Changelogs for 4.4.x ==================== .. changelog:: :version: 4.4.3 :released: 25th of March 2022 This is a security fix release for :doc:`PowerDNS Security Advisory 2022-01 <../security-advisories/powerdns-advisory-2022-01>`. Additionally, because CentOS 8 is End Of Life now, we have switched those builds to Oracle Linux 8. The resulting packages are compatible with RHEL and all derivatives. .. change:: :tags: Bug Fixes :pullreq: 11453 Fix validation of incremental zone transfers (IXFRs). .. changelog:: :version: 4.4.2 :released: 25th of November 2021 This is version 4.4.2 of the Authoritative Server. It fixes one issue. .. change:: :tags: Bug Fixes :pullreq: 11004 RFC2136/nsupdate: apply new TTL to whole RRset, not only to the added record .. changelog:: :version: 4.4.1 :released: 8th of February 2021 This is version 4.4.1 of the Authoritative Server. This releases fixes several small issues discovered since the release of 4.4.0. .. change:: :tags: Bug Fixes :pullreq: 10008 fix TCP answer counters .. change:: :tags: Improvements :pullreq: 9965 debian packaging update .. change:: :tags: Bug Fixes :pullreq: 10039 run deleteDomain() inside a transaction .. change:: :tags: Bug Fixes :pullreq: 9985 lmdb: do not reuse backend that has seen corrupted data .. change:: :tags: Improvements :pullreq: 9953 dockerfiles: do not claim equivs-dummy is built from the pdns source package .. change:: :tags: Improvements :pullreq: 9952 Fix missing #include for gcc-11 .. change:: :tags: Bug Fixes :pullreq: 9949 lmdb: serialise LMDBBackend construction to ensure only a single schema upgrade is attempted .. change:: :tags: Improvements :pullreq: 9946 lmdb: Do a mdb_readers_check to clean up stale readers on database load .. change:: :tags: Bug Fixes :pullreq: 9923 backport some asan/ubsan fixes .. change:: :tags: Bug Fixes :pullreq: 9912 pdnsutil edit-zone: do not exit on ZoneParser exception .. changelog:: :version: 4.4.0 :released: 18th of December 2020 This is version 4.4.0 of the Authoritative Server. This release drops GSS/TSIG support, please see :doc:`PowerDNS Security Advisory 2020-06 <../security-advisories/powerdns-advisory-2020-06>`. Version 4.4.0 brings a bunch of exciting changes: * the LMDB backend now supports long record content, making it production ready for everybody * the SVCB and HTTPS record types are supported, with limited additional processing * transaction handling in the 2136 handler and the HTTP API was again improved a lot, avoiding various spurious issues users may have noticed if they do a lot of changes * a new setting (:ref:`setting-consistent-backends`) offers a roughly 30% speedup, subject to conditions * we finally emit Prometheus metrics! We want to specifically thank Robin Geuze, Kees Monshouwer, Mischan Toosarani-Hausberger, Chris Hofstaedtler, and Kevin Fleming for their contributions to this release. We are also grateful to all other reporters of bugs, issues, feature requests, and submitters of smaller fixes and features. Please make sure to read the :doc:`upgrade notes <../upgrading>` before upgrading. .. change:: :tags: Bug Fixes :pullreq: 9884 clear the LMDB set state when performing a new lookup or list to prevent corruption cases (Robin Geuze) .. change:: :tags: Bug Fixes :pullreq: 9878 SVCB: Correctly parse and print unknown params .. change:: :tags: Bug Fixes :pullreq: 9873 fix direct-dnskey in AXFR-out (Kees Monshouwer) .. change:: :tags: Improvements :pullreq: 9866 don't log trusted-notification-proxy notify at error level (Kees Monshouwer) .. change:: :tags: Improvements :pullreq: 9853 Stop using incbin and use od & sed to generate constant string data. .. changelog:: :version: 4.4.0-rc1 :released: 7th of December 2020 This is the first Release Candidate for version 4.4.0 of the Authoritative Server. If no trouble surfaces, we will release the actual 4.4.0 within a few weeks. This release drops GSS/TSIG support, please see :doc:`PowerDNS Security Advisory 2020-06 <../security-advisories/powerdns-advisory-2020-06>`. Version 4.4.0 brings a bunch of exciting changes: * the LMDB backend now supports long record content, making it production ready for everybody * the SVCB and HTTPS record types are supported, with limited additional processing * transaction handling in the 2136 handler and the HTTP API was again improved a lot, avoiding various spurious issues