Before upgrading, it is advised to read the Upgrade Guide.
Security advisory 2024-04: CVE-2024-25590¶
References: pull request 14744
Limit the number of async tasks pushed to resolve NS names and optimize processing of additionals.¶
References: #14499, pull request 14502
dns.cc: use pdns::views::UnsignedCharView.¶
References: #14359, pull request 14415
Dump right SOA into dumpFile and report non-relative SOA for includeSOA=true.¶
References: #14471, pull request 14482
Yahttp router: avoid unsigned underflow in route().¶
References: #14404, pull request 14479
Switch el7 builds to Oracle Linux 7.¶
References: #134400, pull request 14412
Remove potential double SOA records if the target of a dns64 name is NODATA.¶
References: #14373, pull request 14379
Fix TCP case for policy tags to not produce cached tags in protobuf messages.¶
References: #14346, pull request 14351
Count substituted remote in case of proxy protocol.¶
References: #14340, pull request 14348
YaHTTP: Enforce max # of request fields and max request line size.¶
References: #14197, pull request 14223
Report error and adjust max-mthreads when linux map limit (vm.max_map_count) is too low to accommodate resource usage under load.¶
References: #14185, pull request 14222
Only print Docker config if debug flag is set.¶
References: #13849, pull request 13988
Do not count RRSIGs using unsupported algorithms toward RRSIGs limit.¶
References: #14049, pull request 14091
Correctly count NSEC3s considered when chasing the closest encloser.¶
References: #13984, pull request 13992
Let NetmaskGroup parse dont-throttle-netmasks, allowing negations.¶
References: #13966, pull request 13991
Fix types of two YAML settings (incoming.edns_padding_from, incoming.proxy_protocol_from) that should be sequences of subnets.¶
References: #13947, pull request 13990
Fix trace=fail regression and add regression test for it.¶
References: #13926, pull request 13989
Security advisory 2024-02: CVE-2024-25583¶
References: pull request 14108
Log if a DNSSEC related limit was hit if log_bogus is set.¶
References: #13824, pull request 13845
Reduce RPZ memory usage by not keeping the initially loaded RPZs in memory.¶
References: #13830, pull request 13846
Fix gathering of denial of existence proof for wildcard-expanded names.¶
References: #13847, pull request 13852
Fix the zoneToCache regression introduced by SA 2024-01.¶
References: #13788, pull request 13791
Security advisory 2024-01: CVE-2023-50387 and CVE-2023-50868¶
References: pull request 13782
Warn that disabling structured logging is now deprecated.¶
References: #13567, pull request 13645
Fix handling of RUNTIME_DIRECTORY and NOD dirs.¶
References: #13588, #13612, pull request 13646
Remove experimental warnings for YAML.¶
References: pull request 13557
Disallow (by answering Refused) RD=0 by default.¶
References: #13386, pull request 13507
Make syncres code clang-tidy.¶
References: pull request 13434
Introduce a setting to allow RPZ duplicates, including a dup handling fix.¶
References: #12842, pull request 13501
Update new b-root-server.net addresses in built-in hints.¶
References: pull request 13387
Change default of nsec3-max-iterations to 50.¶
References: pull request 13478
Warn if truncation occurred dumping the trace.¶
References: pull request 13477
A single NSEC3 record covering everything is a special case.¶
References: #13542, pull request 13543
Document outgoing query counts better, including a small fix.¶
References: #13463, pull request 13511
Take into account throttled queries when determining if we had a cache hit.¶
References: #13483, pull request 13497
Correctly apply outgoing.tcp_max_queries bound.¶
References: #13467, pull request 13480
Be more memory efficient handling RPZ updates.¶
References: pull request 13462
Change default of extended-resolution-errors setting to true.¶
References: pull request 13464
Move a few settings from recursor to outgoing section.¶
References: pull request 13455
For structured logging always log addresses including port.¶
References: pull request 13446
Teach configure to check for cargo version and require >= 1.64.¶
References: pull request 13438
Tidy cache and only copy values if non-expired entry was found.¶
References: #12612, pull request 13410
Add endbr64 instructions in the right spots for OpenBSD/amd64.¶
References: #13430, pull request 13430, pull request 13432
Handle stack memory on NetBSD as on OpenBSD (Tom Ivar Helbekkmo)¶
References: pull request 13408
