6 :released: 20th of March 2010
12 Don't start as root within a systemd environment
19 Fix ECS addition when the OPT record is not the last one
26 Add SetNegativeAndSOAAction() and its Lua binding
32 Implement dynamic blocking on ratio of rcode/total responses
35 :tags: Improvements, Performance
38 Rework NetmaskTree for better CPU and memory efficiency. (Stephan Bosch)
41 :tags: Improvements, DNS over TLS
44 Switch the default DoT provider from GnuTLS to OpenSSL
50 Separate the check-config and client modes
53 :tags: Improvements, Performance
56 Implement parallel health checks
59 :tags: New Features, Performance
63 Implement LuaFFIRule, LuaFFIAction and LuaFFIResponseAction
69 Add the number of received bytes to StatNode entries
72 :tags: Improvements, Performance
75 Use move semantics when updating the content of the StateHolder
82 Support setting the value of AA, AD and RA when self-generating answers
89 Add bounded loads to the consistent hashing policy
95 pthread_rwlock_init() should be matched by pthread_rwlock_destroy()
101 Wait longer for the TLS ticket to arrive in our tests
107 Add missing exception message in KVS error
113 Replace include guard ifdef/define with pragma once (Chris Hofstaedtler)
119 Dnsdist: LogResponseAction (phonedph1)
125 Allow retrieving and deleting a backend via its UUID
128 :tags: Bug Fixes, DNS over TLS
131 Display the correct DoT provider
134 :tags: Improvements, Protobuf
137 Add the source and destination ports to the protobuf msg
143 Add spoofRawAction() to craft answers from raw bytes
149 Load an openssl configuration file, if any, during startup
152 :tags: Improvements, DNS over HTTPS
156 Don't accept sub-paths of configured DoH URLs
159 :tags: Bug Fixes, DNS over TLS
162 Use ref counting for the DoT TLS context
165 :tags: Improvements, DNS over HTTPS
169 Implement Cache-Control headers in DoH
172 :tags: Improvements, Metrics
176 Add backend status to prometheus metrics
182 Add getTag()/setTag() Lua bindings for a DNSResponse
185 :tags: Improvements, Metrics
188 Add 'IO wait' and 'steal' metrics on Linux
195 Fix key logging for DNS over TLS
198 :tags: Improvements, Performance
201 Keep a masked network in the Netmask class
207 Add support for Proxy Protocol between dnsdist and the recursor
213 Add get*BindCount() functions
219 Fix a typo in the help/completion for getDNSCryptBindCount
225 Implement rmACL() (swoga)
231 Remove unused lambda capture reported by clang++
237 Add sessionTimeout setting for TLS session lifetime (Matti Hiljanen)
240 :tags: Bug Fixes, Protobuf
244 Add 'queue full' metrics for our remote logger, log at debug only
247 :tags: Improvements, Protobuf
250 Better handling of reconnections in Remote Logger
253 :tags: Improvements, DNS over HTTPS, DNS over TLS
257 Document that the 'keyLogFile' option requires OpenSSL >= 1.1.1
264 Detect {Libre,Open}SSL functions availability during configure
267 :tags: Improvements, DNS over HTTPS
271 Change the default DoH path from / to /dns-query
277 Implement bounded loads for the whashed and wrandom policies
280 :tags: Improvements, DNSTAP, Performance
283 Make FrameStream IO parameters configurable
286 :tags: Improvements, DNS over HTTPS
290 Add support for the processing of X-Forwarded-For headers
293 :tags: Bug Fixes, DNS over HTTPS
296 Set the DoH ticket rotation delay before loading tickets
303 Warn on startup about low weight values with chashed
307 :released: 20th of November 2019
313 Lowercase the name blocked by a SMT dynamic block
319 Fix the default value of ``setMaxUDPOutstanding`` in the console's help (phonedph1)
325 Add bindings for the noerrors and drops members of StatNode
328 :tags: DNS over HTTPS, DNS over TLS
331 Prefer the cipher suite from the server by default (DoH, DoT)
337 Fix -WShadow warnings (Aki Tuomi)
343 Fix typo: settting to setting (Chris Hofstaedtler)
347 :released: 30th of October 2019
350 :tags: Improvements, DNS over HTTPS, Metrics
353 Rename the 'address' label to 'frontend' for DoH metrics
356 :tags: Bug Fixes, DNS over HTTPS
359 Increment the DOHUnit ref count when it's set in the IDState
363 :released: 25th of October 2019
366 :tags: New Features, DNS over HTTPS, DNS over TLS
369 Add support dumping TLS keys via keyLogFile
372 :tags: Improvements, DNS over HTTPS
375 Implement reference counting for the DOHUnit object
378 :tags: Improvements, DNS over HTTPS, DNS over TLS, Metrics
381 Add metrics about TLS handshake failures for DoH and DoT
388 Add more options to LogAction (non-verbose mode, timestamps)
391 :tags: Improvements, DNS over HTTPS, DNS over TLS
394 Merge the setup of TLS contexts in DoH and DoT
400 Fix the caching of large entries
406 Fix formatting in showTCPStats()
413 Work around cmsg_space somehow not being a constexpr on macOS
419 Use SO_BINDTODEVICE when available for newServer's source interface
422 :tags: Bug Fixes, Metrics
425 Add missing prometheus descriptions for cache-related metrics
