Changelogs for 4.5.x ==================== .. changelog:: :version: 4.5.5 :released: 9th of December 2022 This is release 4.5.5 of the Authoritative Server. It contains various small fixes. .. change:: :tags: Bug Fixes :pullreq: 12032 axfr-retriever: abort on chunk with TC set .. change:: :tags: Bug Fixes :pullreq: 12034 LUA records: we only need one IsUpOracle checker thread .. change:: :tags: Improvements :pullreq: 11979 docker: upgrade to bullseye .. change:: :tags: Bug Fixes :pullreq: 11454 IXFR-in: Fix a case where an incomplete read caused by network error might result in a truncated zone .. changelog:: :version: 4.5.4 :released: 25th of March 2022 This is a security fix release for :doc:`PowerDNS Security Advisory 2022-01 <../security-advisories/powerdns-advisory-2022-01>`. Additionally, because CentOS 8 is End Of Life now, we have switched those builds to Oracle Linux 8. The resulting packages are compatible with RHEL and all derivatives. .. change:: :tags: Bug Fixes :pullreq: 11454 Fix validation of incremental zone transfers (IXFRs). .. changelog:: :version: 4.5.3 :released: 21th of January 2022 This is release 4.5.3 of the Authoritative Server. It mostly contains several robustness fixes for the LMDB backend, and for the zone cache. Please see the full list of fixes here: .. change:: :tags: Bug Fixes :pullreq: 11158 lmdb, check if the lookup name is part of the zone (Kees Monshouwer) .. change:: :tags: Bug Fixes :pullreq: 11146 pdnsutil edit-zone: fix n and e behaviour on increase-serial prompt .. change:: :tags: Bug Fixes :pullreq: 11123 improve tcp exception handling (Kees Monshouwer) .. change:: :tags: Bug Fixes :pullreq: 11123 lmdb: fix records removal in deleteDomain() (Kees Monshouwer) .. change:: :tags: Bug Fixes :pullreq: 11002 2136: apply new TTL to whole RRset, not only to the added record .. change:: :tags: Improvements :pullreq: 11002 2136: improve some log messages .. changelog:: :version: 4.5.2 :released: 10th of November 2021 This is release 4.5.2 of the Authoritative Server. It contains several robustness fixes for the bindbackend, and for SOA handling. These fixes are especially important for zone cache users. .. change:: :tags: Bug Fixes :pullreq: 10968 bindbackend: skip rejected zones during list and search .. change:: :tags: Bug Fixes :pullreq: 10964 make the zone cache more robust for bad data and save some SOA queries for DNSSEC zones (Kees Monshouwer) .. change:: :tags: Bug Fixes :pullreq: 10962 api, check SOA location (Kees Monshouwer) .. change:: :tags: Bug Fixes :pullreq: 10952 improve dnsname exception handling for SOA records (Kees Monshouwer) .. change:: :tags: Bug Fixes :pullreq: 10792 improve SOA parse exception handling (Kees Monshouwer) .. change:: :tags: Bug Fixes :pullreq: 10778 try to reload rejected zones in bind-backend once every bind-check-interval (Kees Monshouwer) .. changelog:: :version: 4.5.1 :released: 26th of July 2021 This is release 4.5.1 of the Authoritative Server. It is strictly a security fix release for :doc:`Advisory 2021-01 <../security-advisories/powerdns-advisory-2021-01>`. .. change:: :tags: Bug Fixes :pullreq: 10611 auth: correct upper bounds on d_qtypecounters .. changelog:: :version: 4.5.0 :released: 13th of July 2021 This is release 4.5.0 of the Authoritative Server. This release contains a ton of improvements and bug fixes compared to 4.4, but very few user visible changes. There are two notable new features: * The "zone cache", which allows PowerDNS to keep a list of zones in memory, updated periodically. With this cache, PowerDNS can avoid hitting the database with queries for unknown domains. In some setups, and some attack scenarios, this can make a serious performance