Changelogs for 4.3.x ==================== .. changelog:: :version: 4.3.7 :released: 22nd of March 2021 .. change:: :tags: Bug Fixes :pullreq: 10193 :tickets: 10185 Make sure we take the right minimum for the packet cache TTL data in the SERVFAIL case. .. change:: :tags: Improvements :pullreq: 9804 :tickets: 9790 Do not chase CNAME during qname minimization step 4. .. changelog:: :version: 4.3.6 :released: 25th of November 2020 .. change:: :tags: Bug Fixes :pullreq: 9718 :tickets: 9707 Do not add request to a wait chain that's already processed or being processed. .. change:: :tags: Bug Fixes :pullreq: 9706 :tickets: 9697 Do not send overly long NOD lookups. .. change:: :tags: Bug Fixes :pullreq: 9702 :tickets: 9696 Avoid a CNAME loop detection issue with DNS64. .. change:: :tags: Bug Fixes :pullreq: 9684 :tickets: 9680 If a.b.c CNAME x.a.b.c is encountered, switch off QName Minimization. .. change:: :tags: Bug Fixes, Internal :pullreq: 9609 :tickets: 9070 Previous placeholder fix was incomplete. .. changelog:: :version: 4.3.5 :released: 13th of October 2020 .. change:: :tags: Bug Fixes :pullreq: 9604 Backport of CVE-2020-25829: Cache pollution. .. change:: :tags: Improvements :pullreq: 9527 Log when going Bogus because of a missing SOA in authority. .. change:: :tags: Bug Fixes :pullreq: 9525 :tickets: 9495 Watch the descriptor again after an out-of-order read timeout. .. change:: :tags: Bug Fixes :pullreq: 9507 :tickets: 9497 Raise an exception on invalid content in unknown records. .. change:: :tags: Bug Fixes :pullreq: 9501 :tickets: 9070 Boost 1.73 moved boost::bind placeholders to the placeholders namespace.x .. change:: :tags: Bug Fixes :pullreq: 9457 :tickets: 9454 Fix the parsing of `dont-throttle-netmasks` in the presence of `dont-throttle-names`. .. changelog:: :version: 4.3.4 :released: 8th of September 2020 .. change:: :tags: Bug Fixes :pullreq: 9416 :tickets: 9375 Allow some more depth headroom for the no-qname-minimization fallback case. .. change:: :tags: Bug Fixes :pullreq: 9367 Resize hostname to final size in getCarbonHostname(). .. change:: :tags: Improvements :pullreq: 9397 :tickets: 9073 Ensure runtime dirs for virtual services differ. .. changelog:: :version: 4.3.3 :released: 17th of July 2020 .. change:: :tags: Bug Fixes :pullreq: 9330 :tickets: 9309 Validate cached DNSKEYs against the DSs, not the RRSIGs only. .. change:: :tags: Bug Fixes :pullreq: 9329 :tickets: 9297 Ignore cache-only for DNSKEYs and DS retrieval. .. change:: :tags: Bug Fixes :pullreq: 9328 :tickets: 9292 A ServFail while retrieving DS/DNSKEY records is just that. .. change:: :tags: Bug Fixes :pullreq: 9327 :tickets: 9188 Refuse DS records received from child zones. .. change:: :tags: Bug Fixes :pullreq: 9305 :tickets: 9268 Better exception handling in houseKeeping/handlePolicyHit. .. change:: :tags: Bug Fixes :pullreq: 9304 :tickets: 9299, 9301 Take initial refresh time from loaded zone. .. changelog:: :version: 4.3.2 :released: 1st of July 2020 .. change:: :tags: Bug Fixes :pullreq: 9285 Backport of CVE-2020-14196: Enforce webserver ACL. .. change:: :tags: Bug Fixes :pullreq: 9262 :tickets: 9251 Copy the negative cache entry before validating it. .. change:: :tags: Bug Fixes :pullreq: 9242 :tickets: 9031 Fix compilation of the ports event multiplexer. .. change:: :tags: Improvements :pullreq: 9243 :tickets: 9142 Defer the NOD lookup until after the response has been sent. .. change:: :tags: Bug Fixes :pullreq: 9245 :tickets: 9151 Fix the handling of DS queries for the root. .. change:: :tags: Bug Fixes :pullreq: 9246 :tickets: 9172 Fix RPZ removals when an update has several deltas. .. change:: :tags: