PowerDNS Security Advisory 2023-02: Deterred spoofing attempts can lead to authoritative servers being marked unavailable.¶
References: pull request 12701
Fix compilation of the event ports multiplexer.¶
References: #12046, pull request 12231
Correct skip record condition in processRecords.¶
References: #12198, pull request 12230
Also consider recursive forward in the “forwarded DS should not end up in negCache code.”¶
References: #12189, #12199, pull request 12227
Timeout handling for IXFRs as a client.¶
References: #12125, pull request 12190
Detect invalid bytes in makeBytesFromHex().¶
References: #12066, pull request 12173
Log invalid RPZ content when obtained via IXFR.¶
References: #12081, pull request 12171
When an expired NSEC3 entry is seen, move it to the front of the expiry queue.¶
References: #12038, pull request 12168
For zones having many NS records, we are not interested in all so take a sample.¶
References: #11904, pull request 11936
Also check qperq limit if throttling happened, as it increases counters.¶
References: #11848, pull request 11897
Failure to retrieve DNSKEYs of an Insecure zone should not be fatal.¶
References: #11890, pull request 11940
Fix recursor not responsive after Lua config reload.¶
References: #11850, pull request 11879
Clear the caches after loading authzones.¶
References: #11843, pull request 11847
Resize answer length to actual received length in udpQueryResponse.¶
References: #11773, pull request 11774
PowerDNS Security Advisory 2022-02: incomplete exception handling related to protobuf message generation.¶
References: pull request 11874, pull request 11877
Allow generic format while parsing zone files for ZoneToCache.¶
References: #11724, #11726, pull request 11750
Force gzip compression for debian packages (Zash).¶
References: #11735, pull request 11740
Run tasks from housekeeping thread in the proper way, causing queued DoT probes to run more promptly. Thanks to Jerry Lundström!¶
References: #11692, pull request 11748
Fix API issue when asking config values for allow-from or allow-notify-from.¶
References: #11609, pull request 11632
Prometheus #HELP texts: DNSSEC counters track responses sent, not actual validations performed.¶
References: #11539, pull request 11559
Fix DoT port and protocol used for probed authoritative servers.¶
References: #11541, pull request 11560
Fix Coverity 1487923 Out-of-bounds read (wrong use of sizeof).¶
References: #11536, pull request 11538
Probe authoritative servers for DoT support (experimental).¶
References: pull request 11487
Add deferred mode for retrieving additional records.¶
References: pull request 11492
Use boost::mult-index for nsspeed table and make it shared.¶
References: pull request 11484
Packet cache improvements: do not fill beyond limit and use strict LRU eviction method.¶
References: pull request 11312
Use nice format for timestamp printing.¶
References: pull request 11444
Only log “Unable to send NOD lookup” if log-common-errors is set.¶
References: #11440, pull request 11445
Remember parent NS set, to be able to fallback to it if needed.¶
References: pull request 11443
Proxy by table: allow a table based mapping of source address.¶
References: pull request 11396, pull request 11507
Update moment.min.js (path traversal fix; we are unaffected).¶
References: pull request 11524
Prevent segfault with empty allow-from-file and allow-from options (Sven Wegener).¶
References: pull request 11496
In the handler thread, call sd_notify() just before entering the main loop in RecursorThread.¶
References: pull request 11471
Distinguish between unreachable and timeout for throttling.¶
References: pull request 11405
Use correct task to clean outgoing TCP.¶
References: pull request 11397
Add Additional records to query results if appropriate and configured.¶
References: #11294, pull request 11302
Resolve AAAA for NS in an async task if applicable.¶
References: pull request 11294
Read the base Lua definitions into the Lua context for reading the Lua config.¶
References: pull request 11319
Add SNI information to outgoing DoT if available.¶
References: pull request 11307
Detect a malformed question early so we can drop it as soon as possible.¶
References: pull request 11305
Thread management re-factoring.¶
References: pull request 11252
Document changes to policy.DROP better and warn on using the now unsupported way.¶
References: #11287, pull request 11288
Allow disabling of processing root hints and lower log level of some related messages.¶
References: pull request 11283
Move two maps (failed servers and non-resolving nameservers) from thread_local to shared.¶
References: pull request 11269
A CNAME answer on DS query should abort DS retrieval.¶
References: pull request 11245
ZONEMD validation for Zone to Cache function.¶
References: pull request 11100, pull request 11189
By default, build with symbol visibility hidden.¶
References: #11178, pull request 11186
Update protozero to 1.7.1.¶
References: pull request 11164
Add Lua postresolve_ffi hook.¶
References: pull request 11074
Compute step sizes for Query Minimization according to RFC 9156.¶
References: pull request 11036
QType ADDR is supposed to be used internally only.¶
References: #11337, pull request 11338, pull request 11349
Fix unaligned access in murmur hash code used by the Newly Observed Domain feature.¶
References: pull request 11347
A Lua followCNAME result might need native dns64 processing.¶
References: #11320, pull request 11327
Use the Lua context stored in SyncRes when calling hooks.¶
References: #11289, pull request 11300
Make incoming TCP bookkeeping more correct.¶
References: #11021, pull request 11030