6 :released: 2nd of December 2019
8 This release fixes several bugs and makes a few features more robust or intuitive. It also contains a few performance improvements for API users.
15 LUA view: do not crash on empty IP list
21 API: Accept headers without spaces
28 Avoid database state-related SERVFAILs after a LUA error
31 :tags: Bug Fixes, Improvements, LMDB
35 Just before 4.2.0, some SQL-related fixes broke edit-zone and other features with the LMDB backend. This has been fixed now. (backport by Kees Monshouwer)
38 :tags: Performance, Improvements
41 API: reduce number of database connections (Kees Monshouwer)
47 Register a few known RR types and remove an unknown one
50 :tags: New Features, Improvements
53 Add SLAVE-RENOTIFY zone metadata support (Matti Hiljanen)
60 rfc2136, pdnsutil: somewhat improve duplicate record handling
66 bindbackend: use metadata for also-notifies as well (Matti Hiljanen)
73 pdnsutil increase-serial: under SOA-EDIT=INCEPTION-EPOCH, bump as if it is EPOCH
76 :tags: New Features, Improvements
79 Add configurable timeout for inbound AXFR (Matti Hiljanen)
82 :tags: Performance, Improvements
85 API: optionally do not return dnssec info in domain list (Christian Hofstaedtler)
91 Basic validation of $GENERATE parameters
94 :tags: New Features, Improvements
97 Add CentOS 8 as builder target
100 :tags: New Features, Improvements
103 gmysql backend, add an option to send the SSL capability flag
107 :released: 30th of August 2019
109 Compared to the last release candidate, one more bug has been fixed.
111 The LMDB backend is incomplete in this version. Slaving zones works, loading zones with pdnsutil works, but more fine grained edits (using edit-zone, or the REST API) fail. We hope to fix this soon in a 4.2.x release.
113 For an overview of features new since 4.1.x, please see `the 4.2.0 announcement blog post <http://blog.powerdns.com/2019/08/29/powerdns-authoritative-server-4-2-0/>`__.
119 bind getAllDomains: ignore per-zone exceptions
123 :released: 29th of July 2019
125 Thanks to an overwhelming amount of testing by our fabulous user community, this release candidate contains a ton of bug fixes (and a few improvements) compared to the previous one. We hope this has shaken out all of the important bugs, so that we can release 4.2.0 soon!
127 This release, sadly, cripples the LMDB backend somewhat, due to `transaction-related fixes for the SQL backends <https://github.com/PowerDNS/pdns/pull/7891>`__. We hope to fix `this issue <https://github.com/PowerDNS/pdns/issues/8134>`__ before 4.2.0, or otherwise, early in 4.2.x.
133 packethandler: Compare TSIG key name using DNSName
139 boost.m4 improvements
145 Make sure we always compile with BOOST_CB_ENABLE_DEBUG set to 0
151 Fix SERVFAIL when backend returns empty DNSName
157 add metric for open TCP connections
163 stop using select() in places where FDs can be >1023
169 pdnsutil increase-serial: set right ordername
175 use BIGINT for notified_serial in pg schema (Klaus Darilion)
178 :tags: Improvements, Robustness, Performance
181 Various robustness and performance improvements around domain IDs (Kees Monshouwer)
187 Fix the accounting of servfail-queries in the distributor
190 :tags: Improvements, Build
193 remove unused import to enable compile on illumos (Thomas Mieslinger)
196 :tags: Improvements, Performance
199 ixfrdist: limit XFR chunk size to 16k
205 limit compression pointers to 14 bits
211 catch name & IP parse errors during outgoing notify preparations
217 Fix a memory leak when sqlite3_exec() fails
220 :tags: Improvements, Build
223 don't enable the tbhandler when libc only pretends to be glibc (James Taylor)
229 Fix a leak on 'Backend reported permanent error which prevented lookup' error
235 Clear CMSG_SPACE(sizeof(data)) in cmsghdr to appease valgrind