Bug Fixes. :pullreq: 9247 :tickets: 9192, 9184 Correct depth increments. .. change:: :tags: Improvements :pullreq: 9248 :tickets: 9194, 9202, 9216 CNAME loop detection. .. change:: :tags: Bug Fixes. :pullreq: 9249 :tickets: 9205 Limit the TTL of RRSIG records as well .. change:: :tags: Bug Fixes :pullreq: 9128 :tickets: 9127 Fix compilation on systems that do not define HOST_NAME_MAX. .. change:: :tags: Bug Fixes :pullreq: 9122 :tickets: 8640 Fix build with gcc-10. .. changelog:: :version: 4.3.1 :released: 19th of May 2020 .. change:: :tags: Bug Fixes :pullreq: 9115 Backport of security fixes for CVE-2020-10995, CVE-2020-12244 and CVE-2020-10030, plus avoid a crash when loading an invalid RPZ. .. change:: :tags: Improvements :pullreq: 9082 Add ubuntu focal target. .. change:: :tags: Bug Fixes :pullreq: 9048 :tickets: 8778 RPZ dumpFile/seedFile: store/get SOA refresh on dump/load. .. change:: :tags: Internals :pullreq: 8963 :tickets: 8875 Update boost.m4. .. changelog:: :version: 4.3.0 :released: 3rd of March 2020 .. change:: :tags: Improvements :pullreq: 8870 Only log qname parsing errors when 'log-common-errors' is set. .. change:: :tags: Improvements :pullreq: 8863 Update copyright year. .. changelog:: :version: 4.3.0-rc2 :released: 18th of February 2020 .. change:: :tags: Bug Fixes :pullreq: 8831 Refuse NSEC records with a bitmap length > 32. .. change:: :tags: Improvements :pullreq: 8827 Do continue rpz processing if the current policy is passthru. .. changelog:: :version: 4.3.0-rc1 :released: 3rd of February 2020 .. change:: :tags: Improvements :pullreq: 8751 Update boost.m4. .. change:: :tags: Improvements :pullreq: 8738 Explicitly enable dnstap for debian-stretch and buster. .. change:: :tags: Bug Fixes :pullreq: 8730 Make ``ComboAddress::setPort()`` update the current object. .. change:: :tags: Improvements :pullreq: 8728 EPEL 8 now has libfstrm-devel. .. change:: :tags: Bug Fixes :pullreq: 8727 Fix the evaluation order for filtering policies (RPZ). .. change:: :tags: Improvements :pullreq: 8726 Give an explicit message if something is wrong with socket-dir. .. changelog:: :version: 4.3.0-beta2 :released: 16th of January 2020 .. change:: :tags: Improvements :pullreq: 8704 Add the source and destination ports to the protobuf msg. .. change:: :tags: Bug Fixes :pullreq: 8673 Debian postinst / do not fail on user creation if it already exists. .. change:: :tags: Bug Fixes :pullreq: 8685 :tickets: 8676 Parsing `dont-throttle-names` and `dont-throttle-netmasks` as comma separated lists. (costypetrisor) .. change:: :tags: Bug Fixes :pullreq: 8692 :tickets: 8664 An Opt-Out NSEC3 RR only proves that there is no secure delegation. .. change:: :tags: Bug Fixes :pullreq: 8670 :tickets: 8642 Fix wrong zoneCuts caused by cache only lookup. .. change:: :tags: Improvements :pullreq: 8675 :tickets: 8646 Increase default max-qperq. .. changelog:: :version: 4.3.0-beta1 :released: 12th of December 2019 .. change:: :tags: Improvements :pullreq: 8571 Better time based data structures .. change:: :tags: Bug Fixes :pullreq: 8512 Remove duplicate RRs inside a RRSet when computing the signature .. change:: :tags: Bug Fixes :pullreq: 8560 Check return value of dup() and avoid fd leak if if fdopen() fails .. change:: :tags: Bug Fixes :pullreq: 8559 :tickets: 8558 Avoid startup race by setting the state of a thread before starting it. .. change:: :tags: Improvements :pullreq: 8561, 8477 QName Minimization is no longer experimental and is now enabled by default. .. change:: :tags: Bug Fixes :pullreq: 8525 :tickets: 7771 Purge map of failed auths periodically by keeping a last changed timestamp. .. change:: :tags: