Changelog¶
1.6.3 (July 12, 2024)¶
DEPLOYMENT NOTES¶
The warning in the front-end when a Lua record chunk is longer than 255 bytes is now configurable and turned off by default (since it is not needed for Auth versions 5+). It can be turned on by setting ZONECONTROL_WARN_LUA_RECORD_LENGTH
to True
in settings.py
.
(To be more specific: This feature is specific to LMDB backends, and LMDB is mainly used with Cloud Control deployments. There’s a new setting in Auth 4.9.1 to not insert an extra space in Lua chunks. For Auth 4.9.1 this defaults to off but Cloud Control 2.6.3 overrides the default to on. Also from Auth 5 onwards the default is not to insert an extra space.)
NEW FEATURES¶
Show auth server errors in main (zones) screen (!318)
Swagger support (!317)
BUG FIXES¶
Change hotkey that interfered with searching in a page (!314)
IMPROVEMENTS¶
Add dropdown to select items per page for pagination (!316)
Make zones easier to select in the UI (!315)
Make Lua record length warning configurable (!313)
1.6.2 (May 21, 2024)¶
DEPLOYMENT NOTES¶
With the addition of auditing login and logouts a new configuration option has been added to also log failed login attempts. This can be done by setting ZONECONTROL_AUDITLOG_LOGFAIL
to True
in settings.py
. By default this is off because it looks a little out of place in the audit logs and it can lead to log spam drowning out useful entries. However we recognized this can be something customers might want.
BUG FIXES¶
Do not automatically add the user creating a group to the new group (!311)
IMPROVEMENTS¶
Add audit logging for users logging in and out (!312)
1.6.1 (April 23, 2024)¶
DEPLOYMENT NOTES¶
The option to set the password for Redis has been added by the addition of ZONECONTROL_CACHE_ZONES_PASSWORD
to settings.py
. By default it is set to None
which will give the same behaviour as previous ZoneControl versions.
IMPROVEMENTS¶
Add option for Redis password in cache config (!309)
1.6.0 (March 28, 2024)¶
DEPLOYMENT NOTES¶
Catalog zones are only supported for PowerDNS Authoritative Server v4.9.0 and higher. Enable catalog zone support by setting ZONECONTROL_CATALOG_ZONE_SUPPORT
to True
in settings.py
.
Note that a customer can have a custom ZONECONTROL_ALLOW_ZONE_KINDS
set, if ZONE_KIND_PRODUCER
and ZONE_KIND_CONSUMER
are not in there the customer will not be able to add these zones through ZoneControl. (But will be able to use catalog functionality for existing Producer zones.)
Audit logging can now also be echoed to standard out or a file. This is disabled by default and can be enabled by setting ZONECONTROL_AUDITLOG_STDOUT
to True
in settings.py
. By default this logging will be in JSON format but it is also possible to disable this and have plain text output; this is done by setting ZONECONTROL_JSON_LOGGING
to False
. (The intention is to switch to JSON logging output for ALL ZoneControl logging in some future major version.)
There’s now a showversion
management command that will show the ZoneControl version for an official release. Otherwise it will show the hardcoded 0.0.123
value.
NEW FEATURES¶
Support for catalog zones (!301)
Add
showversion
management command (!304)
IMPROVEMENTS¶
Warn when chunk length is over 255 bytes for Lua records (!302)
Improve warning when loading zones that do not exist (!305)
Also, optionally, echo audit logging to standard out or a file (!307)
BUG FIXES¶
Improve error handling for Prometheus metrics code (!303)
Return
409 Conflict
(like the Auth) instead of a stacktrace and internal server error when creating a zone that already exists (!306)
1.5.1 (November 1, 2023)¶
DEPLOYMENT NOTES¶
Prometheus metrics are now published on /metrics
(the default for Prometheus and in our other products). By default this is turned off and can be turned on by setting ZONECONTROL_METRICS_ENABLED
to True
in settings.py
. Accessing the metrics requires no authentication.
The number of zones metric (zonecontrol_zones
) is only exported when the caching of zones is enabled (ZONECONTROL_CACHE_ZONES = True
).
BUG FIXES¶
Make sure users with RRSet limits cannot export zones (!296, !297)
Fix issue with
Native
staying the default in the background when removing it fromZONECONTROL_ALLOW_ZONE_KINDS
(!295)
NEW FEATURES¶
Publish Prometheus metrics on
/metrics
(!298)
1.5.0 (October 2, 2023)¶
DEPLOYMENT NOTES¶
Zone names are now normalized when parsing them from the API or UI. In the past Curl scripts used for migrations at customers used zones without a dot at the end. These will still work but realize the zone will always get a dot at the end inside ZoneControl now.
Database tables for zone audit logs and zone history at customers may still have entries without a dot at the end. This release comes with a migration to append a dot to zones without a dot (at the end) in the audit log and zone history tables. Please test this migration in a non-production environment first!
