroup. .. change:: :tags: Internals, Bug Fixes :pullreq: 5917 Use ``_exit()`` when we *really* want to exit, for example after a fatal error. This stops us dying while we die. A call to ``exit()`` will trigger destructors, which may paradoxically stop the process from exiting, taking down only one thread, but harming the rest of the process. .. change:: :tags: Tools, New Features :pullreq: 5883 :tickets: 5853 Add ``add-meta`` command to ``pdnsutil`` that can be used to append to existing metadata without clobbering it. .. change:: :tags: Tools, Bug Fixes :pullreq: 5928 :tickets: 5903 Add back missing output details to rectifyZone. .. change:: :tags: Tools, Improvements :pullreq: 5879 :tickets: 3059, 5948, 5949 Warn if records in a zone are occluded. .. change:: :tags: API, Improvements :pullreq: 5935 Throw exception for metadata endpoint with wrong zone. Before, We would happily accept this POST. .. change:: :tags: API, New Features :pullreq: 5936 :tickets: 5909, 5910 Make it possible to disable DNSSEC via the API, this is equivalent to doing ``pdnsutil disable-dnssec``. .. changelog:: :version: 4.1.0-rc2 :released: 3rd of November 2017 This is the second release candidate of the PowerDNS Authoritative Server in the 4.1 release train. This release has several performance improvements, stability and correctness fixes. .. change:: :tags: Packages, New Features :pullreq: 5665 Add :doc:`PKCS#11 <../../dnssec/pkcs11>` support to packages on Operating Systems that support it. .. change:: :tags: Bug Fixes, Internals, Tools :pullreq: 5684 :tickets: 5673 Improve trailing dot handling internally which lead to a segfault in pdnsutil before. .. change:: :tags: Bug Fixes, Internals :pullreq: 5678 Treat requestor's payload size lower than 512 as equal to 512. Before, we did not follow :rfc:`RFC 6891 section 6.2.3 <6891#section-6.2.3>` correctly. .. change:: :tags: Improvements, LDAP :pullreq: 5584 Add support for new record types to the LDAP backend. .. change:: :tags: API, Bug Fixes :pullreq: 5696 For zone PATCH requests, add new ``X-PDNS-Old-Serial`` and ``X-PDNS-New-Serial`` response headers with the zone serials before and after the changes. .. change:: :tags: Bug Fixes :pullreq: 5710 :tickets: 5692 Remove "" around secpoll result which fixes ``pdns_control show security-status`` not working. .. change:: :tags: Bug Fixes, BIND :pullreq: 5702 Make bindbackend startTransaction to return false when it has failed. (Aki Tuomi) .. change:: :tags: Bug Fixes, DNSSEC, API :pullreq: 5704 Make default options singular and use defaults in Cryptokey API-endpoint .. change:: :tags: Bug Fixes, Tools :pullreq: 5729 :tickets: 5719 Remove printing of DS records from ``pdnsutil export-zone-dnskey …``. This was not only inconsistent behaviour but also done incorrectly. .. change:: :tags: Bug Fixes, DNSSEC :pullreq: 5722 :tickets: 5721 Make the auth also publish CDS/CDNSKEY records for inactive keys, as this is needed to roll without double sigs. .. change:: :tags: Bug Fixes, DNSSEC :pullreq: 5734 Fix a crash when getting a public GOST key if the private one is not set. .. change:: :tags: Bug Fixes, Internals :pullreq: 5766 :tickets: 5767 Correctly purge entries from the caches after a transfer. Since the QC/PC split up, we only removed entries for the AXFR'd domain from the packet cache, not the query cache. We also did not remove entries in case of IXFR. .. change:: :tags: Bug Fixes, Internals :pullreq: 5791 When throwing because of bogus content in the tinydns database, report the offending name+type so the admin can find the offending record. .. change:: :tags: DNSSEC, Bug Fixes :pullreq: 5815 Ignore SOA-EDIT for PRESIGNED zones. .. change:: :tags: Bug Fixes, MySQL :pullreq: 5820 :tickets: 5675 Log the needed size when a MySQL