6 :released: 20th of November 2019
12 Lowercase the name blocked by a SMT dynamic block
18 Fix the default value of ``setMaxUDPOutstanding`` in the console's help (phonedph1)
24 Add bindings for the noerrors and drops members of StatNode
27 :tags: DNS over HTTPS, DNS over TLS
30 Prefer the cipher suite from the server by default (DoH, DoT)
36 Fix -WShadow warnings (Aki Tuomi)
42 Fix typo: settting to setting (Chris Hofstaedtler)
46 :released: 30th of October 2019
49 :tags: Improvements, DNS over HTTPS, Metrics
52 Rename the 'address' label to 'frontend' for DoH metrics
55 :tags: Bug Fixes, DNS over HTTPS
58 Increment the DOHUnit ref count when it's set in the IDState
62 :released: 25th of October 2019
65 :tags: New Features, DNS over HTTPS, DNS over TLS
68 Add support dumping TLS keys via keyLogFile
71 :tags: Improvements, DNS over HTTPS
74 Implement reference counting for the DOHUnit object
77 :tags: Improvements, DNS over HTTPS, DNS over TLS, Metrics
80 Add metrics about TLS handshake failures for DoH and DoT
87 Add more options to LogAction (non-verbose mode, timestamps)
90 :tags: Improvements, DNS over HTTPS, DNS over TLS
93 Merge the setup of TLS contexts in DoH and DoT
99 Fix the caching of large entries
105 Fix formatting in showTCPStats()
112 Work around cmsg_space somehow not being a constexpr on macOS
118 Use SO_BINDTODEVICE when available for newServer's source interface
121 :tags: Bug Fixes, Metrics
124 Add missing prometheus descriptions for cache-related metrics
127 :tags: Improvements, DNS over HTTPS, DNS over TLS, Metrics
130 Add metrics about unknown/inactive TLS ticket keys
133 :tags: Improvements, DNS over TLS, Metrics
136 Add metrics about TLS versions with DNS over TLS
139 :tags: Improvements, DNS over HTTPS, Metrics
142 Count the number of concurrent connections for DoH as well
145 :tags: Bug Fixes, DNS over HTTPS
148 Clear the DoH session ticket encryption key in the ctor
151 :tags: Improvements, DNS over HTTPS, DNS over TLS
154 Add a 'preferServerCiphers' option for DoH and DoT
157 :tags: Bug Fixes, Metrics
160 Add a prometheus 'thread' label to distinguish identical frontends
163 :tags: Bug Fixes, Metrics
166 Fix a typo in the prometheus description of 'senderrors'
169 :tags: Bug Fixes, Metrics
172 More prometheus fixes
175 :tags: Improvements, DNS over HTTPS
179 Lowercase custom DoH header names
186 Check the address supplied to 'webserver' in check-config
189 :tags: Improvements, DNS over HTTPS, Metrics
192 Refactor DoH prometheus metrics again
198 Fix the creation order of rules when inserted via setRules()
202 :released: 30th of September 2019
209 Clean up our interactions with errno
212 :tags: Improvements, DNS over HTTPS, DNS over TLS
215 Display the DoH and DoT binds in the web view
222 Remove the 'blockfilter' stat from the web view
225 :tags: Improvements, DNS over HTTPS
228 Allow accepting DoH queries over HTTP instead of HTTPS
234 Fix some spelling mistakes noticed by lintian (Chris Hofstaedtler)
240 Fix the newCDBKVStore console completion when LMDB is not enabled (phonedph1)
246 Allow configure CDB_CFLAGS to work (phonedph1)
252 dnsdistconf.lua use non-deprecated versions for 1.4.0 (phonedph1)
258 Fix the warning message on an invalid secpoll answer