users may have noticed if they do a lot of changes * a new setting (:ref:`setting-consistent-backends`) offers a roughly 30% speedup, subject to conditions * we finally emit Prometheus metrics! We want to specifically thank Robin Geuze, Kees Monshouwer, Mischan Toosarani-Hausberger, Chris Hofstaedtler, and Kevin Fleming for their contributions to this release. We are also grateful to all other reporters of bugs, issues, feature requests, and submitters of smaller fixes and features. Please make sure to read the :doc:`upgrade notes <../upgrading>` before upgrading. .. change:: :tags: Bug Fixes :pullreq: 9816 geoip: set netmask on all string formatting types (Kees Monshouwer) .. change:: :tags: Bug Fixes :pullreq: 9800 api-swagger.json: do not depend on .venv target .. change:: :tags: Bug Fixes :pullreq: 9798 Ensure socket-dir matches runtime dir on old systemd .. change:: :tags: Improvements :issues: 9730 pdnsutil add-record: notice when backend does not support replaceRRSet .. change:: :tags: Improvements :pullreq: 9765 add remote to default axfr logging (Kees Monshouwer) .. change:: :tags: Bug Fixes :pullreq: 9785 fix rounding inaccuracy in latency statistics (Kees Monshouwer) .. change:: :tags: Bug Fixes :pullreq: 9773 APL records: fix endianness problem .. change:: :tags: Improvements :pullreq: 9761 Fix the DNSName move assignment operator .. changelog:: :version: 4.4.0-beta1 :released: 23rd of November 2020 This is version 4.4.0-beta1 of the Authoritative Server. This release drops GSS/TSIG support, please see :doc:`PowerDNS Security Advisory 2020-06 <../security-advisories/powerdns-advisory-2020-06>`. Version 4.4.0 brings a bunch of exciting changes: * the LMDB backend now supports long record content, making it production ready for everybody * the SVCB and HTTPS record types are supported, with limited additional processing * transaction handling in the 2136 handler and the HTTP API was again improved a lot, avoiding various spurious issues users may have noticed if they do a lot of changes * a new setting (:ref:`setting-consistent-backends`) offers a roughly 30% speedup, subject to conditions * we finally emit Prometheus metrics! We want to specifically thank Robin Geuze, Kees Monshouwer, Mischan Toosarani-Hausberger, Chris Hofstaedtler, and Kevin Fleming for their contributions to this release. We are also grateful to all other reporters of bugs, issues, feature requests, and submitters of smaller fixes and features. Please make sure to read the :doc:`upgrade notes <../upgrading>` before upgrading. .. change:: :tags: Bug Fixes :pullreq: 9735 pdnsutil check-zone: DNAME fixes .. change:: :tags: Improvements :pullreq: 9704 nxdomain performance (Kees Monshouwer) .. change:: :tags: Improvements :pullreq: 9731 logging: put quotes around some IPs to make messages easier to read .. change:: :tags: New Features :pullreq: 9713 allow ip ranges as trusted-notification-proxy .. change:: :tags: Bug Fixes :pullreq: 8707 lmdb: fill di.serial (this fixes the 'serial=0' API bug) .. change:: :tags: Bug Fixes :pullreq: 9714 disable mysql automatic charset detection (see :doc:`upgrade notes <../upgrading>`) .. change:: :tags: Improvements :pullreq: 9712 Use Python 3 in build system (Kevin Fleming) .. change:: :tags: New Features :pullreq: 8911 Add '/api/docs' endpoint to Auth server (Kevin Fleming) .. change:: :tags: Improvements :pullreq: 9688 adjust AXFR, IXFR events loglevels (Kees Monshouwer) .. change:: :tags: New Features :pullreq: 8608 geoipbackend: accept custom lookup mapping (criteo-forks) .. change:: :tags: Improvements :pullreq: 9692 pdnsutil zone key improvements (Chris Hofstaedtler) .. change:: :tags: New Features :pullreq: 9693 make it possible to replace now supported TYPExx records (Kees Monshouwer) .. change:: :tags: Bug Fixes :pullreq: 9174 tinydnsbackend: Ignore duplicate SOA in getAllDomains() .. change:: :tags: Improvements :pullreq: 9685 :issues: 9675 add some missing counters. Fixes #9675 .. change:: :tags: New Features :pullreq: 9239 Add pdns_control command to the list of XFR domains in queue .. changelog:: :version: 4.4.0-alpha3 :released: 5th of November 2020 This is version 4.4.0-alpha3 of the Authoritative Server. Alpha 2 was not released due to the LMDB encoding bug mentioned below, found shortly after starting the Alpha 2 release process. This release drops GSS/TSIG