Before upgrading, it is advised to read the Upgrade Guide.
Fix PowerDNS Security Advisory 2025-04: A Recursor configured to send out ECS enabled queries can be sensitive to spoofing attempts.¶
References: pull request 15852
If we see both a CNAME and answer records, follow CNAME and discard the answer records.¶
References: #15254, pull request 15280
Add new root trust anchor.¶
References: #14525, pull request 15215
Implement rfc6303 special zones (mostly v6 reverse mappings).¶
References: #14693, pull request 14774
Distinguish OS imposed limits from app imposed limits, specifically on chains.¶
References: #14554, pull request 14772
Avoid duplicated waiter ids for chained requests.¶
References: #14628, pull request 14773
json11: add include for cstdint.¶
References: #14549, #14550, pull request 14771
Security advisory 2024-04: CVE-2024-25590¶
References: pull request 14743
Limit the number of async tasks pushed to resolve NS names and optimizer processing of additionals.¶
References: #14499, pull request 14501
Move default Docker config to YAML.¶
References: #14459, pull request 14477
Fix maintenanceCalls vs maintenanceCount in SNMP MIB.¶
References: #14514, pull request 14516
Dump right SOA into dumpFile and report non-relative SOA for includeSOA=true.¶
References: #14471, pull request 14481
Yahttp router: avoid unsigned underflow in match().¶
References: #14404, pull request 14478
Fix typo in log message.¶
References: pull request 14435
Switch el7 builds to Oracle Linux 7¶
References: #14400, pull request 14402
Keep Lua config in Debian/Ubuntu package as existing setups might use it, even though a fresh one does not.¶
References: #14384, pull request 14389
Allow recursor.conf file to contain YAML to ease transition to YAML config.¶
References: #13935, pull request 14265, pull request 14374
Add nsName into outgoing protobuf request/response messages.¶
References: pull request 14318
Do not add UDR field to outgoingProtobuf answer messages¶
References: pull request 14312
Add options for ignoring domains for UDR purposes (Ensar Sarajčić).¶
References: pull request 14275
Make max CNAME chain length handled settable, previously fixed at 10.¶
References: pull request 14309
Don’t send double SOA record in the case of a dns64 CNAME that does not resolve.¶
References: #14362, pull request 14373
dns.cc: use pdns::views::UnsignedCharView.¶
References: #14356, pull request 14359
Fix TCP case for policy tags set by gettag(_ffi).¶
References: #13021, pull request 14346
Fix client remotes count when using proxy protocol.¶
References: pull request 14340
Add a few more fields to the protobuf messages.¶
References: #13020, pull request 14257
Handle authoritative servers slow to respond when load is high better.¶
References: pull request 14221, pull request 14258
Be a bit more strict with respect to positive answers expanded from a wildcard.¶
References: pull request 14206
Extra export types for protobuf messages.¶
References: pull request 14111
Various code cleanups and Coverity prompted fixes.¶
References: pull request 14259, pull request 14260, pull request 14262, pull request 14268
Add possibility to set existing Lua config in YAML settings.¶
References: pull request 13819
Tidy iputils.hh and iputils.cc¶
References: pull request 14097, pull request 14139
Add interface (not subject to proxy protocol substitutions) addresses in Lua DNSQuestion and corresponding FFI.¶
References: #13730, pull request 14023
Add setting to exclude specific listen socket addresses from requiring proxy protocol.¶
References: #13948, pull request 14018
Use shared NOD (and/or UDR) DB, to avoid multiple copies in memory and on disk.¶
References: #13677, pull request 13969
Add feature to allow names (resolved by system resolver) in forwarding config.¶
References: #11393, pull request 13921
Enable 64-bit time_t on 32-bit systems with glibc-2.34 (Sven Wegener).¶
References: pull request 10933
Remove the possibility to disable structured logging.¶
References: pull request 13844
Add structured logging backend that uses JSON representation.¶
References: pull request 13842
Tidy recursor-lua4.cc and recursor-lua4.hh.¶
References: pull request 13889
Support v6 in FrameStreamLogger, including tidy.¶
References: pull request 13864
Tidy rpzloader.cc and .hh.¶
References: pull request 13861
Log if a dnssec related limit was hit (if log_bogus is set).¶
References: pull request 13824
Tidy ResolveContext class.¶
References: pull request 13746
Tidy filterpo.?? (reaching into iputils.hh as well).¶
References: pull request 13744
Introduce command to set aggressive NSEC cache size.¶
References: #13265, pull request 13504
RPZ from primary refactor and allow notifies for RPZs¶
References: #12777, pull request 13701
Use ref wrapper instead of raw pointer in variant.¶
References: pull request 13702
Fix a few coverity reports.¶
References: pull request 13706, pull request 13719
Cleanup of code doing SNMP OID handling.¶
References: pull request 13711
Allow out-of-tree builds (Chris Hofstaedtler)¶
References: pull request 13654
Fix country()/countryCode() mixup in example Lua Record documentation (Edward Dore)¶
References: pull request 13714
MTasker cleanup and move to recursordist.¶
References: pull request 13652
Lower default max-qperq limit.¶
References: #8646, pull request 13566
Configure.ac fixup: do not require bash (Eli Schwartz)¶
References: pull request 13596
FDWrapper: Do not try to close negative file descriptors.¶
References: pull request 14006
Fixup res-system-resolve.cc on FreeBSD: resolve.h needs netinet/in.h.¶
References: pull request 13985
Don’t throttle lame servers if they are marked as dontThrottle.¶
References: pull request 13919
Fix Coverity 1534473 Unintended sign extension.¶
References: pull request 13894
Don’t enter wildcard qnames into the cache in the ZoneToCache function.¶
References: pull request 13866
Fix Coverity issues in new RPZ code.¶
References: pull request 13741
Fix a potential null deref in MTasker::schedule().¶
References: pull request 13680