**Note**: Beyond PowerDNS 2.9.20, the Authoritative Server and Recursor are released separately.
+# PowerDNS Authoritative Server 4.0.3
+Released January 17th 2016
+
+This release fixes an issue when using multiple backends, where one of the backends is the BIND backend.
+This regression was introduced in 4.0.2.
+
+## Bug fix
+
+- [#4905](https://github.com/PowerDNS/pdns/pull/4905): Revert "auth: In `Bind2Backend::lookup()`, use the `zoneId` when we have it"
+
+# PowerDNS Recursor 4.0.4
+Released January 13th 2016
+
+The 4.0.4 version of the PowerDNS Recursor fixes PowerDNS Security Advisories [2016-02](security/powerdns-advisory-2016-02.md) and [2016-04](security/powerdns-advisory-2016-04.md).
+
+## Bug fixes
+
+- [commit 658d9e4](https://github.com/PowerDNS/pdns/commit/658d9e4): Check TSIG signature on IXFR (Security Advisory [2016-04](security/powerdns-advisory-2016-04.md))
+- [commit 91acd82](https://github.com/PowerDNS/pdns/commit/91acd82): Don't parse spurious RRs in queries when we don't need them (Security Advisory [2016-02](security/powerdns-advisory-2016-02.md))
+- [commit 400e28d](https://github.com/PowerDNS/pdns/commit/400e28d): Fix incorrect length check in `DNSName` when extracting qtype or qclass
+- [commit 2168188](https://github.com/PowerDNS/pdns/commit/2168188): rec: Wait until after daemonizing to start the RPZ and protobuf threads
+- [commit 3beb3b2](https://github.com/PowerDNS/pdns/commit/3beb3b2): On (re-)priming, fetch the root NS records
+- [commit cfeb109](https://github.com/PowerDNS/pdns/commit/cfeb109): rec: Fix src/dest inversion in the protobuf message for TCP queries
+- [commit 46a6666](https://github.com/PowerDNS/pdns/commit/46a6666): NSEC3 optout and Bogus insecure forward fixes
+- [commit bb437d4](https://github.com/PowerDNS/pdns/commit/bb437d4): On RPZ customPolicy, follow the resulting CNAME
+- [commit 6b5a8f3](https://github.com/PowerDNS/pdns/commit/6b5a8f3): DNSSEC: don't go bogus on zero configured DSs
+- [commit 1fa6e1b](https://github.com/PowerDNS/pdns/commit/1fa6e1b): Don't crash on an empty query ring
+- [commit bfb7e5d](https://github.com/PowerDNS/pdns/commit/bfb7e5d): Set the result to NoError before calling `preresolve`
+
+## Additions and Enhancements
+
+- [commit 7c3398a](https://github.com/PowerDNS/pdns/commit/7c3398a): Add `max-recursion-depth` to limit the number of internal recursion
+- [commit 3d59c6f](https://github.com/PowerDNS/pdns/commit/3d59c6f): Fix building with ECDSA support disabled in libcrypto
+- [commit 0170a3b](https://github.com/PowerDNS/pdns/commit/0170a3b): Add requestorId and some comments to the protobuf definition file
+- [commit d8cd67b](https://github.com/PowerDNS/pdns/commit/d8cd67b): Make the negcache forwarded zones aware
+- [commit 46ccbd6](https://github.com/PowerDNS/pdns/commit/46ccbd6): Cache records for zones that were delegated to from a forwarded zone
+- [commit 5aa64e6](https://github.com/PowerDNS/pdns/commit/5aa64e6), [commit 5f4242e](https://github.com/PowerDNS/pdns/commit/5f4242e) and [commit 0f707cd](https://github.com/PowerDNS/pdns/commit/0f707cd): DNSSEC: Implement keysearch based on zone-cuts
+- [commit ddf6fa5](https://github.com/PowerDNS/pdns/commit/ddf6fa5): rec: Add support for boost::context >= 1.61
+- [commit bb6bd6e](https://github.com/PowerDNS/pdns/commit/bb6bd6e): Add `getRecursorThreadId()` to Lua, identifying the current thread
+- [commit d8baf17](https://github.com/PowerDNS/pdns/commit/d8baf17): Handle CNAMEs at the apex of secure zones to other secure zones
+
+# PowerDNS Authoritative Server 4.0.2
+Released January 13th 2016
+
+This release fixes PowerDNS Security Advisories [2016-02](security/powerdns-advisory-2016-02.md), [2016-03](security/powerdns-advisory-2016-03.md), [2016-04](security/powerdns-advisory-2016-04.md) and [2016-05](security/powerdns-advisory-2016-05.md) and includes a fix for a memory leak in the Postgresql backend.
