From: Otto Moerbeek <otto.moerbeek@open-xchange.com>
Date: Tue, 12 Apr 2022 07:21:30 +0000 (+0200)
Subject: Prep for rec-4.7.0-beta1
X-Git-Tag: rec-4.8.0-alpha0^0
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=refs%2Fpull%2F11527%2Fhead;p=thirdparty%2Fpdns.git

Prep for rec-4.7.0-beta1
---

diff --git a/.github/actions/spell-check/expect.txt b/.github/actions/spell-check/expect.txt
index ceaddca599..914d0b2512 100644
--- a/.github/actions/spell-check/expect.txt
+++ b/.github/actions/spell-check/expect.txt
@@ -1843,6 +1843,7 @@ webpassword
 webserver
 website
 Webspider
+Wegener
 weightparams
 Weimer
 Welzel
diff --git a/docs/secpoll.zone b/docs/secpoll.zone
index 027de6580a..19932069a2 100644
--- a/docs/secpoll.zone
+++ b/docs/secpoll.zone
@@ -1,4 +1,4 @@
-@       86400   IN  SOA pdns-public-ns1.powerdns.com. peter\.van\.dijk.powerdns.com. 2022041200 10800 3600 604800 10800
+@       86400   IN  SOA pdns-public-ns1.powerdns.com. peter\.van\.dijk.powerdns.com. 2022041400 10800 3600 604800 10800
 @       3600    IN  NS  pdns-public-ns1.powerdns.com.
 @       3600    IN  NS  pdns-public-ns2.powerdns.com.
 
@@ -311,7 +311,8 @@ recursor-4.6.0-rc1.security-status                      60 IN TXT "3 Unsupported
 recursor-4.6.0.security-status                          60 IN TXT "3 Upgrade now, see https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2022-01.html"
 recursor-4.6.1.security-status                          60 IN TXT "1 OK"
 recursor-4.6.2.security-status                          60 IN TXT "1 OK"
-recursor-4.7.0-alpha1.security-status                   60 IN TXT "1 Unsupported pre-release (known vulnerabilities)"
+recursor-4.7.0-alpha1.security-status                   60 IN TXT "3 Unsupported pre-release (known vulnerabilities)"
+recursor-4.7.0-beta1.security-status                    60 IN TXT "1 OK"
 
 ; Recursor Debian
 recursor-3.6.2-2.debian.security-status                 60 IN TXT "3 Upgrade now, see https://doc.powerdns.com/3/security/powerdns-advisory-2015-01/ and https://doc.powerdns.com/3/security/powerdns-advisory-2016-02/"
diff --git a/pdns/recursordist/docs/changelog/4.7.rst b/pdns/recursordist/docs/changelog/4.7.rst
index 149f8cba6e..862df54ce0 100644
--- a/pdns/recursordist/docs/changelog/4.7.rst
+++ b/pdns/recursordist/docs/changelog/4.7.rst
@@ -1,6 +1,89 @@
 Changelogs for 4.7.X
 ====================
 
