From: Peter van Dijk Date: Mon, 8 Aug 2022 12:16:16 +0000 (+0200) Subject: auth-4.7.0-beta2: secpoll and docs X-Git-Tag: rec-4.8.0-alpha1~14^2 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=refs%2Fpull%2F11835%2Fhead;p=thirdparty%2Fpdns.git auth-4.7.0-beta2: secpoll and docs --- diff --git a/.github/actions/spell-check/expect.txt b/.github/actions/spell-check/expect.txt index 0999cf5481..a5285d570a 100644 --- a/.github/actions/spell-check/expect.txt +++ b/.github/actions/spell-check/expect.txt @@ -1112,6 +1112,7 @@ Nonnekes noout noping noport +norve nosniff nostrip NOSUBDIR diff --git a/docs/backends/generic-mysql.rst b/docs/backends/generic-mysql.rst index 53d5fb974e..3c86bc9dc0 100644 --- a/docs/backends/generic-mysql.rst +++ b/docs/backends/generic-mysql.rst @@ -158,7 +158,6 @@ Only enable this if you are certain you need to. For more discussion, see https: Default Schema -------------- -This is the 4.3 schema. -The `4.2 schema `_ and `the 4.1 schema `_ are available on GitHub. +This is the 4.7 schema. .. literalinclude:: ../../modules/gmysqlbackend/schema.mysql.sql diff --git a/docs/backends/generic-postgresql.rst b/docs/backends/generic-postgresql.rst index 92d75bd4e7..79215526f8 100644 --- a/docs/backends/generic-postgresql.rst +++ b/docs/backends/generic-postgresql.rst @@ -105,8 +105,7 @@ Default: yes. Default schema -------------- -This is the 4.3 schema. -The `4.2 schema `_ and the `the 4.1 schema `_ is available on GitHub. +This is the 4.7 schema. .. literalinclude:: ../../modules/gpgsqlbackend/schema.pgsql.sql :language: SQL diff --git a/docs/backends/generic-sqlite3.rst b/docs/backends/generic-sqlite3.rst index e8e055c692..b6a02b1324 100644 --- a/docs/backends/generic-sqlite3.rst +++ b/docs/backends/generic-sqlite3.rst @@ -34,8 +34,7 @@ Setting up the database ------------------------ Before you can use this backend you first have to set it up and fill it -with data. The default setup conforms to the following schema in 4.3. -If you have not upgraded to 4.3, please use `the 4.2 schema `_ or `the 4.1 schema `_ on GitHub. +with data. The default setup conforms to the following schema in 4.7. .. literalinclude:: ../../modules/gsqlite3backend/schema.sqlite3.sql diff --git a/docs/changelog/4.7.rst b/docs/changelog/4.7.rst index 9b46cf7a23..3d12eae59f 100644 --- a/docs/changelog/4.7.rst +++ b/docs/changelog/4.7.rst @@ -1,6 +1,212 @@ Changelogs for 4.7.x ==================== +.. changelog:: + :version: 4.7.0-beta2 + :released: 13th of September 2022 + + This is the first published beta for Authoritative Server 4.7.0. + (beta1 was never released because of bugs found during the release process). + + 4.7.0 brings support for :doc:`Catalog Zones <../catalog>`, developed by Kees Monshouwer. + As part of that development, the freshness checks in the Primary code were reworked, reducing them from doing potentially thousands of SQL queries (if you have thousands of domains) to only a few. + Installations with lots of domains will benefit greatly from this, even without using catalog zones. + + 4.7.0 also brings back GSS-TSIG support, previously removed for quality reasons, now reworked with many stability improvements. + + Other things of note: + + * LUA records, when queried over TCP, can now re-use a Lua state, giving a serious performance boost. + * lmdbbackend databases now get a UUID assigned, making it easy for external software to spot if a database was completely replaced + * lmdbbackend databases now optionally use random IDs for objects + * a new LUA function called ``ifurlextup``, and improvements in other LUA record functions + * autoprimary management in ``pdnsutil`` and the HTTP API + + Please make sure to read the :doc:`upgrade notes <../upgrading>` before upgrading. + + Besides that, various other smaller features and improvements have landed - please browse the list below. + + .. change:: + :tags: Improvements + :pullreq: 11918 + + some small NSEC3PARAM-related fixes to the REST API (Kees Monshouwer) + + .. change:: + :tags: Bug Fixes + :pullreq: 11842 + + use getInnerRemote() for the remotes ring (Kees Monshouwer) + + .. change:: + :tags: Improvements + :pullreq: 11760, 11929, 11933 + + LUA records: make shared mode work for TCP queries + + .. change:: + :tags: Bug Fixes + :pullreq: 11815 + + make sure a notified zone is in the zone cache (Kees Monshouwer) + + .. change:: + :tags: Bug Fixes + :pullreq: 11759, 11755 + + getTSIGKey(s) cleanup (Kees Monshouwer) + + .. change:: + :tags: New Features + :pullreq: 11772, 11822, 11825, 11836 + + Implement catalog zones in the authoritative server (Kees Monshouwer) + + .. change:: + :tags: Bug Fixes + :pullreq: 11764 + + fix deleteDomain() in lmdb backend (Kees Monshouwer) + + .. change:: + :tags: Bug Fixes + :pullreq: 11738 + + 2136: match autosplit