+
+## Bug fixes
+
+- [commit f61af48](https://github.com/PowerDNS/pdns/commit/f61af48): Don't parse spurious RRs in queries when we don't need them (Security Advisory [2016-02](security/powerdns-advisory-2016-02.md))
+- [commit 592006d](https://github.com/PowerDNS/pdns/commit/592006d): Don't exit if the webserver can't accept a connection (Security Advisory [2016-03](security/powerdns-advisory-2016-03.md))
+- [commit e85acc6](https://github.com/PowerDNS/pdns/commit/e85acc6): Check TSIG signature on IXFR (Security Advisory [2016-04](security/powerdns-advisory-2016-04.md))
+- [commit 3b1e4a2](https://github.com/PowerDNS/pdns/commit/3b1e4a2): Correctly check unknown record content size (Security Advisory [2016-05](security/powerdns-advisory-2016-05.md))
+- [commit 9ecbf02](https://github.com/PowerDNS/pdns/commit/9ecbf02): ODBC backend: actually prepare statements
+- [commit a4d607b](https://github.com/PowerDNS/pdns/commit/a4d607b): Fix incorrect length check in `DNSName` when extracting qtype or qclass
+- [commit c816fe3](https://github.com/PowerDNS/pdns/commit/c816fe3): Fix a possible memory leak in the webserver
+- [#4287](https://github.com/PowerDNS/pdns/pull/4287): Better handling of invalid serial
+- [#4306](https://github.com/PowerDNS/pdns/pull/4306): Limit size of mysql cell to 128 kilobytes
+- [#4314](https://github.com/PowerDNS/pdns/pull/4314): Overload fix: make overload-queue-length work as intended again, add test for it.
+- [#4317](https://github.com/PowerDNS/pdns/pull/4317): Improve root-zone performance
+- [#4319](https://github.com/PowerDNS/pdns/pull/4319): pipe: SERVFAIL when needed
+- [#4360](https://github.com/PowerDNS/pdns/pull/4360): Make sure mariadb (mysql on centos/rhel) is started before pdns (42wim)
+- [#4387](https://github.com/PowerDNS/pdns/pull/4387): ComboAddress: don't allow invalid ports
+- [#4459](https://github.com/PowerDNS/pdns/pull/4459): Plug memory leak in postgresql backend (Christian Hofstaedtler)
+- [#4544](https://github.com/PowerDNS/pdns/pull/4544): Fix a stack-based off-by-one write in the HTTP remote backend
+- [#4755](https://github.com/PowerDNS/pdns/pull/4755): calidns: Don't crash if we don't have enough 'unknown' queries remaining
+
+## Additions and Enhancements
+
+- [commit 1238e06](https://github.com/PowerDNS/pdns/commit/1238e06): disable negative getSOA caching if the negcache_ttl is 0 (Kees Monshouwer)
+- [commit 3a0bded](https://github.com/PowerDNS/pdns/commit/3a0bded), [commit 8c879d4](https://github.com/PowerDNS/pdns/commit/8c879d4), [commit 8c03126](https://github.com/PowerDNS/pdns/commit/8c03126), [commit 5656e12](https://github.com/PowerDNS/pdns/commit/5656e12) and [commit c1d283d](https://github.com/PowerDNS/pdns/commit/c1d283d): Improve PacketCache cleaning (Kees Monshouwer)
+- [#4261](https://github.com/PowerDNS/pdns/pull/4261): Strip trailing dot in PTR content (Kees Monshouwer)
+- [#4269](https://github.com/PowerDNS/pdns/pull/4269): contrib: simple bash completion for pdnsutil (j0ju)
+- [#4272](https://github.com/PowerDNS/pdns/pull/4272): Bind backend: update status message on reload, keep the existing zone on failure