428 :tags: Improvements, DNS over HTTPS, DNS over TLS, Metrics
431 Add metrics about unknown/inactive TLS ticket keys
434 :tags: Improvements, DNS over TLS, Metrics
437 Add metrics about TLS versions with DNS over TLS
440 :tags: Improvements, DNS over HTTPS, Metrics
443 Count the number of concurrent connections for DoH as well
446 :tags: Bug Fixes, DNS over HTTPS
449 Clear the DoH session ticket encryption key in the ctor
452 :tags: Improvements, DNS over HTTPS, DNS over TLS
455 Add a 'preferServerCiphers' option for DoH and DoT
458 :tags: Bug Fixes, Metrics
461 Add a prometheus 'thread' label to distinguish identical frontends
464 :tags: Bug Fixes, Metrics
467 Fix a typo in the prometheus description of 'senderrors'
470 :tags: Bug Fixes, Metrics
473 More prometheus fixes
476 :tags: Improvements, DNS over HTTPS
480 Lowercase custom DoH header names
487 Check the address supplied to 'webserver' in check-config
490 :tags: Improvements, DNS over HTTPS, Metrics
493 Refactor DoH prometheus metrics again
499 Fix the creation order of rules when inserted via setRules()
503 :released: 30th of September 2019
510 Clean up our interactions with errno
513 :tags: Improvements, DNS over HTTPS, DNS over TLS
516 Display the DoH and DoT binds in the web view
523 Remove the 'blockfilter' stat from the web view
526 :tags: Improvements, DNS over HTTPS
529 Allow accepting DoH queries over HTTP instead of HTTPS
535 Fix some spelling mistakes noticed by lintian (Chris Hofstaedtler)
541 Fix the newCDBKVStore console completion when LMDB is not enabled (phonedph1)
547 Allow configure CDB_CFLAGS to work (phonedph1)
553 dnsdistconf.lua use non-deprecated versions for 1.4.0 (phonedph1)
559 Fix the warning message on an invalid secpoll answer
566 Don't connect to remote logger in client/command mode
572 Better use of labels in our DoH prometheus export
575 :tags: Improvements, DNS over HTTPS
578 Implement TLS session ticket keys management for DoH
582 :released: 2nd of September 2019
588 Add a KeyValueStoreLookup action based on CDB or LMDB
594 Update h2o to 2.2.6, fixing CVE-2019-9512, CVE-2019-9514 and CVE-2019-9515 for repo.powerdns.com packages
597 :tags: New Features, DNS over HTTPS
600 Add support for early DoH HTTP responses
603 :tags: Improvements, DNS over HTTPS, DNS over TLS
607 Add minTLSVersion for DoH and DoT
613 Split dnsdist-lua-bindings.cc to reduce memory consumption during compilation
619 Add a Lua binding for `dynBlockRulesGroup:setQuiet(quiet)`
623 :released: 12th of August 2019
629 Disallow TCP disablement
635 Update boost.m4 to the latest version
641 SuffixMatchTree: fix root removal, partial match of non-leaf nodes
647 Print stats from expungeByName (Matti Hiljanen)
650 :tags: Bug Fixes, DNS over HTTPS
654 Properly override the HTTP Server header for DoH
657 :tags: Bug Fixes, DNS over HTTPS, DNS over TLS
660 Exit when requested DoT/DoH support is not compiled in
663 :tags: Improvements, DNS over HTTPS
666 Send better HTTP status codes, handle ACL drops earlier
669 :tags: Bug Fixes, DNS over HTTPS
673 Proper HTTP response for timeouts over DoH
676 :tags: Improvements, DNS over HTTPS
680 Add more stats about DoH HTTP responses
683 :tags: Bug Fixes, Carbon, Prometheus
687 Deduplicate frontends entries with carbon and prometheus
701 Squelch unused function warning
708 Fix short IOs over TCP
711 :tags: Improvements, DNS over TLS
714 Improve error messages for DoT issues
720 Fix handling of backend connection failing over TCP
726 SuffixMatchNode:add(): accept more types
733 Explicitly align the buffer used for cmsgs
739 Add `quiet` parameter to NetmaskGroupRule
746 Clear cmsg_space(sizeof(data)) in cmsghdr to appease Valgrind
752 Insert the response into the ringbuffer right after sending it
758 Add static assertions for the size of the src address control buffer
764 Don't create temporary strings to escape DNSName labels
767 :tags: Bug Fixes, DNSCrypt
771 Skip non-dnscrypt binds in `showDNSCryptBinds()`
777 Display TCP/DoT queries and responses in verbose mode, opcode in grepq
783 Be a bit more explicit about what failed in testCrypto()
790 Handle ENOTCONN on read() over TCP
793 :tags: Improvements, DNSCrypt
797 Accept more than one certificate in `addDNSCryptBind()`
803 Make sure we always compile with BOOST_CB_ENABLE_DEBUG set to 0
809 Catch exceptions thrown when handling a TCP response
815 Fix unlimited retries when TCP Fast Open is enabled
821 M4/systemd.m4: fail when systemctl is not available
824 :tags: Bug Fixes, Prometheus
827 Fix a typo in the Server's latency description for Prometheus (phonedph1)
833 Update URLs to use HTTPS scheme (Chris Hofstaedtler)
836 :tags: Bug Fixes, DNS over HTTPS
839 Prevent a dangling DOHUnit pointer when send() failed
845 Double-check we only increment the outstanding counter once
851 Implement ContinueAction()
858 Console: flush cout after printing g_outputbuffer (Doug Freed)
865 ext/ipcrypt: ship license in tarballs (Chris Hofstaedtler)