The HTTP status response code for a successful POST
call to api/v1/servers/«SERVER_ID»/zones
has been changed from 200
to 201
. This is the API call for creating a zone.
This might affect software and scripts that check for an exact 2xx status response instead of checking for a success response code.
It is now possible to override the Gunicorn config with an /etc/zonecontrol/gunicorn_overrides.py
file. This procedure is similar to how it is done in the Platform Filter and is already implemented in the ZoneControl Ansible role.
BUG FIXES¶
Fix silent failure when adding a zone with non-canonical nameservers (no dot at the end) (!294)
Normalize zone names when receiving them from the API or UI (!286)
Make background opaque on template dropdown UI element (!285)
Check for AnonymousUser in more places, preventing stack traces (!284)
Make ZoneControl API status code for creating a zone equal that of the Authoritative API (!276)
NEW FEATURES¶
Support Gunicorn config overrides (!277)
IMPROVEMENTS¶
Remove the DNSSEC dialog flicker when opening a zone for the second (or more) time; this also removes a lot of errors on the dev console (!287)
Fix several build issues making them less flaky and faster (!289, !282, !281)
Adapt PDNS Auth API tests for ZoneControl, adding a new test suite (!280)
Add documentation for zone templates (!292)
1.4.2 (May 19, 2023)¶
DEPLOYMENT NOTES¶
ZONECONTROL_NSEC3PARAM_DEFAULT
can be changed in settings.py
, but it is advised to keep it at the default of "1 0 0 -"
.
BUG FIXES¶
Support for PEP 440 compliant version numbers so RPM packages built again (!270)
NEW FEATURES¶
NSEC3 support in DNSSEC settings for zones (!271)
IMPROVEMENTS¶
Added EL9 packages (!275)
Upload documentation from GitLab CI to docs.powerdns.com (!273)
Auth API docs are now proxied through ZoneControl (!272)
1.4.1 (September 2, 2022)¶
BUG FIXES¶
Fix quotes in LUA example record (!261)
App: hide PTR checkbox when auto PTRs are disabled (!261)
Fix crash due to double saving of audit logs (!261)
Fix editing of LUA records (ZC-156, !261)
1.4.0 (March 10, 2022)¶
From this release onwards Debian Buster is no longer supported.
NEW FEATURES¶
Admin option
ZONECONTROL_SERVERS_READONLY
(ZC-147, !259)Allow disabling history. scheduling, comments and auditlog (ZC-147, !257)
IMPROVEMENTS¶
Upgrade to a Python 3.9 that we ship (ZC-150, !258)
1.3.4 (October 14, 2021)¶
BUG FIXES¶
Take the Server into account when displaying RRSet comments (ZC-144, !256)
1.3.3 (July 09, 2021)¶
NEW FEATURES¶
Implement the search API endpoint with permission checking (ZC-120, !249)
BUG FIXES¶
Stop frontend freezing when searching for template zones with many eligable zones (ZC-130, !253)
1.3.2 (March 25, 2021)¶
IMPROVEMENTS¶
Expose that ZoneControl does APIv1 on
/api
, as some clients use this information (ZC-117, !247)
BUG FIXES¶
Adding and editing a root zone (
.
) now works in the ZoneControl frontend (ZC-118, !248)Fixed a broken shebang in
/usr/share/zonecontrol/bin/manage.py
in the Debian packages (!250)
1.3.1 (January 21, 2021)¶
NEW FEATURES¶
PostGreSQL support has been added and can be enabled by installing
zonecontrol-postgresql
(!245)
BUG FIXES¶
Zone names starting with an
_
are no longer improperly escaped (ZC-98, !244)
IMPROVEMENTS¶
zonecontrol-cache
has been split into a seperate package for Debian, as was the case for EL
1.3.0 (November 26, 2020)¶
Alpha 1: September 22, 2020
NEW FEATURES¶
zonecontrol-ldap
package has been added for integration into LDAP/AD environments (ZC-93, !230)
BUG FIXES¶
Requests that trigger the creation of an Auditlog no longer fail when the User Agent string is too long (ZC-88, !228)
Ensure the API endpoints return
Content-Type: application/json
(ZC-92, !232)
IMPROVEMENTS¶
Add OPENPGPKEY help text (ZC-7, !233)
Update the link to the ALIAS record howto (!233)
Audit log now uses X-Forwarded-For header to get the remote IP address when ZoneControl is behind a proxy (ZC-91, !229)
Remove the proprietary HTTP Redirect record (!233)
1.2.0 (June 15, 2020)¶
Alpha 1: February 26 2020
Beta 1: March 16 2020
RC 1: April 22, 2020
NEW FEATURES¶
Implement automatic PTR record creation (ZC-42, !196)
The zones list can be cached in Redis, drastically improving performance of the web-interface when PowerDNS is serving many domains (!206)
This requires the
zonecontrol-cache
service to be runningThis caching can be controlled by the the
ZONECONTROL_CACHE_ZONES_*
settings
The DNSSEC information is not longer requested by default for the zone-overview, improving performance of the frontend (!203)
