Changelogs for 4.9.X

4.9.9

Released: 3rd of October 2024

Bug Fixes

• Security advisory 2024-04: CVE-2024-25590

  References: pull request 14745

4.9.8

Released: 23rd of July 2024

Improvements

• Optimize processing of additionals.

  References: #14499, pull request 14503

• Switch el7 builds to Oracle Linux 7.

  References: #14400, pull request 14413

• dns.cc: use pdns::views::UnsignedCharView.

  References: #14359, pull request 14416

Bug Fixes

• Dump right SOA into dumpFile and report non-relative SOA for includeSOA=true.

  References: #14471, pull request 14483

• Yahttp router: avoid unsigned underflow in route().

  References: #14404, pull request 14480

4.9.7

Released: 3rd of July 2024

Bug Fixes

• Remove potential double SOA records if the target of a dns64 name is NODATA.

  References: #14373, pull request 14380

• Fix TCP case for policy tags to not produce cached tags in protobuf messages.

  References: #14346, pull request 14352

4.9.6

Released: 14th of May 2024

Improvements

• Only print Docker config if debug flag is set.

  References: pull request 13993

Bug Fixes

• Do not count RRSIGs using unsupported algorithms toward RRSIGs limit.

  References: #14049, pull request 14093

• Correctly count NSEC3s considered when chasing the closest encloser.

  References: #13984, pull request 13995

• Fix trace=fail regression and add regression test for it.

  References: #13926, pull request 13994

4.9.5

Released: 24th of April 2024

Bug Fixes

• Security advisory 2024-02: CVE-2024-25583

  References: pull request 14109

4.9.4

Released: 7th of March 2024

Improvements

• Update new b-root-server.net addresses in built-in hints.

  References: #12897, #13387, pull request 13793

Bug Fixes

• Fix gathering of denial of existence proof for wildcard-expanded names.

  References: pull request 13853

• Fix the zoneToCache regression introduced by SA 2024-01.

  References: #13788, pull request 13795

• A single NSEC3 record covering everything is a special case.

  References: #13543, pull request 13792

4.9.3

Released: 13th of February 2024

Bug Fixes

• Security advisory 2024-01: CVE-2023-50387 and CVE-2023-50868

  References: pull request 13783

4.9.2

Released: 8th of November 2023

Improvements

• Handle stack memory on NetBSD as on OpenBSD.

  References: #13408, pull request 13412

• Prevent two cases of copy of data that can be moved.

  References: #13092, pull request 13286

• Implement a more fair way to prune the aggressive cache.

  References: #13209, pull request 13282

Bug Fixes

• Handle serve stale logic in getRootNXTrust().

  References: #13383, #13409, pull request 13449

• If serving stale, wipe CNAME records from cache when we get a NODATA negative response for them.

  References: #13353, pull request 13411

• Remove Before=nss-lookup.target line from systemd unit file.

  References: #13210, pull request 13284

• Prevent lookups for unsupported qtypes or rcode != 0 to submit refresh tasks.

  References: #13278, pull request 13283

• Do not assume the records are in a particular order when determining if an answer is NODATA.

  References: #13102, pull request 13176

4.9.1

Released: 25th of August 2023

Bug Fixes

• Fix code producing json.

  References: #13071, pull request 13163

• Replace data in the aggressive cache if new data becomes available.

  References: #13106, pull request 13161

• Fix a few typos in log messages.

  References: #13151, pull request 13160

• (I)XFR: handle partial read of len prefix.

  References: #13105, pull request 13159

• Fix setting of policy tags on packet cache hits.

  References: #13021, pull request 13057

• Work around Red Hat 8 misfeature OpenSSL’s headers.

  References: #12961, pull request 12995

• Stop using the now deprecated ERR_load_CRYPTO_strings() to detect OpenSSL.

  References: #12935, pull request 12994

4.9.0

Released: 30th of June 2023

Please review the Upgrade Guide before upgrading from versions < 4.9.x.

Bug Fixes

• Fix qname length getting out-of-sync with qname-minimization iteration count.

  References: #12963, pull request 12968

• Rewrite and fix loop that checks if algorithms are available.

  References: #12933, pull request 12936

• Fix daemonize() to properly background the process.

  References: #12928, pull request 12932

4.9.0-rc1

Released: 15nd of June 2023

Please review the Upgrade Guide before upgrading from versions < 4.9.x.

Improvements

• Escape key names that are special in the systemd-journal structured logging backend.

