Changelogs for 4.7.X¶
4.7.6¶
Released: 25th of August 2023Bug Fixes¶
(I)XFR: handle partial read of len prefix.
¶References: #13105, pull request 13157
YaHTTP: Prevent integer overflow on very large chunks.
¶References: #12892, pull request 13079
Work around Red Hat 8 misfeature in OpenSSL’s headers.
¶References: #12961, pull request 13075
Fix setting of policy tags for packet cache hits.
¶References: #13021, pull request 13058
4.7.5¶
Released: 29th of March 2023Bug Fixes¶
PowerDNS Security Advisory 2023-02: Deterred spoofing attempts can lead to authoritative servers being marked unavailable.
¶References: pull request 12701
4.7.4¶
Released: 25th of November 2022Bug Fixes¶
Fix compilation of the event ports multiplexer.
¶References: #12046, pull request 12231
Correct skip record condition in processRecords.
¶References: #12198, pull request 12230
Also consider recursive forward in the “forwarded DS should not end up in negCache code.”
¶References: #12189, #12199, pull request 12227
Timeout handling for IXFRs as a client.
¶References: #12125, pull request 12190
Detect invalid bytes in makeBytesFromHex().
¶References: #12066, pull request 12173
Log invalid RPZ content when obtained via IXFR.
¶References: #12081, pull request 12171
When an expired NSEC3 entry is seen, move it to the front of the expiry queue.
¶References: #12038, pull request 12168
4.7.3¶
Released: 20th of September 2022Improvements¶
For zones having many NS records, we are not interested in all so take a sample.
¶References: #11904, pull request 11936
Also check qperq limit if throttling happened, as it increases counters.
¶References: #11848, pull request 11897
Bug Fixes¶
Failure to retrieve DNSKEYs of an Insecure zone should not be fatal.
¶References: #11890, pull request 11940
Fix recursor not responsive after Lua config reload.
¶References: #11850, pull request 11879
Clear the caches after loading authzones.
¶References: #11843, pull request 11847
Resize answer length to actual received length in udpQueryResponse.
¶References: #11773, pull request 11774
4.7.2¶
Released: 23th of August 2022Bug Fixes¶
PowerDNS Security Advisory 2022-02: incomplete exception handling related to protobuf message generation.
¶References: pull request 11874, pull request 11877
4.7.1¶
Released: 8th of July 2022Improvements¶
Allow generic format while parsing zone files for ZoneToCache.
¶References: #11724, #11726, pull request 11750
Force gzip compression for debian packages (Zash).
¶References: #11735, pull request 11740
Bug Fixes¶
Run tasks from housekeeping thread in the proper way, causing queued DoT probes to run more promptly. Thanks to Jerry Lundström!
¶References: #11692, pull request 11748
4.7.0¶
Released: 30th of May 2022Bug Fixes¶
Fix API issue when asking config values for allow-from or allow-notify-from.
¶References: #11609, pull request 11632
4.7.0-rc1¶
Released: 6th of May 2022Bug Fixes¶
Prometheus #HELP texts: DNSSEC counters track responses sent, not actual validations performed.
¶References: #11539, pull request 11559
Fix DoT port and protocol used for probed authoritative servers.
¶References: #11541, pull request 11560
Fix Coverity 1487923 Out-of-bounds read (wrong use of sizeof).
¶References: #11536, pull request 11538
4.7.0-beta1¶
Released: 14th of April 2022Improvements¶
Probe authoritative servers for DoT support (experimental).
¶References: pull request 11487
Add deferred mode for retrieving additional records.
¶References: pull request 11492
Use boost::mult-index for nsspeed table and make it shared.
¶References: pull request 11484
Packet cache improvements: do not fill beyond limit and use strict LRU eviction method.
¶References: pull request 11312
Use nice format for timestamp printing.
¶References: pull request 11444
Only log “Unable to send NOD lookup” if log-common-errors is set.
¶References: #11440, pull request 11445
Remember parent NS set, to be able to fall back to it if needed.
¶References: pull request 11443
Proxy by table: allow a table based mapping of source address.
¶References: pull request 11396, pull request 11507
Bug Fixes¶
Update moment.min.js (path traversal fix; we are unaffected).
¶References: pull request 11524
Prevent segfault with empty allow-from-file and allow-from options (Sven Wegener).
¶References: pull request 11496
In the handler thread, call sd_notify() just before entering the main loop in RecursorThread.
¶References: pull request 11471
Distinguish between unreachable and timeout for throttling.
¶References: pull request 11405
Use correct task to clean outgoing TCP.
¶References: pull request 11397
4.7.0-alpha1¶
Released: 28th of February 2022Improvements¶
Add Additional records to query results if appropriate and configured.
¶References: #11294, pull request 11302
Resolve AAAA for NS in an async task if applicable.
¶References: pull request 11294
Read the base Lua definitions into the Lua context for reading the Lua config.
¶References: pull request 11319
Add SNI information to outgoing DoT if available.
¶References: pull request 11307
Detect a malformed question early so we can drop it as soon as possible.
¶References: pull request 11305
Thread management re-factoring.
¶References: pull request 11252
Document changes to policy.DROP better and warn on using the now unsupported way.
¶References: #11287, pull request 11288
Allow disabling of processing root hints and lower log level of some related messages.
¶References: pull request 11283
Move two maps (failed servers and non-resolving nameservers) from thread_local to shared.
¶References: pull request 11269
A CNAME answer on DS query should abort DS retrieval.
¶References: pull request 11245
ZONEMD validation for Zone to Cache function.
¶References: pull request 11100, pull request 11189
By default, build with symbol visibility hidden.
¶References: #11178, pull request 11186
Update protozero to 1.7.1.
¶References: pull request 11164
Add Lua postresolve_ffi hook.
¶References: pull request 11074
Compute step sizes for Query Minimization according to RFC 9156.
¶References: pull request 11036
Bug Fixes¶
QType ADDR is supposed to be used internally only.
¶References: #11337, pull request 11338, pull request 11349
Fix unaligned access in murmur hash code used by the Newly Observed Domain feature.
¶References: pull request 11347
A Lua followCNAME result might need native dns64 processing.
¶References: #11320, pull request 11327
Use the Lua context stored in SyncRes when calling hooks.
¶References: #11289, pull request 11300
Make incoming TCP bookkeeping more correct.
¶References: #11021, pull request 11030