Changelogs for 5.3.X¶
Before upgrading, it is advised to read the Upgrade Guide.
5.3.5¶
Released: 9th of February 2026Bug Fixes¶
Fix PowerDNS Security Advisory 2026-01: Crafted zones can lead to increased resource usage in Recursor.
¶References: pull request 16842
5.3.4¶
Released: 14th of January 2026Improvements¶
Update cxx and related cargos and avoid uuid crate.
¶References: #16106, pull request 16699
Add package urls to our SBOMs.
¶References: #16217, pull request 16414
We need a usable cargo for sdist so download (and install) rust later.
¶References: pull request 16387
Update the Rust library version when generating a tarball and fix release builds by updating the locked Rust lib version.
¶References: #16155, #16167, #16180, #16188, #16380, #16392, pull request 16380, pull request 16381, pull request 16382, pull request 16397
Do not hash (or compare) OpenTelemetry Trace EDNS value for packetcache.
¶References: #16098, pull request 16378
Bug Fixes¶
Fix parsing of webserver loglevel “none”.
¶References: #16461, pull request 16698
Silence rust warning.
¶References: #16251, pull request 16697
Some error paths do no create thread 0 so don’t join it.
¶References: pull request 16377
5.3.3¶
Released: 8th of December 2025Bug Fixes¶
Fix PowerDNS Security Advisory 2025-08: Insufficient validation of incoming notifies over TCP can lead to a denial of service in Recursor.
¶References: pull request 16618
5.3.2¶
Released: Never released publiclyBug Fixes¶
Fix PowerDNS Security Advisory 2025-07: Internal logic flaw in cache management can lead to a denial of service in Recursor
¶References: pull request 16618
5.3.1¶
Released: 22nd of October 2025Bug Fixes¶
Fix PowerDNS Security Advisory 2025-06: Crafted delegations or IP fragments can poison cached delegations in Recursor.
¶References: pull request 16339
5.3.0¶
Released: 28th of August 2025Improvements¶
Path.unlink(True) requires python 3.8, rewrite so it works on older versions.
¶References: #16011, pull request 16027
Include proper file in bridge.hh to avoid a case of creating a smart pointer to an incomplete class.
¶References: #16021, pull request 16026
Bug Fixes¶
Check for pubsuffix.cc presence when building with autotools, followup to #15782.
¶References: #16010, pull request 16028
5.3.0-rc1¶
Released: 21st of August 2025Improvements¶
Move back to a single debian control file.
¶References: #15934, pull request 15986
Put lib.rs into dist tarball.
¶References: #15938, pull request 15983
Recursor/auth: remove obsolete pre install files.
¶References: #15802, pull request 15982
Bug Fixes¶
Fix Boost system lib dependency: it is no longer available since 1.89.
¶References: #15972, #15991, pull request 15993
Add back parent span attributes, they were lost in #15756.
¶References: #15974, #15981, pull request 15985
If an RPZ hit has a custom CNAME record, we should try harder to follow it.
¶References: #15893, pull request 15984
5.3.0-beta1¶
Released: 24th of July 2025New Features¶
Add Lua hooks to dump and restore measured nameserver speed table.
¶References: pull request 15803
Improvements¶
Add version and an alignment byte to the EDNS record for OpenTelemetry data.
¶References: pull request 15887, pull request 15888
Bug Fixes¶
Chain and harden ECS enabled queries. (PowerDNS Security Advisory 2025-04: A Recursor configured to send out ECS enabled queries can be sensitive to spoofing attempts).
¶References: pull request 15848
5.3.0-alpha2¶
Released: 9th of July 2025Improvements¶
Allow forcing TCP from preoutquery() (elenril).
¶References: pull request 15759
Add el-10 target, based on rockylinux:10 for now.
¶References: pull request 15639
Clang-tidy: replace lock_guard with scoped_lock (Rosen Penev)
¶References: pull request 15788
Only download pub suffix list if pubsuffix.cc is not available.
¶References: pull request 15782
Fix Coverity issues and add release() to FDWrapper.
¶References: pull request 15756, pull request 15766
Start to listen on ::1 by default, but don’t consider it an error if that fails.
