Changelogs for 4.5.x

4.5.2

Released: 10th of November 2021

This is release 4.5.2 of the Authoritative Server. It contains several robustness fixes for the bindbackend, and for SOA handling. These fixes are especially important for zone cache users.

Bug Fixes

  • bindbackend: skip rejected zones during list and search

    References: pull request 10968

  • make the zone cache more robust for bad data and save some SOA queries for DNSSEC zones (Kees Monshouwer)

    References: pull request 10964

  • api, check SOA location (Kees Monshouwer)

    References: pull request 10962

  • improve dnsname exception handling for SOA records (Kees Monshouwer)

    References: pull request 10952

  • improve SOA parse exception handling (Kees Monshouwer)

    References: pull request 10792

  • try to reload rejected zones in bind-backend once every bind-check-interval (Kees Monshouwer)

    References: pull request 10778

4.5.1

Released: 26th of July 2021

This is release 4.5.1 of the Authoritative Server. It is strictly a security fix release for Advisory 2021-01.

Bug Fixes

4.5.0

Released: 13th of July 2021

This is release 4.5.0 of the Authoritative Server. This release contains a ton of improvements and bug fixes compared to 4.4, but very few user visible changes.

There are two notable new features:

  • The “zone cache”, which allows PowerDNS to keep a list of zones in memory, updated periodically. With this cache, PowerDNS can avoid hitting the database with queries for unknown domains. In some setups, and some attack scenarios, this can make a serious performance difference. Users of backends with dynamically generated zones may want to disable this or at least read the upgrade notes extremely carefully. Many thanks to Chris Hofstaedtler for implementing this. This work by Chris was supported by RcodeZero DNS.
  • Priority ordering in the AXFR queue in PowerDNS running as a secondary. Some users with a lot of domains (>100k) sometimes found real changes waiting behind signature refreshes on Thursdays. With the new ordering, those real changes can “skip the line” and get deployed on your secondaries faster. Many thanks to Robin Geuze of TransIP for implementing this.

Since 4.5.0-beta1, the zone cache is enabled by default.

Please make sure to read the upgrade notes before upgrading.

Bug Fixes

  • fix building without sqlite (this got broken between RC1 and RC2). Thanks to our trusty FreeBSD port maintainer Ralf van der Enden for noticing and reporting this.

    References: pull request 10579

4.5.0-rc2

Released: 6th of July 2021

This is the second, and hopefully last, release candidate for version 4.5.0 of the Authoritative Server. This release contains a ton of improvements and bug fixes compared to 4.4, but very few user visible changes.

There are two notable new features:

  • The “zone cache”, which allows PowerDNS to keep a list of zones in memory, updated periodically. With this cache, PowerDNS can avoid hitting the database with queries for unknown domains. In some setups, and some attack scenarios, this can make a serious performance difference. Many thanks to Chris Hofstaedtler for implementing this.
  • Priority ordering in the AXFR queue in PowerDNS running as a secondary. Some users with a lot of domains (>100k) sometimes found real changes waiting behind signature refreshes on Thursdays. With the new ordering, those real changes can “skip the line” and get deployed on your secondaries faster. Many thanks to Robin Geuze for implementing this.

Since 4.5.0-beta1, the zone cache is enabled by default.

Please make sure to read the upgrade notes before upgrading.

Bug Fixes

  • bindbackend: purge caches on zone reload; store nsec3 settings at zone load

    References: pull request 10552

  • Use correct TTL when caching responses from backends (Robin Geuze)

    References: pull request 10551

4.5.0-rc1

Released: 25th of June 2021

This is the first release candidate for version 4.5.0 of the Authoritative Server. This release contains a ton of improvements and bug fixes compared to 4.4, but very few user visible changes.

The one notable feature is the “zone cache”, which allows PowerDNS to keep a list of zones in memory, updated periodically. With this cache, PowerDNS can avoid hitting the database with queries for unknown domains. In some setups, and some attack scenarios, this can make a serious performance difference.

Since 4.5.0-beta1, the zone cache is enabled by default.

Please make sure to read the upgrade notes before upgrading.

New Features

  • newCAFromRaw(): create ComboAddress from raw 4/16 byte strings, plus test

    References: pull request 9474

Improvements

Bug Fixes

4.5.0-beta1

Released: 9th of June 2021

This is version 4.5.0-beta1 of the Authoritative Server. This release contains a ton of improvements and bug fixes compared to 4.4, but very few user visible changes.

The one notable feature is the “zone cache”, which allows PowerDNS to keep a list of zones in memory, updated periodically. With this cache, PowerDNS can avoid hitting the database with queries for unknown domains. In some setups, and some attack scenarios, this can make a serious performance difference.

In beta1, the zone cache is enabled by default.

Please make sure to read the upgrade notes before upgrading.

New Features

  • LUA records: add filterForward function, to limit the scope of createForward[6]

    References: pull request 10463

  • add/fix getAllDomains() and enable the zone cache by default (Kees Monshouwer)

    References: pull request 10454

Improvements

4.5.0-alpha1

Released: 27th of May 2021

This is version 4.5.0-alpha1 of the Authoritative Server. This release contains a ton of improvements and bug fixes compared to 4.4, but very few user visible changes.

The one notable feature is the “zone cache”, which allows PowerDNS to keep a list of zones in memory, updated periodically. With this cache, PowerDNS can avoid hitting the database with queries for unknown domains. In some setups, and some attack scenarios, this can make a serious performance difference.

Please make sure to read the upgrade notes before upgrading.

New Features

Removed Features

  • gpgsql backend: drop refcursor support (it never worked anyway)

    References: pull request 10259

  • remove local-ipv6, query-local-address6, after their deprecation in 4.4

    References: pull request 10251

  • Check sizeof(time_t) to be at least 8. This makes it easier for us to handle times beyond the years 2038 and 2106 safely. This removes support for platforms where time_t is still only 32 bits wide.

    References: pull request 10010

Improvements

Bug Fixes