241 web: make max request/response body size configurable
247 deprecate SOA autocomplete in pdnsutil check-zone (Kees Monshouwer)
250 :tags: Improvements, Packaging
253 move /var/lib/pdns to pdns-server debian package
259 Show newer features in configure output and --version
262 :tags: Improvements, Performance
265 completely disable the packet when cache-ttl=0 (Kees Monshouwer)
271 Improve error when notification comes in for non-slave zone
277 web: add edited_serial to Zone object
280 :tags: Improvements, Build
283 Adapt calidns for openbsd and other systems without rcvmmsg(2)
286 :tags: Improvements, Performance
289 DNSName, speed up toString() conversion
293 :released: 14th of June 2019
296 :tags: Improvements, LMDB
299 Make explicit lmdbbackend synchronous option
302 :tags: Improvements, LMDB
305 Reduce mmap size for lmdb on 32 bits plus restrict number of shards
308 :tags: Bug Fixes, LMDB
309 :pullreq: 7784, 7697, 7643
313 * lmdbbackend: auth was unset in get() (always true) (Kees Monshouwer)
314 * LMDB defaulted to port 0 for master addresses unless explicitly set
315 * fix ``getAllDomains()`` (Kees Monshouwer)
318 :tags: Bug fixes, Backends
321 auth API, pdnsutil: improve backend transaction correctness
324 :tags: Robustness, Backends
327 detect SOA cache pollution caused by broken backends (Kees Monshouwer)
330 :tags: Improvements, Backends
333 sqlite3: make journal mode configurable; default to WAL
336 :tags: Bug Fixes, Backends
339 auth gsql ``getAllDomains``: ignore stou errors
342 :tags: Performance, Backends
345 speedup ``getUpdatedMasters()`` for the gsql backends (Kees Monshouwer)
348 :tags: Bug Fixes, Backends
353 * Allow updates to override existing ENT records
354 * Fix ENTs removal when "replacing" new records via the API
357 :tags: Bug Fixes, Backends
360 Cleanup SOA editing (Kees Monshouwer)
366 pdns_control reopens geoip databases on reload (jpmens)
372 b2b-migrate did not open a transaction, breaking it for lmdb
378 No longer filter DNSSEC metadata when DNSSEC is enabled in gsql
384 Rectify for ent records in narrow zones was slightly wrong. (Kees Monshouwer)
390 Clear caches (meta-data, keys) on domain deletion
393 :tags: Performance, LUA
396 optionally reuse Lua state
399 :tags: Improvements, Portability
400 :pullreq: 7862, 7861, 7818, 7668
402 Portability/building improvements:
404 * Update boost.m4 to the latest version
405 * Check if ``-latomic`` is needed instead of hardcoding (neheb)
406 * Use ``net-snmp-config --netsnmp-agent-libs`` instead of ``--agent-libs``
407 * bump boost requirement to 1.42 unconditionally
410 :tags: Improvements, Robustness
411 :pullreq: 7864, 7865, 7708
413 Robustness improvements:
415 * Fix warnings reported by Coverity
416 * Initialize cURL before starting any thread
417 * Don't do unaligned memory access
420 :tags: Improvements, Compliance
423 Always truncate when the additional records do not fit in a response (Kees Monshouwer)
426 :tags: Improvements, Compliance
429 Remove ``disable-tcp`` option
432 :tags: Improvements, Compliance
435 RKEY is missing algorithm field (DNS-Leo)
438 :tags: Bug Fixes, Compliance
443 * Don't sign insecure records with keys from other zones (Kees Monshouwer)
444 * always add DS for secure zones, broken since #7523 (Kees Monshouwer)
447 :tags: Improvements, Compliance
450 Ignore Path MTU Discovery on UDP server socket
453 :tags: Features, Tools
456 add DoH support to sdig
459 :tags: Bug Fixes, Tools
463 pdnsutil: show DS for second and further keys too
466 :tags: Features, Tools
469 dumresp: add TCP support
472 :tags: Deprecation, API
475 API: mark ``set-ptr`` as deprecated (zeha)
479 :pullreq: 7790, 7569, 7662, 7503, 7517, 7587
481 Various robustness improvements:
483 * Do not busy loop if we get lots of notifies.
