-@ 86400 IN SOA pdns-public-ns1.powerdns.com. peter\.van\.dijk.powerdns.com. 2024051401 10800 3600 604800 10800
+@ 86400 IN SOA pdns-public-ns1.powerdns.com. peter\.van\.dijk.powerdns.com. 2024051501 10800 3600 604800 10800
@ 3600 IN NS pdns-public-ns1.powerdns.com.
@ 3600 IN NS pdns-public-ns2.powerdns.com.
recursor-5.0.3.security-status 60 IN TXT "3 Upgrade now, see https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2024-02.html"
recursor-5.0.4.security-status 60 IN TXT "1 OK"
recursor-5.0.5.security-status 60 IN TXT "1 OK"
+recursor-5.1.0-alpha1.security-status 60 IN TXT "1 OK"
; Recursor Debian
recursor-3.6.2-2.debian.security-status 60 IN TXT "3 Upgrade now, see https://doc.powerdns.com/3/security/powerdns-advisory-2015-01/ and https://doc.powerdns.com/3/security/powerdns-advisory-2016-02/"
--- /dev/null
+Changelogs for 5.1.X
+====================
+
+Before upgrading, it is advised to read the :doc:`../upgrade`.
+
+.. changelog::
+ :version: 5.1.0-alpha1
+ :released: 15th of May 2024
+
+ .. change::
+ :tags: Improvements
+ :pullreq: 13819
+
+ Add possibility to set existing Lua config in YAML settings.
+
+ .. change::
+ :tags: Improvements
+ :pullreq: 14097,14139
+
+ Tidy iputils.hh and iputils.cc
+
+ .. change::
+ :tags: Improvements
+ :pullreq: 14023
+ :tickets: 13730
+
+ Add interface (not subject to proxy protocol substitutions) addresses in Lua DNSQuestion and corresponding FFI.
+
+ .. change::
+ :tags: Bug Fixes
+ :pullreq: 13596
+
+ Configure.ac fixup: do not require bash (Eli Schwartz)
+
+ .. change::
+ :tags: Improvements
+ :pullreq: 14018
+ :tickets: 13948
+
+ Add setting to exclude specific listen socket addresses from requiring proxy protocol.
+
+ .. change::
+ :tags: Bug Fixes
+ :pullreq: 14006
+
+ FDWrapper: Do not try to close negative file descriptors.
+
+ .. change::
+ :tags: Improvements
+ :pullreq: 13969
+ :tickets: 13677
+
+ Use shared NOD (and/or UDR) DB, to avoid multiple copies in memory and on disk.
+
+ .. change::
+ :tags: Bug Fixes
+ :pullreq: 13985
+
+ Fixup res-system-resolve.cc on FreeBSD: resolve.h needs netinet/in.h.
+
+ .. change::
+ :tags: Improvements
+ :pullreq: 13921
+ :tickets: 11393
+
+ Add feature to allow names (resolved by system resolver) in forwarding config.
+
+ .. change::
+ :tags: Improvements
+ :pullreq: 10933
+
+ Enable 64-bit time_t on 32-bit systems with glibc-2.34 (Sven Wegener).
+
+ .. change::
+ :tags: Improvements
+ :pullreq: 13844
+
+ Remove the possibility to disable structured logging.
+
+ .. change::
+ :tags: Improvements
+ :pullreq: 13842
+
+ Add structured logging backend that uses JSON representation.
+
+ .. change::
+ :tags: Bug Fixes
+ :pullreq: 13919
+
+ Don't throttle lame servers if they are marked as dontThrottle.
+
+ .. change::
+ :tags: Bug Fixes
+ :pullreq: 13894
+
+ Fix Coverity 1534473 Unintended sign extension.
+
+ .. change::
+ :tags: Improvements
+ :pullreq: 13889
+
+ Tidy recursor-lua4.cc and recursor-lua4.hh.
+
+ .. change::
+ :tags: Bug Fixes
+ :pullreq: 13866
+
+ Don't enter wildcard qnames into the cache in the ZoneToCache function.
+
+ .. change::
+ :tags: Improvements
+ :pullreq: 13864
+
+ Support v6 in FrameStreamLogger, including tidy.
+
+ .. change::
+ :tags: Improvements
+ :pullreq: 13861
+
+ Tidy rpzloader.cc and .hh.
+
+ .. change::
+ :tags: Improvements
+ :pullreq: 13824
+
+ Log if a dnssec related limit was hit (if log_bogus is set).
+
+ .. change::
+ :tags: Improvements
+ :pullreq: 13746
+
+ Tidy ResolveContext class.