265 Don't connect to remote logger in client/command mode
271 Better use of labels in our DoH prometheus export
274 :tags: Improvements, DNS over HTTPS
277 Implement TLS session ticket keys management for DoH
281 :released: 2nd of September 2019
287 Add a KeyValueStoreLookup action based on CDB or LMDB
293 Update h2o to 2.2.6, fixing CVE-2019-9512, CVE-2019-9514 and CVE-2019-9515 for repo.powerdns.com packages
296 :tags: New Features, DNS over HTTPS
299 Add support for early DoH HTTP responses
302 :tags: Improvements, DNS over HTTPS, DNS over TLS
306 Add minTLSVersion for DoH and DoT
312 Split dnsdist-lua-bindings.cc to reduce memory consumption during compilation
318 Add a Lua binding for `dynBlockRulesGroup:setQuiet(quiet)`
322 :released: 12th of August 2019
328 Disallow TCP disablement
334 Update boost.m4 to the latest version
340 SuffixMatchTree: fix root removal, partial match of non-leaf nodes
346 Print stats from expungeByName (Matti Hiljanen)
349 :tags: Bug Fixes, DNS over HTTPS
353 Properly override the HTTP Server header for DoH
356 :tags: Bug Fixes, DNS over HTTPS, DNS over TLS
359 Exit when requested DoT/DoH support is not compiled in
362 :tags: Improvements, DNS over HTTPS
365 Send better HTTP status codes, handle ACL drops earlier
368 :tags: Bug Fixes, DNS over HTTPS
372 Proper HTTP response for timeouts over DoH
375 :tags: Improvements, DNS over HTTPS
379 Add more stats about DoH HTTP responses
382 :tags: Bug Fixes, Carbon, Prometheus
386 Deduplicate frontends entries with carbon and prometheus
400 Squelch unused function warning
407 Fix short IOs over TCP
410 :tags: Improvements, DNS over TLS
413 Improve error messages for DoT issues
419 Fix handling of backend connection failing over TCP
425 SuffixMatchNode:add(): accept more types
432 Explicitly align the buffer used for cmsgs
438 Add `quiet` parameter to NetmaskGroupRule
445 Clear cmsg_space(sizeof(data)) in cmsghdr to appease Valgrind
451 Insert the response into the ringbuffer right after sending it
457 Add static assertions for the size of the src address control buffer
463 Don't create temporary strings to escape DNSName labels
466 :tags: Bug Fixes, DNSCrypt
470 Skip non-dnscrypt binds in `showDNSCryptBinds()`
476 Display TCP/DoT queries and responses in verbose mode, opcode in grepq
482 Be a bit more explicit about what failed in testCrypto()
489 Handle ENOTCONN on read() over TCP
492 :tags: Improvements, DNSCrypt
496 Accept more than one certificate in `addDNSCryptBind()`
502 Make sure we always compile with BOOST_CB_ENABLE_DEBUG set to 0
508 Catch exceptions thrown when handling a TCP response
514 Fix unlimited retries when TCP Fast Open is enabled
520 M4/systemd.m4: fail when systemctl is not available
523 :tags: Bug Fixes, Prometheus
526 Fix a typo in the Server's latency description for Prometheus (phonedph1)
532 Update URLs to use HTTPS scheme (Chris Hofstaedtler)
535 :tags: Bug Fixes, DNS over HTTPS
538 Prevent a dangling DOHUnit pointer when send() failed
544 Double-check we only increment the outstanding counter once
550 Implement ContinueAction()
557 Console: flush cout after printing g_outputbuffer (Doug Freed)
564 ext/ipcrypt: ship license in tarballs (Chris Hofstaedtler)