484 * Improve error reporting with garbage in the 'master' field of the database
485 * Do not exit on exception resolving addresses to notify
486 * Auth ringbuffer summaries were case sensitive & accounted delegations incorrectly
487 * plug mysql_thread_init memory leak
488 * Ensure we increase the number of queued queries before decreasing it
491 :tags: Performance, DNSSEC
494 disable dnssec pre-processing for non dnssec zones and avoid a lot of ``isSecuredZone()`` calls (Kees Monshouwer)
500 rename 'supermaster' option to 'superslave'
503 :tags: Improvements, Webserver
506 improve logging in the web server
509 :tags: Features, Tools
512 pdnsutil, dnswasher: add support for encrypting IP addresses
518 GSQL: Log more data in error messages
522 :released: 19th of March 2019
529 Insufficient validation in the HTTP remote backend (CVE-2019-3871, PowerDNS Security Advisory :doc:`2019-03 <../security-advisories/powerdns-advisory-2019-03>`)
532 :tags: Bug Fixes, API
536 Fix API search failed with "Commands out of sync; you can't run this command now".
539 :tags: Bug Fixes, GeoIP
542 Fix static lookup when using weighted records on multiple record types.
545 :tags: Improvements, DNSSEC
548 Report ``checkKey`` errors upwards.
551 :tags: Bug Fixes, MySQL
555 Fix invalid SOA record in MySQL which prevented the authoritative
556 server from starting.
562 ixfrdist: Add option to limit AXFR record count.
565 :tags: Improvements, API
569 Add ``type`` filter to search-data api.
572 :tags: Improvements, Internals
575 Use a less expensive way to get memory stats for ``real-memory-usage``.
578 :tags: Improvements, API
582 Add ``rcode`` response statistics on API.
589 Lua records: Add ``useragent`` option to ``ifurlup`` and set a default.
592 :tags: Improvements, Remote
596 remotebackend: Implement ``getUpdatedMasters``.
602 Correctly interpret an empty AXFR response to an IXFR query.
609 Lua: Expose ``dns_random`` as ``pdnsrandom``.
612 :tags: Improvements, API
616 Use commas instead of spaces when setting Zone Masters via the REST API.
619 :tags: Bug Fixes, API
623 Improve handling of out of range ``modified_at`` value.
626 :tags: Bug Fixes, Tools
629 Fix output order of pdnsutil ``add-record``.
635 Respect packet size limits, even with ECS and TSIG.
642 Fix dot stripping in ``setcontent()``.
645 :tags: Improvements, API
648 Improve RRset validation.
651 :tags: Bug Fixes, MySQL
654 Avoid infinite loop in mydnsbackend.
657 :tags: Bug Fixes, LMDB
661 Do not compress the root since LMDB backend cannot set a root zone
662 with a compressible SOA record.
665 :tags: Bug Fixes, LMDB
669 Avoid duplicate NSEC3 records in presigned zones in LMDB backend.
672 :tags: New Features, LMDB
675 Authoritative LMDB backend.
678 :tags: Improvements, Internals
681 Be smarter about trimming whitespace when creating records from ASCII.
684 :tags: Improvements, Internals
687 More sandboxing using SystemD's features.
690 :tags: Improvements, Internals
693 Fix attempt to restrict / speed-up additional processing to auth zone.
696 :tags: Bug Fixes, Tools
699 sdig: Handle non-IN class records better.
702 :tags: Improvements, DNSSEC
705 Error on DNSSEC default misconfiguration.
708 :tags: Bug Fixes, Improvements, Tools
711 Dnsscope off-by-one + domain-filter.
714 :tags: Bug Fixes, Internals
717 Fix ``dns_random()`` always returning 0 when the minimum acceptable value is 0.
720 :tags: Bug Fixes, Internals
723 Lower ``udp-truncation-threshold`` by default to 1232.
726 :tags: Improvements, Internals
729 Make ``pdns_control notify *`` also notify slaves zones.
732 :tags: Improvements, Internals
735 Zero out QTYPE response numbers in our statistics. Makes Valgrind
736 usable on auth again.
739 :tags: Bug Fixes, Tools
743 pdns_notify: Support hostname for notification.