result was truncated. .. change:: :tags: API, DNSSEC, New Features :pullreq: 5779 :tickets: 3417, 5712 Rectify zones via the API. (Nils Wisiol) * Move the pdnsutil rectification code to the DNSSECKeeper * Generate DNSSEC keys for a zone when "dnssec" is true in an API POST/PATCH for zones * Rectify DNSSEC zones after POST/PATCH when API-RECTIFY metadata is 1 * Allow setting this metadata via the "api-rectify" param in a Zone object * Show "nsec3param" and "nsec3narrow" in Zone API responses * Add an "rrsets" request parameter for a zone to skip sending RRSets in the response * Add rectify endpoint in the API .. change:: :tags: Improvements :pullreq: 5842 Add :ref:`setting-log-timestamp` option. This option can be used to disable printing timestamps to stdout, this is useful when using systemd-journald or another supervisor that timestamps stdout by itself. As the logs will not have 2 timestamps. .. change:: :tags: Internals, Improvements :pullreq: 5498 :tickets: 2250, 5734, 5797, 5889 Add support for Botan 2.x and drop support for Botan 1.10 (the latter thanks to Kees Monshouwer). .. change:: :tags: DNSSEC, Improvements :pullreq: 5838 :tickets: 5767 Stop doing individual RRSIG queries during outbound AXFR. (Kees Monshouwer) .. change:: :tags: BIND, Improvements :pullreq: 5810 :tickets: 5115, 5807 Fix issues when b2b-migrating from the BIND backend to a database: * No masters were set in the target db (#5807) * Only the last master in the list of masters would be added to the target database * The BIND backend was not fully aware of native zones .. changelog:: :version: 4.1.0-rc1 :released: 31st of August 2017 This is the first release candidate of the PowerDNS Authoritative Server in the 4.1 release train. .. change:: :tags: BIND, Improvements :pullreq: 5094 Make the zone parser adhere to :rfc:`2308` with regards to implicit TTLs. Existing zone files may now be interpreted differently. Specifically, where we previously used the SOA minimum field for the default TTL if none was set explicitly, or no $TTL was set, we now use the TTL from the previous line. .. change:: :tags: Internals, Improvements :pullreq: 4373 Revamp and clean label compression code. Speeds up large packet creation by ~40%. .. change:: :tags: Internals, Improvements :pullreq: 4332 :tickets: 4299 Apply :ref:`setting-non-local-bind` to :ref:`setting-query-local-address` and :ref:`setting-query-local-address6` when possible. .. change:: :tags: DNSUpdate, New Features :pullreq: 4058 Allow the use of a :ref:`Lua script ` to validate DNS Update requests (Aki Tuomi). .. change:: :tags: API, Improvements :pullreq: 4408 :tickets: 4290 Enable the webserver when :ref:`setting-api` is 'yes' (Chris Hofstaedtler). .. change:: :tags: API, New Features :pullreq: 4093, 5038 Add API endpoints for Domain metadata (Christian Kröger). .. change:: :tags: API, New Features :pullreq: 4106 :tickets: 706 Implement :json:object:`CryptoKey` in the API (Wolfgang Studier, @MrM0nkey, Tudor Soroceanu, Benjamin Zengin). .. change:: :tags: Internals, Bug Fixes :pullreq: 4424 Fix compilation on systems with Boost < 1.54 .. change:: :tags: Internals, Improvements, Bug Fixes :pullreq: 4467, 4492 A number of fixes and improvements that are difficult to untangle: * Remove the ASCII :cpp:class:`DNSResourceRecord` from the hot path of packet assembly. * Hash the storage of records in the BindBackend. * Hash the packetcache. * Fix some bugs in the LDAP backend and in the MyDNS backend. * Make the randombackend go 'native' and directly supply records that can be sent to packets * The performance benefit of this PR is measured in "factors" for being a root-server. .. change:: :tags: Internals, Improvements :pullreq: 4504 :tickets: 4503 Improve cleaning, remove an unnecessary lock