6 :released: August 9th 2019
8 This is a bugfix release for high traffic setups using the pipebackend or remotebackend.
14 gpgsqlbackend: add missing schema file to Makefile (tcely)
20 stop using select() in places where FDs can be >1023
24 :released: 4.1.12 was skipped due to a packaging issue.
28 :released: August 1st 2019
30 This release contains the updated PostgreSQL schema for PowerDNS Security Advisory :doc:`2019-06 <../security-advisories/powerdns-advisory-2019-06>` (CVE-2019-10203).
32 Upgrading is not enough - you need to manually apply the schema change: ``ALTER TABLE domains ALTER notified_serial TYPE bigint USING CASE WHEN notified_serial >= 0 THEN notified_serial::bigint END;``
38 Update PostgreSQL schema for 2019-06.
42 :released: June 21st 2019
44 This release and 4.1.9 together fix the following security advisories:
46 - PowerDNS Security Advisory :doc:`2019-04 <../security-advisories/powerdns-advisory-2019-04>` (CVE-2019-10162)
47 - PowerDNS Security Advisory :doc:`2019-05 <../security-advisories/powerdns-advisory-2019-05>` (CVE-2019-10163)
53 Do not exit on exception parsing names of name servers to notify.
58 :released: June 19th 2019
64 Do not exit on exception resolving addresses to notify.
70 Avoid very busy looping on lots of notifies.
76 Add an option to disable superslaving.
82 In gsql ``getAllDomainMetadata``, actually get all domain metadata. This makes DNSSEC metadata work with ``pdnsutil b2b-migrate``.
86 :released: March 22nd 2019
93 Correctly interpret an empty AXFR response to an IXFR query.
100 Fix replying from ANY address for non-standard port.
103 :tags: Bug Fixes, Internals
107 Fix rectify for ENT records in narrow zones.
114 Do not compress the root.
121 Fix dot stripping in ``setcontent()``.
124 :tags: Bug Fixes, MySQL
128 Fix invalid SOA record in MySQL which prevented the authoritative server from starting.
131 :tags: Bug Fixes, Internals
135 Prevent leak of file descriptor if running out of ports for incoming AXFR.
138 :tags: Bug Fixes, API
142 Fix API search failed with "Commands out of sync; you can't run this command now".
145 :tags: Bug Fixes, MySQL
149 Plug ``mysql_thread_init`` memory leak.
152 :tags: Bug Fixes, Internals
155 EL6: fix ``CXXFLAGS`` to build with compiler optimizations.
159 :released: March 18th 2019
161 This release fixes the following security advisory:
163 - PowerDNS Security Advisory :doc:`2019-03 <../security-advisories/powerdns-advisory-2019-03>` (CVE-2019-3871)
169 Insufficient validation in the HTTP remote backend (CVE-2019-3871, PowerDNS Security Advisory :doc:`2019-03 <../security-advisories/powerdns-advisory-2019-03>`)
173 :released: January 31st 2019
179 Prevent more than one CNAME/SOA record in the same RRset.
183 :released: November 6th 2018
185 This release fixes the following security advisories:
187 - PowerDNS Security Advisory :doc:`2018-03 <../security-advisories/powerdns-advisory-2018-03>` (CVE-2018-10851)
188 - PowerDNS Security Advisory :doc:`2018-05 <../security-advisories/powerdns-advisory-2018-05>` (CVE-2018-14626)
194 Crafted zone record can cause a denial of service (CVE-2018-10851, PowerDNS Security Advisory :doc:`2018-03 <../security-advisories/powerdns-advisory-2018-03>`)
200 Packet cache pollution via crafted query (CVE-2018-14626, PowerDNS Security Advisory :doc:`2018-05 <../security-advisories/powerdns-advisory-2018-05>`)
