Changelogs for 4.4.x ==================== .. changelog:: :version: 4.4.8 :released: 25th of March 2022 This is a security fix release for :doc:`PowerDNS Security Advisory 2022-01 <../security-advisories/powerdns-advisory-2022-01>`. Additionally, because CentOS 8 is End Of Life now, we have switched those builds to Oracle Linux 8. The resulting packages are compatible with RHEL and all derivatives. .. change:: :tags: Bug Fixes :pullreq: 11456 Fix validation of incremental zone transfers (IXFRs). .. changelog:: :version: 4.4.7 :released: 5th of November 2021 .. change:: :tags: Bug Fixes :pullreq: 10910 :tickets: 10908 A SHA-384 DS should not trump a SHA-256 one, only potentially ignore SHA-1 DS records. .. change:: :tags: Bug Fixes :pullreq: 10909 :tickets: 10905 rec_control wipe-cache-typed should check if a qtype argument is present and valid. .. changelog:: :version: 4.4.6 :released: 8th of October 2021 .. change:: :tags: Bug Fixes :pullreq: 10802 :tickets: 10768 Use the correct RPZ policy name for statistics when loading via XFR. .. change:: :tags: Bug Fixes :pullreq: 10654 :tickets: 10643 NS from the cache could be a forwarder, take that into account for throttling decision. .. change:: :tags: Bug Fixes :pullreq: 10628 :tickets: 10627 Check in more places if the policy has been updated before using or modifying it. .. changelog:: :version: 4.4.5 :released: 30th of July 2021 .. change:: :tags: Improvements :pullreq: 10580 :tickets: 10555 Work around clueless servers sending AA=0 answers. .. changelog:: :version: 4.4.4 :released: 9th of June 2021 .. change:: :tags: Bug Fixes :pullreq: 10390 Check if we have room before adding zero ECS scope ENDS value. .. change:: :tags: Bug Fixes :pullreq: 10383 :tickets: 10303 Use the correct ECS address when proxy-protocol is enabled. .. change:: :tags: Bug Fixes :pullreq: 10385 Apply dns64 on RPZ hits generated after a gettag_ffi hit. .. change:: :tags: Bug Fixes :pullreq: 10314 :tickets: 10286 RPZ dumper: stop generating double zz labels on networks that start with zeroes. .. change:: :tags: Bug Fixes :pullreq: 10313 :tickets: 10291 Exception loading the RPZ seed file is not fatal. .. changelog:: :version: 4.4.3 :released: 31st of March 2021 .. change:: :tags: Bug Fixes :pullreq: 10240 :tickets: 10238 More fail-safe handling of Newly Discovered Domain files. .. change:: :tags: Bug Fixes :pullreq: 10227 :tickets: 10111 Handle policy (if needed) after postresolve. .. change:: :tags: Bug Fixes :pullreq: 10226 :tickets: 10064 Return current rcode instead of 0 if there are no CNAME records to follow. .. change:: :tags: Bug Fixes :pullreq: 10224 :tickets: 9883 Lookup DS entries before CNAME entries. .. change:: :tags: Improvements :pullreq: 10221 :tickets: 9856 Use a short-lived NSEC3 hashes cache for denial validation. .. change:: :tags: Bug Fixes :pullreq: 10199 :tickets: 9812 Handle failure to start the web server more gracefully. .. change:: :tags: Bug Fixes :pullreq: 10197 :tickets: 9970 Test that we correctly cap the answer's TTL in expanded wildcard cases. .. change:: :tags: Bug Fixes :pullreq: 10194 :tickets: 9793 Fix the gathering of denial proof for wildcard-expanded answers. .. change:: :tags: Bug Fixes :pullreq: 10192 :tickets: 10185 Make sure we take the right minimum for the packet cache TTL data in the SERVFAIL case. .. change:: :tags: Improvements :pullreq: 10062 Pull in libfstrm for el8 build. .. changelog:: :version: 4.4.2 :released: 14th of December 2020 .. change:: :tags: Improvements :pullreq: 9837 UUID: Use the non-cryptographic variant of the boost::uuid. .. change:: :tags: Improvements :pullreq: 9838 Keep a cached, valid entry over a fresher Bogus one. .. change:: :tags: Improvements :pullreq: 9799 :tickets: 9574 Ensure socket-dir matches runtime directory on old systemd .. change:: :tags: Bug Fixes :pullreq: 9825 :tickets: 9807 Untangle the validation/resolving qnames and qtypes. .. change:: :tags: Improvements :pullreq: 9821 :tickets: 9597 Move to several distinct Bogus states, for easier debugging. .. change:: :tags: Improvements :pullreq: 9805 :tickets: 9790 Do not chase CNAME during qname minimization step 4. .. change:: :tags: Bug Fixes :pullreq: 9774 :tickets: 9766 APL records: fix endianness problem. .. changelog:: :version: 4.4.1 :released: 25th of November 2020 .. change:: :tags: Bug Fixes :pullreq: 9719 :tickets: 9707 Do not add request to a wait chain that's already processed or being processed. .. change:: :tags: Improvements :pullreq: 9687 :tickets: 9651 Allow to specify a name in getMetric() that is used for Prometheus export only. .. change:: :tags: Bug Fixes :pullreq: 9710 :tickets: 9696 Avoid a CNAME loop detection issue with DNS64 .. change:: :tags: Bug Fixes :pullreq: 9705 :tickets: 9697 Do not send overly long NOD lookups. .. change:: :tags: Bug Fixes :pullreq: 9683 :tickets: 9680 If a.b.c CNAME x.a.b.c is encountered, switch off QName Minimization. .. change:: :tags: Bug Fixes :pullreq: 9682 :tickets: 9679 Fix the processing of answers generated from gettag. .. changelog:: :version: 4.4.0 :released: 19th of October 2020 .. change:: :tags: Bug Fixes :pullreq: 9605 Backport of CVE-2020-25829: Cache pollution. .. changelog:: :version: 4.4.0-rc2 :released: 6th of October 2020 .. change:: :tags: Bug Fixes :pullreq: 9579 :tickets: 9434 When deciding if we are auth in the local auth or forwarding case, DS is special. .. change:: :tags: Improvements :pullreq: 9577 :tickets: 9569 Don't parse any config with `--version`. .. change:: :tags: Improvements :pullreq: 9576 :tickets: 9562 Expose typed cache flush via Web API. .. change:: :tags: Bug Fixes :pullreq: 9557 :tickets: 9515 Fix wipe-cache-typed. .. change:: :tags: Improvements :pullreq: 9528 :tickets: 9471 Log when going Bogus because of a missing SOA in authority. .. change:: :tags: Bug Fixes :pullreq: 9526 :tickets: 9495 Watch the descriptor again after an out-of-order read timeout. .. change:: :tags: Improvements :pullreq: 9506 :tickets: 9497 Raise an exception on invalid content in unknown record. .. changelog:: :version: 4.4.0-rc1 :released: 21st of September 2020 .. change:: :tags: Bug Fixes :pullreq: 9465 :tickets: 9448 Only do QName Minimization for the names inside a forwarded domain. .. change:: :tags: Bug Fixes :pullreq: 9458 Fix the parsing of `dont-throttle-netmasks` in the presence of `dont-throttle-names`. .. changelog:: :version: 4.4.0-beta1 :released: 31st of August 2020 .. change:: :tags: Improvements :pullreq: 9376 Store RPZ trigger and hit in appliedPolicy and protobuf message and log them in the trace log. .. change:: :tags: Improvements :pullreq: 9414 :tickets: 9363 Apply filtering policies (RPZ) on CNAME chains as well. .. change:: :tags: Improvements :pullreq: 9411 Fix warning: initialized lambda captures are a C++14 extension. .. change:: :tags: Bug Fixes :pullreq: 9375 Allow some more depth headroom for the no-qname-minimization fallback case. .. change:: :tags: Internals, Improvements :pullreq: 9412 Clean some coverity reported cases of exceptions thrown but not caught. .. change:: :tags: Improvements :pullreq: 9391 Export record cache lock (contention) stats via the various channels. .. change:: :tags: Improvements :pullreq: 9396 Allow multiple local data records when doing RPZ IP matching. .. change:: :tags: Improvements, Internals :pullreq: 9380 Replace the use of '1' by QClass::IN to improve readability. .. change:: :tags: Bug Fixes :pullreq: 9351 :tickets: 9227 If we have an NS in cache, use it in the forwarder case. .. change:: :tags: Bug Fixes :pullreq: 9196 Disable outgoing v4 when query-local-address has no v4 addresses. .. change:: :tags: Bug Fixes :pullreq: 9343 Resize hostname to final size in getCarbonHostname() (Aki Tuomi). .. change:: :tags: Internals, Improvements :pullreq: 9348 :tickets: 9279 Avoid name clashes on Solaris derived systems. .. changelog:: :version: 4.4.0-alpha2 :released: 20th of July 2020 .. change:: :tags: Bug Fixes :pullreq: 9320 Update proxy-protocol.cc (ihsinme). .. change:: :tags: Improvements :pullreq: 9308 Check that DNSKEYs have the zone flag set. .. change:: :tags: Improvements :pullreq: 9314 Remove redundant toLogString() calls (Chris Hofstaedtler). .. change:: :tags: Internals, Improvements :pullreq: 9312 Stop cluttering the global namespace with validation states. .. change:: :tags: Internals, Improvements :pullreq: 9231 Use explicit flag for the specific version of c++ we're targeting. .. change:: :tags: Internals, Improvements :pullreq: 9303 Use new operator to print states. .. change:: :tags: Internals, Bug Fixes :pullreq: 9302 Kill an signed vs unsigned warning on OpenBSD. .. change:: :tags: Improvements :pullreq: 9290 Refuse QType 0 right away, based on rfc6895 section 3.1. .. change:: :tags: Internals, Improvements :pullreq: 9295 Specify a storage type for validation states. .. change:: :tags: Improvements :pullreq: 9289 Common TCP write problems should only be logged if wanted. .. change:: :tags: Improvements :pullreq: 9288 Dump the authority records of a negative cache entry as well. .. change:: :tags: Bug Fixes :pullreq: 9237 Don't validate a NXD with a NSEC proving that the name is an ENT. .. change:: :tags: Improvements :pullreq: 9272 :tickets: 9266 Alternative way to do "skip cname check" for DS and DNSKEY records .. change:: :tags: Improvements :pullreq: 9267 Control stack depth when priming. .. change:: :tags: Improvements :pullreq: 9252 Add version 'statistic' to prometheus. .. change:: :tags: Internals, Improvements :pullreq: 9236 Cleanup cache cleaner pruneCollection function. .. change:: :tags: Bug Fixes :pullreq: 9226 Fix three shared cache issues. .. change:: :tags: Improvements :pullreq: 9203 RPZ policy should override gettag_ffi answer by default. .. change:: :tags: Internals, Improvements :pullreq: 9216 Don't copy the records when scanning for CNAME loops. .. change:: :tags: Internals, Improvements :pullreq: 9213 Do not use `using namespace std;` . .. change:: :tags: Internals, Improvements :pullreq: 9202 :tickets: 9153, 9194 More sophisticated CNAME loop detection. .. change:: :tags: Bug Fixes :pullreq: 9205 :tickets: 9193 Limit the TTL of RRSIG records as well. .. change:: :tags: Internals, Improvements :pullreq: 9207 Use std::string_view when available (Rosen Penev). .. change:: :tags: Improvements :pullreq: 9152 Make sure we can install unsigned packages. .. change:: :tags: Improvements :pullreq: 