+- [#4274](https://github.com/PowerDNS/pdns/pull/4274): report DHCID type (Kees Monshouwer)
+- [#4310](https://github.com/PowerDNS/pdns/pull/4310): Fix build with LibreSSL, for which OPENSSL_VERSION_NUMBER is irrelevant
+- [#4323](https://github.com/PowerDNS/pdns/pull/4323): Speedup DNSName creation
+- [#4335](https://github.com/PowerDNS/pdns/pull/4335): fix TSIG for single thread distributor (Kees Monshouwer)
+- [#4346](https://github.com/PowerDNS/pdns/pull/4346): change default for any-to-tcp to yes (Kees Monshouwer)
+- [#4356](https://github.com/PowerDNS/pdns/pull/4356): Don't look up the packet cache for TSIG-enabled queries
+- [#4403](https://github.com/PowerDNS/pdns/pull/4403): (auth) Fix build with OpenSSL 1.1.0 final (Christian Hofstaedtler)
+- [#4442](https://github.com/PowerDNS/pdns/pull/4442): geoipbackend: Fix minor naming issue (Aki Tuomi)
+- [#4454](https://github.com/PowerDNS/pdns/pull/4454): pdnsutil: create-slave-zone accept multiple masters (Hannu Ylitalo)
+- [#4541](https://github.com/PowerDNS/pdns/pull/4541): Backport of #4542: API: search should not return ENTs (Christian Hofstaedtler)
+- [#4754](https://github.com/PowerDNS/pdns/pull/4754): In `Bind2Backend::lookup()`, use the `zoneId` when we have it
+
+# PowerDNS Recursor 4.0.3
+Released September 6th 2016
+
+The 4.0.3 version of the PowerDNS Recursor features many improvements to the Policy Engine (RPZ) and the Lua bindings to it. We would like to thank Wim ([42wim](https://github.com/42wim)) for testing and reporting on the RPZ module.
+
+## Bug fixes
+
+- [#4350](https://github.com/PowerDNS/pdns/pull/4350): Call `gettag()` for TCP queries
+- [#4376](https://github.com/PowerDNS/pdns/pull/4376): Fix the use of an uninitialized filtering policy
+- [#4381](https://github.com/PowerDNS/pdns/pull/4381): Parse query-local-address before lua-config-file
+- [#4383](https://github.com/PowerDNS/pdns/pull/4383): Fix accessing an empty policyCustom, policyName from Lua
+- [#4387](https://github.com/PowerDNS/pdns/pull/4387): ComboAddress: don't allow invalid ports
+- [#4388](https://github.com/PowerDNS/pdns/pull/4388): Fix RPZ default policy not being applied over IXFR
+- [#4391](https://github.com/PowerDNS/pdns/pull/4391): DNSSEC: Actually follow RFC 7646 ยง2.1
+- [#4396](https://github.com/PowerDNS/pdns/pull/4396): Add boost context ldflags so freebsd builds can find the libs
+- [#4402](https://github.com/PowerDNS/pdns/pull/4402): Ignore NS records in a RPZ zone received over IXFR
+- [#4403](https://github.com/PowerDNS/pdns/pull/4403): Fix build with OpenSSL 1.1.0 final
+- [#4404](https://github.com/PowerDNS/pdns/pull/4404): Don't validate when a Lua hook took the query
+- [#4425](https://github.com/PowerDNS/pdns/pull/4425): Fix a protobuf regression (requestor/responder mix-up)
+
+## Additions and Enhancements
+
+- [#4394](https://github.com/PowerDNS/pdns/pull/4394): Support Boost 1.61+ fcontext
+- [#4402](https://github.com/PowerDNS/pdns/pull/4402): Add Lua binding for DNSRecord::d_place
+
# PowerDNS Recursor 4.0.2
Released August 26th 2016
### Improvements
- [#3435](https://github.com/PowerDNS/pdns/pull/3435) Add `toStringNoDot` and `chopOff` functions to Lua
