Changelogs for 4.8.X ==================== .. changelog:: :version: 4.8.8 :released: 24th of April 2024 .. change:: :tags: Bug Fixes :pullreq: `Security advisory 2024-02 `__: CVE-2024-25583 .. changelog:: :version: 4.8.7 :released: 7th of March 2024 .. change:: :tags: Bug Fixes :pullreq: 13797 :tickets: 13353 If serving stale, wipe CNAME records from cache when we get a NODATA negative response for them. .. change:: :tags: Bug Fixes :pullreq: 13799 Fix the zoneToCache regression introduced by SA 2024-01. .. change:: :tags: Bug Fixes :pullreq: 13854 :tickets: 13847 Fix gathering of denial of existence proof for wildcard-expanded names. .. change:: :tags: Improvements :pullreq: 13796 :tickets: 13387 Update new b-root-server.net addresses in built-in hints. .. changelog:: :version: 4.8.6 :released: 13th of February 2024 .. change:: :tags: Bug Fixes :pullreq: 13784 `Security advisory 2024-01 `__: CVE-2023-50387 and CVE-2023-50868 .. changelog:: :version: 4.8.5 :released: 25th of August 2023 .. change:: :tags: Bug Fixes :pullreq: 13158 :tickets: 13105 (I)XFR: handle partial read of len prefix. .. change:: :tags: Bug Fixes :pullreq: 13078 :tickets: 12892 YaHTTP: Prevent integer overflow on very large chunks. .. change:: :tags: Bug Fixes :pullreq: 13077 :tickets: 12935 Stop using the now deprecated ERR_load_CRYPTO_strings() to detect OpenSSL. .. change:: :tags: Bug Fixes :pullreq: 13076 :tickets: 12961 Work around Red Hat 8 misfeature in OpenSSL's headers. .. change:: :tags: Bug Fixes :pullreq: 13056 :tickets: 13021 Fix setting of policy tags for packet cache hits. .. changelog:: :version: 4.8.4 :released: 29th of March 2023 .. change:: :tags: Bug Fixes :pullreq: 12700 PowerDNS Security Advisory 2023-02: Deterred spoofing attempts can lead to authoritative servers being marked unavailable. .. changelog:: :version: 4.8.3 :released: 7th of March 2023 .. change:: :tags: Bug Fixes :pullreq: 12613 :tickets: 12595, 12610, 12611 Fix serve-stale logic to not cause intermittent high CPU load by: - correcting the removal of a negative cache entry, - correcting the serve-stale main loop with respect to exception handling and - correctly handle negcache entries with serve-state status. .. change:: :tags: Bug Fixes :pullreq: 12609 :tickets: 12598 Update validation state after a missing negative indication. .. change:: :tags: Improvements :pullreq: 12608 :tickets: 12495 Change a few logging urgency levels .. change:: :tags: Improvements :pullreq: 12607 :tickets: 12347 Use correct name for isEntryUsable(). Existing code used the right logic but wrong name. .. changelog:: :version: 4.8.2 :released: 31th of January 2023 .. change:: :tags: Bug Fixes :pullreq: 12475 :tickets: 12467 Do not use "message" as key, it has a special meaning to systemd-journal. .. change:: :tags: Bug Fixes :pullreq: 12457 :tickets: 12395 When using serve-stale, wrong data can be returned from negative cache and record cache (zjs604381586). .. change:: :tags: Bug Fixes :pullreq: 12456 :tickets: 12368 Add the 'parse packet from auth' error message to structured logging. .. change:: :tags: Bug Fixes :pullreq: 12455 :tickets: 12352 Refresh of negcache stale entry might use wrong qtype (zjs604381586). .. change:: :tags: Improvements :pullreq: 12418 :tickets: 12374 Make cache cleaning of record an negative cache more fair when under pressure. .. change:: :tags: Bug Fixes :pullreq: 12408 :tickets: 12407 Do not chain ECS enabled queries, it can cause the wrong scope to be used for outgoing queries. .. change:: :tags: Bug Fixes :pullreq: 12346 :tickets: 12317 Fix compilation on FreeBSD. Reported by HellSpawn. .. change:: :tags: Improvements :pullreq: 12345 :tickets: 12333 Do not report "not decreasing socket buf size" as an error. .. change:: :tags: Bug Fixes :pullreq: 