Changelogs for 5.1.X¶
Before upgrading, it is advised to read the Upgrade Guide.
5.1.10¶
Released: 9th of February 2026Bug Fixes¶
Fix PowerDNS Security Advisory 2026-01: Crafted zones can lead to increased resource usage in Recursor.
¶References: pull request 16840
5.1.9¶
Released: 8th of December 2025Bug Fixes¶
Fix PowerDNS Security Advisory 2025-08: Insufficient validation of incoming notifies over TCP can lead to a denial of service in Recursor.
¶References: pull request 16616
5.1.8¶
Released: 22nd of October 2025Bug Fixes¶
Fix PowerDNS Security Advisory 2025-06: Crafted delegations or IP fragments can poison cached delegations in Recursor.
¶References: pull request 16341
5.1.7¶
Released: 29th of July 2025Bug Fixes¶
When using ZTC, do not store non-auth data if the name is subject to recursive forwarding.
¶References: #15651, #15652, pull request 15911
If a RPZ hit has a custom CNAME record, we should try harder to follow it.
¶References: #15893, pull request 15911
Fix protobufServer(.. {taggedOnly=true}) logic for cache-returned responses.
¶References: #15010, pull request 15909
5.1.6¶
Released: 21st of July 2025Bug Fixes¶
Fix PowerDNS Security Advisory 2025-04: A Recursor configured to send out ECS enabled queries can be sensitive to spoofing attempts.
¶References: pull request 15852
5.1.5¶
Released: This version was never made available publicly.5.1.4¶
Released: 9th of April 2025Improvements¶
If we see both a CNAME and answer records, follow CNAME and discard the answer records.
¶References: #15254, pull request 15280
Add new root trust anchor.
¶References: #14525, pull request 15215
5.1.3¶
Released: 5th of November 2024Improvements¶
Implement rfc6303 special zones (mostly v6 reverse mappings).
¶References: #14693, pull request 14774
Distinguish OS imposed limits from app imposed limits, specifically on chains.
¶References: #14554, pull request 14772
Bug Fixes¶
Avoid duplicated waiter ids for chained requests.
¶References: #14628, pull request 14773
json11: add include for cstdint.
¶References: #14549, #14550, pull request 14771
5.1.2¶
Released: 3rd of October 2024Bug Fixes¶
Security advisory 2024-04: CVE-2024-25590
¶References: pull request 14743
5.1.1¶
Released: 23rd of July 2024Improvements¶
Limit the number of async tasks pushed to resolve NS names and optimizer processing of additionals.
¶References: #14499, pull request 14501
Move default Docker config to YAML.
¶References: #14459, pull request 14477
Bug Fixes¶
Fix maintenanceCalls vs maintenanceCount in SNMP MIB.
¶References: #14514, pull request 14516
Dump right SOA into dumpFile and report non-relative SOA for includeSOA=true.
¶References: #14471, pull request 14481
Yahttp router: avoid unsigned underflow in match().
¶References: #14404, pull request 14478
5.1.0¶
Released: 10th of July 2024Bug Fixes¶
Fix typo in log message.
¶References: pull request 14435
Switch el7 builds to Oracle Linux 7
¶References: #14400, pull request 14402
Keep Lua config in Debian/Ubuntu package as existing setups might use it, even though a fresh one does not.
¶References: #14384, pull request 14389
5.1.0-rc1¶
Released: 25th of June 2024Improvements¶
Allow recursor.conf file to contain YAML to ease transition to YAML config.
¶References: #13935, pull request 14265, pull request 14374
Add nsName into outgoing protobuf request/response messages.
¶References: pull request 14318
Do not add UDR field to outgoingProtobuf answer messages
¶References: pull request 14312
Add options for ignoring domains for UDR purposes (Ensar Sarajčić).
¶References: pull request 14275
Make max CNAME chain length handled settable, previously fixed at 10.