9162 Clarify docs (Josh Soref). .. change:: :tags: Improvements :pullreq: 9073 Ensure runtime dirs for virtual services differ. .. change:: :tags: Improvements :pullreq: 9085 :tickets: 8094 Builder: improve shipped config files (Chris Hofstaedtler). .. change:: :tags: Improvements :pullreq: 9100 Less negatives in error messages improves readability. .. change:: :tags: Internals, Improvements :pullreq: 9070 Boost 1.73 moved boost::bind placeholders to the placeholders namespace. .. change:: :tags: Bug Fixes :pullreq: 9079 Avoid throwing an exception in Logger::log(). .. change:: :tags: Internals, Improvements :pullreq: 9076 Fix useless copies in loop reported by clang++ 10. .. change:: :tags: Internals, Improvements :pullreq: 9078 NetmaskTree: do not test node for null, the loop guarantees node is not null. .. change:: :tags: Internals, Improvements :pullreq: 9067 Wrap pthread objects .. change:: :tags: Internals, Improvements :pullreq: 9053 Get rid of a naked pointer in the /dev/poll event multiplexer. .. change:: :tags: Internals, Improvements :pullreq: 9016 :tickets: 9004 Random engine. .. changelog:: :version: 4.4.0-alpha1 :released: 22th of April 2020 .. change:: :tags: Bug Fixes :pullreq: 9031 :tickets: 9025 Fix compilation of the ports event multiplexer. .. change:: :tags: Improvements :pullreq: 9000 Fix warnings with llvm10 and -Wrange-loop-construct (Kirill Ponomarev). .. change:: :tags: Improvements :pullreq: 8985 Fix compilation without deprecated OpenSSL APIs (Rosen Penev). .. change:: :tags: New Features :pullreq: 8967 Implement native DNS64 support, without Lua. .. change:: :tags: New Features :pullreq: 8927 Add custom tags to RPZ hits. .. change:: :tags: New Features :pullreq: 8910 Allow attaching a 'routing' tag string to a query in lua code and use that tag in the record cache when appropriate. .. change:: :tags: Improvements :pullreq: 8900 :tickets: 8739 Detect {Libre,Open}SSL functions availability during configure. .. change:: :tags: New Features :pullreq: 8898 Share record cache between threads. .. change:: :tags: Improvements :pullreq: 8887 Better handling of reconnections in Remote Logger. .. change:: :tags: Improvements :pullreq: 8883 :tickets: 8629 Add 'queue full' metrics for our remote logger, log at debug only. .. change:: :tags: Improvements :pullreq: 8876, 8740 :tickets: 8875 Update boost.m4 .. change:: :tags: New Features :pullreq: 8874 Add support for Proxy Protocol between dnsdist and the recursor. .. change:: :tags: Improvements :pullreq: 8812 Keep a masked network in the Netmask class. .. change:: :tags: Improvements :pullreq: 8631 Replace include guard ifdef/define with pragma once (Chris Hofstaedtler). .. change:: :tags: Bug Fixes :pullreq: 8830 Init zone's d_priority field. .. change:: :tags: Improvements :pullreq: 8815 YaHTTP: Support bracketed IPv6 addresses .. change:: :tags: Improvements :pullreq: 8355 Rework NetmaskTree for better CPU and memory efficiency (Stephan Bosch). .. change:: :tags: Bug Fixes :pullreq: 8777 :tickets: 8697 QName Minimization sometimes uses 1 label too many. .. change:: :tags: Improvements :pullreq: 8778 RPZ dumpFile/seedFile: store/get SOA refresh on dump/load. .. change:: :tags: Improvements :pullreq: 8783 Add 'IO wait' and 'steal' metrics on Linux. .. change:: :tags: Improvements :pullreq: 8792 DNSName: Don't call strlen() when the length is already known. .. change:: :tags: Improvements :pullreq: 8640 Fix build with gcc-10 (Sander Hoentjen).