Release Notes
Release 3.1.6
This release focuses on the Postgres building block which was introduced in Cloud Control 3.1.0 and is currently used exclusively by the dynamic filtering functionality in controlplane deployments.
New features
- Postgres clusters can now be configured with an
upstreamS3 storage location from which backups can be restored. This is additional to the S3 location where the cluster stores its own backups and allows for configurations where postgres clusterxcan restore a backup made by postgres clustery. - Cloud Control API has additional operations which allow for listing backups, restoring by timestamp and restoring by name of a full backup. These list & restore operations are also available for the new
upstreamfeature.
Improvements
- Interactions by the Postgres building block with S3 now apply the
AWS_S3_FORCE_PATH_STYLE = truesetting by default, ensuring compatibility with all major S3 providers
Release 3.1.5
Bug Fixes
- Fixed an issue where the Cloud Control Agent bugfix in release 3.1.4 could lead to metrics with duplicated labels
- Added missing
annotationsconfiguration item for Cloud Control API Service objects
Compatibility
PowerDNS components have been upgraded to the following versions:
| Component | Version | Notes |
|---|---|---|
| Filtering components | 2.10.6 |
|
| Recursor | 5.2.6 |
Changelog - Security Advisory |
Release 3.1.4
Bug Fixes
- Fixed a concurrency problem in the Cloud Control Agent's metrics endpoint, which could lead to a crash of the agent
Compatibility
PowerDNS components have been upgraded to the following versions:
| Component | Version | Notes |
|---|---|---|
| Authoritative Server | 4.9.11 |
Changelog |
| Filtering components | 2.10.5 |
Release 3.1.3
Compatibility
PowerDNS components have been upgraded to the following versions:
| Component | Version | Notes |
|---|---|---|
| Filtering components | 2.10.4 |
Fixes a regression introduced in 2.10.1 causing manual opaque id additions from the admin to fail |
Release 3.1.2
Improvements
- Added
tokenURLon OAuth2 User Backends to allow for the backend to be usable by products which connect to an OAuth2 provider to issue a token (the previously existingintrospectionURLis for validating a token). This will now automatically be used by the websub destination in dstoredist.
Bug Fixes
- TLS configuration for a dstoredist destination of type
websubwill now be properly indented in the dstoredist configuration file - Added a missing trigger to the Cloud Control Agent module for NATS responsible for reloading gracefully when a password is changed
Compatibility
PowerDNS components have been upgraded to the following versions:
| Component | Version | Notes |
|---|---|---|
| Authoritative Server | 4.9.9 |
Changelog |
| dnsdist | 2.0.1 |
Changelog - Security Advisory |
| Filtering components | 2.10.3 |
|
| Recursor | 5.2.5 |
Changelog |
Release 3.1.1
Improvements
- Lightning Stream Enterprise 1.0.2 is included, which allows for increased control over S3 client settings. See Lightning Stream S3 Client configuration for more details
- Dynamic Filtering API tokens can now also be provisioned based on pre-existing Secrets. See Admin API Tokens for more details
Bug Fixes
- Additional services configured for a Grafana deployment now correctly select Grafana Pods using the new
-v2naming suffix - Resolved a Helm templating issue causing several containers to be missing their default security context
- Helm template for Redis & Postgres Stateful Sets will no longer attempt to update the Persistent Volume template after initial deployment (see notes in respective configuration references under "Persistent Volume")
- Moving metrics from the
aggregatorcontainer to theagentcontainer unintentionally moved the metrics listener to port 9180, putting them out of sync with theprometheus.io/portannotations on Pods. This port has been modified on theagentcontainers to match the default Prometheus port of8082.
Compatibility
PowerDNS components have been upgraded to the following versions:
| Component | Version |
|---|---|
| Filtering components | 2.10.2 |
| Lightning Stream Enterprise | 1.0.2 |
Release 3.1.0
Upgrade Notes
Please make sure to read the Upgrade Notes to see if upgrading from any previous release requires attention prior to upgrading.
Major New Features
Cloud Control 3.1.0 introduces several major new features:
- Dynamic Filtering: Filtering which can be defined to act on the source of DNS traffic, typically by identifying a subscriber/device and applying subscriber/device specific policies. Dynamic filtering also provides an administrative GUI & API through which policies and much more can be managed at runtime.
- Reporting now includes the full dstore stack through the introduction of Event Forwarder and Report API
- dnsdist now has Defender included to bring its security capabilities to an even higher level.
- Lightning Stream Enterprise has replaced Lightning Stream to offer increased performance and scalability by introducing incremental deltas.
- New feed sources for filtering:
- HTTP API Downloader: Feeds based on content exposed by an HTTP API endpoint
- OX Feed Mirror: Allows you to mirror feeds provided by PowerDNS or feeds managed by other feed generators
- Cloud Control API can now also be deployed in a Controlplane and has additional features to manage the new Cloud Control Postgres clusters and Redis deployments.
Additions & Improvements
Cloud Control also includes many new smaller additions and improvements:
- Newly introduced features now use fully managed Postgres clusters and Redis deployments part of Cloud Control. Future releases may see support added to use these for the features existing prior to 3.1.0.
- Grafana & Grafana Operator have been upgraded to the current releases, offering many visual improvements to the dashboards.
- Authoritative Server backends using GeoIP databases use a new mechanism to constantly monitor & fetch externally hosted GeoIP databases to ensure changes made to the source database are automatically reflected in the backend's answers to DNS queries.
- OAuth 2 has been added as a reusable user backend.
- CertManager support has been added to most components as an easy way to enable TLS on inbound traffic with certificates managed by CertManager.
Compatibility
PowerDNS components have been upgraded to the following versions:
| Component | Version |
|---|---|
| Authoritative Server | 4.9.8 |
| dnsdist | 2.0.0 |
| dnsdist defender | 1.0.1 |
| Dstore components | 2.3.0 |
| Filtering components | 2.10.0 |
| Lightning Stream Enterprise | 1.0.1 |
| Recursor | 5.2.4 |
| ZoneControl | 1.7.2 |
Utility components have been upgraded to the following versions:
| Component | Version |
|---|---|
| Nats | 2.11.3 |
| Postgres | 17.5 |
| Redis | 7.4.1 |
Monitoring components have been upgraded to the following versions:
| Component | Version |
|---|---|
| Grafana | 12.0.2 |
| Grafana Operator | 5.18.0 |