Changelogs for 4.2.x¶

4.2.5¶

Bug Fixes¶

• Backport of CVE-2020-25829: Cache pollution.

  ¶

  References: pull request 9603

• Raise an exception on invalid content in unknown records.

  ¶

  References: #9497, pull request 9508

• Boost 1.73 moved boost::bind placeholders to the placeholders namespace.

  ¶

  References: #9070, pull request 9502

• Fix the parsing of dont-throttle-netmasks in the presence of dont-throttle-names.

  ¶

  References: #9454, pull request 9456

• Resize hostname to final size in getcarbonhostname().

  ¶

  References: pull request 9368

4.2.4¶

Bug Fixes¶

• Validate cached DNSKEYs against the DSs, not the RRSIGs only.

  ¶

  References: #9309, pull request 9334

• Ignore cache-only for DNSKEYS/DS retrieval.

  ¶

  References: #9297, pull request 9333

• A ServFail while retrieving DS/DNSKEY records is just that.

  ¶

  References: #9292, pull request 9332

• Refuse DS records received from child zones.

  ¶

  References: #9188, pull request 9331

• Better exception handling in housekeeping/handlePolicyHit.

  ¶

  References: #9268, pull request 9306

4.2.3¶

Improvements¶

• Fix build with gcc-10

  ¶

  References: #8640, pull request 9123

Bug Fixes¶

• Backport of CVE-2020-14196: Enforce webserver ACL.

  ¶

  References: pull request 9284

• Copy the negative cache entry before validating it.

  ¶

  References: #9251, pull request 9261

• Fix compilation on systems that do not define HOST_NAME_MAX.

  ¶

  References: #9127, pull request 9133

4.2.2¶

Improvements¶

• Add ubuntu focal target.

  ¶

  References: pull request 9081

• Only log qname parsing errors when ‘log-common-errors’ is set.

  ¶

  References: pull request 8869

Bug Fixes¶

• Backport of security fixes for CVE-2020-10995, CVE-2020-12244 and CVE-2020-10030, plus avoid a crash when loading an invalid RPZ.

  ¶

  References: pull request 9116

• Refuse NSEC records with a bitmap length > 32.

  ¶

  References: pull request 8832

• Avoid startup race by setting the state of a tread before starting it.

  ¶

  References: pull request 8802

• Better detection of Bogus zone cuts for DNSSEC validation.

  ¶

  References: pull request 8696

• Fix parsing dont-throttle-names and dont-throttle-netmasks as comma separated lists.

  ¶

  References: pull request 8686

misc¶

• Update gen-version to use latest tag for version number.

  ¶

  References: pull request 8988

• Update boost.m4.

  ¶

  References: #8875, pull request 8752, pull request 8964

• Debian postinst / do not fail on user creation if it already exists.

  ¶

  References: pull request 8674

4.2.1¶

Improvements¶

• Add CentOS 8 as builder target

  ¶

  References: pull request 8427

• Update boost.m4

  ¶

  References: pull request 8124

• Add deviceName field to protobuf messages

  ¶

  References: #8101, pull request 8187

• Test improvements (Chris Hofstaedtler)

  ¶

  References: #8008, #8047, pull request 8121

• Builder: add raspbian-buster target

  ¶

  References: pull request 8086

Bug Fixes¶

• Purge map of failed auths periodically by keeping a last changed timestamp.

  ¶

  References: pull request 8552

• Prime NS records of root-servers.net parent (.net)

  ¶

  References: pull request 8528

• Issue with “zz” abbreviation for IPv6 RPZ triggers

  ¶

  References: pull request 8493

• Basic validation of $GENERATE parameters

  ¶

  References: pull request 8452

• Fix inverse handler registration logic for SNMP.

