Changelogs for 4.6.X ==================== .. changelog:: :version: 4.6.6 :released: 29th of March 2023 .. change:: :tags: Bug Fixes :pullreq: 12702 PowerDNS Security Advisory 2023-02: Deterred spoofing attempts can lead to authoritative servers being marked unavailable. .. changelog:: :version: 4.6.5 :released: 25th of November 2022 .. change:: :tags: Bug Fixes :pullreq: 12229 :tickets: 12198 Correct skip record condition in processRecords. .. change:: :tags: Bug Fixes :pullreq: 12226 :tickets: 12189, 12199 Also consider recursive forward in the "forwarded DS should not end up in negCache code." .. change:: :tags: Bug Fixes :pullreq: 12191 :tickets: 12125 Timeout handling for IXFRs as a client. .. change:: :tags: Bug Fixes :pullreq: 12172 :tickets: 12066 Detect invalid bytes in makeBytesFromHex(). .. change:: :tags: Bug Fixes :pullreq: 12170 :tickets: 12081 Log invalid RPZ content when obtained via IXFR. .. change:: :tags: Bug Fixes :pullreq: 12167 :tickets: 12038 When an expired NSEC3 entry is seen, move it to the front of the expiry queue. .. changelog:: :version: 4.6.4 :released: 20th of September 2022 .. change:: :tags: Improvements :pullreq: 11937 :tickets: 11904 For zones having many NS records, we are not interested in all so take a sample. .. change:: :tags: Bug Fixes :pullreq: 11941 :tickets: 11890 Failure to retrieve DNSKEYs of an Insecure zone should not be fatal. .. change:: :tags: Improvements :pullreq: 11898 :tickets: 11848 Also check qperq limit if throttling happened, as it increases counters. .. change:: :tags: Bug Fixes :pullreq: 11775 :tickets: 11773 Resize answer length to actual received length in udpQueryResponse. .. changelog:: :version: 4.6.3 :released: 23th of August 2022 .. change:: :tags: Bug Fixes :pullreq: 11876,11874 PowerDNS Security Advisory 2022-02: incomplete exception handling related to protobuf message generation. .. change:: :tags: Bug Fixes :pullreq: 11633,11609 Fix API issue when asking config values for allow-from or allow-notify-from. .. changelog:: :version: 4.6.2 :released: 4th of April 2022 .. change:: :tags: Bug Fixes :pullreq: 11418 :tickets: 11371 Be more careful using refresh mode only for the record asked. .. change:: :tags: Bug Fixes :pullreq: 11380 :tickets: 11300 Use the Lua context stored in SyncRes when calling hooks. .. change:: :tags: Bug Fixes :pullreq: 11363 :tickets: 11338 QType ADDR is supposed to be used internally only. .. change:: :tags: Bug Fixes :pullreq: 11362 :tickets: 11327 If we get NODATA on an AAAA in followCNAMERecords, try native dns64. .. change:: :tags: Improvements :pullreq: 11360 :tickets: 11283 Allow disabling of processing the root hints. .. change:: :tags: Improvements :pullreq: 11361 :tickets: 11288 Log an error if pdns.DROP is used as rcode in Lua callbacks. .. change:: :tags: Bug Fixes :pullreq: 11359 :tickets: 11257 Initialize isNew before calling a exception throwing function. .. change:: :tags: Improvements :pullreq: 11358 :tickets: 11245 A CNAME answer on DS query should abort DS retrieval. .. change:: :tags: Improvements :pullreq: 11357 :tickets: 11225 Reject non-apex NSEC(3)s that have both the NS and SOA bits set. .. change:: :tags: Improvements :pullreq: 11260 Fix build with OpenSSL 3.0.0. .. change:: :tags: Improvements :pullreq: 11170 :tickets: 11137 Shorter thread names. .. change:: :tags: Improvements :pullreq: 11169 :tickets: 11109 Two more features to print (DoT and scrypt). .. changelog:: :version: 4.6.1 :released: 25th of March 2022 This is a security fix release for :doc:`PowerDNS Security Advisory 2022-01 <../security-advisories/powerdns-advisory-2022-01>`. Additionally, because CentOS 8 is End Of Life now, we have switched those builds to Oracle Linux 8. The resulting packages are compatible with RHEL and all derivatives. .. change:: :tags: Bug Fixes :pullreq: 11458 Fix validation of incremental zone transfers (IXFRs). .. changelog:: :version: 4.6.0 :released: 17th of December 2021 .. change:: :tags: Improvements :pullreq: 11091 Do not generate event trace records for Lua hooks if no Lua hook is defined. .. change:: :tags: Improvements :pullreq: 11092 Remove capability requirements from Docker images. .. changelog:: :version: 4.6.0-rc1 :released: 3rd of December 2021 .. change:: :tags: Bug Fixes :pullreq: 11055 :tickets: 10982 Condition to HAVE_SYSTEMD_WITH_RUNTIME_DIR_ENV is reversed. During build, the runtime directory in the service files for virtual-hosting are now correctly generated. .. change:: :tags: Bug Fixes :pullreq: 11025 :tickets: 10994, 11010 Do cache negative answers, even when the response was ECS-scoped. .. change:: :tags: Bug Fixes :pullreq: 11022 :tickets: 11018 Fix logic botch in TCP code introduced by notify handling in 4.6.0-beta2. .. change:: :tags: Bug Fixes :pullreq: 11016 :tickets: 11005 Include sys/time.h; needed