12344 :tickets: 12260 Properly encode json string containing binary data. .. changelog:: :version: 4.8.1 :released: 20th of January 2023 .. change:: :tags: Bug Fixes :pullreq: 12442 Avoid unbounded recursion when retrieving DS records from some misconfigured domains. CVE-2023-22617. .. changelog:: :version: 4.8.0 :released: 12th of December 2022 .. change:: :tags: Bug Fixes :pullreq: 12293 :tickets: 12289 Refactor unsupported qtype code and make sure we ServFail on all unsupported qtypes. .. change:: :tags: Bug Fixes :pullreq: 12221 :tickets: 11776, 11376, 12078, 12219 Infra queries should not use refresh mode. .. changelog:: :version: 4.8.0-rc1 :released: 18th of November 2022 .. change:: :tags: Bug Fixes :pullreq: 12201 :tickets: 12189, 12199 Also consider recursive forward in the "forwarded DS should not end up in negCache" code. .. change:: :tags: Bug Fixes :pullreq: 12200 :tickets: 12198 Correct skip record condition in processRecords. .. change:: :tags: Bug Fixes :pullreq: 12197 :tickets: 12175 Get DS records with QName Minimization switched on. .. change:: :tags: Bug Fixes :pullreq: 12196 :tickets: 12194 Fix typo in structured logging key. .. changelog:: :version: 4.8.0-beta2 :released: 7th of November 2022 .. change:: :tags: Bug Fixes :pullreq: 12163 :tickets: 12155 Fix SNMP OID numbers for rcode stats. .. change:: :tags: Bug Fixes :pullreq: 12162 :tickets: 12122 Implement output operator for QTypes, avoids numeric qtypes in trace logs. .. change:: :tags: Bug Fixes :pullreq: 12161 :tickets: 12125 Handle IXFR connect and transfer timeouts. .. change:: :tags: Improvements :pullreq: 12146 :tickets: 12063 Only replace protobuf logger config objects if the reload changed them. .. change:: :tags: Improvements :pullreq: 12150 :tickets: 12140 Be more lenient replacing auth by non-auth records in cache. .. change:: :tags: Bug Fixes :pullreq: 12145 :tickets: 12081 Log invalid RPZ content when obtained via IXFR. .. change:: :tags: Bug Fixes :pullreq: 12147 :tickets: 12066 Detect invalid bytes in makeBytesFromHex(). .. changelog:: :version: 4.8.0-beta1 :released: 5th of October 2022 .. change:: :tags: Improvements :pullreq: 12047 Add support for NOD/UDR notifications using dnstap. .. change:: :tags: Bug Fixes :pullreq: 12048 Fix --config (should be equal to --config=default), followup to #11907. .. change:: :tags: Bug Fixes :pullreq: 12046 :tickets: 12044 Fix compilation of the event ports multiplexer. .. change:: :tags: Improvements :pullreq: 11903, 12049 :tickets: 11841 Protobuf and dnstap metrics, including rec_control subcommand to show them. .. change:: :tags: Bug Fixes :pullreq: 12038 When an expired NSEC3 entry is seen move it to the front of the expiry queue. .. change:: :tags: Improvements :pullreq: 11949 :tickets: 7164 Provide metrics for rcode received from authoritative servers. .. change:: :tags: Bug Fixes :pullreq: 12027 :tickets: 11958 If new data is auth and existing data is not, replace even if cache locking is active. .. change:: :tags: Improvements :pullreq: 11866 :tickets: 11648 Proxymapping metrics, including rec_control subcommand to show them. .. change:: :tags: Improvements :pullreq: 11909 Add querytime attribute to Lua DNSQuestion object, to see the time a query was received. .. change:: :tags: Improvements :pullreq: 11768 :tickets: 11766 Enable include-dir by default in RPM builds, to be in line with DEB builds (Frank Louwers). .. change:: :tags: Removals :pullreq: 11856 Remove XPF support. .. change:: :tags: Improvements :pullreq: 11989 Improve error message when invalid values for `local-address` are provided in recursor config file. .. change:: :tags: Improvements :pullreq: 12011 :tickets: 11999 Enable SNMP support for debian and ubuntu builds. .. change:: :tags: Improvements :pullreq: 