support, please see :doc:`PowerDNS Security Advisory 2020-06 <../security-advisories/powerdns-advisory-2020-06>`. Version 4.4.0 brings a bunch of exciting changes: * the LMDB backend now supports long record content, making it production ready for everybody * the SVCB and HTTPS record types are supported, with limited additional processing * transaction handling in the 2136 handler and the HTTP API was again improved a lot, avoiding various spurious issues users may have noticed if they do a lot of changes * a new setting (:ref:`setting-consistent-backends`) offers a roughly 30% speedup, subject to conditions * we finally emit Prometheus metrics! We want to specifically thank Robin Geuze, Kees Monshouwer, Mischan Toosarani-Hausberger, and Chris Hofstaedtler for their contributions to this release. We are also grateful to all other reporters of bugs, issues, feature requests, and submitters of smaller fixes and features. Please make sure to read the :doc:`upgrade notes <../upgrading>` before upgrading. .. change:: :tags: Bug Fixes :pullreq: 9664, 9665 LMDB: Fix encoding of deleted RRsets (Kees Monshouwer) .. change:: :tags: Improvements :pullreq: 9656, 9483 When :ref:`setting-consistent-backends` is enabled, use ANY queries toward backends whenever possible. (Kees Monshouwer) .. change:: :tags: Improvements :pullreq: 9625, 9552 Deprecate :ref:`setting-local-ipv6` and :ref:`setting-query-local-address6`, to prepare for removal in 4.5.0 (Chris Hofstaedtler, Kees Monshouwer) .. change:: :tags: Improvements :pullreq: 9611 pdns: bind-backend speedup feedRecord() (Kees Monshouwer) .. change:: :tags: Improvements :pullreq: 9568 auth: Speedup presigned signature lookups. (Kees Monshouwer) .. change:: :tags: Improvements :pullreq: 9645 auth: bindbackend: 'rediscover' changes to 'type' (Roald Stolte) .. change:: :tags: Bug Fixes :pullreq: 9647 auth lmdb: fill di.backend in getUnfreshSlaveInfos and getAllDomains (this makes the right serial appear in API calls) .. change:: :tags: Improvements :pullreq: 9623 gsql,bind: allow seamless serving of newly-supported TYPExx records (Chris Hofstaedtler) .. change:: :tags: New Features :pullreq: 9631 auth: add support for dnssec removal to CDS/CDNSKEY (Kees Monshouwer) .. change:: :tags: Bug Fixes :pullreq: 9627 auth: change "misconfigured" SOA MNAME to not mention powerdns and be RFC6761 compliant .. change:: :tags: Removed Features :pullreq: 9593 Auth: remove SOA autofilling, remove set-ptr feature from API (Kees Monshouwer) .. change:: :tags: Bug Fixes :pullreq: 9613 LUA records: handle a potentially uncaught exception .. change:: :tags: Bug Fixes :pullreq: 9580, 9550 Fixes for APL records pointing to fe80 (Chris Hofstaedtler) .. change:: :tags: New Features :pullreq: 9549 pdns_control: add show (Chris Hofstaedtler) .. change:: :tags: Bug Fixes :pullreq: 9544 svc-records: Initialize d_port .. changelog:: :version: 4.4.0-alpha1 :released: 30th of September 2020 This is version 4.4.0-alpha1 of the Authoritative Server. This release drops GSS/TSIG support, please see :doc:`PowerDNS Security Advisory 2020-06 <../security-advisories/powerdns-advisory-2020-06>`. Version 4.4.0 brings a bunch of exciting changes: * the LMDB backend now supports long record content, making it production ready for everybody * the SVCB and HTTPS record types are supported, with limited additional processing * transaction handling in the 2136 handler and the HTTP API was again improved a lot, avoiding various spurious issues users may have noticed if they do a lot of changes * we finally emit Prometheus metrics! We want to specifically thank Robin Geuze, Kees Monshouwer, Mischan Toosarani-Hausberger, and Chris Hofstaedtler for their contributions to this release. We are also grateful to all other reporters of bugs, issues, feature requests, and submitters of smaller fixes and features. Please make sure to read the :doc:`upgrade notes <../upgrading>` before upgrading. .. change:: :tags: Improvements :pullreq: 9369, 8638, 9337 New RRtypes: SVCB, HTTPS, APL. Fixed RRtypes: IPSECKEY. .. change:: :tags: Improvements :pullreq: 9389 LMDB: new schema that supports long records (Robin Geuze) .. change:: :tags: Bug Fixes :pullreq: 9518, 9427, 9409, 9407 Improved transaction handling, especially around the metadata cache (Kees Monshouwer) .. change:: :tags: Improvements :pullreq: 9524 bindbackend: 