202 Additionally there are some other minor fixes and improvements listed below.
205 :tags: Improvements, Internals
208 Apply alias scopemask after chasing
211 :tags: Improvements, Internals
214 Release memory in case of error in the openssl ecdsa constructor
217 :tags: Bug Fixes, Internals
221 Fix compilation with libressl 2.7.0+
224 :tags: Bug Fixes, Internals
227 Actually truncate truncated responses
230 :tags: Improvements, Internals
234 Switch to devtoolset 7 for el6
238 :released: August 29th 2018
244 Fix warnings reported by gcc 8.1.0.
248 :pullreq: 6842, 6844, 6648
251 Make the gmysql backend future-proof. (Chris Hofstaedtler)
253 * Use future-proof statement for transaction isolation
254 * Allow compiling against MySQL 8 client header files
255 * Workaround MariaDB pretending to be MySQL
262 Initialize some missed qtypes. (Chris Hofstaedtler)
269 ``pdns_control notify``: handle slave without renotify properly. (Chris Hofstaedtler)
276 Reset the TSIG state between queries.
282 Remove SOA-check backoff on incoming notify and fix lock handling. (Klaus Darilion)
288 Fix an issue where updating a record via DNS-UPDATE in a child zone that also exists in the parent zone, we would incorrectly apply the update to the parent zone.
291 :tags: Bug Fixes, API
294 Avoid concurrent records/comments iteration from running out of sync.
301 Geoipbackend: check ``geoip_id_by_addr_gl`` and ``geoip_id_by_addr_v6_gl`` return value. (Aki Tuomi)
304 :tags: Bug Fixes, API
307 Fix a crash in the API when adding records
311 :released: 24th of May 2018
313 This release contains several small fixes to the GeoIP backend.
314 The most prominent fix being one where the backend would be slow when thousands of network masks were configured for services.
317 :tags: API, Bug Fixes
321 Restrict creation of OPT and TSIG RRsets
328 pdnsutil: use new domain in b2bmigrate (Aki Tuomi)
335 Fix handling of user-defined axfr filters return values
341 Update copyright years to 2018 (Matt Nordhoff)
344 :tags: Bug Fixes, Improvements
348 Prevent the GeoIP backend from copying NetMaskTrees around, fixes slow-downs in certain configurations (Aki Tuomi)
355 Ensure alias answers over tcp have correct name
360 :released: 8th of May 2018
362 This is the third release in the 4.1 train. Besides bug fixes, it contains some performance and usability improvements.
365 :tags: Improvements, API
368 API: increase serial after dnssec related updates (Kees Monshouwer)
374 Dnsreplay: bail out on a too small outgoing buffer
381 Auth: lower 'packet too short' loglevel
388 Auth-bindbackend: only compare ips in ismaster() (Kees Monshouwer)
395 Rather than crash, sheepishly report no file/linenum
402 Document undocumented config vars
409 Move includes around to avoid boost L conflict
416 Backport: update edns option code list
423 Backport: debian authoritative packaging fixes for 4.1
430 Fix piddir detection on centos 6
437 Auth: link dnspcap2protobuf against librt when needed
444 Fix a warning on botan >= 2.5.0
447 :tags: Bug Fixes, Postgresql
451 Auth: allocate new statements after reconnecting to postgresql
458 Auth 4.1.x: unbreak build
465 Make check-zone error on rows that have content but shouldn't
472 Auth: avoid an isane amount of new backend connections during an axfr
479 Report unparseable data in stoul invalid_argument exception
486 Backport: recheck serial when axfr is done
493 Backport: add tcp support for alias
500 Backport #6276 (auth 4.1.x): prevent cname + other data with dnsupdate
504 :released: 16th of February 2018
506 This is the second release in the 4.1 train.
508 This is a bug-fix only release, with fixes to the LDAP and MySQL backends, the ``pdnsutil`` tool, and PDNS internals.
513 :tags: Bug Fixes, Internals
517 Backport: forbid label compression in alias wire format
520 :tags: Bug Fixes, Internals
523 Include unistd.h for chroot(2) et al. (Florian Obser)
526 :tags: Bug Fixes, LDAP
529 Ldap: fix getdomaininfo() to set ``this`` as di.backend (Grégory Oestreicher)
532 :tags: Bug Fixes, Improvements
535 Ixfr: correct behavior of dealing with dns name with multiple records (Leon Xu)
538 :tags: Bug Fixes, MySQL
542 Auth: always bind the results array after executing a mysql statement
545 :tags: Bug Fixes, Tools
549 Auth: init openssl and libsodium before chrooting in pdnsutil
552 :tags: Bug Fixes, LDAP
556 Ldapbackend: fix listing zones incl. axfr (Chris Hofstaedtler)
559 :tags: Bug Fixes, Internals
562 Auth: fix out of bounds exception in caa processing, fixes #6089
565 :tags: Bug Fixes, Internals
569 Add the missing <sys/time.h> include to mplexer.hh for struct timeval
573 :released: 30th of November 2017
575 This is the first release in the 4.1 train.
577 The full release notes can be read `on the blog <https://blog.powerdns.com/2017/11/30/powerdns-authoritative-server-4-1/>`_.