on musl. .. changelog:: :version: 4.6.0-beta2 :released: 17th of November 2021 .. change:: :tags: Bug Fixes :pullreq: 10980 :tickets: 10936 Return the proper extended error code on specific validation failures. .. change:: :tags: Improvements :pullreq: 10751 :tickets: 7014 Add support for NOTIFY queries to wipe cache entries (Kevin P. Fleming). .. change:: :tags: Bug Fixes :pullreq: 10971 We need a libcurl dev lib for the zone-to-cache function. .. changelog:: :version: 4.6.0-beta1 :released: 9th of November 2021 .. change:: :tags: Improvements :pullreq: 10865 Return documented reply on /api/v1 access. .. change:: :tags: Bug Fixes :pullreq: 10943 :tickets: 10938 Credentials: EVP_PKEY_CTX_set1_scrypt_salt() takes an `unsigned char*`. .. change:: :tags: Improvements :pullreq: 10919 :tickets: 10852 Add more UDP error metrics (checksum, IPv6). .. change:: :tags: Improvements :pullreq: 10930,10965 Move to a stream based socket for the control channel. .. change:: :tags: Improvements :pullreq: 10901 ZoneParserTNG: Stricter checks when loading a zone file. .. change:: :tags: Bug Fixes :pullreq: 10926 Fix regression of carbon-ourname. .. change:: :tags: Improvements :pullreq: 10891 Implement fd-usage metric for OpenBSD. .. changelog:: :version: 4.6.0-alpha2 :released: 25th of October 2021 .. change:: :tags: Improvements :pullreq: 10646,10868,10870 Move to modern C++ constructs (Rosen Penev). .. change:: :tags: Bug Fixes :pullreq: 10842 Correct appliedPolicyTrigger value for IP matches. .. change:: :tags: Improvements :pullreq: 10843 NOD - use structured logging API. .. change:: :tags: Improvements :pullreq: 10847 Sync dnsmessage.proto. .. change:: :tags: Improvements :pullreq: 10567 :tickets: 7558,7420 Introduce experimental Event Trace function to get a more detailed view the work done by the Recursor. .. change:: :tags: Improvements :pullreq: 10797 :tickets: 9135 Use packetcache-servfail-ttl for all packet cache entries considered an error reply. .. change:: :tags: Improvements :pullreq: 10505,10794,10799 Add a periodic zones-to-cache function. .. change:: :tags: Bug Fixes :pullreq: 10768 Use the correct RPZ policy name when loading via XFR. .. change:: :tags: Bug Fixes :pullreq: 10760 Don't create file with wide permissions. .. change:: :tags: Bug Fixes :pullreq: 10757 Update the stats (serial, number of records, timestamp) for RPZ files. .. changelog:: :version: 4.6.0-alpha1 :released: 29th of September 2021 .. change:: :tags: Improvements :pullreq: 10669 TCP/DoT outgoing connection pooling. .. change:: :tags: Bug Fixes :pullreq: 10718 :tickets: 10713 Only the DNAME records are authoritative in DNAME answers. .. change:: :tags: Improvements :pullreq: 10599 Be more strict when validating DS with respect to parent/child NSEC(3)s. .. change:: :tags: Bug Fixes :pullreq: 10633 :tickets: 10632 Pass the Lua context to follow up queries (follow CNAME, dns64). .. change:: :tags: Improvements :pullreq: 10605 :tickets: 10554 Keep a count of per RPZ (or filter) hits. .. change:: :tags: Bug Fixes :pullreq: 10622 :tickets: 10621 Detect a loop when the denial of the DS comes from the child zone. .. change:: :tags: Improvements :pullreq: 10554,10738 :tickets: 10735 Modify per-thread cpu usage stats to be Prometheus-friendly. .. change:: :tags: Improvements :pullreq: 10598 Refactor almost-expired code and add more detailed stats. .. change:: :tags: Improvements :pullreq: 10546 Add dns64 metrics. .. change:: :tags: Bug Fixes :pullreq: 10602 Process policy and potential Drop action after Lua hooks. .. change:: :tags: Improvements :pullreq: 10634 :tickets: 10631 Move macOS to kqueue event handler and assorted compile fixes. .. change:: :tags: Bug Fixes :pullreq: 10565 Do not use DNSKEYs found below an apex for validation. .. change:: :tags: Improvements :pullreq: 10122,10663 :tickets: 9077,10122 Cumulative and Prometheus friendly histograms. .. change:: :tags: Improvements :pullreq: 10428,10659,10533 Rewrite of outgoing TCP code and implement DoT to auth or forwarders. .. change:: :tags: Improvements :pullreq: 10467 Switch OpenBSD to kqueue event handler. .. change:: :tags: Improvements :pullreq: 10396 :tickets: 10395 Take into account g_quiet when determining loglevel and change a few loglevels. .. change:: :tags: Improvements :pullreq: 10349,10623 Move to tcpiohandler for outgoing TCP, sharing much more code with dnsdist. .. change:: :tags: Improvements :pullreq: 10288 Deprecate offensive setting names. .. change:: :tags: Improvements :pullreq: 10160 Implement structured logging API. .. change:: :tags: Improvements :pullreq: 10264 Disable PMTU for IPv6. .. change:: :tags: Improvements :pullreq: 10157 Move to hashed passwords for the web interface. .. change:: :tags: Improvements :pullreq: 10491 Rec: Add bindings to set arbitrary key-value metadata in logged messages