'rediscover' changes to master and also-notifies (Matti Hiljanen) .. change:: :tags: Bug Fixes :pullreq: 9496 ignore cryptokeys in presigned zones (Kees Monshouwer) .. change:: :tags: Improvements :pullreq: 9039 quote/escape PG connection parameters .. change:: :tags: Improvements :pullreq: 8942 lua: add backtraces to errors .. change:: :tags: Bug Fixes :pullreq: 9478 remove a '// HACK FIXME400' and fix the bugs it was hiding (Kees Monshouwer) .. change:: :tags: Removed Features :pullreq: 9385 Remove GSS/TSIG support .. change:: :tags: Improvements :pullreq: 8993 Skip EDNS Cookies in the packet cache .. change:: :tags: Improvements :pullreq: 8969 Use more of systemd's sandboxing options when available .. change:: :tags: Improvements :pullreq: 9387 auth slave: log successful NOTIFY (Chris Hofstaedtler) .. change:: :tags: Bug Fixes :pullreq: 9439 Fix the sample 'geoip.conf' for Debian-based packages .. change:: :tags: Improvements :pullreq: 9419, 9430 sdig: Increment the DNS message IDs when pipelining, report ID mismatches .. change:: :tags: Bug Fixes :pullreq: 9408 Fix building with LLVM11 (RvdE) .. change:: :tags: Improvements :pullreq: 9157 Add support for FreeBSD's SO_REUSEPORT_LB .. change:: :tags: Improvements :pullreq: 9101 LUA records: two improvements to createForward .. change:: :tags: New Features :pullreq: 8824 Allow forced secondary zone retrieval .. change:: :tags: Bug Fixes :pullreq: 8928 Ensure qtype is set before calling setContent() in axfrfilter() .. change:: :tags: New Features :pullreq: 7963 Add a new command to add a super-master to SQL backends (Godwottery) .. change:: :tags: Improvements :pullreq: 8564, 8565 geoipbackend: top looking after first weighted match, propagate weighted rounding gap fix (criteo-forks) .. change:: :tags: Improvements :pullreq: 8623 Make a combination of delete and replace for rrset possible (jonathaneen) .. change:: :tags: Bug Fixes :pullreq: 9340 Auth API: Allow removal of NSEC3PARAM metadata .. change:: :tags: Improvements :pullreq: 9218 log more pdns_control actions (Chris Hofstaedtler) .. change:: :tags: Improvements :pullreq: 9318 gsqlbackend: allow backend-specific queries (Chris Hofstaedtler) .. change:: :tags: Improvements :pullreq: 9265 add used master address to slave check logs (Chris Hofstaedtler) .. change:: :tags: Improvements :pullreq: 9280 immediately fill account, kind, masters on zone create (Chris Hofstaedtler) .. change:: :tags: Improvements :pullreq: 9169 fetch all metadata at once (Kees Monshouwer) .. change:: :tags: Improvements :pullreq: 9252 Add version 'statistic' to prometheus .. change:: :tags: Bug Fixes :pullreq: 9253 :issues: 4973 pdnsutil: make sure we let all destructors run. .. change:: :tags: Improvements :pullreq: 9215 PKCS11 improvements .. change:: :tags: Improvements :pullreq: 9189 gpgsqlbackend: add parameters to query logging (Chris Hofstaedtler) .. change:: :tags: Improvements :pullreq: 9187 Set SyslogIdentifier for multiple instances (Chris Hofstaedtler) .. change:: :tags: New Features :pullreq: 9183 API: Allow rectifying Slave zones (Chris Hofstaedtler) .. change:: :tags: New Features :pullreq: 9182 Implemented prometheus metrics-endpoint for auth (supervacuus) .. change:: :tags: Improvements :pullreq: 9163 Optimize IXFR-to-AXFR fallback path (Chris Hofstaedtler) .. change:: :tags: Bug Fixes :pullreq: 8943 Remote Backend: Throw DBException in functions that allow it .. change:: :tags: Bug Fixes :pullreq: 9073 Ensure runtime dirs for virtual services differ .. change:: :tags: Bug Fixes :pullreq: 9080 better (actual) fix for mem leak in SSQLite3::execute() .. change:: :tags: Bug Fixes :pullreq: 9069 Avoid "pthread_rwlock_destroy on rwlock with waiters!" on OpenBSD .. change:: :tags: Bug Fixes :pullreq: 9060 BIND-DOMAIN-EXTENDED-STATUS: don't look for a domain called BIND-DOMAIN-EXTENDED-STATUS .. change:: :tags: Improvements :pullreq: 9024 auth smysql: mimic error message format from mysql tooling .. change:: :tags: Improvements :pullreq: 8975 improve sql schema updates (Kees Monshouwer) .. change:: :tags: Improvements :pullreq: 8939, 8925 NSEC fixes for unpublished DNSKEY (RobinGeuze) .. change:: :tags: Improvements :pullreq: 8929 make sure we look at 10% of all cached items during cleanup (Kees Monshouwer) .. change:: :tags: Improvements :pullreq: 8714 Reduce the number of temporary memory allocations