Changelogs for 4.5.X¶

4.5.4¶

Released: 2nd of July 2021, 4.5.3 was never released publicly.

Bug Fixes¶

Make sure that we pass the SOA along the NSEC(3) proof for DS queries.¶
References: pull request 10519

4.5.2¶

Released: 9th of June 2021

Improvements¶

Change nsec3-max-iterations default to 150.¶
References: #10440, pull request 10477
For the NOD lookup case, we don’t want QName Minimization.¶
References: #10420, pull request 10422

Bug Fixes¶

Don’t follow referral from the parent to the child for DS queries.¶
References: #10460, pull request 10476
When refreshing, do not consider root almost expired.¶
References: #10426, pull request 10475
Take into account q_quiet when determining loglevel and change a few loglevels.¶
References: #10396, pull request 10474
Only add the NSEC and RRSIG records once in wildcard NODATA answers.¶
References: #10350, pull request 10473

4.5.1¶

Released: 11th of May 2021

Bug Fixes¶

Prevent a race in the aggressive NSEC cache.¶
References: pull request 10377

4.5.0¶

Released: Never released publicly.

Bug Fixes¶

Apply dns64 on RPZ hits generated after a gettag_ffi hit.¶
References: pull request 10353

4.5.0-rc1¶

Released: 28th of April 2021

Improvements¶

Boost 1.76 containers: use standard exceptions.¶
References: #10329, pull request 10335
Fix wording in edns-padding-tag help.¶
References: #10318, pull request 10334
Improve packet cache size computation now that TCP answers are also cached.¶
References: #10312, pull request 10333
Print the covering NSEC in tracing log.¶
References: #10298, pull request 10307

Bug Fixes¶

Do not put results of DS query for auth or forward domains in negcache.¶
References: #10317, pull request 10320
Use the correct ECS address when proxy-protocol is enabled.¶
References: #10303, pull request 10319
Exception loading the RPZ seed file is not fatal.¶
References: #10291, pull request 10306
RPZ dumper: stop generating double zz labels on networks that start with zeroes.¶
References: #10286, pull request 10305

4.5.0-beta2¶

Released: 14th of April 2021

Improvements¶

Log local IP in dnstap messages.¶
References: #10268, pull request 10280
Also disable PMTU for IPv6.¶
References: #10264, pull request 10279

Bug Fixes¶

Clear “from” in record cache if we don’t know where the update came from.¶
References: #10232, pull request 10278
Better handling of stranded DNSKeys.¶
References: #10223, pull request 10277

4.5.0-beta1¶

Released: 26th of March 2021

Improvements¶

Support TCP FastOpen connect on outgoing connections.¶
References: #7982, pull request 9995
Implement EDNS0 padding (rfc7830) for outgoing responses.¶
References: pull request 8918
Get rid of early zone cut computation when doing DNSSEC validation.¶
References: pull request 10057
Insert hints as non-auth into cache.¶
References: #10177, pull request 10182
Don’t pick up random root NS records from AUTHORITY sections.¶
References: #10125, pull request 10178
Using DATA to report memory usage is unreliable, start using RES instead, as it seems reliable and relevant.¶
References: #7591, pull request 10161

Bug Fixes¶

Make sure we take the right minimum for the packet cache TTL data.¶
References: pull request 10185