difference. Users of backends with dynamically generated zones may want to disable this or at least read the upgrade notes extremely carefully. Many thanks to Chris Hofstaedtler for implementing this. This work by Chris was supported by RcodeZero DNS. * Priority ordering in the AXFR queue in PowerDNS running as a secondary. Some users with a lot of domains (>100k) sometimes found real changes waiting behind signature refreshes on Thursdays. With the new ordering, those real changes can "skip the line" and get deployed on your secondaries faster. Many thanks to Robin Geuze of TransIP for implementing this. Since 4.5.0-beta1, the zone cache is enabled by default. Please make sure to read the :doc:`upgrade notes <../upgrading>` before upgrading. .. change:: :tags: Bug Fixes :pullreq: 10579 fix building without sqlite (this got broken between RC1 and RC2). Thanks to our trusty FreeBSD port maintainer Ralf van der Enden for noticing and reporting this. .. changelog:: :version: 4.5.0-rc2 :released: 6th of July 2021 This is the second, and hopefully last, release candidate for version 4.5.0 of the Authoritative Server. This release contains a ton of improvements and bug fixes compared to 4.4, but very few user visible changes. There are two notable new features: * The "zone cache", which allows PowerDNS to keep a list of zones in memory, updated periodically. With this cache, PowerDNS can avoid hitting the database with queries for unknown domains. In some setups, and some attack scenarios, this can make a serious performance difference. Many thanks to Chris Hofstaedtler for implementing this. * Priority ordering in the AXFR queue in PowerDNS running as a secondary. Some users with a lot of domains (>100k) sometimes found real changes waiting behind signature refreshes on Thursdays. With the new ordering, those real changes can "skip the line" and get deployed on your secondaries faster. Many thanks to Robin Geuze for implementing this. Since 4.5.0-beta1, the zone cache is enabled by default. Please make sure to read the :doc:`upgrade notes <../upgrading>` before upgrading. .. change:: :tags: Bug Fixes :pullreq: 10552 bindbackend: purge caches on zone reload; store nsec3 settings at zone load .. change:: :tags: Bug Fixes :pullreq: 10551 Use correct TTL when caching responses from backends (Robin Geuze) .. changelog:: :version: 4.5.0-rc1 :released: 25th of June 2021 This is the first release candidate for version 4.5.0 of the Authoritative Server. This release contains a ton of improvements and bug fixes compared to 4.4, but very few user visible changes. The one notable feature is the "zone cache", which allows PowerDNS to keep a list of zones in memory, updated periodically. With this cache, PowerDNS can avoid hitting the database with queries for unknown domains. In some setups, and some attack scenarios, this can make a serious performance difference. Since 4.5.0-beta1, the zone cache is enabled by default. Please make sure to read the :doc:`upgrade notes <../upgrading>` before upgrading. .. change:: :tags: Bug Fixes :pullreq: 10522 SVCB additional processing: delay inserts to avoid invalidating iterator; do not chase chains outside of zone .. change:: :tags: Improvements :pullreq: 10514 2136: allow placing DNSKEY/CDS/CDNSKEY regardless of direct-dnskey setting .. change:: :tags: Bug Fixes :pullreq: 10513 pdnsutil edit-zone: correctly reask inc-serial question .. change:: :tags: Improvements :pullreq: 10512 pdnsutil add-autoprimary: print error when exiting with 1 .. change:: :tags: Bug Fixes :pullreq: 10511 SVCB: on parse error, throw instead of truncate .. change:: :tags: Bug Fixes :pullreq: 10510 SVCB: Fix auto hints removing non-auto hints .. change:: :tags: Improvements :pullreq: 10509 pdnsutil create-zone: better error if default-soa-content is broken .. change:: :tags: Improvements :pullreq: 10373 pdnsutil add-zone-key: clarify ZSK default .. change:: :tags: New Features :pullreq: 9474 newCAFromRaw(): create ComboAddress from raw 4/16 byte strings, plus test .. changelog:: :version: 4.5.0-beta1 :released: 9th of June 2021 This is version 4.5.0-beta1 of the Authoritative Server. This release contains a ton of improvements and bug fixes compared to 4.4, but very few user visible changes. The one notable feature is the "zone cache", which allows PowerDNS to keep a list of zones in memory, updated periodically. With this cache, PowerDNS can avoid hitting the database with queries for unknown domains. In some setups, and some attack scenarios, this can make a serious performance difference. In beta1, the zone cache is enabled by default. Please make sure to read the :doc:`upgrade notes <../upgrading>` before upgrading. .. change:: :tags: New Features :pullreq: 10463 LUA records: add filterForward function, to limit the scope of createForward[6] .. change:: :tags: New Features :pullreq: 10454 add/fix getAllDomains() and enable the zone cache by default (Kees Monshouwer) .. change:: :tags: Improvements :pullreq: 10461 simplify createDomain() (Kees Monshouwer) .. change:: :tags: Improvements :pullreq: 10342 SVCB: rename echconfig to ech and add test vectors from draft .. changelog:: :version: 4.5.0-alpha1 :released: 27th of May 2021 This is version 4.5.0-alpha1 of the Authoritative Server. This release contains a ton of improvements and bug fixes compared to 4.4, but very few user visible changes. The one notable feature is the "zone cache", which allows PowerDNS to keep a list of zones in memory, updated periodically. With this cache, PowerDNS can avoid hitting the database with queries for unknown domains. In some setups, and some attack scenarios, this can make a serious performance difference. Please make sure to read the :doc:`upgrade notes <../upgrading>` before upgrading. .. change:: :tags: Improvements :pullreq: 10260 Lower max-nsec3-iterations to 100 (Kees Monshouwer) .. change:: :tags: Improvements :pullreq: 10421 add an option to in/exclude disabled zones in the pdnsutil list-all-zone and list-keys output (Kees Monshouwer) .. change:: :tags: Bug Fixes :pullreq: 10399 Make sure we recheck failed SOA lookups for notifies (Kees Monshouwer) .. change:: :tags: Improvements :pullreq: 8999, 9788 Swagger/OpenAPI improvements (Kevin Fleming) .. change:: :tags: Bug Fixes :pullreq: 9813 geoip: set netmask on all string formatting types .. change:: :tags: Bug Fixes :pullreq: 9768 fix rounding inaccuracy in latency statistics (Kees Monshouwer) .. change:: :tags: Improvements :pullreq: 9574 Ensure socket-dir matches runtimedir on old systemd .. change:: :tags: Bug Fixes :pullreq: 9775 pdnsutil add-record: notice when backend does not support replaceRRSet .. change:: :tags: Improvements :pullreq: 9764, 9847, 9848, 9910 Various logging improvements (Kees Monshouwer, nzlosh) .. change:: :tags: Improvements :pullreq: 9752, 9803, 10028, 10067, 10068, 10165 Various improvements to the Docker image (rytis, james-crowley) .. change:: :tags: Improvements :pullreq: 9749, 9819, 9831, 9832, 9857, 9876, 9895, 9911, 9914, 9920, 9930, 9932, 9937, 9955, 9979, 10016, 10137, 10141, 10216, 10245, 10269, 10271, 10310, 10329, 10336, 10344 Build improvements (support for new compilers and boost versions, etc.), improved usage of some library constructs, and architecture specific fixes .. change:: :tags: Improvements :pullreq: 9913 Switch to C++17 .. change:: :tags: Improvements :pullreq: 9885, 9888, 9933, 10013, 10099, 10107, 10186 