¶References: pull request 15758
Bug Fixes¶
Don’t let rust code and handler use thread pipes simultaneously.
¶References: pull request 15752
Fix sysconfdir in debian packages built by meson.
¶References: #15723, pull request 15746
5.3.0-alpha1¶
Released: 25th of June 2025Improvements¶
Add facility to generate trace data in OpenTelemetry format.
¶References: pull request 15668
Implement stop command as alias for quit(-nicely).
¶References: #15674, pull request 15686
Avoid implicit truncating cast of inception skew.
¶References: pull request 15715
Two Coverity issues, the truncation is meant to be.
¶References: pull request 15700
Introduce aliases for camelCase field names in config file.
¶References: #15059, pull request 15692
Fix negativetrustanchor.server CH TXT query processing (disabled by default).
¶References: #15660, pull request 15661
Build el-9 package with luajit on arm64.
¶References: pull request 15626
Rec: build packages using meson.
¶References: pull request 15592 15628 15636
Start building packages for trixie.
¶References: pull request 15596
Use Rust 1.87.0 when building our packages.
¶References: pull request 15584
Upgrade to protozero 1.8.0.
¶References: pull request 15525
Add a Lua function to get the config dir and name.
¶References: pull request 15435
Fix a difference between record-cache hit and miss in some ServFail results.
¶References: pull request 15396
Rec: [meson] make nod a feature instead of a boolean
¶References: pull request 15373
When CARGO_TARGET_DIR is set the generated C++ files end up in a different location.
¶References: pull request 15369
Fix generation of recursor config if PDNS_RECURSOR_API_KEY is set.
¶References: #15367, pull request 15368
Meson systemd cleanup.
¶References: pull request 15309
Add libcap feature and sync build-and-test-all options with autotools variants.
¶References: pull request 15293
Export ffi symbols so they become available to Lua.
¶References: pull request 15292 15307
Fix libsnmp define.
¶References: pull request 15272
More consistency in logging statements generated in web server code.
¶References: pull request 15273
Make sure t_tcpClientCounts is always initialized.
¶References: pull request 15261
Fix a few gcc warnings on trixie.
¶References: pull request 15260
Tidy of structured logging related files.
¶References: pull request 15217
Use meson to generate docs (html + pdf)
¶References: pull request 15169
Reload proxy settings on rec_control reload-acls.
¶References: #14096, pull request 15167
Store thread id in info object, makes a few methods less error prone.
¶References: pull request 15216
Switch back to serde_yaml.
¶References: #15202, pull request 15203
Add two missing includes.
¶References: #15179, pull request 15192
Minor Coverity issues.
¶References: pull request 15168 15157
Add meson install target and fix meson dist issues after new way of generating man pages was merged.
¶References: pull request 15161
Fix cxx include dir.
¶References: pull request 15154
Move to embedded web service written in Rust supporting multiple listen addresses and TLS.
¶References: pull request 15114
Make quit-nicely wait on actual quit and start using it for stopping by systemd.
¶References: pull request 14976
Check bounds of rcode stats counter index (safe right now).
¶References: pull request 15139
Clang-tidy: use std::min/max (Rosen Penev).
¶References: pull request 14954
Tidy credentials.??.
¶References: pull request 15066
Rec: New Coverity Variable copied when it could be moved cases
¶References: pull request 15050 15057
EDNSSubnetOpts refactoring
¶References: #13704, pull request 15040
Compute size estimate for record cache allocated size.
¶References: pull request 15038
Dedup records.
¶References: #14120, pull request 14617
Store authority recs and signatures as shared pointers to const data.
¶References: pull request 14985 15017
If the full CNAME chain leading to the answer is cached, indicate that.
¶References: #14918, pull request 14973
Bug Fixes¶
When using ZoneToCache, do not store non-auth data if the name is subject to recursive forwarding.
¶References: #15651, pull request 15652
Force some files to be regenerated when table.py changes.
¶References: pull request 15546
Strip quotes meson adds from SYSCONFDIR (and two other config values).
¶References: pull request 15437
Delete temp file on failure to dump RPZ file.
¶References: pull request 15033