Fix ubsan error: using a value of 80 for bool.¶
References: pull request 13468
Handle serve stale logic in getRootNXTrust().¶
References: #13383, pull request 13409
Convert API managed config from old style to YAML if YAML settings are active.¶
References: #12679, #13233, pull request 13362
If we miss glue–but not for all NS records–try to resolve the missing address records.¶
References: pull request 13364
Make QName Minimization parameters from RFC 9156 settable.¶
References: pull request 13296
Conform to RFC 2181 10.3: don’t allow NS records to point to aliases.¶
References: pull request 13312
Do not use Qname Minimization for infra-queries.¶
References: #8646, pull request 13295
Implement probabilistic un-throttle.¶
References: pull request 13289
Put files generated by settings/generate.py into tarball so package builds do not have to run it.¶
References: pull request 13290
Fix packetcache submit refresh task logic.¶
References: #13266, pull request 13278
Allow loglevel to be set to levels < 3.¶
References: #13264, pull request 13277
Move tcp-in processing to dedicated thread(s).¶
References: #8394, pull request 13195
If serving stale, wipe CNAME records from cache when we get a NODATA negative response for them.¶
References: #12395, pull request 13353
Fix Coverity 1522436 potential dereference of null return value.¶
References: pull request 13363
Fix log messages text and levels.¶
References: pull request 13303, pull request 13311
Fix sysconfdir handling in new settings code.¶
References: #13259, pull request 13276
Fix Coverity 1519054: Using invalid iterator.¶
References: pull request 13250
Rewrite settings code, introducing YAML settings file, using Rust and generated code to implement YAML processing¶
References: pull request 13008
Make aggressive cache pruning more effective and more fair.¶
References: pull request 13209
Remove make_tuple and make_pair (Rosen Penev).¶
References: pull request 13208
Rec: fix a few unused argument warnings (depending on features enabled).¶
References: pull request 13190
Change the default for building with net-snmp from auto to no.¶
References: pull request 13168
Channel: Make the blocking parameters of the object queue explicit.¶
References: #13147, pull request 13155
Do not assume the records are in a particular order when determining if an answer is NODATA.¶
References: pull request 13102
Document default for webserver-loglevel (Frank Louwers).¶
References: pull request 13111
Remove unused sysv init files.¶
References: pull request 13087
Fixes a few performance issues reported by Coverity.¶
References: pull request 13092
Highlight why regression tests failed with github annotation (Josh Soref)¶
References: pull request 13074
Switch from deprecated ::set-output (Josh Soref).¶
References: pull request 13073
Use backticks in rec_control(1) (Josh Soref).¶
References: pull request 13067
Clarify why bulktest is failing (Josh Soref).¶
References: pull request 13068
Set TTL in getFakePTRRecords.¶
References: #13011, pull request 13043
Update settings.rst – clarify edns-subnet-allow-list (Seth Arnold).¶
References: pull request 13032
Dnsheader: Switch from bitfield to uint16_t whenever possible.¶
References: pull request 13026
Clarify log message for NODATA/NXDOMAIN without AA (Håkan Lindqvist).¶
References: pull request 12805
Use arc4random only for random values.¶
References: pull request 12913, pull request 12931, pull request 12999, pull request 13001, pull request 13022, pull request 13175, pull request 15197
Update base Debian version in Docker docs (Italo Cunha).¶
References: pull request 12851
Delint pdns recursor.cc.¶
References: pull request 12917
Include qname when logging skip of step 4 of qname minimization (Doug Freed).¶
References: pull request 12957
Fix a set of move optimizations, as suggested by Coverity.¶
References: pull request 12952
Silence Coverity 1462719 Unchecked return value from library.¶
References: pull request 12934
Fix compile warnings.¶
References: pull request 12930
Dns random: add method to get full 32-bits of randomness.¶
References: pull request 12913
Reformat and delint arguments.cc and arguments.hh.¶
References: pull request 12808
Remove Before=nss-lookup.target line from unit file.¶
References: pull request 13210
TCPIOHandler: Fix a race when creating the first TLS connections.¶
References: pull request 13167
Rec: Include cstdint in mtasker_ucontext.cc, noted by @zeha.¶
References: pull request 13174