579 The 4.1 release is a major upgrade for the Authoritative Server featuring many improvements and speedups:
581 - Improved performance: 400% speedup in some scenarios,
582 - Crypto API: DNSSEC fully configurable via RESTful API,
583 - Improved documentation,
584 - Database related improvements,
586 - Support for TCP Fast Open,
587 - Support for non-local bind,
588 - Support for Botan 2.x (and removal of support for Botan 1.10),
589 - Our packages now ship with PKCS #11 support.
591 Recursor passthrough removal: This will impact many installations, and we realize this may be painful, but it is necessary. Previously, the PowerDNS Authoritative Server contained a facility for sending recursion desired queries to a resolving backend, possibly after first consulting its local cache. This feature (‘recursor=’) was frequently confusing and also delivered inconsistent results, for example when a query ended up referring to a CNAME that was outside of the Authoritative Server’s knowledge. To read more about this please see the blog post mentioned above or read the :doc:`migration guide <../../guides/recursion>`.
593 Changes since 4.1.0-rc3:
596 :tags: DNSSEC, Bug Fixes
599 Fix hang when PATCHing zone during rectify.
606 Report remote IP when SOA query comes back with empty question section.
609 :tags: API, Improvements
613 Make the /cryptokeys endpoint consistently use CryptoKey objects.
616 :tags: Removed Features
619 Remove deprecated SOA-EDIT values: INCEPTION and INCEPTION-WEEK.
622 :tags: API, Bug Fixes
625 Deny cache flush, zone retrieve and notify if the API is read-only.
629 :released: 17th of November 2017
631 This is the third release candidate of the PowerDNS Authoritative Server in the 4.1 release train.
633 This release features various bug fixes and some improvements to
640 Use 302 redirects in the webserver for ringbuffer reset or
641 resize. With the current 301 redirect it is only possible to reset
642 or resize once. Every next duplicate action is replaced by the
643 destination cached in the browser.
646 :tags: Tools, Bug Fixes
650 Fix messages created by ``pdnsutil generate-tsig-key``.
653 :tags: Internals, Improvements
656 Better support for deleting entries in NetmaskTree and NetmaskGroup.
659 :tags: Internals, Bug Fixes
662 Use ``_exit()`` when we really really want to exit, for example
663 after a fatal error. This stops us dying while we die. A call to
664 ``exit()`` will trigger destructors, which may paradoxically stop
665 the process from exiting, taking down only one thread, but harming
666 the rest of the process.
669 :tags: Tools, New Features
673 Add ``add-meta`` command to ``pdnsutil`` that can be used to append
674 to existing metadata without clobbering it.
677 :tags: Tools, Bug Fixes
681 Add back missing output details to rectifyZone.
684 :tags: Tools, Improvements
686 :tickets: 3059, 5948, 5949
688 Warn if records in a zone are occluded.
691 :tags: API, Improvements
694 Throw exception for metadata endpoint with wrong zone. Before, We
695 would happily accept this POST.
698 :tags: API, New Features
702 Make it possible to disable DNSSEC via the API, this is equivalent
703 to doing ``pdnsutil disable-dnssec``.
707 :released: 3rd of November 2017
709 This is the second release candidate of the PowerDNS Authoritative Server in the 4.1 release train.
711 This release has several performance improvements, stability and
715 :tags: Packages, New Features
718 Add :doc:`PKCS#11 <../../dnssec/pkcs11>` support to packages on Operating Systems that support it.
721 :tags: Bug Fixes, Internals, Tools
725 Improve trailing dot handling internally which lead to a segfault in
729 :tags: Bug Fixes, Internals
732 Treat requestor's payload size lower than 512 as equal to 512.
733 Before, we did not follow :rfc:`RFC 6891 section 6.2.3 <6891#section-6.2.3>` correctly.
736 :tags: Improvements, LDAP
739 Add support for new record types to the LDAP backend.
742 :tags: API, Bug Fixes
745 For zone PATCH requests, add new ``X-PDNS-Old-Serial`` and
746 ``X-PDNS-New-Serial`` response headers with the zone serials before
747 and after the changes.