This can be controlled with the
ZONECONTROL_ZONE_OVERVIEW_DNSSEC
configuration option
The ‘edited’ serial is now displayed in the zone-overview (ZC-40, !201)
New distribution support:
RHEL/CentOS/OL 8
Debian Buster
BUG FIXES¶
The slave notifications status is hidden for Native zones (ZC-52, !208)
Underscored records no longer appear in the wrong place in the interface (ZC-5, !207)
This also improves the display of rrset with the same owner name
IMPROVEMENTS¶
Permission management has been tightened (ZC-1, !194)
Users with these permissions and staff status can add users to their groups:
auth | group | Can change group
auth | user | Can change user
The same user can not see groups they don’t belong to
Staff users with ‘Can change user’ permissions can no longer - See or give staff status - See or give superuser status - Edit user permissions
No one but superuser can now edit - User permissions - Group permissions
Users can only see users from their groups in the user-admin, but they can add them to their groups in the group-admin
Several fields in the administrative interface have been hidden as a result
Zone and server permissions are now enforced for staff-users in the administrative backend (ZC-14, !216)
Several visuals in the frontend have been harmonized and improved (!215)
Django is updated to the latest LTS version, 2.2 (!204)
Javascript components are upgraded. Most importantly, Angular is now at version 7.2 (!193)
Documentation has been updated with all new features and sections on the permissions model
1.1.1 (July 10, 2019)¶
BUG FIXES¶
Don’t have an empty result when the per-RRset limits list is longer than 1 (!199)
1.1.0 (June 24, 2019)¶
Alpha 1: internal only
Alpha 2: internal only
Alpha 3: May 20 2019
Beta 1: May 23 2019
BREAKING CHANGES¶
Support for the PowerDNS Authoritative Server 4.0 has been dropped. (#146)
pkgs: Depend on the Python 3.6 from EPEL, not on the one from SCL (!186)
NEW FEATURES¶
Ability to limit the kinds of zones that are allowed to be created. By default, all 3 kinds are allowed. This limit can be set in the settings.py file by the system administrator. (!172)
The zone overview is paginated, showing 25 zones per page. (PDNS-37, !171)
The records overview is paginated, showing 200 records per page. (PDNS-37, !171)
PTR records can be automatically generated by appending a ‘*’ after the ip address. This feature can be disabled in the settings.py by the system administrator. (PDNS-158, PDNS-189, !174)
The zone settings dialog has been extended with buttons to queue NOTIFY messages (for master zones) and retrieve the zone (for slave zones). The system administrator can disable this feature in settings.py. (!173)
The DNSSEC dialog shows what kind of keys will be created once the user clicks “Enable DNSSEC”. (PDNS-39, !175)
An ‘advanced DNSSEC’ role permission has been added. Users with this permission have a tab in the DNSSEC dialog that allows manipulation of all keys. (PDNS-39, !175)
Per-RRSet role-based access control has been added. This feature allows roles to be restricted to records of certain names and types. By default, all records are allowed when a role has access to a zone. (PDNS-165, PDNS-35, !178)
BUG FIXES¶
Fix alert when attempting to add an internally managed record at the apex. (#169)
Ensure the UI shows ‘repeated’ zone names. (PDNS-206, #166)
Mark required textareas in forms. (#167)
1.0.1 (July 17, 2018)¶
NEW FEATURES¶
Implement rolebased API “pass through” (#128)
Comments for zone records (#122) - Tool to import comments from PowerDNS Authoritative Server
roles: Granular permissions for zone settings, DNSSEC and version restores (#104)
IMPROVEMENTS¶
pkg: Let yum figure out which mysql lib to pull in (#144)
pkg: Add MySQL support package for CentOS 7 (#127)
admin: More user-friendly role admin UI (#104)
dnssec: When enabling DNSSEC, the configured DNSSEC server defaults are now honored (#105)
BUG FIXES¶
Fix API error when adding or removing zone (#139)
Catch SOA entries that do not exist (#133)
backend: Fix 500 error when adding non-template zone (cf0393e)
builder: Fix missing styling in built packages, debian build fixes (#95)
1.0.0 (September 20, 2017)¶
First release.
NEW FEATURES¶
Zone version history and restore (#56)
Zone templates (#63)
builder: New build system, CentOS 7 and Debian Stretch packages (#70)
IMPROVEMENTS: - libs: Upgraded to Angular 4.3.6 and Webpack 3.5.5
BUG FIXES: - dnssec: Correct handling of ksk/zsk keys in UI (#65)