Changelogs for 4.1.x

4.1.0-rc3

Released: 17th of November 2017

This is the third release candidate of the PowerDNS Authoritative Server in the 4.1 release train.

This release features various bug fixes and some improvements to pdnsutil.

New Features

  • Make it possible to disable DNSSEC via the API, this is equivalent to doing pdnsutil disable-dnssec.

    References: #5909, #5910, pull request 5936

  • Add add-meta command to pdnsutil that can be used to append to existing metadata without clobbering it.

    References: #5853, pull request 5883

Improvements

Bug Fixes

  • Use _exit() when we really really want to exit, for example after a fatal error. This stops us dying while we die. A call to exit() will trigger destructors, which may paradoxically stop the process from exiting, taking down only one thread, but harming the rest of the process.

    References: pull request 5917

  • Fix messages created by pdnsutil generate-tsig-key.

    References: #5849, pull request 5884

  • Add back missing output details to rectifyZone.

    References: #5903, pull request 5928

  • Use 302 redirects in the webserver for ringbuffer reset or resize. With the current 301 redirect it is only possible to reset or resize once. Every next duplicate action is replaced by the destination cached in the browser.

    References: pull request 5905

4.1.0-rc2

Released: 3rd of November 2017

This is the second release candidate of the PowerDNS Authoritative Server in the 4.1 release train.

This release has several performance improvements, stability and correctness fixes.

New Features

  • Rectify zones via the API. (Nils Wisiol)

    • Move the pdnsutil rectification code to the DNSSECKeeper
    • Generate DNSSEC keys for a zone when “dnssec” is true in an API POST/PATCH for zones
    • Rectify DNSSEC zones after POST/PATCH when API-RECTIFY metadata is 1
    • Allow setting this metadata via the “api-rectify” param in a Zone object
    • Show “nsec3param” and “nsec3narrow” in Zone API responses
    • Add an “rrsets” request parameter for a zone to skip sending RRSets in the response
    • Add rectify endpoint in the API

    References: #3417, #5712, pull request 5779

  • Add PKCS#11 support to packages on Operating Systems that support it.

    References: pull request 5665

Improvements

  • Add support for Botan 2.x and drop support for Botan 1.10 (the latter thanks to Kees Monshouwer).

    References: #5797, #5889, #5734, #2250, pull request 5498

  • Fix issues when b2b-migrating from the BIND backend to a database:

    • No masters were set in the target db (#5807)
    • Only the last master in the list of masters would be added to the target database
    • The BIND backend was not fully aware of native zones

    References: #5115, #5807, pull request 5810

  • Add support for new record types to the LDAP backend.

    References: pull request 5584

  • Add log-timestamp option. This option can be used to disable printing timestamps to stdout, this is useful when using systemd-journald or another supervisor that timestamps stdout by itself. As the logs will not have 2 timestamps.

    References: pull request 5842

  • Stop doing individual RRSIG queries during outbound AXFR. (Kees Monshouwer)

    References: #5767, pull request 5838

Bug Fixes

  • Improve trailing dot handling internally which lead to a segfault in pdnsutil before.

    References: #5673, pull request 5684

  • Treat requestor’s payload size lower than 512 as equal to 512. Before, we did not follow RFC 6891 section 6.2.3 correctly.

    References: pull request 5678

  • Correctly purge entries from the caches after a transfer. Since the QC/PC split up, we only removed entries for the AXFR’d domain from the packet cache, not the query cache. We also did not remove entries in case of IXFR.

    References: #5767, pull request 5766

  • When throwing because of bogus content in the tinydns database, report the offending name+type so the admin can find the offending record.

    References: pull request 5791

  • For zone PATCH requests, add new X-PDNS-Old-Serial and X-PDNS-New-Serial response headers with the zone serials before and after the changes.

    References: pull request 5696

  • Make default options singular and use defaults in Cryptokey API-endpoint

    References: pull request 5704

  • Remove printing of DS records from pdnsutil export-zone-dnskey . This was not only inconsistent behaviour but also done incorrectly.

    References: #5719, pull request 5729

  • Make bindbackend startTransaction to return false when it has failed. (Aki Tuomi)

    References: pull request 5702

  • Log the needed size when a MySQL result was truncated.

    References: #5675, pull request 5820

  • Remove “” around secpoll result which fixes pdns_control show security-status not working.

    References: #5692, pull request 5710

  • Make the auth also publish CDS/CDNSKEY records for inactive keys, as this is needed to roll without double sigs.

    References: #5721, pull request 5722

  • Fix a crash when getting a public GOST key if the private one is not set.

    References: pull request 5734

  • Ignore SOA-EDIT for PRESIGNED zones.

    References: pull request 5815

4.1.0-rc1

Released: 31st of August 2017

This is the first release candidate of the PowerDNS Authoritative Server in the 4.1 release train.

New Features

Removed Features

Improvements

  • Revamp and clean label compression code. Speeds up large packet creation by ~40%.

    References: pull request 4373

  • Apply non-local-bind to query-local-address and query-local-address6 when possible.