868 :tags: New Features, DNS over HTTPS, DNS over TLS
872 Add OCSP stapling (from files) for DoT and DoH
875 :tags: New Features, DNS over HTTPS
879 Add support for custom DoH headers (Melissa Voegeli)
882 :tags: New Features, DNS over HTTPS
886 Add lua bindings, rules and action for DoH
892 Use a counter to mark IDState usage instead of the FD
898 Fix signedness issue in isEDNSOptionInOpt()
904 Increase the default value of setMaxUDPOutstanding to 65535
907 :version: 1.4.0-beta1
908 :released: 6th of June 2019
911 :tags: Bug Fixes, DoH
915 DoH: Don't let 'self' dangling while parsing the request's qname, this could lead to a crash
921 Fix minor issues reported by Coverity
924 :tags: New Features, DoT, DoH
928 Implement SNIRule for DoT and DoH
934 Remove second, incomplete copy of lua EDNSOptionCode table
937 :tags: Improvements, Prometheus
941 Support Prometheus latency histograms (Marlin Cremers)
944 :version: 1.4.0-alpha2
945 :released: 26th of April 2019
951 Ignore Path MTU discovery on UDP server socket
957 Alternative solution to the unaligned accesses.
963 Exit when setting ciphers fails (GnuTLS)
970 Add DNS over HTTPS support based on libh2o
973 :version: 1.4.0-alpha1
974 :released: 12th of April 2019
980 Make recursor & dnsdist communicate (ECS) 'variable' status
986 Fix compiler warning about returning garbage (Adam Majer)
992 Fix warnings, mostly unused parameters, reported by -wextra
999 Add namespace and instance variable to carbon key (Gibheer)
1005 Add optional uuid column to showServers()
1011 Allow NoRecurse for use in dynamic blocks or Lua rules (phonedph1)
1018 Expose secpoll status
1024 Configure --enable-pdns-option --with-third-party-module (Josh Soref)
1030 Protect GnuTLS tickets key rotation with a read-write lock
1036 Check that ``SO_ATTACH_BPF`` is defined before enabling eBPF
1042 Drop remaining capabilities after startup
1049 Add an optional 'checkTimeout' parameter to 'newServer()'
1056 Add a 'rise' parameter to 'newServer()'
1063 Add a 'keepStaleData' option to the packet cache
1068 :tickets: 6846, 6897
1070 Expose trailing data (Richard Gibson)
1076 More sandboxing using systemd's features
1082 Fix off-by-one in mvRule counting
1088 Reduce systemcall usage in Protobuf logging
1094 Resync YaHTTP code to cmouse/yahttp@11be77a1fc4032 (Chris Hofstaedtler)
1100 Add option to set interval between health checks (1848)
1106 Add EDNS unknown version handling (Dmitry Alenichev)
1112 Pass empty response (Dmitry Alenichev)
1118 Change the way getRealMemusage() works on linux (using statm)
1124 Don't convert nsec to usec if we need nsec
1130 DNSNameSet and QNameSetRule (Andrey)
1142 Handle EAGAIN in the GnuTLS DNS over TLS provider
1149 Gracefully handle a null latency in the webserver's js
1156 Prevent 0-ttl cache hits
1163 Add addDynBlockSMT() support to dynBlockRulesGroup
1169 Add frontend response statistics (Matti Hiljanen)
1175 EDNSOptionView improvements
1182 Add support for encrypting ip addresses #gdpr
1188 Remove addLuaAction and addLuaResponseAction
1193 :tickets: 7526, 4814
1195 Refactoring of the TCP stack
1202 Honor libcrypto include path
1209 Add 'setSyslogFacility()'
1216 Prevent a conflict with BADSIG being clobbered
1222 Switch to the new 'newPacketCache()' syntax for 1.4.0
1228 Add 'reloadAllCertificates()'
1234 Move constants to proper namespace
1240 Unify the management of DNS/DNSCrypt/DoT frontends
1244 :released: 8th of November 2018
1248 :pullreq: 6737, 6939
1251 Add consistent hash builtin policy
1263 Add DSTPortRule (phonedph1)
1269 Make getOutstanding usable from both lua and console (phonedph1)
1275 Get rid of some allocs/copies in DNS parsing
1281 Display dynblocks' default action, None, as the global one
1286 :tickets: 6348, 4857
1288 Set a correct EDNS OPT RR for self-generated answers
1294 Added :excludeRange and :includeRange methods to DynBPFFilter class (Reinier Schoof)
1300 Fix a sign-comparison warning in isEDNSOptionInOPT()
1304 :pullreq: 3935, 6343, 6901, 7007, 7089
1305 :tickets: 4947, 6002
1307 Add Prometheus stats support (Pavel Odintsov, Kai S)
1313 Fix compilation when SO_REUSEPORT is not defined
1318 :tickets: 6907, 6907
1320 Add warning rates to DynBlockRulesGroup rules
1327 Name threads in the programs
1332 :tickets: 7004, 6990
1334 Add support for exporting a server id in protobuf
1340 dnsdist did not set TCP_NODELAY, causing needless latency
1346 Release memory on DNS over TLS handshake failure
1352 Add a setting to control the number of stored sessions
1359 Wrap GnuTLS and OpenSSL pointers in smart pointers
1366 Support the NXDomain action with dynamic blocks
1373 Add a 'creationOrder' field to rules
1380 Fix return-type detection with boost 1.69's tribool
1387 Fix format string issue on 32bits ARM
1393 Wrap TCP connection objects in smart pointers
1400 Add the setConsoleOutputMaxMsgSize function
1406 Add security polling
1413 Add the ability to update webserver credentials
1419 Add a PoolAvailableRule to easily add backup pools (Robin Geuze)
1426 Handle trailing data correctly when adding OPT or ECS info
1430 :released: 10th of July 2018
1436 Add missing include for PRId64, fix build on CentOS 6 / SLES 12
1440 :released: 10th of July 2018
1447 Remove `thelog` and `thel` and replace this with a global g_log
1453 Fix two small nits on the documentation
1460 Move the el6 dnsdist package to upstart
1466 Initialize the done variable in the rings' unit tests
1472 Reorder headers to fix OpenBSD build
1479 CLI option improvements (Chris Hofstaedtler)
1485 Split pdns_enable_unit_tests (Chris Hofstaedtler)
1491 Restrict value range for weight parameter, avoid sum overflows dropping queries (Dan McCombs)
1495 :pullreq: 6445, 6457, 6470
1504 Docs: fix missing ref in the dnsdist docs
1510 Be more permissive in wrandom tests, log values on failure
1517 Tests: avoid failure on not-so-optimal distribution
1524 Add support for more than one TLS certificate
1530 Add syntax to dns.proto to silence compilation warning.
1536 Fix warnings reported by gcc 8.1.0
1543 Document setVerboseHealthchecks()
1549 Update dq.rst (phonedph1)
1561 Don't copy unitialized values of SuffixMatchTree
1567 Expose toString of various objects to Lua (Chris Hofstaedtler)
1573 Remove 'expired' states from MaxQPSIPRule
1579 Fix reconnection handling
1586 Mark the remote member of DownstreamState as const
1592 Dynamic blocks were being created with the wrong duration (David Freedman)
1599 Test the content of dynamic blocks using the API
1606 Default set "connection: close" header for web requests
1612 Update timedipsetrule.rst (phonedph1)
1619 Don't access the TCP buffer vector past its size
1625 Show droprate in API output
1632 Limit qps and latency to two decimals in the web view
1637 :tickets: 6683, 6709
1639 Refuse console connection without a proper key set
1646 Add a negative ttl option to the packet cache
1652 Check the flags to detect collisions in the packet cache
1658 Add the ability to dump a summary of the cache content
1664 Fix iterating over the results of exceed*() functions
