Changelogs for 4.7.X ==================== .. changelog:: :version: 4.7.6 :released: 25th of August 2023 .. change:: :tags: Bug Fixes :pullreq: 13157 :tickets: 13105 (I)XFR: handle partial read of len prefix. .. change:: :tags: Bug Fixes :pullreq: 13079 :tickets: 12892 YaHTTP: Prevent integer overflow on very large chunks. .. change:: :tags: Bug Fixes :pullreq: 13075 :tickets: 12961 Work around Red Hat 8 misfeature in OpenSSL's headers. .. change:: :tags: Bug Fixes :pullreq: 13058 :tickets: 13021 Fix setting of policy tags for packet cache hits. .. changelog:: :version: 4.7.5 :released: 29th of March 2023 .. change:: :tags: Bug Fixes :pullreq: 12701 PowerDNS Security Advisory 2023-02: Deterred spoofing attempts can lead to authoritative servers being marked unavailable. .. changelog:: :version: 4.7.4 :released: 25th of November 2022 .. change:: :tags: Bug Fixes :pullreq: 12231 :tickets: 12046 Fix compilation of the event ports multiplexer. .. change:: :tags: Bug Fixes :pullreq: 12230 :tickets: 12198 Correct skip record condition in processRecords. .. change:: :tags: Bug Fixes :pullreq: 12227 :tickets: 12189, 12199 Also consider recursive forward in the "forwarded DS should not end up in negCache code." .. change:: :tags: Bug Fixes :pullreq: 12190 :tickets: 12125 Timeout handling for IXFRs as a client. .. change:: :tags: Bug Fixes :pullreq: 12173 :tickets: 12066 Detect invalid bytes in makeBytesFromHex(). .. change:: :tags: Bug Fixes :pullreq: 12171 :tickets: 12081 Log invalid RPZ content when obtained via IXFR. .. change:: :tags: Bug Fixes :pullreq: 12168 :tickets: 12038 When an expired NSEC3 entry is seen, move it to the front of the expiry queue. .. changelog:: :version: 4.7.3 :released: 20th of September 2022 .. change:: :tags: Improvements :pullreq: 11936 :tickets: 11904 For zones having many NS records, we are not interested in all so take a sample. .. change:: :tags: Bug Fixes :pullreq: 11940 :tickets: 11890 Failure to retrieve DNSKEYs of an Insecure zone should not be fatal. .. change:: :tags: Improvements :pullreq: 11897 :tickets: 11848 Also check qperq limit if throttling happened, as it increases counters. .. change:: :tags: Bug Fixes :pullreq: 11879 :tickets: 11850 Fix recursor not responsive after Lua config reload. .. change:: :tags: Bug Fixes :pullreq: 11847 :tickets: 11843 Clear the caches *after* loading authzones. .. change:: :tags: Bug Fixes :pullreq: 11774 :tickets: 11773 Resize answer length to actual received length in udpQueryResponse. .. changelog:: :version: 4.7.2 :released: 23th of August 2022 .. change:: :tags: Bug Fixes :pullreq: 11877,11874 PowerDNS Security Advisory 2022-02: incomplete exception handling related to protobuf message generation. .. changelog:: :version: 4.7.1 :released: 8th of July 2022 .. change:: :tags: Improvements :pullreq: 11750 :tickets: 11726, 11724 Allow generic format while parsing zone files for ZoneToCache. .. change:: :tags: Bug Fixes :pullreq: 11748 :tickets: 11692 Run tasks from housekeeping thread in the proper way, causing queued DoT probes to run more promptly. Thanks to Jerry Lundström! .. change:: :tags: Improvements :pullreq: 11740 :tickets: 11735 Force gzip compression for debian packages (Zash). .. changelog:: :version: 4.7.0 :released: 30th of May 2022 .. change:: :tags: Bug Fixes :pullreq: 11632 :tickets: 11609 Fix API issue when asking config values for allow-from or allow-notify-from. .. changelog:: :version: 4.7.0-rc1 :released: 6th of May 2022 .. change:: :tags: Bug Fixes :pullreq: 11559 :tickets: 11539 Prometheus #HELP texts: DNSSEC counters track responses sent, not actual validations performed. .. change:: :tags: Bug Fixes :pullreq: 11560 :tickets: 11541 Fix DoT port and protocol used for probed authoritative servers. .. change:: :tags: Bug Fixes :pullreq: 11538 :tickets: 11536 Fix Coverity 1487923 Out-of-bounds read (wrong use