LMDB improvements (better transaction safety; support for the ``disabled`` field; better upgrade handling; stale reader cleanup; other bug fixes) (Robin Geuze, Kees Monshouwer) .. change:: :tags: Removed Features :pullreq: 10259 gpgsql backend: drop refcursor support (it never worked anyway) .. change:: :tags: Bug Fixes :pullreq: 9766, 9844, 9919 Fixed bugs in the implementations of the ``SVCB``, ``HTTPS``, ``IPSECKEY`` and ``APL`` types. .. change:: :tags: New Features :pullreq: 10074 ``SVCB`` improvements, including a new ``svc-autohints`` setting .. change:: :tags: New Features :pullreq: 10078, 10172, 10121, 10256, 10234 New RRtypes supported: ``CSYNC``, ``NID``, ``L32``, ``L64``, and ``LP`` .. change:: :tags: Improvements :pullreq: 10196 Implement priority levels in the AXFR queue (Robin Geuze) .. change:: :tags: Improvements :pullreq: 9658, 9669, 10430 pdns.conf, pdnsutil, pdns_control: add modern aliases for words like master and slave. Add a setting to ignore unknown settings, to make mixed-version testing easier. (Chris Hofstaedtler, Kees Monshouwer) While changing names, Kees Monshouwer also renamed 'domain' to 'zone' in a ton of places. .. change:: :tags: Removed Features :pullreq: 10251 remove local-ipv6, query-local-address6, after their deprecation in 4.4 .. change:: :tags: New Features :pullreq: 10217 API HTTP cryptokeys: add cds array when configured to do so .. change:: :tags: Improvements :pullreq: 10236 When rectifying, do not update ordernames/auth when there is no need (Kees Monshouwer) .. change:: :tags: New Features :pullreq: 9995, 10060, 10149 sdig: DoT support; TCP Fast Opens support for TCP/DoT/DoH .. change:: :tags: Bug Fixes :pullreq: 10155 ALIAS: Ensure A and AAAA are in the NSEC bitmap .. change:: :tags: Improvements :pullreq: 10161 memory usage reporting: use RES instead of "data" size .. change:: :tags: Removed Features :pullreq: 10010 Check ``sizeof(time_t)`` to be at least 8. This makes it easier for us to handle times beyond the years 2038 and 2106 safely. This removes support for platforms where ``time_t`` is still only 32 bits wide. .. change:: :tags: Bug Fixes :pullreq: 10081 pdnsutil load-zone: reject zones with broken rrs .. change:: :tags: Bug Fixes :pullreq: 9826 pdnsutil edit-zone: do not exit on ZoneParser exception .. change:: :tags: Improvements :pullreq: 10087 pdnsutil: Warn on CNAME targets for NS, MX and SRV .. change:: :tags: Improvements :pullreq: 10264 Also disable PMTU for IPv6 (it was disabled for IPv4 already) .. change:: :tags: Improvements :pullreq: 8813 Make check-zone also check whether there are duplicate key value pair metadatas for the zone (RobinGeuze) .. change:: :tags: Bug Fixes :pullreq: 10007 fix tcp answer counters (Kees Monshouwer) .. change:: :tags: Bug Fixes :pullreq: 10037 run deleteDomain() inside a transaction (Kees Monshouwer) .. change:: :tags: New Features :pullreq: 9958 Serve NSEC3PARAM when asked without DO .. change:: :tags: Bug Fixes :pullreq: 8829 gsqlite3: handle escaping correctly for API search .. change:: :tags: Bug Fixes :pullreq: 9872 fix direct-dnskey in AXFR-out (Kees Monshouwer) .. change:: :tags: Improvements :pullreq: 9520 detect possible metadata cache pollution (Kees Monshouwer) .. change:: :tags: Bug Fixes :pullreq: 10364 auth: Don't choke on non-base64 values when importing zone keys .. change:: :tags: New Features :pullreq: 9464, 10432 Add a cache of all zones, avoiding backend lookups for zones that do not exist, and for non-existing subzones. (Chris Hofstaedtler) .. change:: :tags: Improvements :pullreq: 10401 change the consistent-backends default to 'yes' .. change:: :tags: Bug Fixes :pullreq: 10392 gpgsql: use SELECT .. RETURNING to get inserted row ID