1670 Fix duration false positive in the dynblock regression tests
1676 Add netmask-based {ex,in}clusions to DynblockRulesGroup
1683 Add DNSAction.NoOp to debug dynamic blocks
1690 Implement NoneAction()
1697 Detect ECS collisions in the packet cache
1703 Fix an outstanding counter race when reusing states
1710 Add SetECSAction to set an arbitrary outgoing ecs value
1716 Use LRU to clean the MaxQPSIPRule's store
1722 Disable maybe uninitialized warnings with boost optional
1728 Add support for rotating certificates and keys
1735 Luawrapper: report caught std::exception as lua_error
1741 Dnstap.rst: fix some editing errors (Chris Hofstaedtler)
1748 Allow known exception types to be converted to string
1753 :released: 30th of March 2018
1756 :tags: Improvements, New Features
1757 :pullreq: 5576, 5860
1758 :tickets: 5202, 5859
1760 Add cache sharding, ``recvmmsg`` and CPU pinning support.
1761 With these, the scalability of :program:`dnsdist` is drastically improved.
1767 Add burst option to :func:`MaxQPSIPRule` (42wim).
1774 Handle SNMP alarms so we can reconnect to the master.
1780 Add an optional `status` parameter to :func:`Server:setAuto`.
1787 Fix signed/unsigned comparison warnings on ARM.
1793 Add Pools, cacheHitResponseRules to the API.
1799 Add :func:`inClientStartup` function.
1806 Add a class option to health checks.
1812 Add tag-based routing of queries.
1816 :pullreq: 6117, 6175, 6176, 6177, 6189
1818 Add experimental :doc:`DNS-over-TLS <guides/dns-over-tls>` support.
1824 Add UUIDs to rules, this allows tracking rules through modifications and moving them around.
1830 Keep trying if the first connection to the remote logger failed
1834 :pullreq: 5201, 6170
1836 Add simple :doc:`dnstap <reference/dnstap>` support (Justin Valentini, Chris Hofstaedtler).
1843 Apply ResponseRules to locally generated answers (Chris Hofstaedtler).
1849 Report :func:`LuaAction` and :func:`LuaResponseAction` failures in the log and send SERVFAIL instead of not answering the query (Chris Hofstaedtler).
1855 Unify global statistics accounting (Chris Hofstaedtler).
1859 :pullreq: 6350, 6366
1861 Speed up the processing of large ring buffers.
1862 This change will make :program:`dnsdist` more scalable with a large number of different clients.
1869 Make custom :func:`addLuaAction` and :func:`addLuaResponseAction` callback's second return value optional.
1875 Add "server-up" metric count to Carbon Reporting (Lowell Mower).
1879 :pullreq: 6045, 6382
1881 Add xchacha20 support for :doc:`DNSCrypt <guides/dnscrypt>`.
1887 Scalability improvement: Add an option to use several source ports towards a backend.
1891 :pullreq: 6375, 5866
1894 Add '?' and 'help' for providing help() output on ``dnsdist -c`` (Kirill Ponomarev, Chris Hofstaedtler).
1898 :pullreq: 6190, 6381
1900 Replace the Lua mutex with a rw lock to limit contention.
1901 This improves the processing speed and parallelism of the policies.
1905 :pullreq: 6220, 5594
1906 :tickets: 5079, 5654
1908 Add experimental XPF support based on `draft-bellis-dnsop-xpf-04 <https://tools.ietf.org/html/draft-bellis-dnsop-xpf-04>`__.
1914 Add :func:`ERCodeRule` to match on extended RCodes (Chris Hofstaedtler).
1920 Fix escaping unusual DNS label octets in DNSName is off by one (Kees Monshouwer).
1926 Add :func:`TempFailureCacheTTLAction` (Chris Hofstaedtler).
1932 Ensure :program:`dnsdist` compiles on NetBSD (Tom Ivar Helbekkmo).
1939 Also log eBPF dynamic blocks, as regular dynamic block already are.
1942 :tags: New Features, Improvements
1945 Add :ref:`DynBlockRulesGroup` to improve processing speed of the :func:`maintenance` function by reducing memory usage and not walking the ringbuffers multiple times.
1952 Remove the ``--daemon`` option from :program:`dnsdist`.
1959 Add :func:`console ACL <addConsoleACL>` functions.
1966 Allow adding :meth:`EDNS Client Subnet information <ServerPool:setECS>` to a query before looking in the cache.
1967 This allows serving ECS enabled answers from the cache when all servers in a pool are down.
1974 Ensure large numbers are shown correctly in the API.
1981 Add option to :func:`showRules` to truncate the output length.
1987 Avoid assertion errors in :func:`NewServer` (Chris Hofstaedtler).
1993 Fix several warnings reported by clang's analyzer and cppcheck, should lead to small performance increases.
1998 :released: 16th of February 2018
2004 Add configuration option to disable IP_BIND_ADDRESS_NO_PORT (Dan McCombs).
2010 Handle bracketed IPv6 addresses without ports (Chris Hofstaedtler).
2016 Make dnsdist dynamic truncate do right thing on TCP/IP.
2022 Add missing QPSAction
2028 Don't create a Remote Logger in client mode.
2034 Use libsodium's CFLAGS, we might need them to find the includes.
2040 Keep the TCP connection open on cache hit, generated answers.
2046 Add the missing <sys/time.h> include to mplexer.hh for struct timeval.
2052 Sort the servers based on their 'order' after it has been set.
2058 Quiet unused variable warning on macOS (Chris Hofstaedtler).
2065 Fix the outstanding counter when an exception is raised.
2072 Do not connect the snmpAgent from a dnsdist client.
2076 :released: 21st of August 2017
2083 DNSName: Check that both first two bits are set in compressed labels.
2088 :tickets: 4131, 4155
2090 Handle unreachable servers at startup, reconnect stale sockets
2097 Gracefully handle invalid addresses in :func:`newServer`.
2104 Add an option to 'mute' UDP responses per bind.
2107 :tags: New Features, Performance
2110 Add TCP management options from :rfc:`RFC 7766 section 10 <7766#section-10>`.
2116 LuaWrapper: Use the correct index when storing a function.
2123 Save history to home-dir, only use CWD as a last resort.
2129 Add the :func:`setRingBuffersSize` directive to allows changing the ringbuffer size.
2132 :tags: Improvements, Security
2135 Merge the client and server nonces to prevent replay attacks.
2141 Use ``IP_BIND_ADDRESS_NO_PORT`` when available.
2148 Send a latency of 0 over carbon, null over API for down servers.
2153 :tickets: 4775, 4660
2155 Add an optional ``seconds`` parameter to :func:`statNodeRespRing`.
2161 Report a more specific lua version and report luajit in ``--version``.
2164 :tags: Improvements, DNSCrypt
2165 :pullreq: 4813, 4926
2167 Store the computed shared key and reuse it for the response for DNSCrypt messages.
2170 :tags: New Features, Protobuf
2174 Add an option to export CNAME records over protobuf.
2181 Allow TTL alteration via Lua.
2187 Add :func:`RDRule` to match queries with the ``RD`` flag set.
2193 Add :func:`setWHashedPertubation` for consistent ``whashed`` results.
2199 Add ``tcpConnectTimeout`` to :func:`newServer`.
2205 Fix negative port detection for IPv6 addresses on 32-bit.
2212 Fix crashed on SmartOS/Illumos (Roman Dayneko).
2216 :pullreq: 4788, 5036
2219 Add cache hit response rules.
2222 :tags: Improvements, Performance
2225 Add :func:`setTCPUseSinglePipe` to use a single TCP waiting queue.
2232 Change ``truncateTC`` to defaulting to off, having it enabled by default causes an compatibility with :rfc:`6891` (Robin Geuze).