754 Remove "" around secpoll result which fixes ``pdns_control show
755 security-status`` not working.
758 :tags: Bug Fixes, BIND
761 Make bindbackend startTransaction to return false when it has
765 :tags: Bug Fixes, DNSSEC, API
768 Make default options singular and use defaults in Cryptokey API-endpoint
771 :tags: Bug Fixes, Tools
775 Remove printing of DS records from ``pdnsutil export-zone-dnskey …``. This was not only inconsistent behaviour but also done incorrectly.
778 :tags: Bug Fixes, DNSSEC
782 Make the auth also publish CDS/CDNSKEY records for inactive keys, as
783 this is needed to roll without double sigs.
786 :tags: Bug Fixes, DNSSEC
789 Fix a crash when getting a public GOST key if the private one is not set.
792 :tags: Bug Fixes, Internals
796 Correctly purge entries from the caches after a transfer. Since the
797 QC/PC split up, we only removed entries for the AXFR'd domain from
798 the packet cache, not the query cache.
799 We also did not remove entries in case of IXFR.
802 :tags: Bug Fixes, Internals
805 When throwing because of bogus content in the tinydns database,
806 report the offending name+type so the admin can find the offending
810 :tags: DNSSEC, Bug Fixes
813 Ignore SOA-EDIT for PRESIGNED zones.
816 :tags: Bug Fixes, MySQL
820 Log the needed size when a MySQL result was truncated.
823 :tags: API, DNSSEC, New Features
827 Rectify zones via the API. (Nils Wisiol)
829 * Move the pdnsutil rectification code to the DNSSECKeeper
830 * Generate DNSSEC keys for a zone when "dnssec" is true in an API POST/PATCH for zones
831 * Rectify DNSSEC zones after POST/PATCH when API-RECTIFY metadata is 1
832 * Allow setting this metadata via the "api-rectify" param in a Zone object
833 * Show "nsec3param" and "nsec3narrow" in Zone API responses
834 * Add an "rrsets" request parameter for a zone to skip sending RRSets in the response
835 * Add rectify endpoint in the API
841 Add :ref:`setting-log-timestamp` option. This option can be used to disable
842 printing timestamps to stdout, this is useful when using
843 systemd-journald or another supervisor that timestamps stdout by
844 itself. As the logs will not have 2 timestamps.
847 :tags: Internals, Improvements
849 :tickets: 2250, 5734, 5797, 5889
851 Add support for Botan 2.x and drop support for Botan 1.10 (the
852 latter thanks to Kees Monshouwer).
855 :tags: DNSSEC, Improvements
859 Stop doing individual RRSIG queries during outbound AXFR. (Kees Monshouwer)
862 :tags: BIND, Improvements
866 Fix issues when b2b-migrating from the BIND backend to a database:
868 * No masters were set in the target db (#5807)
869 * Only the last master in the list of masters would be added to the target database
870 * The BIND backend was not fully aware of native zones
874 :released: 31st of August 2017
876 This is the first release candidate of the PowerDNS Authoritative Server in the 4.1 release train.
879 :tags: BIND, Improvements
882 Make the zone parser adhere to :rfc:`2308` with regards to implicit TTLs.
884 Existing zone files may now be interpreted differently.
885 Specifically, where we previously used the SOA minimum field for the default
886 TTL if none was set explictly, or no $TTL was set, we now use the TTL from
890 :tags: Internals, Improvements
893 Revamp and clean label compression code. Speeds up large packet creation by ~40%.
896 :tags: Internals, Improvements
900 Apply :ref:`setting-non-local-bind` to :ref:`setting-query-local-address` and :ref:`setting-query-local-address6` when possible.