567 :tags: New Features, DNS over HTTPS, DNS over TLS
571 Add OCSP stapling (from files) for DoT and DoH
574 :tags: New Features, DNS over HTTPS
578 Add support for custom DoH headers (Melissa Voegeli)
581 :tags: New Features, DNS over HTTPS
585 Add lua bindings, rules and action for DoH
591 Use a counter to mark IDState usage instead of the FD
597 Fix signedness issue in isEDNSOptionInOpt()
603 Increase the default value of setMaxUDPOutstanding to 65535
606 :version: 1.4.0-beta1
607 :released: 6th of June 2019
610 :tags: Bug Fixes, DoH
614 DoH: Don't let 'self' dangling while parsing the request's qname, this could lead to a crash
620 Fix minor issues reported by Coverity
623 :tags: New Features, DoT, DoH
627 Implement SNIRule for DoT and DoH
633 Remove second, incomplete copy of lua EDNSOptionCode table
636 :tags: Improvements, Prometheus
640 Support Prometheus latency histograms (Marlin Cremers)
643 :version: 1.4.0-alpha2
644 :released: 26th of April 2019
650 Ignore Path MTU discovery on UDP server socket
656 Alternative solution to the unaligned accesses.
662 Exit when setting ciphers fails (GnuTLS)
669 Add DNS over HTTPS support based on libh2o
672 :version: 1.4.0-alpha1
673 :released: 12th of April 2019
679 Make recursor & dnsdist communicate (ECS) 'variable' status
685 Fix compiler warning about returning garbage (Adam Majer)
691 Fix warnings, mostly unused parameters, reported by -wextra
698 Add namespace and instance variable to carbon key (Gibheer)
704 Add optional uuid column to showServers()
710 Allow NoRecurse for use in dynamic blocks or Lua rules (phonedph1)
717 Expose secpoll status
723 Configure --enable-pdns-option --with-third-party-module (Josh Soref)
729 Protect GnuTLS tickets key rotation with a read-write lock
735 Check that ``SO_ATTACH_BPF`` is defined before enabling eBPF
741 Drop remaining capabilities after startup
748 Add an optional 'checkTimeout' parameter to 'newServer()'
755 Add a 'rise' parameter to 'newServer()'
762 Add a 'keepStaleData' option to the packet cache
769 Expose trailing data (Richard Gibson)
775 More sandboxing using systemd's features
781 Fix off-by-one in mvRule counting
787 Reduce systemcall usage in Protobuf logging
793 Resync YaHTTP code to cmouse/yahttp@11be77a1fc4032 (Chris Hofstaedtler)
799 Add option to set interval between health checks (1848)
805 Add EDNS unknown version handling (Dmitry Alenichev)
811 Pass empty response (Dmitry Alenichev)
817 Change the way getRealMemusage() works on linux (using statm)
823 Don't convert nsec to usec if we need nsec
829 DNSNameSet and QNameSetRule (Andrey)
841 Handle EAGAIN in the GnuTLS DNS over TLS provider
848 Gracefully handle a null latency in the webserver's js
855 Prevent 0-ttl cache hits
862 Add addDynBlockSMT() support to dynBlockRulesGroup
868 Add frontend response statistics (Matti Hiljanen)
874 EDNSOptionView improvements
881 Add support for encrypting ip addresses #gdpr
887 Remove addLuaAction and addLuaResponseAction
894 Refactoring of the TCP stack
901 Honor libcrypto include path
908 Add 'setSyslogFacility()'
915 Prevent a conflict with BADSIG being clobbered
921 Switch to the new 'newPacketCache()' syntax for 1.4.0
927 Add 'reloadAllCertificates()'
933 Move constants to proper namespace
939 Unify the management of DNS/DNSCrypt/DoT frontends
943 :released: 8th of November 2018
950 Add consistent hash builtin policy
962 Add DSTPortRule (phonedph1)
968 Make getOutstanding usable from both lua and console (phonedph1)
974 Get rid of some allocs/copies in DNS parsing
980 Display dynblocks' default action, None, as the global one
987 Set a correct EDNS OPT RR for self-generated answers
993 Added :excludeRange and :includeRange methods to DynBPFFilter class (Reinier Schoof)
999 Fix a sign-comparison warning in isEDNSOptionInOPT()
1003 :pullreq: 3935, 6343, 6901, 7007, 7089
1004 :tickets: 4947, 6002
1006 Add Prometheus stats support (Pavel Odintsov, Kai S)
1012 Fix compilation when SO_REUSEPORT is not defined
1017 :tickets: 6907, 6907
1019 Add warning rates to DynBlockRulesGroup rules
1026 Name threads in the programs
1031 :tickets: 7004, 6990
1033 Add support for exporting a server id in protobuf
1039 dnsdist did not set TCP_NODELAY, causing needless latency
1045 Release memory on DNS over TLS handshake failure
1051 Add a setting to control the number of stored sessions
1058 Wrap GnuTLS and OpenSSL pointers in smart pointers
1065 Support the NXDomain action with dynamic blocks
1072 Add a 'creationOrder' field to rules
1079 Fix return-type detection with boost 1.69's tribool
1086 Fix format string issue on 32bits ARM
1092 Wrap TCP connection objects in smart pointers
1099 Add the setConsoleOutputMaxMsgSize function
1105 Add security polling
1112 Add the ability to update webserver credentials
1118 Add a PoolAvailableRule to easily add backup pools (Robin Geuze)
1125 Handle trailing data correctly when adding OPT or ECS info
1129 :released: 10th of July 2018
1135 Add missing include for PRId64, fix build on CentOS 6 / SLES 12