    References: #4299, pull request 4332

  • A number of fixes and improvements that are difficult to untangle:

    • Remove the ASCII DNSResourceRecord from the hot path of packet assembly.
    • Hash the storage of records in the BindBackend.
    • Hash the packetcache.
    • Fix some bugs in the LDAP backend and in the MyDNS backend.
    • Make the randombackend go ‘native’ and directly supply records that can be sent to packets
    • The performance benefit of this PR is measured in “factors” for being a root-server.

    References: pull request 4467, pull request 4492

  • Improve cleaning, remove an unnecessary lock and improve performance of the packetcache (Kees Monshouwer).

    References: #4503, pull request 4504

  • Improve SOA records caching (Kees Monshouwer).

    References: pull request 4485

  • Make sure AXFR only deletes records from a SLAVE domain in a multi backend setup (Kees Monshouwer).

    References: pull request 4829

  • Tidy up UeberBackend (Christian Hofstaedtler).

    References: pull request 4908

  • Improve API performance by instantiating only one DNSSECKeeper per request.

    References: pull request 4944

  • Incremental backoff for failed slave checks.

    When a SOA record for a slave domain can’t be retrieved, use an increasing interval between checking the domain again. This prevents hammering down on already busy servers.

    References: #349, #602, pull request 4953

  • Remove d_place from DNSResourceRecord (Christian Hofstaedtler).

    References: pull request 4549

  • Add an option to allow AXFR of zones with a different (higher/lower) serial (Kees Monshouwer).

    References: pull request 5169

  • Use the resolver setting for the stub resolver, use resolv.conf as fallback.

    References: #4655, pull request 5112

  • Re-implement the AXFR Filter with LuaContext (Aki Tuomi).

    References: pull request 5250

  • Allow control socket to listen on IPv6 (@Gibheer).

    References: pull request 5387

  • Fix typo in two log messages (Ruben Kerkhof).

    References: pull request 5523

  • Update YaHTTP (to fix a warning reported by Coverity).

    References: pull request 5542

  • Clarify how we check the return value of std::string::find() (reported by Coverity).

    References: pull request 5541

  • Wrap the webserver’s and Resolver::tryGetSOASerial objects into smart pointers.

    References: pull request 5543

  • SSql: Use unique_ptr for statements (Aki Tuomi).

    References: pull request 4692

  • Fix libatomic detection on ppc64 (Sander Hoentjen).

    References: pull request 5599

  • Switch the default webserver’s ACL to “127.0.0.1, ::1”.

    References: pull request 5588

  • NOTIMP is only appropriate for an unsupported opcode (Kees Monshouwer).

    References: pull request 5611

  • Catch DNSName exception in the Zoneparser.

    References: pull request 5641

  • Listen on 127.0.0.1 during regression tests (@tcely).

    References: pull request 5583

  • Enable the webserver when api is ‘yes’ (Christian Hofstaedtler).

    References: #4290, pull request 4408

  • Prevent sending nameservers list and zone-level NS in rrsets in the API (Christian Hofstaedtler).

    References: #4132, pull request 4751

  • Forbid mixing CNAMEs and other RRSets in the API (Christan Hofstaedtler).

    References: #5305, pull request 5389

  • Prevent duplicate records in single RRset (Christian Hofstaedtler).

    References: pull request 4195

  • Implement subcommand printing all KSK DS records in pdnsutil (Jonas Wielicki).

    References: #4005, pull request 4007

  • Allow setting the account of a zone via pdnsutil (Tuxis Internet Engineering).

    References: pull request 4584

  • Print “$ORIGIN .” on pdnsutil list-zone, so the output can be used in pdnsutil load-zone (Tuxis Internet Engineering).

    References: pull request 4719

  • pdnsutil: clarify error message when set-presigned fails with DNSSEC disabled (Peter Thomassen).

    References: pull request 4478

  • pdnsutil: Validate names with address records to be valid hostnames (Håkan Lindqvist).

    References: pull request 3913

  • Correct pdnsutil help output for add-zone-key.

    References: pull request 5118

  • Check for valid hostnames in SRV, NS and MX records.

    References: #512, pull request 5062

  • Disable ALIAS expansion by default.

    References: #5119, pull request 5182

  • Make the zone parser adhere to RFC 2308 with regards to implicit TTLs.

    Existing zone files may now be interpreted differently. Specifically, where we previously used the SOA minimum field for the default TTL if none was set explictly, or no $TTL was set, we now use the TTL from the previous line.

    References: pull request 5094

  • mydnsbackend: Initialize d_query_stmt (Aki Tuomi).

    References: pull request 5605

  • Enable setting custom pgsql connection parameters, like TLS parameters (Tarjei Husøy).

    References: pull request 4711

  • Use pkg-config to detect PostgreSQL libraries.

    References: #5193, #2358, pull request 5121, pull request 5221

  • Use BIGSERIAL for records.id in the gpgsql backend (Arsen Stasic).

    References: pull request 5426

  • Ship ldapbackend schema files in tarball (Christian Hofstaedtler).

    References: pull request 5509

  • Add ability to have service record for apex record and any other static record (Aki Tuomi).

    References: pull request 5548

  • Report query statistics as full numbers, not scientific notation in the webserver.

    References: #1844, pull request 5116

  • Schema changes for MySQL / MariaDB and PostgreSQL to for storage requirements of various versions (Kees Monshouwer).

    References: pull request 5518

Bug Fixes