903 :tags: DNSUpdate, New Features
906 Allow the use of a :ref:`Lua script <dnsupdate-lua-dnsupdate-policy-script>` to validate DNS Update requests (Aki Tuomi).
909 :tags: API, Improvements
913 Enable the webserver when :ref:`setting-api` is 'yes' (Chris Hofstaedtler).
916 :tags: API, New Features
919 Add API endpoints for Domain metadata (Christian Kröger).
922 :tags: API, New Features
926 Implement :json:object:`CryptoKey` in the API (Wolfgang Studier, @MrM0nkey, Tudor Soroceanu, Benjamin Zengin).
929 :tags: Internals, Bug Fixes
932 Fix compilation on systems with Boost < 1.54
935 :tags: Internals, Improvements, Bug Fixes
938 A number of fixes and improvements that are difficult to untangle:
940 * Remove the ASCII :cpp:class:`DNSResourceRecord` from the hot path of packet assembly.
941 * Hash the storage of records in the BindBackend.
942 * Hash the packetcache.
943 * Fix some bugs in the LDAP backend and in the MyDNS backend.
944 * Make the randombackend go 'native' and directly supply records that can be sent to packets
945 * The performance benefit of this PR is measured in "factors" for being a root-server.
948 :tags: Internals, Improvements
952 Improve cleaning, remove an unnecessary lock and improve performance of the packetcache (Kees Monshouwer).
955 :tags: Internals, Improvements
958 Improve SOA records caching (Kees Monshouwer).
961 :tags: Internals, Bug Fixes
965 Fix possible variable shadowing (Kees Monshouwer, Chris Hofstaedtler).
968 :tags: API, Bug Fixes
972 Make the URL in zone info absolute (Chris Hofstaedtler).
975 :tags: BIND, Bug Fixes
979 Do not corrupt data supplied by other backends in getAllDomains (Chris Hofstaedtler).
982 :tags: Tools, Improvements
986 Implement subcommand printing all KSK DS records in pdnsutil (Jonas Wielicki).
989 :tags: Tools, Bug Fixes
992 Avoid undefined behaviour in Clang vs. GCC when printing DS records in pdnsutil.
995 :tags: API, Improvements
999 Prevent sending nameservers list and zone-level NS in rrsets in the API (Chris Hofstaedtler).
1002 :tags: Tools, Improvements
1005 Allow setting the account of a zone via pdnsutil (Tuxis Internet Engineering).
1008 :tags: Internals, New Features
1011 Add TCP management options described in :rfc:`section 10 of RFC 7766 <7766#section-10>`.
1014 :tags: Tools, Improvements
1017 Print "$ORIGIN ." on ``pdnsutil list-zone``, so the output can be used in ``pdnsutil load-zone`` (Tuxis Internet Engineering).
1020 :tags: Internals, Bug Fixes
1023 Fix ``getaddrinfo()`` returning address in triplicate.
1026 :tags: Internals, Improvements
1029 Make sure AXFR only deletes records from a SLAVE domain in a multi backend setup (Kees Monshouwer).
1032 :tags: Tools, Improvements
1035 pdnsutil: clarify error message when set-presigned fails with DNSSEC disabled (Peter Thomassen).
1038 :tags: Internals, Improvements
1041 Tidy up UeberBackend (Chris Hofstaedtler).
1044 :tags: Tools, Improvements
1047 pdnsutil: Validate names with address records to be valid hostnames (HÃ¥kan Lindqvist).
1050 :tags: Postgresql, Improvements
1054 Enable setting custom pgsql connection parameters, like TLS parameters (Tarjei Husøy).
1057 :tags: Internals, Improvements
1060 Improve API performance by instantiating only one DNSSECKeeper per request.
1063 :tags: Remote, Bug Fixes
1066 Fix two problems with remotebackend (Aki Tuomi):
1068 * list method used domain-id json parameter, when it was supposed to use domain_id
1069 * NULL ordername was not passed as empty string in POST parameters builder, instead it threw an exception
1072 :tags: Internals, Improvements
1076 Incremental backoff for failed slave checks.
1078 When a SOA record for a slave domain can't be retrieved, use an increasing interval between checking the domain again.
