From a1807bd46839323908d30b8d56b24d1f51fe4176 Mon Sep 17 00:00:00 2001
From: Otto Moerbeek <otto.moerbeek@open-xchange.com>
Date: Tue, 13 Jun 2023 10:30:39 +0200
Subject: [PATCH] Prep for rec-4.9.0-rc1

---
 docs/secpoll.zone                        |  3 +-
 pdns/recursordist/docs/changelog/4.9.rst | 49 ++++++++++++++++++++++++
 pdns/recursordist/docs/metrics.rst       |  2 +
 pdns/recursordist/docs/upgrade.rst       |  9 ++++-
 4 files changed, 60 insertions(+), 3 deletions(-)

diff --git a/docs/secpoll.zone b/docs/secpoll.zone
index 8fe514f2cf..eaaaa7b20b 100644
--- a/docs/secpoll.zone
+++ b/docs/secpoll.zone
@@ -1,4 +1,4 @@
-@       86400   IN  SOA pdns-public-ns1.powerdns.com. peter\.van\.dijk.powerdns.com. 2023060201 10800 3600 604800 10800
+@       86400   IN  SOA pdns-public-ns1.powerdns.com. peter\.van\.dijk.powerdns.com. 2023061501 10800 3600 604800 10800
 @       3600    IN  NS  pdns-public-ns1.powerdns.com.
 @       3600    IN  NS  pdns-public-ns2.powerdns.com.
 
@@ -351,6 +351,7 @@ recursor-4.8.3.security-status                          60 IN TXT "3 Upgrade now
 recursor-4.8.4.security-status                          60 IN TXT "1 OK"
 recursor-4.9.0-alpha1.security-status                   60 IN TXT "1 Unsupported pre-release"
 recursor-4.9.0-beta1.security-status                    60 IN TXT "1 Unsupported pre-release"
+recursor-4.9.0-rc1.security-status                      60 IN TXT "1 Unsupported pre-release"
 
 ; Recursor Debian
 recursor-3.6.2-2.debian.security-status                 60 IN TXT "3 Upgrade now, see https://doc.powerdns.com/3/security/powerdns-advisory-2015-01/ and https://doc.powerdns.com/3/security/powerdns-advisory-2016-02/"
diff --git a/pdns/recursordist/docs/changelog/4.9.rst b/pdns/recursordist/docs/changelog/4.9.rst
index 40aa969879..e6128ed64d 100644
--- a/pdns/recursordist/docs/changelog/4.9.rst
+++ b/pdns/recursordist/docs/changelog/4.9.rst
@@ -1,5 +1,54 @@
 Changelogs for 4.9.X
 ====================
+.. changelog::
+  :version: 4.9.0-rc1
+  :released: 15nd of June 2023
+
+  .. change::
+    :tags: Improvements
+    :pullreq: 12906
+    :tickets: 12468
+
+    Escape key names that are special in the systemd-journal structured logging backend.
+
+  .. change::
+    :tags: Improvements
+    :pullreq: 12893
+    :tickets: 12890
+
+    Add feature to switch off unsupported DNSSEC algos, either automatically or manually.
+
+  .. change::
+    :tags: Bug Fixes
+    :pullreq: 12900
+
+    Prevent duplicate C/DNAMEs being included when doing serve-stale.
+
+  .. change::
+    :tags: Improvements
+    :pullreq: 12896
+    :tickets: 12855
+
+    Expose NOD/UDR metrics.
+
+  .. change::
+    :tags: Improvements
+    :pullreq: 12883
+    :tickets: 8232
+
+    Add SOA to RPZ modified answers if configured to do so.
+
+  .. change::
+    :tags: Improvements
+    :pullreq: 12898
+
+    Keep track of max depth reached and report it if !quiet.
+  .. change::
+    :tags: Improvements
+    :pullreq: 12793,12904
+
+    Another set of fixes for clang-tidy reports.
+
 .. changelog::
   :version: 4.9.0-beta1
   :released: 2nd of June 2023
diff --git a/pdns/recursordist/docs/metrics.rst b/pdns/recursordist/docs/metrics.rst
index 3700652d9c..a5ab35308f 100644
--- a/pdns/recursordist/docs/metrics.rst
+++ b/pdns/recursordist/docs/metrics.rst
@@ -554,11 +554,13 @@ number of erroneous received packets
 nod-events
 ^^^^^^^^^^
 .. versionadded:: 4.9.0
+
 Count of NOD events
 
 udr-events
 ^^^^^^^^^^
 .. versionadded:: 4.9.0
+
 Count of UDR events
 
 nod-lookups-dropped-oversize
diff --git a/pdns/recursordist/docs/upgrade.rst b/pdns/recursordist/docs/upgrade.rst
index b8b25de0cd..233a6ea959 100644
--- a/pdns/recursordist/docs/upgrade.rst
+++ b/pdns/recursordist/docs/upgrade.rst
@@ -4,8 +4,8 @@ Upgrade Guide
 Before upgrading, it is advised to read the :doc:`changelog/index`.
 When upgrading several versions, please read **all** notes applying to the upgrade.
 
-4.8.0 to master
----------------
+4.8.0 to 4.9.0 and master
+-------------------------
 
 Metrics
 ^^^^^^^
@@ -21,6 +21,11 @@ New settings
 - The :ref:`setting-stack-cache-size` setting to  control the number of allocated mthread stacks has been introduced.
 - The :ref:`setting-packetcache-shards` settings to control the number of shards in the packet cache has been introduced.
 - The :ref:`setting-aggressive-cache-min-nsec3-hit-ratio` setting to control which NSEC3 records are stored in the aggressive NSEC cache has been introduced.
+  This setting can be used to switch off aggressive caching for NSEC3 only.
+- The :ref:`setting-dnssec-disabled-algorithms` has been introduced to not use DNSSEC algorithms disabled by the platform's security policy.
+  This applies specifically to Red Hat Enterprise Linux 9 and derivatives.
+  The default value (automatically determine the algorithms that are disabled) should work for many cases.
+- The setting ``includeSOA`` was added to the :func:`rpzPrimary` and :func:`rpzFile` Lua functions to include the SOA of the RPZ the responses modified by the RPZ.
 
 Changed settings
 ~~~~~~~~~~~~~~~~
-- 
2.47.2