Improvements :pullreq: 8521 :tickets: 8518 Make threads run until asked to stop. .. change:: :tags: Improvements :pullreq: 8440 Fix -Wshadow warnings (Aki Tuomi) .. change:: :tags: Improvements :pullreq: 8511 Do RFC 8020 only if cache entry is dnssec validated .. change:: :tags: Bug Fixes :pullreq: 8510 Avoid mthread race when using the set of rootNSZones. .. change:: :tags: Improvements :pullreq: 8492 Add a parameter to limit the number of '$GENERATE' steps .. changelog:: :version: 4.3.0-alpha3 :released: 29th of October 2019 .. change:: :tags: Bug fixes :pullreq: 8470 Prime NS records of root-servers.net parent (.net) .. change:: :tags: Improvements :pullreq: 8463 Update CentOS 6 init script (None) .. change:: :tags: Improvements :pullreq: 8451 Basic validation of $GENERATE parameters .. change:: :tags: Bug fixes :pullreq: 8433 Dns64: stop hiding PTR indirection .. change:: :tags: New features :pullreq: 8391 :tickets: 8358 Allow multiple simultaneous incoming TCP queries over a connection .. change:: :tags: Improvements :pullreq: 8344 Add signal handling for SIGTERM and SIGINT in pdns_recursor, if we are PID1 (Frank Louwers) .. change:: :tags: New Features :pullreq: 8367 Implement RFC 8020 "NXDOMAIN: There Really Is Nothing Underneath" .. change:: :tags: New features :pullreq: 8400 Add CentOS 8 as builder target .. change:: :tags: Bug fixes :pullreq: 8371 Fix chmod paths in rules files .. change:: :tags: New features :pullreq: 8366 Build Newly Observed Domain (NOD) support by default. .. change:: :tags: Bug fixes :pullreq: 8360 :tickets: 8352 Rec: chmod/own recursor.conf for the systemd case .. change:: :tags: Bug fixes :pullreq: 8340 :tickets: 8338 Fix #8338: Issue with "zz" abbreviation for IPv6 RPZ triggers .. change:: :tags: Bug fixes :pullreq: 8317 Retry getrandom() on EINTR .. change:: :tags: Improvements :pullreq: 8287 Docs: Add small description for pipe backend about distributor-threads (Donatas Abraitis) .. change:: :tags: Improvements :pullreq: 8290 Improve commandline error reporting for non-opts .. change:: :tags: New features :pullreq: 7758 Recursor webhandler for prometheus metrics (Greg Cockroft) .. changelog:: :version: 4.3.0-alpha2 :released: Never released .. changelog:: :version: 4.3.0-alpha1 :released: 5th of September 2019 .. change:: :tags: Bug fixes :pullreq: 8256 Rec: fix two coverity issues .. change:: :tags: New Features :pullreq: 8210 Rec: lua pdns_features table .. change:: :tags: Bug fixes :pullreq: 8236 Add missing inc in rpz findclientpolicy loop. .. change:: :tags: Bug fixes :pullreq: 8227 Fix inverse handler registration logic for snmp. .. change:: :tags: Internals, Improvements :pullreq: 8122 Bail out when no context library is available .. change:: :tags: Internals, Improvements :pullreq: 8091 Some unneeded float<->double conversions. .. change:: :tags: Internals, Improvements :pullreq: 8140 Rec: document that the special-memory-usage stat is excluded by default .. change:: :tags: Bug fixes :pullreq: 8142 Restore the lua binding for dnsname::wirelength() .. change:: :tags: Bug fixes :pullreq: 8152 Rec docs: fix versionadded for maintenance() .. change:: :tags: Internals, Improvements :pullreq: 7951 :tickets: 6942, 8084 Update boost.m4 .. change:: :tags: Bug fixes :pullreq: 8089 Fix the rfc1982lessthan template. .. change:: :tags: Bug fixes :pullreq: 8034 Ensure debian sysv users get set{g,u}id .. change:: :tags: New Features :pullreq: 8075 Builder: add raspbian-buster target .. change:: :tags: Bug fixes :pullreq: 8067 Make sure we always compile with boost_cb_enable_debug set to 0 .. change:: :tags: Bug fixes :pullreq: 8028 Limit compression pointers to 14 