of sizeof). .. changelog:: :version: 4.7.0-beta1 :released: 14th of April 2022 .. change:: :tags: Improvements :pullreq: 11487 Probe authoritative servers for DoT support (experimental). .. change:: :tags: Bug Fixes :pullreq: 11524 Update moment.min.js (path traversal fix; we are unaffected). .. change:: :tags: Improvements :pullreq: 11492 Add deferred mode for retrieving additional records. .. change:: :tags: Improvements :pullreq: 11484 Use boost::mult-index for nsspeed table and make it shared. .. change:: :tags: Bug Fixes :pullreq: 11496 Prevent segfault with empty allow-from-file and allow-from options (Sven Wegener). .. change:: :tags: Improvements :pullreq: 11312 Packet cache improvements: do not fill beyond limit and use strict LRU eviction method. .. change:: :tags: Improvements :pullreq: 11444 Use nice format for timestamp printing. .. change:: :tags: Bug Fixes :pullreq: 11471 In the handler thread, call sd_notify() just before entering the main loop in RecursorThread. .. change:: :tags: Improvements :pullreq: 11445 :tickets: 11440 Only log "Unable to send NOD lookup" if log-common-errors is set. .. change:: :tags: Improvements :pullreq: 11443 Remember parent NS set, to be able to fallback to it if needed. .. change:: :tags: Improvements :pullreq: 11396, 11507 Proxy by table: allow a table based mapping of source address. .. change:: :tags: Bug Fixes :pullreq: 11405 Distinguish between unreachable and timeout for throttling. .. change:: :tags: Bug Fixes :pullreq: 11397 Use correct task to clean outgoing TCP. .. changelog:: :version: 4.7.0-alpha1 :released: 28th of February 2022 .. change:: :tags: Bug Fixes :pullreq: 11338, 11349 :tickets: 11337 QType ADDR is supposed to be used internally only. .. change:: :tags: Bug Fixes :pullreq: 11347 Fix unaligned access in murmur hash code used by the Newly Observed Domain feature. .. change:: :tags: Improvements :pullreq: 11302 :tickets: 11294 Add Additional records to query results if appropriate and configured. .. change:: :tags: Improvements :pullreq: 11294 Resolve AAAA for NS in an async task if applicable. .. change:: :tags: Bug Fixes :pullreq: 11327 :tickets: 11320 A Lua followCNAME result might need native dns64 processing. .. change:: :tags: Improvements :pullreq: 11319 Read the base Lua definitions into the Lua context for reading the Lua config. .. change:: :tags: Bug Fixes :pullreq: 11300 :tickets: 11289 Use the Lua context stored in SyncRes when calling hooks. .. change:: :tags: Improvements :pullreq: 11307 Add SNI information to outgoing DoT if available. .. change:: :tags: Improvements :pullreq: 11305 Detect a malformed question early so we can drop it as soon as possible. .. change:: :tags: Improvements :pullreq: 11252 Thread management re-factoring. .. change:: :tags: Improvements :pullreq: 11288 :tickets: 11287 Document changes to policy.DROP better and warn on using the now unsupported way. .. change:: :tags: Improvements :pullreq: 11283 Allow disabling of processing root hints and lower log level of some related messages. .. change:: :tags: Improvements :pullreq: 11269 Move two maps (failed servers and non-resolving nameservers) from thread_local to shared. .. change:: :tags: Improvements :pullreq: 11245 A CNAME answer on DS query should abort DS retrieval. .. change:: :tags: Improvements :pullreq: 11189,11100 ZONEMD validation for Zone to Cache function. .. change:: :tags: Improvements :pullreq: 11186 :tickets: 11178 By default, build with symbol visibility hidden. .. change:: :tags: Improvements :pullreq: 11164 Update protozero to 1.7.1. .. change:: :tags: Improvements :pullreq: 11074 Add Lua postresolve_ffi hook. .. change:: :tags: Improvements :pullreq: 11036 Compute step sizes for Query Minimization according to RFC 9156. .. change:: :tags: Bug Fixes :pullreq: 11030 :tickets: 11021 Make incoming TCP bookkeeping more correct.