1079 This prevents hammering down on already busy servers.
1082 :tags: LDAP, Bug Fixes
1086 Fix ldap-strict autoptr feature.
1089 :tags: Internals, Improvements
1092 Remove d_place from DNSResourceRecord (Chris Hofstaedtler).
1095 :tags: MyDNS, New Features
1098 Add function to the MyDNS backend to allow backend-to-backend migrations (Aki Tuomi).
1101 :tags: Internals, Removed Features
1103 :tickets: 4616, 4238, 4315, 3337, 2606, 2380
1105 Remove recursion. See :doc:`../guides/recursion` for migration strategies (Kees Monshouwer).
1108 :tags: Internals, Bug Fixes
1111 Turn exception in a qthread into an error instead of a crash.
1114 :tags: Webserver, Improvements
1118 Report query statistics as full numbers, not scientific notation in the webserver.
1121 :tags: Tools, Bug Fixes
1125 In ``pdnsutil create-slave-zone``, actually add all slaves.
1128 :tags: BIND, New Features
1132 Support "native" zones in the BIND backend.
1135 :tags: Postgresql, Bug Fixes
1139 Make statement actually unique (Chris Hofstaedtler).
1142 :tags: Tools, Improvements
1145 Correct pdnsutil help output for add-zone-key.
1148 :tags: Internals, Improvements
1151 Add an option to allow AXFR of zones with a different (higher/lower) serial (Kees Monshouwer).
1154 :tags: Tools, Improvements
1158 Check for valid hostnames in SRV, NS and MX records.
1161 :tags: Postgresql, Improvements
1162 :pullreq: 5121, 5221
1163 :tickets: 2358, 5193
1165 Use pkg-config to detect PostgreSQL libraries.
1168 :tags: Internals, New Features
1172 Add TCP Fast Open support.
1175 :tags: ALIAS, Improvements
1179 Disable ALIAS expansion by default.
1182 :tags: Internals, Improvements
1186 Use the :ref:`setting-resolver` setting for the stub resolver, use resolv.conf as fallback.
1189 :tags: Internals, New Features
1190 :pullreq: 5132, 5258
1193 Hash the entire query in the packet cache, split caches. This makes the authoritative server pass the EDNS compliance test.
1195 Add cache hit/miss statistics (Kees Monshouwer).
1198 :tags: LDAP, New Features
1202 Many improvements and additions to the LDAP backend (Grégory Oestreicher).
1205 :tags: Internals, Bug Fixes
1206 :pullreq: 5212, 5249
1208 Remove duplicate dns2_tolower() function and move ascii-related function to one file (Thiago Farina).
1211 :tags: Internals, Bug Fixes
1214 Make copying locks impossible.
1217 :tags: Internals, Improvements
1220 Re-implement the AXFR Filter with LuaContext (Aki Tuomi).
1223 :tags: GeoIP, New Features
1224 :pullreq: 5266, 5269, 5270
1225 :tickets: 4122, 5255
1227 Support 2-character country codes and the MaxMind cities database in the GeoIP backend (Aki Tuomi).
1230 :tags: GeoIP, Bug Fixes
1234 Apply weights consistently during GeoIP lookups (Aki Tuomi).
1237 :tags: Tools, Bug Fixes
1240 Fix off-by-one in dnsreplay --packet-limit
1243 :tags: Internals, New Features
1244 :pullreq: 5271, 5190
1247 Add an adjustable statistics interval (@phonedph1).
1250 :tags: DNSUpdate, New Features
1251 :pullreq: 5264, 5263, 5321
1254 Send a notification to all slave servers after every dnsupdate (Kees Monshouwer, Florian Obser).
1257 :tags: Remote, Bug Fixes
1261 Don't copy data around in the Remote Backend when sending and receiving in the Unix Connector.
1264 :tags: Internals, Bug Fixes
1267 Properly truncate trailing bits of EDNS Client Subnet masks.
1270 :tags: Internals, Bug Fixes
1271 :pullreq: 5161, 5083
1273 Fix regressions in the AXFR rectification code (Kees Monshouwer, Arthur Gautier).
1276 :tags: LDAP, Bug Fixes
1280 Fix an erroneous '.' in ".ip6.arpa" (@shantikulkarni).
1283 :tags: Internals, New Features
1286 Add option to set a global :ref:`setting-lua-axfr-script` (Kees Monshouwer).
1289 :tags: Tools, New Features
1292 calidns: add --increment and --want-recursion flags.