and improve performance of the packetcache (Kees Monshouwer). .. change:: :tags: Internals, Improvements :pullreq: 4485 Improve SOA records caching (Kees Monshouwer). .. change:: :tags: Internals, Bug Fixes :pullreq: 4560, 4548 :tickets: 4546 Fix possible variable shadowing (Kees Monshouwer, Chris Hofstaedtler). .. change:: :tags: API, Bug Fixes :pullreq: 4526 :tickets: 4524 Make the URL in zone info absolute (Chris Hofstaedtler). .. change:: :tags: BIND, Bug Fixes :pullreq: 4650 :tickets: 4328 Do not corrupt data supplied by other backends in getAllDomains (Chris Hofstaedtler). .. change:: :tags: Tools, Improvements :pullreq: 4007 :tickets: 4005 Implement subcommand printing all KSK DS records in pdnsutil (Jonas Wielicki). .. change:: :tags: Tools, Bug Fixes :pullreq: 4740 Avoid undefined behaviour in Clang vs. GCC when printing DS records in pdnsutil. .. change:: :tags: API, Improvements :pullreq: 4751 :tickets: 4132 Prevent sending nameservers list and zone-level NS in rrsets in the API (Chris Hofstaedtler). .. change:: :tags: Tools, Improvements :pullreq: 4584 Allow setting the account of a zone via pdnsutil (Tuxis Internet Engineering). .. change:: :tags: Internals, New Features :pullreq: 4624 Add TCP management options described in :rfc:`section 10 of RFC 7766 <7766#section-10>`. .. change:: :tags: Tools, Improvements :pullreq: 4719 Print "$ORIGIN ." on ``pdnsutil list-zone``, so the output can be used in ``pdnsutil load-zone`` (Tuxis Internet Engineering). .. change:: :tags: Internals, Bug Fixes :pullreq: 4855 Fix ``getaddrinfo()`` returning address in triplicate. .. change:: :tags: Internals, Improvements :pullreq: 4829 Make sure AXFR only deletes records from a SLAVE domain in a multi backend setup (Kees Monshouwer). .. change:: :tags: Tools, Improvements :pullreq: 4478 pdnsutil: clarify error message when set-presigned fails with DNSSEC disabled (Peter Thomassen). .. change:: :tags: Internals, Improvements :pullreq: 4908 Tidy up UeberBackend (Chris Hofstaedtler). .. change:: :tags: Tools, Improvements :pullreq: 3913 pdnsutil: Validate names with address records to be valid hostnames (Håkan Lindqvist). .. change:: :tags: Postgresql, Improvements :pullreq: 4711 :ticket: 2138 Enable setting custom pgsql connection parameters, like TLS parameters (Tarjei Husøy). .. change:: :tags: Internals, Improvements :pullreq: 4944 Improve API performance by instantiating only one DNSSECKeeper per request. .. change:: :tags: Remote, Bug Fixes :pullreq: 4997 Fix two problems with remotebackend (Aki Tuomi): * list method used domain-id json parameter, when it was supposed to use domain_id * NULL ordername was not passed as empty string in POST parameters builder, instead it threw an exception .. change:: :tags: Internals, Improvements :pullreq: 4953 :tickets: 349, 602 Incremental backoff for failed slave checks. When a SOA record for a slave domain can't be retrieved, use an increasing interval between checking the domain again. This prevents hammering down on already busy servers. .. change:: :tags: LDAP, Bug Fixes :pullreq: 4922 :tickets: 3165 Fix ldap-strict autoptr feature. .. change:: :tags: Internals, Improvements :pullreq: 4549 Remove d_place from DNSResourceRecord (Chris Hofstaedtler). .. change:: :tags: MyDNS, New Features :pullreq: 5043 Add function to the MyDNS backend to allow backend-to-backend migrations (Aki Tuomi). .. change:: :tags: Internals, Removed Features :pullreq: 4752 :tickets: 4616, 4238, 4315, 3337, 2606, 2380 Remove recursion. See :doc:`../guides/recursion` for migration strategies (Kees Monshouwer). .. change:: :tags: Internals, Bug Fixes :pullreq: 5117 Turn exception in a qthread into an error instead of a crash. .. change:: :tags: Webserver, Improvements :pullreq: 5116 :tickets: 1844 