¶References: pull request 14309
Bug Fixes¶
Don’t send double SOA record in the case of a dns64 CNAME that does not resolve.
¶References: #14362, pull request 14373
dns.cc: use pdns::views::UnsignedCharView.
¶References: #14356, pull request 14359
Fix TCP case for policy tags set by gettag(_ffi).
¶References: #13021, pull request 14346
Fix client remotes count when using proxy protocol.
¶References: pull request 14340
5.1.0-beta1¶
Released: 6th of June 2024Improvements¶
Add a few more fields to the protobuf messages.
¶References: #13020, pull request 14257
Handle authoritative servers slow to respond when load is high better.
¶References: pull request 14221, pull request 14258
Be a bit more strict with respect to positive answers expanded from a wildcard.
¶References: pull request 14206
Extra export types for protobuf messages.
¶References: pull request 14111
Various code cleanups and Coverity prompted fixes.
¶References: pull request 14259, pull request 14260, pull request 14262, pull request 14268
5.1.0-alpha1¶
Released: 15th of May 2024Improvements¶
Add possibility to set existing Lua config in YAML settings.
¶References: pull request 13819
Tidy iputils.hh and iputils.cc
¶References: pull request 14097, pull request 14139
Add interface (not subject to proxy protocol substitutions) addresses in Lua DNSQuestion and corresponding FFI.
¶References: #13730, pull request 14023
Add setting to exclude specific listen socket addresses from requiring proxy protocol.
¶References: #13948, pull request 14018
Use shared NOD (and/or UDR) DB, to avoid multiple copies in memory and on disk.
¶References: #13677, pull request 13969
Add feature to allow names (resolved by system resolver) in forwarding config.
¶References: #11393, pull request 13921
Enable 64-bit time_t on 32-bit systems with glibc-2.34 (Sven Wegener).
¶References: pull request 10933
Remove the possibility to disable structured logging.
¶References: pull request 13844
Add structured logging backend that uses JSON representation.
¶References: pull request 13842
Tidy recursor-lua4.cc and recursor-lua4.hh.
¶References: pull request 13889
Support v6 in FrameStreamLogger, including tidy.
¶References: pull request 13864
Tidy rpzloader.cc and .hh.
¶References: pull request 13861
Log if a dnssec related limit was hit (if log_bogus is set).
¶References: pull request 13824
Tidy ResolveContext class.
¶References: pull request 13746
Tidy filterpo.?? (reaching into iputils.hh as well).
¶References: pull request 13744
Introduce command to set aggressive NSEC cache size.
¶References: #13265, pull request 13504
RPZ from primary refactor and allow notifies for RPZs
¶References: #12777, pull request 13701
Use ref wrapper instead of raw pointer in variant.
¶References: pull request 13702
Fix a few coverity reports.
¶References: pull request 13706, pull request 13719
Cleanup of code doing SNMP OID handling.
¶References: pull request 13711
Allow out-of-tree builds (Chris Hofstaedtler)
¶References: pull request 13654
Fix country()/countryCode() mixup in example Lua Record documentation (Edward Dore)
¶References: pull request 13714
MTasker cleanup and move to recursordist.
¶References: pull request 13652
Lower default max-qperq limit.
¶References: #8646, pull request 13566
Bug Fixes¶
Configure.ac fixup: do not require bash (Eli Schwartz)
¶References: pull request 13596
FDWrapper: Do not try to close negative file descriptors.
¶References: pull request 14006
Fixup res-system-resolve.cc on FreeBSD: resolve.h needs netinet/in.h.
¶References: pull request 13985
Don’t throttle lame servers if they are marked as dontThrottle.
¶References: pull request 13919
Fix Coverity 1534473 Unintended sign extension.
¶References: pull request 13894
Don’t enter wildcard qnames into the cache in the ZoneToCache function.
¶References: pull request 13866
Fix Coverity issues in new RPZ code.
¶References: pull request 13741
Fix a potential null deref in MTasker::schedule().
¶References: pull request 13680