1295 :tags: Internals, New Features
1296 :pullreq: 4965, 4964, 1701
1298 Allow forwarding of NOTIFY messages using :ref:`setting-forward-notify` (@DrRemorse).
1301 :tags: Internals, Bug Fixes
1304 Zero the port when creating a netmask from a ComboAddress.
1307 :tags: API, Improvements
1311 Forbid mixing CNAMEs and other RRSets in the API (Christan Hofstaedtler).
1314 :tags: Internals, Improvements
1317 Allow control socket to listen on IPv6 (@Gibheer).
1320 :tags: Types, New Features
1323 Support the SMIMEA RRType.
1326 :tags: Postgresql, MySQL, Bug Fixes
1328 :tickets: 5005, 3824
1330 Reconnect to the server if the My/Pg connection has been closed.
1333 :tags: Internals, Removed Features
1336 Remove the experimental Lua Policy Engine (Aki Tuomi).
1339 :tags: Internals, Bug Fixes
1342 Drop (broken) support for packet-specific SOA replies from backends (Chris Hofstaedtler).
1345 :tags: Oracle, Bug Fixes
1348 Add missing query for last key insert id in the goracle backend (Aki Tuomi).
1351 :tags: Postgresql, Improvements
1354 Use BIGSERIAL for records.id in the gpgsql backend (Arsen Stasic).
1357 :tags: Internals, Bug Fixes
1360 Fix validation at the exact RRSIG inception or expiration time
1363 :tags: Internals, Improvements
1366 Fix typo in two log messages (Ruben Kerkhof).
1369 :tags: API, Bug Fixes
1372 Avoid creating fake DNSPacket objects just for calling getAuth() from API code (Chris Hofstaedtler).
1375 :tags: LDAP, Improvements
1378 Ship ldapbackend schema files in tarball (Chris Hofstaedtler).
1381 :tags: Internals, Improvements
1384 Update YaHTTP (to fix a warning reported by Coverity).
1387 :tags: Internals, Improvements
1390 Clarify how we check the return value of std::string::find() (reported by Coverity).
1393 :tags: Internals, Improvements
1396 Wrap the webserver's and Resolver::tryGetSOASerial objects into smart pointers.
1399 :tags: Internals, Improvements
1402 SSql: Use unique_ptr for statements (Aki Tuomi).
1405 :tags: MySQL, Improvements
1408 mydnsbackend: Initialize d_query_stmt (Aki Tuomi).
1411 :tags: Internals, Improvements
1414 Fix libatomic detection on ppc64 (Sander Hoentjen).
1417 :tags: Internals, Improvements
1420 Switch the default webserver's ACL to "127.0.0.1, ::1".
1423 :tags: API, Bug Fixes
1426 Check if the API is read-only on crypto keys methods.
1429 :tags: API, Bug Fixes
1432 Fix getSOA() in luabackend (@zilopbg).
1435 :tags: MySQL & Postgresql, Improvements
1438 Schema changes for MySQL / MariaDB and PostgreSQL to for storage requirements of various versions (Kees Monshouwer).
1441 :tags: GeoIP, Improvements
1444 Add ability to have service record for apex record and any other static record (Aki Tuomi).
1447 :tags: Internals, Bug Fixes
1450 Lookups one level (or more) below apex did confuse getAuth() for qytpe DS (Kees Monshouwer).
1453 :tags: Internals, Improvements
1456 NOTIMP is only appropriate for an unsupported opcode (Kees Monshouwer).
1459 :tags: Tools, Bug Fixes
1462 Fix that pdnsutil edit-zone complains about auth=1 problems on all data.
1465 :tags: Internals, Bug Fixes
1468 First and last SOA in an AXFR must be identical (Kees Monshouwer).
1471 :tags: API, Improvements
1474 Prevent duplicate records in single RRset (Chris Hofstaedtler).
1477 :tags: Internals, Improvements
1480 Catch DNSName exception in the Zoneparser.
1483 :tags: Internals, Improvements
1486 Listen on 127.0.0.1 during regression tests (@tcely).