1139 :released: 10th of July 2018
1146 Remove `thelog` and `thel` and replace this with a global g_log
1152 Fix two small nits on the documentation
1159 Move the el6 dnsdist package to upstart
1165 Initialize the done variable in the rings' unit tests
1171 Reorder headers to fix OpenBSD build
1178 CLI option improvements (Chris Hofstaedtler)
1184 Split pdns_enable_unit_tests (Chris Hofstaedtler)
1190 Restrict value range for weight parameter, avoid sum overflows dropping queries (Dan McCombs)
1194 :pullreq: 6445, 6457, 6470
1203 Docs: fix missing ref in the dnsdist docs
1209 Be more permissive in wrandom tests, log values on failure
1216 Tests: avoid failure on not-so-optimal distribution
1223 Add support for more than one TLS certificate
1229 Add syntax to dns.proto to silence compilation warning.
1235 Fix warnings reported by gcc 8.1.0
1242 Document setVerboseHealthchecks()
1248 Update dq.rst (phonedph1)
1260 Don't copy unitialized values of SuffixMatchTree
1266 Expose toString of various objects to Lua (Chris Hofstaedtler)
1272 Remove 'expired' states from MaxQPSIPRule
1278 Fix reconnection handling
1285 Mark the remote member of DownstreamState as const
1291 Dynamic blocks were being created with the wrong duration (David Freedman)
1298 Test the content of dynamic blocks using the API
1305 Default set "connection: close" header for web requests
1311 Update timedipsetrule.rst (phonedph1)
1318 Don't access the TCP buffer vector past its size
1324 Show droprate in API output
1331 Limit qps and latency to two decimals in the web view
1336 :tickets: 6683, 6709
1338 Refuse console connection without a proper key set
1345 Add a negative ttl option to the packet cache
1351 Check the flags to detect collisions in the packet cache
1357 Add the ability to dump a summary of the cache content
1363 Fix iterating over the results of exceed*() functions
1369 Fix duration false positive in the dynblock regression tests
1375 Add netmask-based {ex,in}clusions to DynblockRulesGroup
1382 Add DNSAction.NoOp to debug dynamic blocks
1389 Implement NoneAction()
1396 Detect ECS collisions in the packet cache
1402 Fix an outstanding counter race when reusing states
1409 Add SetECSAction to set an arbitrary outgoing ecs value
1415 Use LRU to clean the MaxQPSIPRule's store
1421 Disable maybe uninitialized warnings with boost optional
1427 Add support for rotating certificates and keys
1434 Luawrapper: report caught std::exception as lua_error
1440 Dnstap.rst: fix some editing errors (Chris Hofstaedtler)
1447 Allow known exception types to be converted to string
1452 :released: 30th of March 2018
1455 :tags: Improvements, New Features
1456 :pullreq: 5576, 5860
1457 :tickets: 5202, 5859
1459 Add cache sharding, ``recvmmsg`` and CPU pinning support.
1460 With these, the scalability of :program:`dnsdist` is drastically improved.
1466 Add burst option to :func:`MaxQPSIPRule` (42wim).
1473 Handle SNMP alarms so we can reconnect to the master.
1479 Add an optional `status` parameter to :func:`Server:setAuto`.
1486 Fix signed/unsigned comparison warnings on ARM.
1492 Add Pools, cacheHitResponseRules to the API.
1498 Add :func:`inClientStartup` function.
1505 Add a class option to health checks.
1511 Add tag-based routing of queries.
1515 :pullreq: 6117, 6175, 6176, 6177, 6189
1517 Add experimental :doc:`DNS-over-TLS <guides/dns-over-tls>` support.
1523 Add UUIDs to rules, this allows tracking rules through modifications and moving them around.
1529 Keep trying if the first connection to the remote logger failed
1533 :pullreq: 5201, 6170
1535 Add simple :doc:`dnstap <reference/dnstap>` support (Justin Valentini, Chris Hofstaedtler).
1542 Apply ResponseRules to locally generated answers (Chris Hofstaedtler).
1548 Report :func:`LuaAction` and :func:`LuaResponseAction` failures in the log and send SERVFAIL instead of not answering the query (Chris Hofstaedtler).
1554 Unify global statistics accounting (Chris Hofstaedtler).
1558 :pullreq: 6350, 6366
1560 Speed up the processing of large ring buffers.
1561 This change will make :program:`dnsdist` more scalable with a large number of different clients.
1568 Make custom :func:`addLuaAction` and :func:`addLuaResponseAction` callback's second return value optional.
1574 Add "server-up" metric count to Carbon Reporting (Lowell Mower).
1578 :pullreq: 6045, 6382
1580 Add xchacha20 support for :doc:`DNSCrypt <guides/dnscrypt>`.
1586 Scalability improvement: Add an option to use several source ports towards a backend.
1590 :pullreq: 6375, 5866
1593 Add '?' and 'help' for providing help() output on ``dnsdist -c`` (Kirill Ponomarev, Chris Hofstaedtler).
1597 :pullreq: 6190, 6381
1599 Replace the Lua mutex with a rw lock to limit contention.
1600 This improves the processing speed and parallelism of the policies.
1604 :pullreq: 6220, 5594
1605 :tickets: 5079, 5654
1607 Add experimental XPF support based on `draft-bellis-dnsop-xpf-04 <https://tools.ietf.org/html/draft-bellis-dnsop-xpf-04>`__.
