Changelogs for 5.2.X¶
Before upgrading, it is advised to read the Upgrade Guide.
5.2.8¶
Released: 9th of February 2026Bug Fixes¶
Fix PowerDNS Security Advisory 2026-01: Crafted zones can lead to increased resource usage in Recursor.
¶References: pull request 16841
5.2.7¶
Released: 8th of December 2025Bug Fixes¶
Fix PowerDNS Security Advisory 2025-08: Insufficient validation of incoming notifies over TCP can lead to a denial of service in Recursor.
¶References: pull request 16617
5.2.6¶
Released: 22nd of October 2025Bug Fixes¶
Fix PowerDNS Security Advisory 2025-06: Crafted delegations or IP fragments can poison cached delegations in Recursor.
¶References: pull request 16340
5.2.5¶
Released: 29th of July 2025Improvements¶
Add a Lua function to get the config dir and name.
¶References: #15435, pull request 15906
Bug Fixes¶
If a RPZ hit has a custom CNAME record, we should try harder to follow it.
¶References: #15893, pull request 15908
When using ZTC, do not store non-auth data if the name is subject to recursive forwarding.
¶References: #15651, #15652, pull request 15907
Fix generation of recursor config if PDNS_RECURSOR_API_KEY is set.
¶References: #15367, #15368, pull request 15905
5.2.4¶
Released: 21st of July 2025Bug Fixes¶
Fix PowerDNS Security Advisory 2025-04: A Recursor configured to send out ECS enabled queries can be sensitive to spoofing attempts.
¶References: pull request 15851
5.2.3¶
Released: This version was never made available publicly.5.2.2¶
Released: 9th of April 2025Improvements¶
If we see both a CNAME and answer records, follow CNAME and discard the answer records.
¶References: #15254, pull request 15279
Switch back to serde_yaml as serde_yml is maintained poorly.
¶References: #15203, pull request 15212
Adjust Content-Type header for Prometheus endpoint to include version.
¶References: #15072, pull request 15211
Include cstdint to get uint64_t.
¶References: #15063, pull request 15210
Bug Fixes¶
Remove spurious ] in configure.ac.
¶References: #15023, pull request 15209
5.2.1¶
Released: 7th of April 2025Bug Fixes¶
Fix PowerDNS Security Advisory 2025-01 (CVE-2025-30195): A crafted zone can lead to an illegal memory access in the Recursor.
¶References: pull request 15396
5.2.0¶
Released: 14th of January 2025Improvements¶
Explicitly log port of listening addresses.
¶References: #15019, pull request 15020
Bug Fixes¶
Fix protobufServer(.. {taggedOnly=true}) logic for cache-returned responses (g0tar).
¶References: #15010, pull request 15015
5.2.0-rc1¶
Released: 13th of December 2024Improvements¶
Avoid local source port 4791 (zhaojs).
¶References: #14957, pull request 14962
Log only one line per protocol for listening sockets on startup.
¶References: pull request 14942
Skip the current zone when looking for a cut after an invalid DS denial proof
¶References: pull request 14943
Remove support for libdecaf.
¶References: #12953, pull request 14926
Sync Dockerfile build options with packages
¶References: #14915, pull request 14917
Coverity fixes, all minor optimizations
¶References: pull request 14896
Follow clippy’s code improvements advice, move static lib version to 5.2.0.
¶References: pull request 14895
Bug Fixes¶
Generate metrics files (also) where meson expects them.
¶References: pull request 14941
Reject hexadecimal blobs with odd number of characters.
¶References: pull request 14913
Followup to 14796: also call stop hook in 1 thread case.
¶References: pull request 14909
Fix register QType race.
¶References: pull request 14897
5.2.0-beta1¶
Released: 27th of November 2024Improvements¶
Add rec_control reload-yaml as an alias for reload-lua-config.
¶References: pull request 14852
Add header flags and edns version as fields in protobuf messages.
¶References: pull request 14852
Remember which query led to aggressive cache insert/update and show it in cache dump and traces.
¶References: #14855, pull request 14858
Several coverity reports, all low severity optimizations.
¶References: pull request 14847
Allow addresses to retrieve catalog zones and RPZs to be names (is system resolver is enabled).
¶References: pull request 14844
Better fd count estimates and move default incoming.max_tcp_client to 1024.
¶References: #14533, pull request 14838
Bug Fixes¶
Fix serial number inconsistency for RPZ dump files.
¶References: #14471, #14857, pull request 14863
5.2.0-alpha1¶
Released: 11th of November 2024Improvements¶
rec_control top* cleanup.
¶References: #13066, pull request 14825
Coverity-20241105 and one log level change.
¶References: pull request 14824
Add 38696 root anchor.
¶References: pull request 14525
Implement catalog zones to populate forwarding zones.
¶References: #12865, pull request 14759
Provide a few more Lua functions, most importantly record cache dump and load and hook when starting and stopping the recursor.
¶References: #8032, pull request 14796
Actively deprecate old style settings.
¶References: pull request 14809
Periodic stats cleanup and rename outqueries-per-query to outqueries-per-query-perc.
¶References: pull request 14816
Generate metrics related files from a single source.
¶References: pull request 14722
Notify_allowed should be processed for forward_zones and forward_zones_recurse.
¶References: pull request 14506
Implement rfc6303 special zones (mostly v6 reverse mappings).
¶References: pull request 14693
Give a more clear error message if the build fails because python was not found.
¶References: pull request 14697
Rust related version updates.
¶References: pull request 14653, pull request 14758
RPZ tweaks: log policyName on policyHit when updating root.
¶References: pull request 14694
Stop supporting ucontext flavor for context switching from out codebase. boost might still provide methods on some platforms using ucontext.
¶References: pull request 14651
Introduce a “too large” counter for the framestream remote logger.
¶References: pull request 14666
Move minimal boost version to 1.54.
¶References: pull request 14633
Rework auth response sanitize code.
¶References: pull request 14595
Rework the way tcp-in limits is maintained.
¶References: pull request 14606
Always include all stats for RPZs in Prometheus data (previously zero stats would be skipped).
¶References: #14522, pull request 14557
Limit the number of async tasks pushed to resolve NS names.
¶References: pull request 14499
Add meson build
¶References: #13987, pull request 14458, pull request 14487, pull request 14517, pull request 14678
Provide docker image with yml config file.
¶References: pull request 14459
Show throttle reason in rec_control dump-throttlemap.
¶References: pull request 14408
Fix coverity 1544951 copy_instead_of_move.
¶References: pull request 14386
Tidy AXFRRetriever::timeoutReadn.
¶References: pull request 14385
Cleanup read2n and mark unixDie as [[noreturn]].
¶References: pull request 14381
Bug Fixes¶
Fix a difference between record-cache hit and miss in some ServFail results if QName Minimization is enabled.
¶References: #14310, pull request 14822
Drop ref in mtasker when it is no longer needed.
¶References: pull request 14807
Only log MOADNSExceptions if logging.log_common_errors is true.
¶References: #14582, pull request 14611
Refactor version reporting code and write version to stdout.
¶References: #14455, pull request 14518
Dump right SOA into dumpFile and report non-relative SOA for includeSOA=true.
¶References: pull request 14471
Refactor sanitizeRecords and fix order dependency.
¶References: pull request 14430
Fix compile error on OPENSSL_VERSION_MAJOR < 3.
¶References: #14327, pull request 14419
Yahttp router: appease coverity with respect to unsigned underflow in match().
¶References: pull request 14404