  References: #12468, pull request 12906

• Add feature to switch off unsupported DNSSEC algos, either automatically or manually.

  References: #12890, pull request 12893

• Expose NOD/UDR metrics.

  References: #12855, pull request 12896

• Add SOA to RPZ modified answers if configured to do so.

  References: #8232, pull request 12883

• Keep track of max depth reached and report it if !quiet.

  References: pull request 12898

• Another set of fixes for clang-tidy reports.

  References: pull request 12793, pull request 12904

Bug Fixes

• Prevent duplicate C/DNAMEs being included when doing serve-stale.

  References: pull request 12900

4.9.0-beta1

Released: 2nd of June 2023

Please review the Upgrade Guide before upgrading from versions < 4.9.x.

Improvements

• Introduce a way to completely disable root-refresh.

  References: #12848, pull request 12861

• Delint some files to make clang-tidy not report any issue.

  References: pull request 12790, pull request 12836, pull request 12837, pull request 12838

• Distinguish between recursion depth and CNAME chain length.

  References: pull request 12779, pull request 12862

• Log if the answer was marked variable by SyncRes and if it was stored into the packet cache (if !quiet).

  References: pull request 12750

Bug Fixes

• Sanitize d_orig_ttl stored in record cache.

  References: pull request 12673

• Fix clang-tidy botch with respect to spelling of “log-fail”.

  References: #12790, pull request 12829

4.9.0-alpha1

Released: 14th of April 2023

Please review the Upgrade Guide before upgrading from versions < 4.9.x.

Improvements

• Cleanup rcode enums: base one is 8 bit unsigned, extended one 16 bit unsigned

  References: pull request 12710

• Sharded and shared packet cache.

  References: pull request 12594

• More fine-grained capping of packet cache TTL.

  References: pull request 12709

• Update Debian packaging for Recursor, including removal of sysv init script (Chris Hofstaedtler).

  References: pull request 10072, pull request 12716

• Unify shorthands for seconds in log messages (Josh Soref).

  References: pull request 12497

• Validate: Stop passing shared pointers all the way down.

  References: pull request 12674

• Re-establish “recursion depth is always increasing” invariant.

  References: pull request 12688

• OpenSSL 3.0 compatibility.

  References: pull request 12401, pull request 12412, pull request 12462, pull request 12501, pull request 12502, pull request 12513, pull request 12515, pull request 12516, pull request 12524, pull request 12540, pull request 12550

• Only store NSEC3 records in aggressive cache if we expect them to be effective.

  References: pull request 12493

• rec_control trace-regex: trace to a file or stdout instead of the general log.

  References: pull request 11777

• Unify trace logging code in syncres and validator.

  References: pull request 12434

• Stack protector for mthread stacks.

  References: pull request 12446, pull request 12695

• Change the way RD=0 forwarded queries are handled.

  References: pull request 12425

• Enable FORTIFY_SOURCE=3 when supported by the compiler.

  References: pull request 12381

• Introduce a thread-safe version of stringerror().

  References: pull request 12396

• Name recursor threads consistently with a “rec/” prefix.

  References: #11138, pull request 12399

• Rec: Warn on high (90%) mthread stack usage.

  References: pull request 12373

• Rec: Generate EDE in more cases, specifically on unreachable auths or synthesized results.

  References: pull request 12334, pull request 12691, pull request 12698

• Wrap the CURL raw pointers in smart pointers.

  References: pull request 12292

• Reorganization: move recursor specific files to recursordist.

  References: #12241, pull request 12318

• Introducing TCounters.

  References: pull request 12193, pull request 12323, pull request 12348

• If we encounter a loop in QM, continue with the next iteration.

  References: #12090, pull request 12120

• More clear trace message for cache-only lookups.

  References: #12080, pull request 12121

Bug Fixes

• Rework root priming code to allow multiple addresses per NS.

  References: #12486, pull request 12655

• Fix a dnsheader unaligned case.

  References: pull request 12672

• Serve-stale-extensions works on 30s so an hour should be 120. (Andreas Jakum)

  References: pull request 12554

• Fix doc typo (Matt Nordhoff).

  References: pull request 12539

• Logging tweaks (Josh Soref).

  References: pull request 12495

• Negcache dump code: close fd on fdopen fail.

  References: #12374, pull request 12419

• Be more careful saving errno in makeClientSocket() and closesocket()

  References: pull request 12392

• Add the ‘parse packet from auth’ error message to structured logging.

  References: pull request 12368