  ¶

  References: pull request 8230

4.2.0¶

Improvements¶

• Clear CMSG_SPACE(sizeof(data)) in cmsghdr to appease valgrind

  ¶

  References: #7981, pull request 8005

Bug Fixes¶

• Make sure we always compile with BOOST_CB_ENABLE_DEBUG set to 0

  ¶

  References: pull request 8074

• Limit compression pointers to 14 bits

  ¶

  References: pull request 8052

misc¶

• Fix the export of only outgoing queries or incoming responses

  ¶

  References: pull request 8009

4.2.0-rc2¶

Improvements¶

• Compare the CacheKey type and place first then the name

  ¶

  References: pull request 7939

Bug Fixes¶

• Handle short reads from our random device

  ¶

  References: pull request 7955

• Check if -latomic is needed instead of hardcoding

  ¶

  References: pull request 7953

• Don’t mix time() and gettimeofday() in our unit tests

  ¶

  References: pull request 7931

• SuffixMatchTree fixes

  ¶

  References: pull request 7954

4.2.0-rc1¶

Improvements¶

• Use net-snmp-config --netsnmp-agent-libs instead of --agent-libs.

  ¶

  References: pull request 7818

Bug Fixes¶

• Fix the detection of snmp_select_info2().

  ¶

  References: pull request 7826

• Ensure a valid range to string() in PacketReader::getUnquotedText()

  ¶

  References: #7272, pull request 7813

4.2.0-beta1¶

New Features¶

• Add a new max-cache-bogus-ttl option.

  ¶

  References: #7445, pull request 7478

• Implement a way to disallow throttling of auths.

  ¶

  References: pull request 7480

• ECS cache limit with TTL.

  ¶

  References: pull request 7631

• Use a bounded load balancing algo to distribute queries.

  ¶

  References: pull request 7507

Improvements¶

• Add a distribution-pipe-buffer-size setting.

  ¶

  References: pull request 7571

• Add protobuf-use-kernel-timestamp for sharper latencies.

  ¶

  References: pull request 7508

• Ignore path MTU discovery on UDP server socket.

  ¶

  References: pull request 7410

• Set --enable-option-checking=fatal on all package builds, enable SNMP in RPMS.

  ¶

  References: #7671, pull request 7669

• This provides cpu usage statistics per thread (worker & distributor).

  ¶

  References: pull request 7649

• Add a new ecs-minimum-ttl-override setting.

  ¶

  References: pull request 7574

• Utility::random() and srandom() are not used anymore.

  ¶

  References: pull request 7484

• Add rec statistics about ECS response sizes, API endpoint to get a specific stat.

  ¶

  References: #7498, pull request 7504

• Move back to malloc on !openbsd. Doing mmap/munmap all the time hurts…

  ¶

  References: pull request 7583

• Set ip(v6)_recverr socket option to get notified of more than just port unreachable errors on Linux.

  ¶

  References: pull request 7540

• Change the way getRealMemUsage() works on Linux (using statm).

  ¶

  References: pull request 7502

• Lua: expose dns_random as pdnsrandom.

  ¶

  References: #6853, pull request 7492

• Add an option to not override custom RPZ types with the default policy.

  ¶

  References: pull request 7476

• Resync YaHTTP code to cmouse/yahttp@11be77a1fc4032. (Chris Hofstaedtler)

  ¶

  References: pull request 7433

Bug Fixes¶

• Fix DNSSEC validation of non-expanded wildcards.

  ¶

  References: pull request 7714

• Add DNAME support.

  ¶

  References: #6318, pull request 6341

• Move replaced negcache entries to the back of the expunge queue.

  ¶

  References: pull request 7730

• Fix the cache cleaning code being only run once for workers.

  ¶

  References: pull request 7731

• Alternative solution to the unaligned accesses.

  ¶

  References: pull request 7708

• ednsoptionview improvements.

  ¶

  References: pull request 7652

• Add missing getregisteredname Lua function. (Aki Tuomi)

  ¶

  References: pull request 7589

• Correctly interpret an empty AXFR response to an IXFR query.

  ¶

  References: pull request 7494

4.2.0-alpha1¶

Initial 4.2.x release, please see the blog post: https://blog.powerdns.com/2019/02/01/changes-in-the-powerdns-recursor-4-2-0/