4.5.0-alpha3¶

Released: 9th of March 2021

Improvements¶

Check sizeof(time_t) to be at least 8.¶
References: pull request 10010
Change dnssec default to process.¶
References: pull request 10118
Implement rfc 8198 - Aggressive Use of DNSSEC-Validated Cache.¶
References: pull request 10047
Be less verbose telling we are looking up CNAMEs or DNAMEs while tracing.¶
References: pull request 10112
Add validation state to protobuf message.¶
References: #8587, pull request 10113
Add Policy Kind / RPZ action to Protobuf messages.¶
References: #9654, #9653, pull request 10109
Count DNSSEC stats for given names in a different set of counters.¶
References: #10058, pull request 10089
Remember non-resolving nameservers.¶
References: pull request 10096
Pass an fd to dump to from rec_control to the recursor.¶
References: pull request 9468
Introduce settings to never cache EDNS Client (v4/v6) Subnet carrying replies.¶
References: pull request 10075
Change spoof-nearmiss-max default to 1.¶
References: #9845, pull request 10077
Add missing entries to Prometheus metrics.¶
References: #10021, pull request 10022
Also use packetcache for tcp queries.¶
References: pull request 9990
Document taskqueue metrics and add them to SNMP MIB.¶
References: #10009, pull request 10020
Treat the .localhost domain as special.¶
References: pull request 9996

Bug Fixes¶

Handle policy (if needed) after postresolve and document the hooks better.¶
References: #10080, pull request 10111
Return current rcode instead of 0 if there are no CNAME records to follow.¶
References: #9547, pull request 10064

4.5.0-alpha2¶

Released: This release was never made public.

4.5.0-alpha1¶

Released: 15th of January 2021

Improvements¶

Introduce “Refresh almost expired” a mechanism to keep the record cache warm.¶
References: #440, pull request 9699
Use protozero for Protocol Buffer operations in dnsdist, and dnstap/outgoing for the recursor.¶
References: #9780, #9781, pull request 9843, pull request 9630
Use a short-lived NSEC3 hashes cache for denial validation.¶
References: pull request 9856
Introduce synonyms for offensive language in settings and docs.¶
References: pull request 9670
Handle failure to start the web server more gracefully.¶
References: #9808, pull request 9812
Switch default TTL override to 1.¶
References: pull request 9720
Log the exact Bogus state when ‘dnssec-log-bogus’ is enabled.¶
References: pull request 9806 9828
Switch to TCP in case of spoofing (near-miss) attempts.¶
References: pull request 9744
Add support for rfc8914: Extended DNS Errors.¶
References: pull request 9673
Two OpenBSD improvements for UDP sockets: port randomization and EAGAIN errors.¶
References: pull request 9633
Cleanup of RPZ refresh handling.¶
References: pull request 9594
Refactor the percentage computation and use rounding.¶
References: pull request 9629
Throttle servers sending invalid data and rcodes.¶
References: pull request 9571
Terminate TCP connections instead of ‘ignoring’ errors.¶
References: pull request 9572
Don’t parse any config with –version.¶
References: pull request 9569
Expose typed cache flush via Web API.¶
References: pull request 9562
Remove query-local-address6.¶
References: pull request 9554
Lua: add backtraces to errors.¶
References: pull request 8942
Log the line received from rec_control.¶
References: pull request 9493
Shared and sharded neg cache.¶
References: pull request 9475

Bug Fixes¶

Lookup DS entries before CNAME entries.¶
References: #9621, pull request 9883
Fix the gathering of denial proof for wildcard-expanded answers.¶
References: pull request 9793
Actually discard invalid RRSIGs with too high labels count.¶
References: pull request 9789
x-our-latency is a gauge.¶
References: #9638, pull request 9686
Make parse ip:port a bit smarter.¶
References: #7743, pull request 9432
Fix wipe-cache-typed.¶
References: pull request 9515
Detach snmp thread to avoid trouble when trying to quit nicely.¶
References: pull request 9492

Contents

Previous topic

Next topic

This Page

Changelogs for 4.5.X¶

4.5.4¶

Bug Fixes¶

4.5.2¶

Improvements¶

Bug Fixes¶

4.5.1¶

Bug Fixes¶

4.5.0¶

Bug Fixes¶

4.5.0-rc1¶

Improvements¶

Bug Fixes¶

4.5.0-beta2¶

Improvements¶

Bug Fixes¶

4.5.0-beta1¶

Improvements¶

Bug Fixes¶

4.5.0-alpha3¶

Improvements¶

Bug Fixes¶

4.5.0-alpha2¶

4.5.0-alpha1¶

Improvements¶

Bug Fixes¶