1613 Add :func:`ERCodeRule` to match on extended RCodes (Chris Hofstaedtler).
1619 Fix escaping unusual DNS label octets in DNSName is off by one (Kees Monshouwer).
1625 Add :func:`TempFailureCacheTTLAction` (Chris Hofstaedtler).
1631 Ensure :program:`dnsdist` compiles on NetBSD (Tom Ivar Helbekkmo).
1638 Also log eBPF dynamic blocks, as regular dynamic block already are.
1641 :tags: New Features, Improvements
1644 Add :ref:`DynBlockRulesGroup` to improve processing speed of the :func:`maintenance` function by reducing memory usage and not walking the ringbuffers multiple times.
1651 Remove the ``--daemon`` option from :program:`dnsdist`.
1658 Add :func:`console ACL <addConsoleACL>` functions.
1665 Allow adding :meth:`EDNS Client Subnet information <ServerPool:setECS>` to a query before looking in the cache.
1666 This allows serving ECS enabled answers from the cache when all servers in a pool are down.
1673 Ensure large numbers are shown correctly in the API.
1680 Add option to :func:`showRules` to truncate the output length.
1686 Avoid assertion errors in :func:`NewServer` (Chris Hofstaedtler).
1692 Fix several warnings reported by clang's analyzer and cppcheck, should lead to small performance increases.
1697 :released: 16th of February 2018
1703 Add configuration option to disable IP_BIND_ADDRESS_NO_PORT (Dan McCombs).
1709 Handle bracketed IPv6 addresses without ports (Chris Hofstaedtler).
1715 Make dnsdist dynamic truncate do right thing on TCP/IP.
1721 Add missing QPSAction
1727 Don't create a Remote Logger in client mode.
1733 Use libsodium's CFLAGS, we might need them to find the includes.
1739 Keep the TCP connection open on cache hit, generated answers.
1745 Add the missing <sys/time.h> include to mplexer.hh for struct timeval.
1751 Sort the servers based on their 'order' after it has been set.
1757 Quiet unused variable warning on macOS (Chris Hofstaedtler).
1764 Fix the outstanding counter when an exception is raised.
1771 Do not connect the snmpAgent from a dnsdist client.
1775 :released: 21st of August 2017
1782 DNSName: Check that both first two bits are set in compressed labels.
1787 :tickets: 4131, 4155
1789 Handle unreachable servers at startup, reconnect stale sockets
1796 Gracefully handle invalid addresses in :func:`newServer`.
1803 Add an option to 'mute' UDP responses per bind.
1806 :tags: New Features, Performance
1809 Add TCP management options from :rfc:`RFC 7766 section 10 <7766#section-10>`.
1815 LuaWrapper: Use the correct index when storing a function.
1822 Save history to home-dir, only use CWD as a last resort.
1828 Add the :func:`setRingBuffersSize` directive to allows changing the ringbuffer size.
1831 :tags: Improvements, Security
1834 Merge the client and server nonces to prevent replay attacks.
1840 Use ``IP_BIND_ADDRESS_NO_PORT`` when available.
1847 Send a latency of 0 over carbon, null over API for down servers.
1852 :tickets: 4775, 4660
1854 Add an optional ``seconds`` parameter to :func:`statNodeRespRing`.
1860 Report a more specific lua version and report luajit in ``--version``.
1863 :tags: Improvements, DNSCrypt
1864 :pullreq: 4813, 4926
1866 Store the computed shared key and reuse it for the response for DNSCrypt messages.
1869 :tags: New Features, Protobuf
1873 Add an option to export CNAME records over protobuf.
1880 Allow TTL alteration via Lua.
1886 Add :func:`RDRule` to match queries with the ``RD`` flag set.
1892 Add :func:`setWHashedPertubation` for consistent ``whashed`` results.
1898 Add ``tcpConnectTimeout`` to :func:`newServer`.
1904 Fix negative port detection for IPv6 addresses on 32-bit.
1911 Fix crashed on SmartOS/Illumos (Roman Dayneko).
1915 :pullreq: 4788, 5036
1918 Add cache hit response rules.
1921 :tags: Improvements, Performance
1924 Add :func:`setTCPUseSinglePipe` to use a single TCP waiting queue.
1931 Change ``truncateTC`` to defaulting to off, having it enabled by default causes an compatibility with :rfc:`6891` (Robin Geuze).
1935 :pullreq: 4987, 5037
1938 Don't cache answers without any TTL (like SERVFAIL).
1941 :tags: Improvements, Performance
1942 :pullreq: 4985, 5501
1945 Add ``sendSizeAndMsgWithTimeout`` to send size and data in a single call and use it for TCP Fast Open towards backends.