TXT more usefully + + .. change:: + :tags: New Features + :pullreq: 11588 + + Extend LUA records (rage4) + + .. change:: + :tags: Improvements + :pullreq: 11727 + + Also allow generic record format in zone parsing for pdnsutil zonemd-verify-file + + .. change:: + :tags: Improvements + :pullreq: 11340 + + pdnsutil flush prompt (norve) + + .. change:: + :tags: Bug Fixes + :pullreq: 11350 + + no ALIAS and LUA record expansion in presigned zones (Kees Monshouwer) + + .. change:: + :tags: Improvements + :pullreq: 11655 + + Change dns_tolower() and dns_toupper() to use a table + + .. change:: + :tags: Improvements + :pullreq: 11639 + + auth packaging: add DoT support to sdig + + .. change:: + :tags: Improvements + :pullreq: 11599 + + Tweak for Coverity 1488422 + + .. change:: + :tags: New Features + :pullreq: 11590, 11493, 11432, 11414, 11426 + + RSA, ECDSA PEM import/export + + .. change:: + :tags: Improvements + :pullreq: 11562 + + Try harder to find libdecaf headers + + .. change:: + :tags: Bug Fixes + :pullreq: 11466 + + ixfr: Fix a case where an incomplete read caused by network error might result in a truncated zone + + .. change:: + :tags: New Features + :pullreq: 11389 + + auth API: fetch individual rrsets + + .. change:: + :tags: Bug Fixes + :pullreq: 11314 + + fix proxy protocol query statistics (Kees Monshouwer) + + .. change:: + :tags: Bug Fixes + :pullreq: 11354 + + lmdb random-ids: stop generating negative numbers + + .. change:: + :tags: Improvements + :pullreq: 11328 + + lmdb: make map size configurable + + .. change:: + :tags: New Features + :pullreq: 11143 + + reintroduce GSS-TSIG support + + .. change:: + :tags: Bug Fixes + :pullreq: 11882 + + Log "NULL" for nullptr-bound properties instead of dereferencing + + .. change:: + :tags: Improvements + :pullreq: 11813 + + web: stop sending Server: header + + .. change:: + :tags: Improvements + :pullreq: 11862 + + libssl: Properly load ciphers and digests with OpenSSL 3.0 + + .. change:: + :tags: Bug Fixes + :pullreq: 11908 + + initialize zone cache after dropping privileges + + .. change:: + :tags: Bug Fixes + :pullreq: 11860 + + Fix libcrypto handling in automake files + + .. change:: + :tags: New Features + :pullreq: 11508 + + New setting compare-signatures-on-zone-freshness-check to disable DO flag for SOA checks + +.. changelog:: + :version: 4.7.0-beta1 + :released: never + + Bugs were found after beta1 was tagged. + Authoritative server 4.7.0-beta1 was never released. + .. changelog:: :version: 4.7.0-alpha1 :released: 17th of February 2022 @@ -76,4 +282,3 @@ Changelogs for 4.7.x :pullreq: 11101 save errno value as close(2) might clobber it - diff --git a/docs/secpoll.zone b/docs/secpoll.zone index e2c7aaea44..581fbcd4b2 100644 --- a/docs/secpoll.zone +++ b/docs/secpoll.zone @@ -1,4 +1,4 @@ -@ 86400 IN SOA pdns-public-ns1.powerdns.com. peter\.van\.dijk.powerdns.com. 2022082302 10800 3600 604800 10800 +@ 86400 IN SOA pdns-public-ns1.powerdns.com. peter\.van\.dijk.powerdns.com. 2022091300 10800 3600 604800 10800 @ 3600 IN NS pdns-public-ns1.powerdns.com. @ 3600 IN NS pdns-public-ns2.powerdns.com. @@ -109,6 +109,7 @@ auth-4.6.1.security-status 60 IN TXT "1 OK" auth-4.6.2.security-status 60 IN TXT "1 OK" auth-4.6.3.security-status 60 IN TXT "1 OK" auth-4.7.0-alpha1.security-status 60 IN TXT "3 Unsupported pre-release (known vulnerabilities)" +auth-4.7.0-beta2.security-status 60 IN TXT "1 Unsupported pre-release" ; Auth Debian auth-3.4.1-2.debian.security-status 60 IN TXT "3 Upgrade now, see https://doc.powerdns.com/3/security/powerdns-advisory-2015-01/ and https://doc.powerdns.com/3/security/powerdns-advisory-2015-02/ and https://doc.powerdns.com/3/security/powerdns-advisory-2016-02/ and https://doc.powerdns.com/3/security/powerdns-advisory-2016-03/ and https://doc.powerdns.com/3/security/powerdns-advisory-2016-04/ and https://doc.powerdns.com/3/security/powerdns-advisory-2016-05/" diff --git a/docs/upgrading.rst b/docs/upgrading.rst index fdea266971..946370d664 100644 --- a/docs/upgrading.rst +++ b/docs/upgrading.rst @@ -8,9 +8,20 @@ Please upgrade to the PowerDNS Authoritative Server 4.0.0 from 3.4.2+. See the `3.X `__ upgrade notes if your version is older than 3.4.2. -4.5.x to 4.6.0 or master +4.6.0 to 4.7.0 or master ------------------------ +Schema changes +^^^^^^^^^^^^^^ + +The new Catalog Zones feature comes with a mandatory schema change for the gsql database backends. +See files named ``4.3.0_to_4.7.0_schema.pgsql.sql`` for your database backend in our Git repo, tarball, or distro-specific documentation path. +For the LMDB backend, please review :ref:`setting-lmdb-schema-version`. +The new LMDB schema version is 4. + +4.5.x to 4.6.0 +-------------- + Automatic conversion of ``@`` signs in SOA ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^