-- [#3437](https://github.com/PowerDNS/pdns/pull/3352) Add `pdns.now` timeval struct to recursor Lua
+- [#3437](https://github.com/PowerDNS/pdns/pull/3437) Add `pdns.now` timeval struct to recursor Lua
- [#3352](https://github.com/PowerDNS/pdns/pull/3352) Cache improvements
- [#3502](https://github.com/PowerDNS/pdns/pull/3502) Make second argument to pdnslog optional (Thiago Farina)
- [#3520](https://github.com/PowerDNS/pdns/pull/3520) Reduce log level of periodic statistics to notice (Jan Broers)
Notable changes since 4.0.0-alpha2
- [#3415](https://github.com/PowerDNS/pdns/pull/3415) pdnsutil: add clear-zone command
-- [#3586](https://github.com/PowerDNS/pdns/pull/3415) Remove send-root-referral option
-- [#3578](https://github.com/PowerDNS/pdns/pull/3415) Add disable-syslog option
-- [#3733](https://github.com/PowerDNS/pdns/pull/3415) ALIAS improvements: DNSSEC and optional on-AXFR expansion of records
+- [#3586](https://github.com/PowerDNS/pdns/pull/3586) Remove send-root-referral option
+- [#3578](https://github.com/PowerDNS/pdns/pull/3578) Add disable-syslog option
+- [#3733](https://github.com/PowerDNS/pdns/pull/3733) ALIAS improvements: DNSSEC and optional on-AXFR expansion of records
- [#3764](https://github.com/PowerDNS/pdns/pull/3764) Notify support for systemd
- [#3807](https://github.com/PowerDNS/pdns/pull/3807) Add TTL settings for DNSSECKeeper's caches
- [#3637](https://github.com/PowerDNS/pdns/pull/3637), [#3678](https://github.com/PowerDNS/pdns/pull/3678), [#3740](https://github.com/PowerDNS/pdns/pull/3740) Correct root-zone slaving and serving (Kees Monshouwer and others)
- [#3495](https://github.com/PowerDNS/pdns/pull/3495) API: Add discovery endpoint (Christian Hofstaedtler)
- [#3389](https://github.com/PowerDNS/pdns/pull/3389) pdnsutil: support chroot
-- [#3596](https://github.com/PowerDNS/pdns/pull/3396) Remove botan-based ecdsa and rsa signers (Kees Monshouwer)
+- [#3596](https://github.com/PowerDNS/pdns/pull/3596) Remove botan-based ecdsa and rsa signers (Kees Monshouwer)
- [#3478](https://github.com/PowerDNS/pdns/pull/3478), [#3603](https://github.com/PowerDNS/pdns/pull/3603), [#3628](https://github.com/PowerDNS/pdns/pull/3628) Various build system improvements (Ruben Kerkhof)
- [#3621](https://github.com/PowerDNS/pdns/pull/3621) Always lowercase when inserting into the database
- [#3651](https://github.com/PowerDNS/pdns/pull/3651) Rename PUBLISH\_\* to PUBLISH-\* domainmetadata
- [#3720](https://github.com/PowerDNS/pdns/pull/3720) Many fixes for dnswasher (Robert Edmonds)
- [#3707](https://github.com/PowerDNS/pdns/pull/3707), [#3788](https://github.com/PowerDNS/pdns/pull/3788) Make MySQL timeout configurable (Kees Monshouwer and Brynjar Eide)
- [#3806](https://github.com/PowerDNS/pdns/pull/3806) Move key validity check out of `fromISCMap()`, improves DNSSEC performance
-- [#3820](https://github.com/PowerDNS/pdns/pull/3806) pdnsutil load-zone: ignore double SOA
+- [#3820](https://github.com/PowerDNS/pdns/pull/3820) pdnsutil load-zone: ignore double SOA
## PowerDNS Authoritative Server 4.0.0-alpha2
Released February 25th 2016
projects / thirdparty / pdns.git / blobdiff