1951 Prevent issues by unshadowing variables.
1954 :tags: New Features, SNMP
1955 :pullreq: 4989, 5123, 5204
1957 Add :doc:`SNMP support <advanced/snmp>`.
1960 :tags: Bug Fixes, Performance
1964 Refactor SuffixMatchNode using a SuffixMatchTree.
1970 Register DNSName::chopOff (@plzz).
1976 Allow passing :class:`DNSName`\ s as DNSRules.
1979 :tags: Bug Fixes, Webserver
1982 Send an HTTP 404 on unknown API paths.
1985 :tags: Improvements, Performance
1988 Tune systemd unit-file for medium-sized installations (Winfried Angele).
1994 Add support for setting the server selection policy on a per pool basis (Robin Geuze).
1998 :pullreq: 5150, 5171
2001 Make :func:`includeDirectory` work sorted (Robin Geuze).
2004 :tags: Improvements, LuaWrapper
2007 Allow embedded NULs in strings received from Lua.
2013 Add a ``suffixMatch`` parameter to :meth:`PacketCache:expungeByName` (Robin Geuze).
2019 Cleanup closed TCP downstream connections.
2025 Fix destination port reporting on "any" binds.
2032 Add an option so the packet cache entries don't age.
2035 :tags: Bug Fixes, Security
2038 Unified ``-k`` and :func:`setKey` behaviour for client and server mode now.
2044 Improve reporting of C++ exceptions that bubble up via Lua.
2047 :tags: Improvements, Performance
2050 Add the possiblity to fill a :class:`NetmaskGroup` (using :meth:`NetmaskGroup:addMask`) from `exceeds*` results.
2056 Add better logging on queries that get dropped, timed out or received.
2062 Add :func:`QNameRule`.
2068 Correctly truncate EDNS Client Subnetmasks.
2074 Print useful messages when query and response actions are mixed.
2080 Add an optional action to :func:`addDynBlocks`.
2086 Add an optional interface parameter to :func:`addLocal`/:func:`setLocal`.
2089 :tags: Bug Fixes, Performance
2092 Get rid of ``std::move()`` calls preventing copy elision.
2099 Fix :func:`RecordsTypeCountRule`\ 's handling of the # of records in a section.
2105 Make a ``truncate`` action available to DynBlock and Lua.
2112 Change stats functions to always return lowercase names (Robin Geuze).
2118 Implement a runtime changeable rule that matches IP address for a certain time called :func:`TimedIPSetRule`.
2122 :pullreq: 5449, 5454
2124 Only use TCP Fast Open when supported and prevent compiler warnings.
2130 Add ``DNSRule::toString()`` and add virtual destructors to DNSRule, DNSAction and DNSResponseAction so the destructors of derived classes are run even when deleted via the base type.