Report query statistics as full numbers, not scientific notation in the webserver. .. change:: :tags: Tools, Bug Fixes :pullreq: 5125 :tickets: 5124 In ``pdnsutil create-slave-zone``, actually add all slaves. .. change:: :tags: BIND, New Features :pullreq: 5115 :tickets: 1284 Support "native" zones in the BIND backend. .. change:: :tags: Postgresql, Bug Fixes :pullreq: 4929 :tickets: 4928 Make statement actually unique (Chris Hofstaedtler). .. change:: :tags: Tools, Improvements :pullreq: 5118 Correct pdnsutil help output for add-zone-key. .. change:: :tags: Internals, Improvements :pullreq: 5169 Add an option to allow AXFR of zones with a different (higher/lower) serial (Kees Monshouwer). .. change:: :tags: Tools, Improvements :pullreq: 5062 :tickets: 512 Check for valid hostnames in SRV, NS and MX records. .. change:: :tags: Postgresql, Improvements :pullreq: 5121, 5221 :tickets: 2358, 5193 Use pkg-config to detect PostgreSQL libraries. .. change:: :tags: Internals, New Features :pullreq: 5137 :tickets: 5129 Add TCP Fast Open support. .. change:: :tags: ALIAS, Improvements :pullreq: 5182 :tickets: 5119 Disable ALIAS expansion by default. .. change:: :tags: Internals, Improvements :pullreq: 5112 :tickets: 4655 Use the :ref:`setting-resolver` setting for the stub resolver, use resolv.conf as fallback. .. change:: :tags: Internals, New Features :pullreq: 5132, 5258 :tickets: 4204 Hash the entire query in the packet cache, split caches. This makes the authoritative server pass the EDNS compliance test. Add cache hit/miss statistics (Kees Monshouwer). .. change:: :tags: LDAP, New Features :pullreq: 4477 :tickets: 3358 Many improvements and additions to the LDAP backend (Grégory Oestreicher). .. change:: :tags: Internals, Bug Fixes :pullreq: 5212, 5249 Remove duplicate dns2_tolower() function and move ascii-related function to one file (Thiago Farina). .. change:: :tags: Internals, Bug Fixes :pullreq: 5209 Make copying locks impossible. .. change:: :tags: Internals, Improvements :pullreq: 5250 Re-implement the AXFR Filter with LuaContext (Aki Tuomi). .. change:: :tags: GeoIP, New Features :pullreq: 5266, 5269, 5270 :tickets: 4122, 5255 Support 2-character country codes and the MaxMind cities database in the GeoIP backend (Aki Tuomi). .. change:: :tags: GeoIP, Bug Fixes :pullreq: 5267 :tickets: 4704 Apply weights consistently during GeoIP lookups (Aki Tuomi). .. change:: :tags: Tools, Bug Fixes :pullreq: 5303 Fix off-by-one in dnsreplay --packet-limit .. change:: :tags: Internals, New Features :pullreq: 5271, 5190 :tickets: 3781 Add an adjustable statistics interval (@phonedph1). .. change:: :tags: DNSUpdate, New Features :pullreq: 5264, 5263, 5321 :tickets: 4821 Send a notification to all slave servers after every dnsupdate (Kees Monshouwer, Florian Obser). .. change:: :tags: Remote, Bug Fixes :pullreq: 5308 :tickets: 5306 Don't copy data around in the Remote Backend when sending and receiving in the Unix Connector. .. change:: :tags: Internals, Bug Fixes :pullreq: 5320 Properly truncate trailing bits of EDNS Client Subnet masks. .. change:: :tags: Internals, Bug Fixes :pullreq: 5161, 5083 Fix regressions in the AXFR rectification code (Kees Monshouwer, Arthur Gautier). .. change:: :tags: LDAP, Bug Fixes :pullreq: 5340 :tickets: 5091 Fix an erroneous '.' in ".ip6.arpa" (@shantikulkarni). .. change:: :tags: Internals, New Features :pullreq: 5316 Add option to set a global :ref:`setting-lua-axfr-script` (Kees Monshouwer). .. change:: :tags: Tools, New Features :pullreq: 5339 calidns: add --increment and --want-recursion flags. .. change:: :tags: Internals, New Features :pullreq: 4965, 4964, 1701 Allow forwarding of NOTIFY messages using :ref:`setting-forward-notify` (@DrRemorse). .. change:: :tags: Internals, Bug