Changelog

1.6.0 (March 28, 2024)

DEPLOYMENT NOTES

Catalog zones are only supported for PowerDNS Authoritative Server v4.9.0 and higher. Enable catalog zone support by setting ZONECONTROL_CATALOG_ZONE_SUPPORT to True in settings.py.

Note that a customer can have a custom ZONECONTROL_ALLOW_ZONE_KINDS set, if ZONE_KIND_PRODUCER and ZONE_KIND_CONSUMER are not in there the customer will not be able to add these zones through ZoneControl. (But will be able to use catalog functionality for existing Producer zones.)

Audit logging can now also be echoed to standard out or a file. This is disabled by default and can be enabled by setting ZONECONTROL_AUDITLOG_STDOUT to True in settings.py. By default this logging will be in JSON format but it is also possible to disable this and have plain text output; this is done by setting ZONECONTROL_JSON_LOGGING to False. (The intention is to switch to JSON logging output for ALL ZoneControl logging in some future major version.)

There’s now a showversion management command that will show the ZoneControl version for an official release. Otherwise it will show the hardcoded 0.0.123 value.

NEW FEATURES

  • Support for catalog zones (!301)

  • Add showversion management command (!304)

IMPROVEMENTS

  • Warn when chunk length is over 255 bytes for Lua records (!302)

  • Improve warning when loading zones that do not exist (!305)

  • Also, optionally, echo audit logging to standard out or a file (!307)

BUG FIXES

  • Improve error handling for Prometheus metrics code (!303)

  • Return 409 Conflict (like the Auth) instead of a stacktrace and internal server error when creating a zone that already exists (!306)

1.5.1 (November 1, 2023)

DEPLOYMENT NOTES

Prometheus metrics are now published on /metrics (the default for Prometheus and in our other products). By default this is turned off and can be turned on by setting ZONECONTROL_METRICS_ENABLED to True in settings.py. Accessing the metrics requires no authentication. The number of zones metric (zonecontrol_zones) is only exported when the caching of zones is enabled (ZONECONTROL_CACHE_ZONES = True).

BUG FIXES

  • Make sure users with RRSet limits cannot export zones (!296, !297)

  • Fix issue with Native staying the default in the background when removing it from ZONECONTROL_ALLOW_ZONE_KINDS (!295)

NEW FEATURES

  • Publish Prometheus metrics on /metrics (!298)

1.5.0 (October 2, 2023)

DEPLOYMENT NOTES

Zone names are now normalized when parsing them from the API or UI. In the past Curl scripts used for migrations at customers used zones without a dot at the end. These will still work but realize the zone will always get a dot at the end inside ZoneControl now.

Database tables for zone audit logs and zone history at customers may still have entries without a dot at the end. This release comes with a migration to append a dot to zones without a dot (at the end) in the audit log and zone history tables. Please test this migration in a non-production environment first!

The HTTP status response code for a successful POST call to api/v1/servers/«SERVER_ID»/zones has been changed from 200 to 201. This is the API call for creating a zone.

This might affect software and scripts that check for an exact 2xx status response instead of checking for a success response code.

It is now possible to override the Gunicorn config with an /etc/zonecontrol/gunicorn_overrides.py file. This procedure is similar to how it is done in the Platform Filter and is already implemented in the ZoneControl Ansible role.

BUG FIXES

  • Fix silent failure when adding a zone with non-canonical nameservers (no dot at the end) (!294)

  • Normalize zone names when receiving them from the API or UI (!286)

  • Make background opaque on template dropdown UI element (!285)

  • Check for AnonymousUser in more places, preventing stack traces (!284)

  • Make ZoneControl API status code for creating a zone equal that of the Authoritative API (!276)

NEW FEATURES

  • Support Gunicorn config overrides (!277)

IMPROVEMENTS

  • Remove the DNSSEC dialog flicker when opening a zone for the second (or more) time; this also removes a lot of errors on the dev console (!287)

  • Fix several build issues making them less flaky and faster (!289, !282, !281)

  • Adapt PDNS Auth API tests for ZoneControl, adding a new test suite (!280)

  • Add documentation for zone templates (!292)

1.4.2 (May 19, 2023)

DEPLOYMENT NOTES

ZONECONTROL_NSEC3PARAM_DEFAULT can be changed in settings.py, but it is advised to keep it at the default of "1 0 0 -".