2236 :pullreq: 4987, 5037
2239 Don't cache answers without any TTL (like SERVFAIL).
2242 :tags: Improvements, Performance
2243 :pullreq: 4985, 5501
2246 Add ``sendSizeAndMsgWithTimeout`` to send size and data in a single call and use it for TCP Fast Open towards backends.
2252 Prevent issues by unshadowing variables.
2255 :tags: New Features, SNMP
2256 :pullreq: 4989, 5123, 5204
2258 Add :doc:`SNMP support <advanced/snmp>`.
2261 :tags: Bug Fixes, Performance
2265 Refactor SuffixMatchNode using a SuffixMatchTree.
2271 Register DNSName::chopOff (@plzz).
2277 Allow passing :class:`DNSName`\ s as DNSRules.
2280 :tags: Bug Fixes, Webserver
2283 Send an HTTP 404 on unknown API paths.
2286 :tags: Improvements, Performance
2289 Tune systemd unit-file for medium-sized installations (Winfried Angele).
2295 Add support for setting the server selection policy on a per pool basis (Robin Geuze).
2299 :pullreq: 5150, 5171
2302 Make :func:`includeDirectory` work sorted (Robin Geuze).
2305 :tags: Improvements, LuaWrapper
2308 Allow embedded NULs in strings received from Lua.
2314 Add a ``suffixMatch`` parameter to :meth:`PacketCache:expungeByName` (Robin Geuze).
2320 Cleanup closed TCP downstream connections.
2326 Fix destination port reporting on "any" binds.
2333 Add an option so the packet cache entries don't age.
2336 :tags: Bug Fixes, Security
2339 Unified ``-k`` and :func:`setKey` behaviour for client and server mode now.
2345 Improve reporting of C++ exceptions that bubble up via Lua.
2348 :tags: Improvements, Performance
2351 Add the possibility to fill a :class:`NetmaskGroup` (using :meth:`NetmaskGroup:addMask`) from `exceeds*` results.
2357 Add better logging on queries that get dropped, timed out or received.
2363 Add :func:`QNameRule`.
2369 Correctly truncate EDNS Client Subnetmasks.
2375 Print useful messages when query and response actions are mixed.
2381 Add an optional action to :func:`addDynBlocks`.
2387 Add an optional interface parameter to :func:`addLocal`/:func:`setLocal`.
2390 :tags: Bug Fixes, Performance
2393 Get rid of ``std::move()`` calls preventing copy elision.
2400 Fix :func:`RecordsTypeCountRule`\ 's handling of the # of records in a section.
2406 Make a ``truncate`` action available to DynBlock and Lua.
2413 Change stats functions to always return lowercase names (Robin Geuze).
2419 Implement a runtime changeable rule that matches IP address for a certain time called :func:`TimedIPSetRule`.
2423 :pullreq: 5449, 5454
2425 Only use TCP Fast Open when supported and prevent compiler warnings.
2431 Add ``DNSRule::toString()`` and add virtual destructors to DNSRule, DNSAction and DNSResponseAction so the destructors of derived classes are run even when deleted via the base type.
2437 Add support for returning several IPs to spoof from Lua.
2441 :pullreq: 5490, 5508
2442 :tickets: 5420, 5507
2444 Add Lua bindings to be able to rotate DNSCrypt keys, see :doc:`guides/dnscrypt`.
2447 :tags: Improvements, Performance
2450 Add labels count to StatNode, only set the name once.
2461 :pullreq: 5396, 5577
2463 Add the capability to set arbitrary tags in protobuf messages.
2470 Skip timeouts on the response latency graph.
2477 Deprecate syntactic sugar functions.
2484 Don't use square brackets for IPv6 in Carbon metrics.
2491 Copy the DNS header before encrypting it in place.
2498 Add setConsoleConnectionsLogging().
2504 Fix potential pointer wrap-around on 32 bits.
2510 Make the API available with an API key only.
2515 Released December 29th 2016
2517 Changes since 1.1.0-beta2:
2522 - `#4783 <https://github.com/PowerDNS/pdns/pull/4783>`__: Add -latomic
2524 - `#4812 <https://github.com/PowerDNS/pdns/pull/4812>`__: Handle
2525 header-only responses, handle Refused as Servfail in the cache
2530 - `#4762 <https://github.com/PowerDNS/pdns/pull/4762>`__:
2531 SuffixMatchNode: Fix an insertion issue for an existing node
2532 - `#4772 <https://github.com/PowerDNS/pdns/pull/4772>`__: Fix dnsdist
2533 initscript config check
2538 Released December 14th 2016
2540 Changes since 1.1.0-beta1:
2545 - `#4518 <https://github.com/PowerDNS/pdns/pull/4518>`__: Fix dynblocks
2546 over TCP, allow refusing dyn blocked queries
2547 - `#4519 <https://github.com/PowerDNS/pdns/pull/4519>`__: Allow
2548 altering the ECS behavior via rules and Lua
2549 - `#4535 <https://github.com/PowerDNS/pdns/pull/4535>`__: Add
2550 ``DNSQuestion:getDO()``
2551 - `#4653 <https://github.com/PowerDNS/pdns/pull/4653>`__:
2552 ``getStatisticsCounters()`` to access counters from Lua
2553 - `#4657 <https://github.com/PowerDNS/pdns/pull/4657>`__: Add
2554 ``includeDirectory(dir)``
2555 - `#4658 <https://github.com/PowerDNS/pdns/pull/4658>`__: Allow editing
2557 - `#4702 <https://github.com/PowerDNS/pdns/pull/4702>`__: Add
2558 ``setUDPTimeout(n)``
2559 - `#4726 <https://github.com/PowerDNS/pdns/pull/4726>`__: Add an option
2560 to return ServFail when no server is available
2561 - `#4748 <https://github.com/PowerDNS/pdns/pull/4748>`__: Add
2562 ``setCacheCleaningPercentage()``
2567 - `#4533 <https://github.com/PowerDNS/pdns/pull/4533>`__: Fix building
2568 with clang on OS X and FreeBSD
2569 - `#4537 <https://github.com/PowerDNS/pdns/pull/4537>`__: Replace
2570 luawrapper's std::forward/std::make\_tuple combo with
2571 std::forward\_as\_tuple (Sangwhan "fish" Moon)