746 :tags: Improvements, Internals
749 Improve memory handling for NSEC(3) records with lots of types.
755 Fix replying from ANY address for non-standard port.
758 :tags: Improvements, API
761 Fix a couple of Swagger / OpenAPI issues.
767 Fix a few off-by-one errors.
770 :tags: Bug Fixes, GeoIP
774 Forbid 0 as weight value.
777 :tags: Bug Fixes, Internals
780 Prevent leak of file descriptor if running out of ports for incoming AXFR.
783 :tags: Improvements, DNSSEC
786 Fallback to SHA1 for the signatures cache if MD5 is not available.
789 :tags: Bug Fixes, API
793 Prevent more than one CNAME / SOA record in the same RRset.
796 :tags: Improvements, Internals
799 Use a cache-able soa record for the serial check caused by a notify.
805 Improved Lua records - Added all selector, and backupSelector fallbacks.
812 On incoming NOTIFY load our serial from backend to have it available during slave-check.
814 Also log ourserial to ease debugging.
817 :tags: Improvements, API, DNSSEC
820 API: Add TSIG key manipulation endpoints.
826 Configure ``--enable-pdns-option`` ``--with-third-party-module``.
833 Address some known LUA Records issues:
835 * Better check input lists,
836 * Report lua wildcards errors,
837 * Exposes ``DNSName::getRawLabels`` in lua env,
838 * Better document LUA functions and objects.
841 :tags: Improvements, API
844 Make API changes do a rectify by default, add an option to disable.
847 :tags: Bug Fixes, Improvements
851 Remove ``autoserial`` from the Authoritative Server. Serial 0 was a little bit too special in PowerDNS.
857 Handle ANY queries with Lua records.
863 Remove ``out-of-zone-additional-processing`` setting.
869 geoip: properly delete libGeoIP return values.
875 SOA-check: reject NXDOMAIN response and check label of RR against qname.
878 :tags: Improvements, DNSSEC
881 Improve RSA key warnings.
887 Fix ``carbon-instance`` / ``carbon-namespace`` inconsistencies.
894 geoipbackend: Allow empty content for ENT record.
900 pdnsutil.1 & settings:
902 * Add Ed25519 and Ed448,
903 * Document ECC keysizes,
907 :tags: Bug Fixes, API
910 Check DNSNames that should be hostnames.
917 Add namespace and instance variable to carbon key.
920 :tags: Bug Fixes, Packages
923 Fix up the BIND config files on upgrade.
929 geoipbackend: Handle read error for config file.
935 Use unique pointers in the OpenSSL signer.
938 :tags: API, Removed Features
941 Remove ``api-logfile`` flag and grep API endpoint.
947 Store ``NetmaskTree`` nodes in a set for faster removal.
953 Adds the glorious log-log histograms.
959 Make sure we escape ``127`` in TXT records.
965 Add support for NONE SOA-EDIT kind.
971 Name threads in the programs.
977 ALIAS: Respond SERVFAIL on non-NOERRORs from resolver.
983 Add support for OpenSSL 1.1.1's ed25519 and ed448 for signing and verifying.
989 Add incremental ``slave-check`` backoff also for failed AXFR.
995 Respond correctly to DS query at delegation in unsigned zone.
1001 Enhance query-logging with timing for MySQL, PostgreSQL and SQLite.
1007 Apply ALIAS scopemask after chasing.
1013 Fix compilation with LibreSSL 2.7.0+.
1019 Release memory in case of error in the OpenSSL ECDSA constructor.
1026 Actually truncate truncated responses.
1029 :tags: Improvements, Packages
1032 Remove GOST and Botan support.
1035 :tags: Improvements, API
1038 Add zone lookup by ``/zones?zone=example.org``.
1050 Add option ``send-signed-notify`` to send NOTIFYs without TSIG signature.
1053 :tags: Removed Features, API
1056 Drop ``api-readonly`` configuration setting.
1062 Remove SOA-check backoff on incoming NOTIFY and fix ``d_lock`` handling.
1065 :tags: Bug Fixes, Tools
1068 Make ``edit-zone`` catch zoneparser exceptions as well.
1071 :tags: Improvements, Tools
1074 ``check-all-zones``: find duplicate zones and SOAs.
1080 ``check-zone``: allow null MX, SRV.
1086 Workaround MariaDB pretending to be MySQL.
1092 Add the serials when logging the final result of a slave check.
1095 :tags: Bug Fixes, API
1096 :pullreq: 6780, 6816
1098 Make sure that we use strict weak records ordering in the API.
1099 (Doing this avoids concurrent records / comments iteration from running out of sync.)