BUG FIXES

  • Support for PEP 440 compliant version numbers so RPM packages built again (!270)

NEW FEATURES

  • NSEC3 support in DNSSEC settings for zones (!271)

IMPROVEMENTS

  • Added EL9 packages (!275)

  • Upload documentation from GitLab CI to docs.powerdns.com (!273)

  • Auth API docs are now proxied through ZoneControl (!272)

1.4.1 (September 2, 2022)

BUG FIXES

  • Fix quotes in LUA example record (!261)

  • App: hide PTR checkbox when auto PTRs are disabled (!261)

  • Fix crash due to double saving of audit logs (!261)

  • Fix editing of LUA records (ZC-156, !261)

1.4.0 (March 10, 2022)

From this release onwards Debian Buster is no longer supported.

NEW FEATURES

  • Admin option ZONECONTROL_SERVERS_READONLY (ZC-147, !259)

  • Allow disabling history. scheduling, comments and auditlog (ZC-147, !257)

IMPROVEMENTS

  • Upgrade to a Python 3.9 that we ship (ZC-150, !258)

1.3.4 (October 14, 2021)

BUG FIXES

  • Take the Server into account when displaying RRSet comments (ZC-144, !256)

1.3.3 (July 09, 2021)

NEW FEATURES

  • Implement the search API endpoint with permission checking (ZC-120, !249)

BUG FIXES

  • Stop frontend freezing when searching for template zones with many eligable zones (ZC-130, !253)

1.3.2 (March 25, 2021)

IMPROVEMENTS

  • Expose that ZoneControl does APIv1 on /api, as some clients use this information (ZC-117, !247)

BUG FIXES

  • Adding and editing a root zone (.) now works in the ZoneControl frontend (ZC-118, !248)

  • Fixed a broken shebang in /usr/share/zonecontrol/bin/manage.py in the Debian packages (!250)

1.3.1 (January 21, 2021)

NEW FEATURES

  • PostGreSQL support has been added and can be enabled by installing zonecontrol-postgresql (!245)

BUG FIXES

  • Zone names starting with an _ are no longer improperly escaped (ZC-98, !244)

IMPROVEMENTS

  • zonecontrol-cache has been split into a seperate package for Debian, as was the case for EL

1.3.0 (November 26, 2020)

  • Alpha 1: September 22, 2020

NEW FEATURES

  • zonecontrol-ldap package has been added for integration into LDAP/AD environments (ZC-93, !230)

BUG FIXES

  • Requests that trigger the creation of an Auditlog no longer fail when the User Agent string is too long (ZC-88, !228)

  • Ensure the API endpoints return Content-Type: application/json (ZC-92, !232)

IMPROVEMENTS

  • Add OPENPGPKEY help text (ZC-7, !233)

  • Update the link to the ALIAS record howto (!233)

  • Audit log now uses X-Forwarded-For header to get the remote IP address when ZoneControl is behind a proxy (ZC-91, !229)

  • Remove the proprietary HTTP Redirect record (!233)

1.2.0 (June 15, 2020)

  • Alpha 1: February 26 2020

  • Beta 1: March 16 2020

  • RC 1: April 22, 2020

NEW FEATURES

  • Implement automatic PTR record creation (ZC-42, !196)

  • The zones list can be cached in Redis, drastically improving performance of the web-interface when PowerDNS is serving many domains (!206)

    • This requires the zonecontrol-cache service to be running

    • This caching can be controlled by the the ZONECONTROL_CACHE_ZONES_* settings

  • The DNSSEC information is not longer requested by default for the zone-overview, improving performance of the frontend (!203)

    • This can be controlled with the ZONECONTROL_ZONE_OVERVIEW_DNSSEC configuration option

  • The ‘edited’ serial is now displayed in the zone-overview (ZC-40, !201)

  • New distribution support:

    • RHEL/CentOS/OL 8

    • Debian Buster

BUG FIXES

  • The slave notifications status is hidden for Native zones (ZC-52, !208)

  • Underscored records no longer appear in the wrong place in the interface (ZC-5, !207)