2572 - `#4596 <https://github.com/PowerDNS/pdns/pull/4596>`__: Change the
2573 default max number of queued TCP conns to 1000
2574 - `#4632 <https://github.com/PowerDNS/pdns/pull/4632>`__: Improve
2575 dnsdist error message on a common typo/config mistake
2576 - `#4694 <https://github.com/PowerDNS/pdns/pull/4694>`__: Don't use a
2577 const\_iterator for erasing (fix compilation with some versions of
2579 - `#4715 <https://github.com/PowerDNS/pdns/pull/4715>`__: Specify that
2580 dnsmessage.proto uses protobuf version 2
2581 - `#4765 <https://github.com/PowerDNS/pdns/pull/4765>`__: Some service
2587 - `#4425 <https://github.com/PowerDNS/pdns/pull/4425>`__: Fix a
2588 protobuf regression (requestor/responder mix-up) caused by a94673e
2589 - `#4541 <https://github.com/PowerDNS/pdns/pull/4541>`__: Fix insertion
2590 issues in SuffixMatchTree, move it to dnsname.hh
2591 - `#4553 <https://github.com/PowerDNS/pdns/pull/4553>`__: Flush output
2592 in single command client mode
2593 - `#4578 <https://github.com/PowerDNS/pdns/pull/4578>`__: Fix
2594 destination address reporting
2595 - `#4640 <https://github.com/PowerDNS/pdns/pull/4640>`__: Don't exit
2596 dnsdist on an exception in maintenance
2597 - `#4721 <https://github.com/PowerDNS/pdns/pull/4721>`__: Handle
2598 exceptions in the UDP responder thread
2599 - `#4734 <https://github.com/PowerDNS/pdns/pull/4734>`__: Add the TCP
2600 socket to the map only if the connection succeeds. Closes #4733
2601 - `#4742 <https://github.com/PowerDNS/pdns/pull/4742>`__: Decrement the
2602 queued TCP conn count if writing to the pipe fails
2603 - `#4743 <https://github.com/PowerDNS/pdns/pull/4743>`__: Ignore
2604 newBPFFilter() and newDynBPFFilter() in client mode
2605 - `#4753 <https://github.com/PowerDNS/pdns/pull/4753>`__: Fix FD leak
2606 on TCP connection failure, handle TCP worker creation failure
2607 - `#4764 <https://github.com/PowerDNS/pdns/pull/4764>`__: Prevent race
2608 while creating new TCP worker threads
2613 Released September 1st 2016
2615 Changes since 1.0.0:
2620 - `#3762 <https://github.com/PowerDNS/pdns/pull/3762>`__ Teeaction:
2621 send copy of query to second nameserver, sponge responses
2622 - `#3876 <https://github.com/PowerDNS/pdns/pull/3876>`__ Add
2623 ``showResponseRules()``, ``{mv,rm,top}ResponseRule()``
2624 - `#3936 <https://github.com/PowerDNS/pdns/pull/3936>`__ Filter on
2625 opcode, records count/type, trailing data
2626 - `#3975 <https://github.com/PowerDNS/pdns/pull/3975>`__ Make dnsdist
2627 {A,I}XFR aware, document possible issues
2628 - `#4006 <https://github.com/PowerDNS/pdns/pull/4006>`__ Add eBPF
2629 source address and qname/qtype filtering
2630 - `#4008 <https://github.com/PowerDNS/pdns/pull/4008>`__ Node
2631 infrastructure for querying recent traffic
2632 - `#4042 <https://github.com/PowerDNS/pdns/pull/4042>`__ Add
2633 server-side TCP Fast Open support
2634 - `#4050 <https://github.com/PowerDNS/pdns/pull/4050>`__ Add
2635 ``clearRules()`` and ``setRules()``
2636 - `#4114 <https://github.com/PowerDNS/pdns/pull/4114>`__ Add
2637 ``QNameLabelsCountRule()`` and ``QNameWireLengthRule()``
2638 - `#4116 <https://github.com/PowerDNS/pdns/pull/4116>`__ Added src
2639 boolean to NetmaskGroupRule to match destination address (Reinier
2641 - `#4175 <https://github.com/PowerDNS/pdns/pull/4175>`__ Implemented
2642 query counting (Reinier Schoof)
2643 - `#4244 <https://github.com/PowerDNS/pdns/pull/4244>`__ Add a
2644 ``setCD`` parameter to set cd=1 on health check queries
2645 - `#4284 <https://github.com/PowerDNS/pdns/pull/4284>`__ Add
2646 RCodeRule(), Allow, Delay and Drop response actions
2647 - `#4305 <https://github.com/PowerDNS/pdns/pull/4305>`__ Add an
2648 optional Lua callback for altering a Protobuf message
2649 - `#4309 <https://github.com/PowerDNS/pdns/pull/4309>`__ Add
2650 showTCPStats function (RobinGeuze)
2651 - `#4329 <https://github.com/PowerDNS/pdns/pull/4329>`__ Add options to
2652 LogAction() so it can append (instead of truncate) (Duane Wessels)
2657 - `#3714 <https://github.com/PowerDNS/pdns/pull/3714>`__ Add
2658 documentation links to dnsdist.service (Ruben Kerkhof)
2659 - `#3754 <https://github.com/PowerDNS/pdns/pull/3754>`__ Allow the use
2660 of custom headers in the web server
2661 - `#3826 <https://github.com/PowerDNS/pdns/pull/3826>`__ Implement a
2662 'quiet' mode for SuffixMatchNodeRule()
2663 - `#3836 <https://github.com/PowerDNS/pdns/pull/3836>`__ Log the
2664 content of webserver's exceptions
2665 - `#3858 <https://github.com/PowerDNS/pdns/pull/3858>`__ Only log
2666 YaHTTP's parser exceptions in verbose mode
2667 - `#3877 <https://github.com/PowerDNS/pdns/pull/3877>`__ Increase max
2668 FDs in systemd unit, warn if clearly too low
2669 - `#4019 <https://github.com/PowerDNS/pdns/pull/4019>`__ Add an
2670 optional ``addECS`` option to ``TeeAction()``
2671 - `#4029 <https://github.com/PowerDNS/pdns/pull/4029>`__ Add version
2672 and feature information to version output
2673 - `#4079 <https://github.com/PowerDNS/pdns/pull/4079>`__ Return an
2674 error on RemoteLog{,Response}Action() w/o protobuf
2675 - `#4246 <https://github.com/PowerDNS/pdns/pull/4246>`__ API now sends
2676 pools as a JSON array instead of a string
2677 - `#4302 <https://github.com/PowerDNS/pdns/pull/4302>`__ Add ``help()``
2678 and ``showVersion()``