2136 Add support for returning several IPs to spoof from Lua.
2140 :pullreq: 5490, 5508
2141 :tickets: 5420, 5507
2143 Add Lua bindings to be able to rotate DNSCrypt keys, see :doc:`guides/dnscrypt`.
2146 :tags: Improvements, Performance
2149 Add labels count to StatNode, only set the name once.
2160 :pullreq: 5396, 5577
2162 Add the capability to set arbitrary tags in protobuf messages.
2169 Skip timeouts on the response latency graph.
2176 Deprecate syntactic sugar functions.
2183 Don't use square brackets for IPv6 in Carbon metrics.
2190 Copy the DNS header before encrypting it in place.
2197 Add setConsoleConnectionsLogging().
2203 Fix potential pointer wrap-around on 32 bits.
2209 Make the API available with an API key only.
2214 Released December 29th 2016
2216 Changes since 1.1.0-beta2:
2221 - `#4783 <https://github.com/PowerDNS/pdns/pull/4783>`__: Add -latomic
2223 - `#4812 <https://github.com/PowerDNS/pdns/pull/4812>`__: Handle
2224 header-only responses, handle Refused as Servfail in the cache
2229 - `#4762 <https://github.com/PowerDNS/pdns/pull/4762>`__:
2230 SuffixMatchNode: Fix an insertion issue for an existing node
2231 - `#4772 <https://github.com/PowerDNS/pdns/pull/4772>`__: Fix dnsdist
2232 initscript config check
2237 Released December 14th 2016
2239 Changes since 1.1.0-beta1:
2244 - `#4518 <https://github.com/PowerDNS/pdns/pull/4518>`__: Fix dynblocks
2245 over TCP, allow refusing dyn blocked queries
2246 - `#4519 <https://github.com/PowerDNS/pdns/pull/4519>`__: Allow
2247 altering the ECS behavior via rules and Lua
2248 - `#4535 <https://github.com/PowerDNS/pdns/pull/4535>`__: Add
2249 ``DNSQuestion:getDO()``
2250 - `#4653 <https://github.com/PowerDNS/pdns/pull/4653>`__:
2251 ``getStatisticsCounters()`` to access counters from Lua
2252 - `#4657 <https://github.com/PowerDNS/pdns/pull/4657>`__: Add
2253 ``includeDirectory(dir)``
2254 - `#4658 <https://github.com/PowerDNS/pdns/pull/4658>`__: Allow editing
2256 - `#4702 <https://github.com/PowerDNS/pdns/pull/4702>`__: Add
2257 ``setUDPTimeout(n)``
2258 - `#4726 <https://github.com/PowerDNS/pdns/pull/4726>`__: Add an option
2259 to return ServFail when no server is available
2260 - `#4748 <https://github.com/PowerDNS/pdns/pull/4748>`__: Add
2261 ``setCacheCleaningPercentage()``
2266 - `#4533 <https://github.com/PowerDNS/pdns/pull/4533>`__: Fix building
2267 with clang on OS X and FreeBSD
2268 - `#4537 <https://github.com/PowerDNS/pdns/pull/4537>`__: Replace
2269 luawrapper's std::forward/std::make\_tuple combo with
2270 std::forward\_as\_tuple (Sangwhan "fish" Moon)
2271 - `#4596 <https://github.com/PowerDNS/pdns/pull/4596>`__: Change the
2272 default max number of queued TCP conns to 1000
2273 - `#4632 <https://github.com/PowerDNS/pdns/pull/4632>`__: Improve
2274 dnsdist error message on a common typo/config mistake
2275 - `#4694 <https://github.com/PowerDNS/pdns/pull/4694>`__: Don't use a
2276 const\_iterator for erasing (fix compilation with some versions of
2278 - `#4715 <https://github.com/PowerDNS/pdns/pull/4715>`__: Specify that
2279 dnsmessage.proto uses protobuf version 2
2280 - `#4765 <https://github.com/PowerDNS/pdns/pull/4765>`__: Some service
2286 - `#4425 <https://github.com/PowerDNS/pdns/pull/4425>`__: Fix a
2287 protobuf regression (requestor/responder mix-up) caused by a94673e
2288 - `#4541 <https://github.com/PowerDNS/pdns/pull/4541>`__: Fix insertion
2289 issues in SuffixMatchTree, move it to dnsname.hh
2290 - `#4553 <https://github.com/PowerDNS/pdns/pull/4553>`__: Flush output
2291 in single command client mode
2292 - `#4578 <https://github.com/PowerDNS/pdns/pull/4578>`__: Fix
2293 destination address reporting
2294 - `#4640 <https://github.com/PowerDNS/pdns/pull/4640>`__: Don't exit
2295 dnsdist on an exception in maintenance
2296 - `#4721 <https://github.com/PowerDNS/pdns/pull/4721>`__: Handle
2297 exceptions in the UDP responder thread
2298 - `#4734 <https://github.com/PowerDNS/pdns/pull/4734>`__: Add the TCP
2299 socket to the map only if the connection succeeds. Closes #4733
2300 - `#4742 <https://github.com/PowerDNS/pdns/pull/4742>`__: Decrement the
2301 queued TCP conn count if writing to the pipe fails
2302 - `#4743 <https://github.com/PowerDNS/pdns/pull/4743>`__: Ignore
2303 newBPFFilter() and newDynBPFFilter() in client mode
2304 - `#4753 <https://github.com/PowerDNS/pdns/pull/4753>`__: Fix FD leak
2305 on TCP connection failure, handle TCP worker creation failure