    • This also improves the display of rrset with the same owner name

IMPROVEMENTS

  • Permission management has been tightened (ZC-1, !194)

    • Users with these permissions and staff status can add users to their groups:

      • auth | group | Can change group

      • auth | user | Can change user

    • The same user can not see groups they don’t belong to

    • Staff users with ‘Can change user’ permissions can no longer - See or give staff status - See or give superuser status - Edit user permissions

    • No one but superuser can now edit - User permissions - Group permissions

    • Users can only see users from their groups in the user-admin, but they can add them to their groups in the group-admin

    • Several fields in the administrative interface have been hidden as a result

    • Zone and server permissions are now enforced for staff-users in the administrative backend (ZC-14, !216)

  • Several visuals in the frontend have been harmonized and improved (!215)

  • Django is updated to the latest LTS version, 2.2 (!204)

  • Javascript components are upgraded. Most importantly, Angular is now at version 7.2 (!193)

  • Documentation has been updated with all new features and sections on the permissions model

1.1.1 (July 10, 2019)

BUG FIXES

  • Don’t have an empty result when the per-RRset limits list is longer than 1 (!199)

1.1.0 (June 24, 2019)

  • Alpha 1: internal only

  • Alpha 2: internal only

  • Alpha 3: May 20 2019

  • Beta 1: May 23 2019

BREAKING CHANGES

  • Support for the PowerDNS Authoritative Server 4.0 has been dropped. (#146)

  • pkgs: Depend on the Python 3.6 from EPEL, not on the one from SCL (!186)

NEW FEATURES

  • Ability to limit the kinds of zones that are allowed to be created. By default, all 3 kinds are allowed. This limit can be set in the settings.py file by the system administrator. (!172)

  • The zone overview is paginated, showing 25 zones per page. (PDNS-37, !171)

  • The records overview is paginated, showing 200 records per page. (PDNS-37, !171)

  • PTR records can be automatically generated by appending a ‘*’ after the ip address. This feature can be disabled in the settings.py by the system administrator. (PDNS-158, PDNS-189, !174)

  • The zone settings dialog has been extended with buttons to queue NOTIFY messages (for master zones) and retrieve the zone (for slave zones). The system administrator can disable this feature in settings.py. (!173)

  • The DNSSEC dialog shows what kind of keys will be created once the user clicks “Enable DNSSEC”. (PDNS-39, !175)

  • An ‘advanced DNSSEC’ role permission has been added. Users with this permission have a tab in the DNSSEC dialog that allows manipulation of all keys. (PDNS-39, !175)

  • Per-RRSet role-based access control has been added. This feature allows roles to be restricted to records of certain names and types. By default, all records are allowed when a role has access to a zone. (PDNS-165, PDNS-35, !178)

BUG FIXES

  • Fix alert when attempting to add an internally managed record at the apex. (#169)

  • Ensure the UI shows ‘repeated’ zone names. (PDNS-206, #166)

  • Mark required textareas in forms. (#167)

1.0.1 (July 17, 2018)

NEW FEATURES

  • Implement rolebased API “pass through” (#128)

  • Comments for zone records (#122) - Tool to import comments from PowerDNS Authoritative Server

  • roles: Granular permissions for zone settings, DNSSEC and version restores (#104)

IMPROVEMENTS

  • pkg: Let yum figure out which mysql lib to pull in (#144)

  • pkg: Add MySQL support package for CentOS 7 (#127)

  • admin: More user-friendly role admin UI (#104)

  • dnssec: When enabling DNSSEC, the configured DNSSEC server defaults are now honored (#105)

BUG FIXES

  • Fix API error when adding or removing zone (#139)

  • Catch SOA entries that do not exist (#133)

  • backend: Fix 500 error when adding non-template zone (cf0393e)

  • builder: Fix missing styling in built packages, debian build fixes (#95)

1.0.0 (September 20, 2017)

First release.

NEW FEATURES

  • Zone version history and restore (#56)

  • Zone templates (#63)

  • builder: New build system, CentOS 7 and Debian Stretch packages (#70)

IMPROVEMENTS: - libs: Upgraded to Angular 4.3.6 and Webpack 3.5.5

BUG FIXES: - dnssec: Correct handling of ksk/zsk keys in UI (#65)