Fixes :pullreq: 5408 Zero the port when creating a netmask from a ComboAddress. .. change:: :tags: API, Improvements :pullreq: 5389 :tickets: 5305 Forbid mixing CNAMEs and other RRSets in the API (Christan Hofstaedtler). .. change:: :tags: Internals, Improvements :pullreq: 5387 Allow control socket to listen on IPv6 (@Gibheer). .. change:: :tags: Types, New Features :pullreq: 5379 Support the SMIMEA RRType. .. change:: :tags: Postgresql, MySQL, Bug Fixes :pullreq: 5245 :tickets: 5005, 3824 Reconnect to the server if the My/Pg connection has been closed. .. change:: :tags: Internals, Removed Features :pullreq: 5468 Remove the experimental Lua Policy Engine (Aki Tuomi). .. change:: :tags: Internals, Bug Fixes :pullreq: 5512 Drop (broken) support for packet-specific SOA replies from backends (Chris Hofstaedtler). .. change:: :tags: Oracle, Bug Fixes :pullreq: 5506 Add missing query for last key insert id in the goracle backend (Aki Tuomi). .. change:: :tags: Postgresql, Improvements :pullreq: 5426 Use BIGSERIAL for records.id in the gpgsql backend (Arsen Stasic). .. change:: :tags: Internals, Bug Fixes :pullreq: 5525 Fix validation at the exact RRSIG inception or expiration time .. change:: :tags: Internals, Improvements :pullreq: 5523 Fix typo in two log messages (Ruben Kerkhof). .. change:: :tags: API, Bug Fixes :pullreq: 5516 Avoid creating fake DNSPacket objects just for calling getAuth() from API code (Chris Hofstaedtler). .. change:: :tags: LDAP, Improvements :pullreq: 5509 Ship ldapbackend schema files in tarball (Chris Hofstaedtler). .. change:: :tags: Internals, Improvements :pullreq: 5542 Update YaHTTP (to fix a warning reported by Coverity). .. change:: :tags: Internals, Improvements :pullreq: 5541 Clarify how we check the return value of std::string::find() (reported by Coverity). .. change:: :tags: Internals, Improvements :pullreq: 5543 Wrap the webserver's and Resolver::tryGetSOASerial objects into smart pointers. .. change:: :tags: Internals, Improvements :pullreq: 4692 SSql: Use unique_ptr for statements (Aki Tuomi). .. change:: :tags: MySQL, Improvements :pullreq: 5605 mydnsbackend: Initialize d_query_stmt (Aki Tuomi). .. change:: :tags: Internals, Improvements :pullreq: 5599 Fix libatomic detection on ppc64 (Sander Hoentjen). .. change:: :tags: Internals, Improvements :pullreq: 5588 Switch the default webserver's ACL to "127.0.0.1, ::1". .. change:: :tags: API, Bug Fixes :pullreq: 5589 Check if the API is read-only on crypto keys methods. .. change:: :tags: API, Bug Fixes :pullreq: 5556 Fix getSOA() in luabackend (@zilopbg). .. change:: :tags: MySQL & Postgresql, Improvements :pullreq: 5518 Schema changes for MySQL / MariaDB and PostgreSQL to for storage requirements of various versions (Kees Monshouwer). .. change:: :tags: GeoIP, Improvements :pullreq: 5548 Add ability to have service record for apex record and any other static record (Aki Tuomi). .. change:: :tags: Internals, Bug Fixes :pullreq: 5519 Lookups one level (or more) below apex did confuse getAuth() for qytpe DS (Kees Monshouwer). .. change:: :tags: Internals, Improvements :pullreq: 5611 NOTIMP is only appropriate for an unsupported opcode (Kees Monshouwer). .. change:: :tags: Tools, Bug Fixes :pullreq: 5610 Fix that pdnsutil edit-zone complains about auth=1 problems on all data. .. change:: :tags: Internals, Bug Fixes :pullreq: 5633 First and last SOA in an AXFR must be identical (Kees Monshouwer). .. change:: :tags: API, Improvements :pullreq: 4195 Prevent duplicate records in single RRset (Chris Hofstaedtler). .. change:: :tags: Internals, Improvements :pullreq: 5641 Catch DNSName exception in the Zoneparser. .. change:: :tags: Internals, Improvements :pullreq: 5583 Listen on 127.0.0.1 during regression tests (@tcely).