1105 Reset the TSIG state between queries.
1108 :tags: Improvements, Tools
1111 calidns: Accurate qps targets.
1117 LuaWrapper: Disable maybe uninitialized warnings with boost optional.
1123 Only parse ``resolv.conf`` once - this avoids race conditions.
1129 Implement a smarter dedup for filling packets in auth.
1132 :tags: Improvements, Tools
1135 pdns_control notify: Handle slave w/o renotify properly.
1138 :tags: Improvements, Tools
1141 pdnsutil: Occlusion and auth check improvements.
1147 Sign CDS/CDNSKEY RRsets with the KSK.
1153 luawrapper: Report caught ``std::exception`` as ``lua_error``.
1159 Initialize some missed qtypes: WKS, SMIMEA.
1165 geoipbackend: Check ``GeoIP_id_by_addr_gl`` and ``GeoIP_id_by_addr_v6_gl`` return value.
1171 stubresolver: Improve locking.
1177 Reject duplicate RRsets in patchZone.
1180 :tags: Bug Fixes, API
1183 Remove ENTs when "replacing" new records.
1189 gmysql: Use future-proof statement for transaction isolation.
1192 :tags: Improvements, API
1195 API export function output change to add IN to the output.
1198 :tags: Improvements, API
1202 Send correct response codes for the CryptoKey endpoints.
1208 Ensure ALIAS answers over TCP have correct name.
1211 :tags: Bug Fixes, Tools
1214 calidns: Don't issue socket buffer or SCHED_FIFO warnings in quiet mode.
1217 :tags: Bug Fixes, API
1220 Restrict creation of OPT and TSIG rrsets.
1226 Fix some minor issues for presigned (large) bind zones.
1232 dnsreplay: Add more checks against bogus PCAP.
1235 :tags: Bug Fixes, Improvements
1239 Geoip: Fix poisoning of cache when hit service's default network.
1241 Also includes an optimization to make lookups faster.
1244 :tags: Improvements, Tools
1247 pdnsutil: also load modules through the ``load-modules`` directive.
1250 :tags: Improvements, Tools
1253 calidns: Add ``quiet``, ``minimum-success-rate`` options to use from a script.
1256 :tags: New Features, Tools
1259 Add ``dnspcap2calidns`` to convert PCAP to the calidns format.
1262 :tags: Bug Fixes, Tools
1265 dnsreplay: Bail out on a too small outgoing buffer.
1268 :tags: Bug Fixes, Tools
1271 pdnsutil: Use new domain in ``b2bmigrate``.
1274 :tags: Bug Fixes, API
1277 Increase serial after DNSSEC related updates.
1283 bindbackend: Refuse launch suffixes.
1286 :tags: Improvements, Tools
1289 calidns: Add an option to read ECS values from the query file, skip comments.
1295 Avoid interleaved access to B (via ``d_dk``). Before this patch,
1296 the meta lookup would interfere with the already-started
1297 ``B.lookup``. This caused failures with odbc/MSSQL.
1303 Add missing overrides.
1306 :tags: Improvements, Tools
1309 calidns: Add a ``maximum-qps`` option to stay at a given stable load.
1315 LUA Records (yes we know it is "Lua").
1321 Add return 0 for correct exit of ``set-kind`` and ``set-account``.
1324 :tags: Bug Fixes, Tools
1327 Link ``dnspcap2protobuf`` against librt when needed.
1333 Recheck serial when AXFR is done.
1336 :tags: Improvements, Internals
1339 dns_random: Implement new dns_random.
1355 Avoid an isane amount of new backend connections during an AXFR.
1358 :tags: Improvements, Internals
1361 Remove ``theLog`` and ``theL`` and replace this with a global ``g_log``.
1364 :tags: Improvements, Tools
1367 Add TCP support for ALIAS.
1373 Add support for MB and MG RR types.
1379 Add actual EDNS buffer size logging, not just our interpretation.
1382 :tags: Improvements, Internals
1385 Lower 'packet too short' loglevel.
1391 Report unparseable data in stoul ``invalid_argument`` exception.
1394 :tags: New Features, Tools
1397 Add quiet modifier to pdnsutil ``rectify-all-zones`` command.
1403 Fix handling of user defined AXFR filters return values.
1410 Reload ``/etc/resolv.conf`` when modified.
1413 :tags: Bug Fixes, Tools
1416 Rather than crash, sheepishly report no file/linenum in pdnsutil.
1419 :tags: Improvements, Tools
1422 calidns: Add the ``--ecs`` parameter to add random ECS values to queries.