12009 :tickets: 11998 Warn if snmp-agent is set but SNMP support is not available. .. change:: :tags: Improvements :pullreq: 11959 A few tweaks to structured logging calls. .. changelog:: :version: 4.8.0-alpha1 :released: 23rd of September 2022 .. change:: :tags: Improvements :pullreq: 11958 Lock record cache entries if enabled by :ref:`setting-record-cache-locked-ttl-perc`. .. change:: :tags: Improvements :pullreq: 11957 Use ``nullptr`` in ``getNSEC3PARAM`` + init ``bool`` at call site (Axel Viala). .. change:: :tags: Improvements :pullreq: 11953 :tickets: 11804 Axfr-retriever: abort on chunk with TC set. .. change:: :tags: Improvements :pullreq: 11955 Clarify return codes for the Lua hooks in the Recursor (Frank Louwers). .. change:: :tags: Improvements :pullreq: 11907 Recursor: Add ``--config[=check|=diff|=default]``. .. change:: :tags: Improvements :pullreq: 11776 Implement optional Serve stale functionality, enabled by :ref:`setting-serve-stale-extensions`.. .. change:: :tags: Improvements :pullreq: 11906 Implement padding of (DoT) messages to authoritative servers, if set by :ref:`setting-edns-padding-out` (default ``yes``). .. change:: :tags: Improvements :pullreq: 11800 Log socket directory path if there is a problem. .. change:: :tags: Bug Fixes :pullreq: 11862 :tickets: 11853 Libssl: Properly load ciphers and digests with OpenSSL 3.0. .. change:: :tags: Improvements :pullreq: 11823 Handle Lua script loading errors. .. change:: :tags: Improvements :pullreq: 11813 :tickets: 4979 Stop sending Server: header (Chris Hofstaedtler). .. change:: :tags: Bug Fixes :pullreq: 11867 :tickets: 11864 rec_control: test for ``--version`` before requiring an argument. .. change:: :tags: Improvements :pullreq: 11869 :tickets: 6981 Keep time and count metrics when maintenance is called. .. change:: :tags: Improvements :pullreq: 11849 Consider dns64 processing in more cases than ``Rcode == NoError``. .. change:: :tags: Bug Fixes :pullreq: 11672 Make rec zone files with trailing dot (phonedph1). .. change:: :tags: Improvements :pullreq: 11857 :tickets: 11855 Set ``rec_control_LDFLAGS``, needed for macOS or any platforms where libcrypto is not in default lib path. .. change:: :tags: Improvements :pullreq: 11812 Replace/remove jQuery (Chris Hofstaedtler) .. change:: :tags: Bug Fixes :pullreq: 11820 :tickets: 11818, 10079 Handle file related errors initially loading Lua script. .. change:: :tags: Improvements :pullreq: 11811 Remove unused ``jsrender.js`` (Chris Hofstaedtler). .. change:: :tags: Improvements :pullreq: 11780 :tickets: 11736 Save the last nameserver speed recorded plus output it in ``rec_control dump-nsspeeds``. .. change:: :tags: Improvements :pullreq: 11754 :tickets: 11734 Set ``TCP_NODELAY`` on in and outgoing TCP. .. change:: :tags: Improvements :pullreq: 11744 Remove > 5 check on TTL of glue from the cache. .. change:: :tags: Improvements :pullreq: 11854,11714,11710,11693,11681,11662,11654,11642,11631 Structured logging for various subsystems. .. change:: :tags: Improvements :pullreq: 11704,11779 Make edns table a sparse table. .. change:: :tags: Improvements :pullreq: 11601 Shared ednsmap. .. change:: :tags: Improvements :pullreq: 11682 :tickets: 2248 Load IPv6 entries from etc-hosts file. .. change:: :tags: Improvements :pullreq: 11660,11709 :tickets: 11705, 11706 Use ``systemd-journal`` for structured logging if it is available and set by :ref:`setting-structured-logging-backend`. .. change:: :tags: Improvements :pullreq: 11680,11671 :tickets: 11671,11654 Fix typos in stats log messages (Matt Nordhoff). .. change:: :tags: Improvements :pullreq: 11598 Shared throttle map. .. change:: :tags: Improvements :pullreq: 11381 Adaptive root refresh interval, normally at 80% of :ref:`setting-max-cache-ttl`.