2679 - `#4286 <https://github.com/PowerDNS/pdns/pull/4286>`__ Add response
2680 rules to the API and Web status page
2681 - `#4068 <https://github.com/PowerDNS/pdns/pull/4068>`__ Display the
2682 dyn eBPF filters stats in the web interface
2687 - `#3755 <https://github.com/PowerDNS/pdns/pull/3755>`__ Fix RegexRule
2688 example in dnsdistconf.lua
2689 - `#3773 <https://github.com/PowerDNS/pdns/pull/3773>`__ Stop copying
2690 the HTTP request headers to the response
2691 - `#3837 <https://github.com/PowerDNS/pdns/pull/3837>`__ Remove dnsdist
2692 service file on trusty
2693 - `#3840 <https://github.com/PowerDNS/pdns/pull/3840>`__ Catch
2694 WrongTypeException in client mode
2695 - `#3906 <https://github.com/PowerDNS/pdns/pull/3906>`__ Keep the
2696 servers ordered inside pools
2697 - `#3988 <https://github.com/PowerDNS/pdns/pull/3988>`__ Fix
2698 ``grepq()`` output in the README
2699 - `#3992 <https://github.com/PowerDNS/pdns/pull/3992>`__ Fix some typos
2700 in the AXFR/IXFR documentation
2701 - `#3995 <https://github.com/PowerDNS/pdns/pull/3995>`__ Fix comparison
2702 between signed and unsigned integer
2703 - `#4049 <https://github.com/PowerDNS/pdns/pull/4049>`__ Fix dnsdist
2704 rpm building script #4048 (Daniel Stirnimann)
2705 - `#4065 <https://github.com/PowerDNS/pdns/pull/4065>`__ Include
2706 editline/readline.h instead of readline.h/history.h
2707 - `#4067 <https://github.com/PowerDNS/pdns/pull/4067>`__ Disable eBPF
2708 support when BPF\_FUNC\_tail\_call is not found
2709 - `#4069 <https://github.com/PowerDNS/pdns/pull/4069>`__ Fix a buffer
2710 overflow when displaying an OpcodeRule
2711 - `#4101 <https://github.com/PowerDNS/pdns/pull/4101>`__ Fix $
2712 expansion in build-dnsdist-rpm
2713 - `#4198 <https://github.com/PowerDNS/pdns/pull/4198>`__ newServer
2714 setting maxCheckFailures makes no sense (stutiredboy)
2715 - `#4205 <https://github.com/PowerDNS/pdns/pull/4205>`__ Prevent the
2716 use of "any" addresses for downstream server
2717 - `#4220 <https://github.com/PowerDNS/pdns/pull/4220>`__ Don't log an
2718 error when parsing an invalid UDP query
2719 - `#4348 <https://github.com/PowerDNS/pdns/pull/4348>`__ Fix invalid
2720 outstanding count for {A,I}XFR over TCP
2721 - `#4365 <https://github.com/PowerDNS/pdns/pull/4365>`__ Reset origFD
2722 asap to keep the outstanding count correct
2723 - `#4375 <https://github.com/PowerDNS/pdns/pull/4375>`__ Tuple requires
2724 make\_tuple to initialize
2725 - `#4380 <https://github.com/PowerDNS/pdns/pull/4380>`__ Fix
2726 compilation with clang when eBPF support is enabled
2731 Released April 21st 2016
2733 Changes since 1.0.0-beta1:
2738 - `#3700 <https://github.com/PowerDNS/pdns/pull/3700>`__ Create user
2739 from the RPM package to drop privs
2740 - `#3712 <https://github.com/PowerDNS/pdns/pull/3712>`__ Make check
2741 should run testrunner
2742 - `#3713 <https://github.com/PowerDNS/pdns/pull/3713>`__ Remove
2743 contrib/dnsdist.service (Ruben Kerkhof)
2744 - `#3722 <https://github.com/PowerDNS/pdns/pull/3722>`__ Use LT\_INIT
2745 and disable static objects (Ruben Kerkhof)
2746 - `#3724 <https://github.com/PowerDNS/pdns/pull/3724>`__ Include
2747 PDNS\_CHECK\_OS in configure (Chris Hofstaedtler)
2748 - `#3728 <https://github.com/PowerDNS/pdns/pull/3728>`__ Document
2749 libedit Ctrl-R workaround for CentOS 6
2750 - `#3730 <https://github.com/PowerDNS/pdns/pull/3730>`__ Make
2751 ``topBandwidth()`` behave like other top\* functions
2752 - `#3731 <https://github.com/PowerDNS/pdns/pull/3731>`__ Clarify a bit
2753 the documentation of load-balancing policies
2758 - `#3711 <https://github.com/PowerDNS/pdns/pull/3711>`__ Building rpm
2759 needs systemd headers (Ruben Kerkhof)
2760 - `#3736 <https://github.com/PowerDNS/pdns/pull/3736>`__ Add missing
2761 Lua binding for NetmaskGroupRule()
2762 - `#3739 <https://github.com/PowerDNS/pdns/pull/3739>`__ Drop
2763 privileges after daemonizing and writing our pid
2768 Released April 14th 2016
2770 Changes since 1.0.0-alpha2:
2775 - Per-pool packet cache
2776 - Some actions do not stop the processing anymore when they match,
2777 allowing more complex setups: Delay, Disable Validation, Log,
2778 MacAddr, No Recurse and of course None
2779 - The new RE2Rule() is available, using the RE2 regular expression
2780 library to match queries, in addition to the existing POSIX-based
2782 - SpoofAction() now supports multiple A and AAAA records
2783 - Remote logging of questions and answers via Protocol Buffer
2788 - `#3405 <https://github.com/PowerDNS/pdns/pull/3405>`__ Add health
2789 check logging, ``maxCheckFailures`` to backend
2790 - `#3412 <https://github.com/PowerDNS/pdns/pull/3412>`__ Check config
2791 - `#3440 <https://github.com/PowerDNS/pdns/pull/3440>`__ Client
2792 operation improvements
2793 - `#3466 <https://github.com/PowerDNS/pdns/pull/3466>`__ Add dq binding
2794 for skipping packet cache in LuaAction (Jan Broer)
2795 - `#3499 <https://github.com/PowerDNS/pdns/pull/3499>`__ Add support
2796 for multiple carbon servers
2797 - `#3504 <https://github.com/PowerDNS/pdns/pull/3504>`__ Allow
2798 accessing the API with an optional API key
2799 - `#3556 <https://github.com/PowerDNS/pdns/pull/3556>`__ Add an option
2800 to limit the number of queued TCP connections
2801 - `#3578 <https://github.com/PowerDNS/pdns/pull/3578>`__ Add a
2802 ``disable-syslog`` option