+.. changelog::
+  :version: 4.7.0-beta1
+  :released: 14th of April 2022
+
+  .. change::
+    :tags: Improvements
+    :pullreq: 11487
+
+    Probe authoritative servers for DoT support (experimental).
+
+  .. change::
+    :tags: Bug Fixes
+    :pullreq: 11524
+
+    Update moment.min.js (path traversal fix; we are unaffected).
+
+  .. change::
+    :tags: Improvements
+    :pullreq: 11492
+
+    Add deferred mode for retrieving additional records.
+
+  .. change::
+    :tags: Improvements
+    :pullreq: 11484
+
+    Use boost::mult-index for nsspeed table and make it shared.
+
+  .. change::
+    :tags: Bug Fixes
+    :pullreq: 11496
+
+    Prevent segfault with empty allow-from-file and allow-from options (Sven Wegener).
+
+  .. change::
+    :tags: Improvements
+    :pullreq: 11312
+
+    Packet cache improvements: do not fill beyond limit and use strict LRU eviction method.
+
+  .. change::
+    :tags: Improvements
+    :pullreq: 11444
+
+    Use nice format for timestamp printing.
+
+  .. change::
+    :tags: Bug Fixes
+    :pullreq: 11471
+
+    In the handler thread, call sd_notify() just before entering the main loop in RecursorThread.
+
+  .. change::
+    :tags: Improvements
+    :pullreq: 11445
+    :tickets: 11440
+
+    Only log "Unable to send NOD lookup" if log-common-errors is set.
+
+  .. change::
+    :tags: Improvements
+    :pullreq: 11443
+
+    Remember parent NS set, to be able to fallback to it if needed.
+
+  .. change::
+    :tags: Improvements
+    :pullreq: 11396, 11507
+
+    Proxy by table: allow a table based mapping of source address.
+
+  .. change::
+    :tags: Bug Fixes
+    :pullreq: 11405
+
+    Distinguish between unreachable and timeout for throttling.
+
+  .. change::
+    :tags: Bug Fixes
+    :pullreq: 11397
+
+    Use correct task to clean outgoing TCP.
+
 .. changelog::
   :version: 4.7.0-alpha1
   :released: 28th of February 2022
diff --git a/pdns/recursordist/docs/settings.rst b/pdns/recursordist/docs/settings.rst
index 9aa287751b..1338d83be1 100644
--- a/pdns/recursordist/docs/settings.rst
+++ b/pdns/recursordist/docs/settings.rst
@@ -885,7 +885,7 @@ If set, EDNS options in incoming queries are extracted and passed to the :func:`
 -  Path
 -  Default: empty
 
-.. versionchanged:: 4.7.0
+.. versionchanged:: 4.6.2
 
   Introduced the value ``no`` to disable root-hints processing.
 
diff --git a/pdns/recursordist/docs/upgrade.rst b/pdns/recursordist/docs/upgrade.rst
index 1e9c969f64..f43d3f9465 100644
--- a/pdns/recursordist/docs/upgrade.rst
+++ b/pdns/recursordist/docs/upgrade.rst
@@ -14,13 +14,25 @@ be rejected by default, while previously the ``ZONEMD`` records would be ignored
 
 Asynchronous retrieval of ``AAAA`` records for nameservers
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-If IPv6 is enabled for outgoing queries using :ref:`setting-query-local-address`, the Recursor will schedule an asynchronous task to resolve IPv6 addresses of nameservers it did not otherwise learn.
-These addresses will then be used for future queries to authoritative nameservers.
-This has the consequence that authoritative nameservers will be contacted over IPv6 in more case than before.
+If ``IPv6`` is enabled for outgoing queries using :ref:`setting-query-local-address`, the :program:`Recursor` will schedule an asynchronous task to resolve ``IPv6`` addresses of nameservers it did not otherwise learn.
+These addresses will then be used (in addition to ``IPv4`` addresses) for future queries to authoritative nameservers.
+This has the consequence that authoritative nameservers will be contacted over ``IPv6`` in more case than before.
+
+New Lua Configuration Functions
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+- The :func:`addAllowedAdditionalQType` ``Lua`` configuration function was added to make the :program:`Recursor` add additional records to answers for specific query types.
+- The :func:`addProxyMapping` ``Lua`` configuration function was added to map source addresses to alternative addresses.
+
+Post Resolve FFI Function
+^^^^^^^^^^^^^^^^^^^^^^^^^
+A new :func:`postresolve_ffi` Lua callback function has been introduced.
 
 New settings
 ^^^^^^^^^^^^
 - The :ref:`setting-save-parent-ns-set` setting has been introduced, enabling fallback cases if the parent ``NS`` set contains names not in the child ``NS`` set.
+- The :ref:`setting-max-busy-dot-probes` settings has been introduced, enabling the :program:`Recursor` probe for ``DoT`` support of authoritative servers.
+  This is an experimental function, use with care.
+
 
 4.6.1 to 4.6.2
 --------------