1428 Lua2 backend: This is a rewrite of the lua backend. It uses AuthLua4 as basis and more strongly typed access using LuaContext.
1435 Make requests always return to sender, for usage in multimaster slave zones. Also - made sure that the master that is questioned for updates will be selected randomly, to prevent repeatidally asking a dead master for updates.
1438 :tags: Improvements, API
1441 Return status ``409`` if domain already exists.
1447 Reject updates if they would lead to CNAME+Other data.
1453 Fix rectify (ordername) for non-DNSSEC zones.
1459 pkcs11signers: Fix yubikey NEO to work.
1465 Make ``check-zone`` error on rows that have content but shouldn't.
1471 Make ``outgoing-query-address`` and ``outgoing-query-address6``
1472 behaviours equivalent.
1479 GeoIPbackend improvements:
1481 * Adds MMDB support. Now geoip backend can be compiled without geoip support,
1482 * Adds location support,
1483 * Fixes SERVFAIL if expansion is empty.
1489 Fix syntax error for ``replace-rrset``. (@lordievader)
1492 :tags: Improvements, API
1495 Expose ``ResponseStats`` via REST API.
1498 :tags: Improvements, Internals
1501 Remove all traces of selectmplexer, fix up pollmplexer.
1504 :tags: Bug Fixes, Tools
1507 IXFR: correct behavior of dealing with DNS Name with multiple records; speed up IXFR transaction.
1513 bindbackend: handle ``std::exception`` during startup zone-parsing.
1516 :tags: Improvements, Tools
1519 Add an ``--initial-port`` option to dnsreplay.
1524 :tickets: 5079, 5594, 5654
1526 Add XPF support to sdig, PowerDNS Recursor and dnsdist.
1529 :tags: Improvements, Internals
1533 Change from ``time_t`` to ``uint32_t`` for serial in ``calculateSOASerial``.
1539 Check more thoroughly the source of UDP answers.
1545 Slave cleanups. (@zeha)
1552 gmysql-backend: set unsigned attribute on ``notified_serial`` column.
1559 pdns: Improve record parsing
1565 Escaping unusual DNS label octets in DNSName is off by one.
1568 :tags: Improvements, Internals
1571 Use ``toLogString()`` for logging and throwing.
1574 :tags: Improvements, Internals
1577 Remove obsolete EDNS PING code. (@zeha)
1583 Update EDNS Option code list.
1589 Changes to compile and run on NetBSD.
1595 Remove ``serializeSOAData``, refactor ``calculate``/``edit``/``increaseSOA``.
1598 :tags: Improvements, Tools
1601 Add colour to diff output of pdnsutil.
1606 :tickets: 6101, 6120
1608 Improve tests and two bugfixes:
1610 * Fix xfrIP to reject invalid ips,
1611 * Accept seconds since epoch in RRSIG timestamps too.
1619 Forbid creating algo 5/8/10 keys with out-of-spec sizes.
1625 Add methods missing from AuthLua4 when Lua support is disabled.
1631 Init openssl and libsodium before chrooting in pdnsutil.
1634 :tags: Bug Fixes, LDAP
1637 Fix listing zones incl. AXFR.
1643 Fix uninitialized index in Lua's DNSPacket::getRRS() binding.
1650 Fix out of bounds exception in CAA processing.
1653 :tags: Improvements, API
1656 Return ``404`` for non-existing zones.
1663 Add Draft of Swagger spec for Authoritative Server HTTP API.
1670 Forbid label compression in ALIAS wire format.
1677 API: Add response-by-qtype and response-by-rcode on /statistics endpoint
1683 Several improvements to processing of notifies.
1685 * Turn off supermaster support by default (adds new setting).
1686 * PowerDNS was wasting a lot of queries while processing notifies.
1687 * Use comboaddress for IPs (was strings)