+
+ .. change::
+ :tags: Bug Fixes
+ :pullreq: 13741
+
+ Fix Coverity issues in new RPZ code.
+
+ .. change::
+ :tags: Improvements
+ :pullreq: 13744
+
+ Tidy filterpo.?? (reaching into iputils.hh as well).
+
+ .. change::
+ :tags: Improvements
+ :pullreq: 13504
+ :tickets: 13265
+
+ Introduce command to set aggressive NSEC cache size.
+
+ .. change::
+ :tags: Improvements
+ :pullreq: 13701
+ :tickets: 12777
+
+ RPZ from primary refactor and allow notifies for RPZs
+
+ .. change::
+ :tags: Improvements
+ :pullreq: 13702
+
+ Use ref wrapper instead of raw pointer in variant.
+
+ .. change::
+ :tags: Improvements
+ :pullreq: 13706, 13719
+
+ Fix a few coverity reports.
+
+ .. change::
+ :tags: Improvements
+ :pullreq: 13711
+
+ Cleanup of code doing SNMP OID handling.
+
+ .. change::
+ :tags: Improvements
+ :pullreq: 13654
+
+ Allow out-of-tree builds (Chris Hofstaedtler)
+
+ .. change::
+ :tags: Improvements
+ :pullreq: 13714
+
+ Fix country()/countryCode() mixup in example Lua Record documentation (Edward Dore)
+
+ .. change::
+ :tags: Bug Fixes
+ :pullreq: 13680
+
+ Fix a potential null deref in `MTasker::schedule()`.
+
+ .. change::
+ :tags: Improvements
+ :pullreq: 13652
+
+ MTasker cleanup and move to recursordist.
+
+ .. change::
+ :tags: Improvements
+ :pullreq: 13566
+ :tickets: 8646
+
+ Lower default max-qperq limit.
+
.. toctree::
:maxdepth: 2
+ 5.1
5.0
4.9
4.8
Before upgrading, it is advised to read the :doc:`changelog/index`.
When upgrading several versions, please read **all** notes applying to the upgrade.
-5.0.5 to master
----------------
+5.0.5 to 5.1.0 and master
+-------------------------
-New Settings
+New settings
^^^^^^^^^^^^
-- The :ref:`setting-proxy-protocol-exceptions` has been added. It allows to exclude specific listen addresses from requiring the Proxy Protocol.
+- All settings that can be set in the Lua config now can alternatively be set in YAML. See :doc:`yamlsettings`.
+- The :ref:`setting-new-domain-db-snapshot-interval` settings has been introduced to set the interval of NOD DB snapshots taken.
+- The :ref:`setting-proxy-protocol-exceptions` setting has been introduced to exempt addresses from using the proxy protocol.
+- The :ref:`setting-system-resolver-ttl` setting has been introduced to set the TTL of the system resolver. The system resolver can be used to resolve forwarding names.
+- The :ref:`setting-system-resolver-interval` setting has been introduced to set the interval of resolve checks done by the system resolver.
+- The :ref:`setting-system-resolver-self-resolve-check` setting has been introduced to disable to discovery of self-resolving configurations.
Changed settings
-----------------
+^^^^^^^^^^^^^^^^
+- The :ref:`setting-max-qperq` default value has been lowered to 50, and the qname-minimization special case has been removed.
- Disabling :ref:`setting-structured-logging` is no longer supported.
+- The :ref:`setting-structured-logging-backend` setting has gained the possibility to request JSON formatted output of structured logging information.
5.0.4 to 5.0.5
--------------
5.0.2 to 5.0.3, 4.9.3 to 4.9.4 and 4.8.6 to 4.8.7
-------------------------------------------------
-Known Issue Solved
+Known issue solved
^^^^^^^^^^^^^^^^^^
The DNSSEC validation issue with the :func:`zoneToCache` function has been resolved and workarounds can be removed.
5.0.1 to 5.0.2, 4.9.2 to 4.9.3 and 4.8.5 to 4.8.6
-------------------------------------------------
-Known Issues
+Known issues
^^^^^^^^^^^^
The :func:`zoneToCache` function fails to perform DNSSEC validation if the zone has more than :ref:`setting-max-rrsigs-per-record` RRSIG records at its apex.
There are two workarounds: either increase the :ref:`setting-max-rrsigs-per-record` to the number of RRSIGs in the zone's apex, or tell :func:`zoneToCache` to skip DNSSEC validation. by adding ``dnssec="ignore"``, e.g.::
projects / thirdparty / pdns.git / commitdiff