2803 - `#3608 <https://github.com/PowerDNS/pdns/pull/3608>`__ Export cache
2805 - `#3622 <https://github.com/PowerDNS/pdns/pull/3622>`__ Display the
2806 ACL content on startup
2807 - `#3627 <https://github.com/PowerDNS/pdns/pull/3627>`__ Remove ECS
2808 option from response's OPT RR when necessary
2809 - `#3633 <https://github.com/PowerDNS/pdns/pull/3633>`__ Count "TTL too
2811 - `#3677 <https://github.com/PowerDNS/pdns/pull/3677>`__ systemd-notify
2817 - `#3388 <https://github.com/PowerDNS/pdns/pull/3388>`__ Lock the Lua
2818 context before executing a LuaAction
2819 - `#3433 <https://github.com/PowerDNS/pdns/pull/3433>`__ Check that the
2820 answer matches the initial query
2821 - `#3461 <https://github.com/PowerDNS/pdns/pull/3461>`__ Fix crash when
2822 calling rmServer() with an invalid index
2823 - `#3550 <https://github.com/PowerDNS/pdns/pull/3550>`__,\ `#3551 <https://github.com/PowerDNS/pdns/pull/3551>`__
2824 Fix build failure on FreeBSD (Ruben Kerkhof)
2825 - `#3594 <https://github.com/PowerDNS/pdns/pull/3594>`__ Prevent EOF
2826 error for empty console response w/o sodium
2827 - `#3634 <https://github.com/PowerDNS/pdns/pull/3634>`__ Prevent
2828 dangling TCP fd in case setupTCPDownstream() fails
2829 - `#3641 <https://github.com/PowerDNS/pdns/pull/3641>`__ Under
2830 threshold, QPS action should return None, not Allow
2831 - `#3658 <https://github.com/PowerDNS/pdns/pull/3658>`__ Fix a race
2832 condition in MaxQPSIPRule
2837 Released February 5th 2016
2839 Changes since 1.0.0-alpha1:
2844 - Lua functions now receive a DNSQuestion ``dq`` object instead of
2845 several parameters. This adds a greater compatibility with PowerDNS
2846 and allows adding more parameters without breaking the API
2847 (`#3198 <https://github.com/PowerDNS/pdns/issues/3198>`__)
2848 - Added a ``source`` option to ``newServer()`` to specify the local
2849 address or interface used to contact a downstream server
2850 (`#3138 <https://github.com/PowerDNS/pdns/issues/3138>`__)
2851 - CNAME and IPv6-only support have been added to spoofed responses
2852 (`#3064 <https://github.com/PowerDNS/pdns/issues/3064>`__)
2853 - ``grepq()`` can be used to search for slow queries, along with
2855 - New Lua functions: ``addDomainCNAMESpoof()``, ``AllowAction()`` by
2856 @bearggg, ``exceedQRate()``, ``MacAddrAction()``, ``makeRule()``,
2857 ``NotRule()``, ``OrRule()``, ``QClassRule()``, ``RCodeAction()``,
2858 ``SpoofCNAMEAction()``, ``SuffixMatchNodeRule()``, ``TCPRule()``,
2860 - ``NetmaskGroup`` support have been added in Lua
2861 (`#3144 <https://github.com/PowerDNS/pdns/issues/3144>`__)
2862 - Added ``MacAddrAction()`` to add the source MAC address to the
2864 (`#3313 <https://github.com/PowerDNS/pdns/issues/3313>`__)
2869 - An issue in DelayPipe could make dnsdist crash at startup
2870 - ``downstream-timeouts`` metric was not always updated
2871 - ``truncateTC`` was unproperly updating the response length
2872 (`#3126 <https://github.com/PowerDNS/pdns/issues/3126>`__)
2873 - DNSCrypt responses larger than queries were unproperly truncated
2874 - An issue prevented info message from being displayed in non-verbose
2875 mode, fixed by Jan Broer
2876 - Reinstating an expired Dynamic Rule was not correctly logged
2877 (`#3323 <https://github.com/PowerDNS/pdns/issues/3323>`__)
2878 - Initialized counters in the TCP client thread might have cause FD and
2879 memory leak, reported by Martin Pels
2880 (`#3300 <https://github.com/PowerDNS/pdns/issues/3300>`__)
2881 - We now drop queries containing no question (qdcount == 0)
2882 (`#3290 <https://github.com/PowerDNS/pdns/issues/3290>`__)
2883 - Outstanding TCP queries count was not always correct
2884 (`#3288 <https://github.com/PowerDNS/pdns/issues/3288>`__)
2885 - A locking issue in exceedRespGen() might have caused crashs
2886 (`#3277 <https://github.com/PowerDNS/pdns/issues/3277>`__)
2887 - Useless sockets were created in client mode
2888 (`#3257 <https://github.com/PowerDNS/pdns/issues/3257>`__)
2889 - ``addAnyTCRule()`` was generating TC=1 responses even over TCP
2890 (`#3251 <https://github.com/PowerDNS/pdns/issues/3251>`__)
2895 - Cleanup of the HTML by Sander Hoentjen
2896 - Fixed an XSS reported by @janeczku
2897 (`#3217 <https://github.com/PowerDNS/pdns/issues/3217>`__)
2898 - Removed remote images
2899 - Set the charset to UTF-8, added some security-related and CORS HTTP
2901 - Added server latency by Jan Broer
2902 (`#3201 <https://github.com/PowerDNS/pdns/issues/3201>`__)
2903 - Switched to official minified versions of JS scripts, by Sander
2904 Hoentjen (`#3317 <https://github.com/PowerDNS/pdns/issues/3317>`__)
2905 - Don't log unauthenticated HTTP request as an authentication failure
2907 Various documentation updates and minor cleanups:
2908 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
2910 - Added documentation for Advanced DNS Protection features (Dynamic
2911 rules, ``maintenance()``)
2912 - Make ``topBandwidth()`` default to the top 10 clients
2913 - Replaced readline with libedit
2914 - Added GPL2 License
2915 (`#3200 <https://github.com/PowerDNS/pdns/issues/3200>`__)
2916 - Added incbin License
2917 (`#3269 <https://github.com/PowerDNS/pdns/issues/3269>`__)
2918 - Updated completion rules
2919 - Removed wrong option ``--daemon-no`` by Stefan Schmidt
2924 Released December 24th 2015