bits .. change:: :tags: Bug fixes :pullreq: 8047 :tickets: 8008 Another time sensistive test fixed with a fixednow construct. .. change:: :tags: New Features :pullreq: 8000 Rec: export a protobuf incoming response message for timeouts .. change:: :tags: Internals, Improvements :pullreq: 8010 Rec: small speed improvements in the syncres .. change:: :tags: Internals, Improvements :pullreq: 8013 Don't create temporary strings to escape dnsname labels .. change:: :tags: New Features :pullreq: 8001 Recursor: add devicename field to protobuf messages .. change:: :tags: Bug fixes :pullreq: 8008 Rec: don't go bogus if the auth zone delegation test takes too long .. change:: :tags: Internals, Improvements :pullreq: 8007 Add static assertions for the size of the src address control buffer .. change:: :tags: Internals, Improvements :pullreq: 7996 :tickets: 7981 Clear cmsg_space(sizeof(data)) in cmsghdr to appease valgrind. .. change:: :tags: Bug fixes :pullreq: 7997 Rec: fix the export of only outgoing queries or incoming responses .. change:: :tags: Internals, Improvements :pullreq: 7990 :tickets: 7981 Explicitly align the buffer used for cmsgs .. change:: :tags: Bug fixes :pullreq: 7946 Fix a few markup issues in our documentation .. change:: :tags: Internals, Improvements :pullreq: 7967 :tickets: 7949 Silence unused lambda warning (retry) (fwSmit) .. change:: :tags: New Features :pullreq: 7879 Recursor: don't start as root in systemd .. change:: :tags: Internals, Improvements :pullreq: 7945 Rec: clean ups in the syncres::docnamecachelookup code .. change:: :tags: New Features :pullreq: 7757 Rec experimental qname minimization .. change:: :tags: Bug fixes :pullreq: 7871 Adapt calidns for openbsd and other systems without rcvmmsg(2) .. change:: :tags: Bug fixes :pullreq: 7928 Rec: better detection of bogus zone cuts for dnssec validation .. change:: :tags: Bug fixes :pullreq: 7886 suffixmatchtree: fix root removal, partial match of non-leaf nodes .. change:: :tags: Internals, Improvements :pullreq: 7699 All: dnsname, speeds up tostring() conversion .. change:: :tags: New Features :pullreq: 7877 Rec: set the query-zone field in the dnstap messages. .. change:: :tags: Internals, Improvements :pullreq: 7904 rec: optimize for large number of filtering policies, empty sections .. change:: :tags: Internals, Improvements :pullreq: 7901 Rec: reuse the outgoing query protobuf for the incoming response .. change:: :tags: Bug fixes :pullreq: 7884 :tickets: 6160, 7235, 7883 Rec: don't mix time() and gettimeofday() in our unit tests (again) .. change:: :tags: Internals, Improvements :pullreq: 7905 Rec: compare the cachekey type and place first then the name .. change:: :tags: Internals, Improvements :pullreq: 7862 Update boost.m4 to the latest version .. change:: :tags: New Features :pullreq: 7868 Allow unix domains sockets for dnstap destinations .. change:: :tags: Bug fixes :pullreq: 7870 Stubquery: fix handling of optional type arg. .. change:: :tags: Bug fixes :pullreq: 7864 Fix warnings reported by coverity .. change:: :tags: Internals, Improvements :pullreq: 7861 Check if -latomic is needed instead of hardcoding (Rosen Penev) .. change:: :tags: New Features :pullreq: 7538 DNSTAP logging for queries to, and responses from, auths .. change:: :tags: Internals, Improvements :pullreq: 7843 Rec: small speedups in the recursion 'slow' path .. change:: :tags: Internals, Improvements :pullreq: 7857 Add latomic to arc platform (Rosen Penev) .. change:: :tags: Internals, Improvements :pullreq: 7548 Eliminate the loop in syncres::getaddrs() .. change:: :tags: Bug fixes :pullreq: 7841 Recursor: log udp tc bits during trace