2306 - `#4764 <https://github.com/PowerDNS/pdns/pull/4764>`__: Prevent race
2307 while creating new TCP worker threads
2312 Released September 1st 2016
2314 Changes since 1.0.0:
2319 - `#3762 <https://github.com/PowerDNS/pdns/pull/3762>`__ Teeaction:
2320 send copy of query to second nameserver, sponge responses
2321 - `#3876 <https://github.com/PowerDNS/pdns/pull/3876>`__ Add
2322 ``showResponseRules()``, ``{mv,rm,top}ResponseRule()``
2323 - `#3936 <https://github.com/PowerDNS/pdns/pull/3936>`__ Filter on
2324 opcode, records count/type, trailing data
2325 - `#3975 <https://github.com/PowerDNS/pdns/pull/3975>`__ Make dnsdist
2326 {A,I}XFR aware, document possible issues
2327 - `#4006 <https://github.com/PowerDNS/pdns/pull/4006>`__ Add eBPF
2328 source address and qname/qtype filtering
2329 - `#4008 <https://github.com/PowerDNS/pdns/pull/4008>`__ Node
2330 infrastructure for querying recent traffic
2331 - `#4042 <https://github.com/PowerDNS/pdns/pull/4042>`__ Add
2332 server-side TCP Fast Open support
2333 - `#4050 <https://github.com/PowerDNS/pdns/pull/4050>`__ Add
2334 ``clearRules()`` and ``setRules()``
2335 - `#4114 <https://github.com/PowerDNS/pdns/pull/4114>`__ Add
2336 ``QNameLabelsCountRule()`` and ``QNameWireLengthRule()``
2337 - `#4116 <https://github.com/PowerDNS/pdns/pull/4116>`__ Added src
2338 boolean to NetmaskGroupRule to match destination address (Reinier
2340 - `#4175 <https://github.com/PowerDNS/pdns/pull/4175>`__ Implemented
2341 query counting (Reinier Schoof)
2342 - `#4244 <https://github.com/PowerDNS/pdns/pull/4244>`__ Add a
2343 ``setCD`` parameter to set cd=1 on health check queries
2344 - `#4284 <https://github.com/PowerDNS/pdns/pull/4284>`__ Add
2345 RCodeRule(), Allow, Delay and Drop response actions
2346 - `#4305 <https://github.com/PowerDNS/pdns/pull/4305>`__ Add an
2347 optional Lua callback for altering a Protobuf message
2348 - `#4309 <https://github.com/PowerDNS/pdns/pull/4309>`__ Add
2349 showTCPStats function (RobinGeuze)
2350 - `#4329 <https://github.com/PowerDNS/pdns/pull/4329>`__ Add options to
2351 LogAction() so it can append (instead of truncate) (Duane Wessels)
2356 - `#3714 <https://github.com/PowerDNS/pdns/pull/3714>`__ Add
2357 documentation links to dnsdist.service (Ruben Kerkhof)
2358 - `#3754 <https://github.com/PowerDNS/pdns/pull/3754>`__ Allow the use
2359 of custom headers in the web server
2360 - `#3826 <https://github.com/PowerDNS/pdns/pull/3826>`__ Implement a
2361 'quiet' mode for SuffixMatchNodeRule()
2362 - `#3836 <https://github.com/PowerDNS/pdns/pull/3836>`__ Log the
2363 content of webserver's exceptions
2364 - `#3858 <https://github.com/PowerDNS/pdns/pull/3858>`__ Only log
2365 YaHTTP's parser exceptions in verbose mode
2366 - `#3877 <https://github.com/PowerDNS/pdns/pull/3877>`__ Increase max
2367 FDs in systemd unit, warn if clearly too low
2368 - `#4019 <https://github.com/PowerDNS/pdns/pull/4019>`__ Add an
2369 optional ``addECS`` option to ``TeeAction()``
2370 - `#4029 <https://github.com/PowerDNS/pdns/pull/4029>`__ Add version
2371 and feature information to version output
2372 - `#4079 <https://github.com/PowerDNS/pdns/pull/4079>`__ Return an
2373 error on RemoteLog{,Response}Action() w/o protobuf
2374 - `#4246 <https://github.com/PowerDNS/pdns/pull/4246>`__ API now sends
2375 pools as a JSON array instead of a string
2376 - `#4302 <https://github.com/PowerDNS/pdns/pull/4302>`__ Add ``help()``
2377 and ``showVersion()``
2378 - `#4286 <https://github.com/PowerDNS/pdns/pull/4286>`__ Add response
2379 rules to the API and Web status page
2380 - `#4068 <https://github.com/PowerDNS/pdns/pull/4068>`__ Display the
2381 dyn eBPF filters stats in the web interface
2386 - `#3755 <https://github.com/PowerDNS/pdns/pull/3755>`__ Fix RegexRule
2387 example in dnsdistconf.lua
2388 - `#3773 <https://github.com/PowerDNS/pdns/pull/3773>`__ Stop copying
2389 the HTTP request headers to the response
2390 - `#3837 <https://github.com/PowerDNS/pdns/pull/3837>`__ Remove dnsdist
2391 service file on trusty
2392 - `#3840 <https://github.com/PowerDNS/pdns/pull/3840>`__ Catch
2393 WrongTypeException in client mode
2394 - `#3906 <https://github.com/PowerDNS/pdns/pull/3906>`__ Keep the
2395 servers ordered inside pools
2396 - `#3988 <https://github.com/PowerDNS/pdns/pull/3988>`__ Fix
2397 ``grepq()`` output in the README
2398 - `#3992 <https://github.com/PowerDNS/pdns/pull/3992>`__ Fix some typos
2399 in the AXFR/IXFR documentation
2400 - `#3995 <https://github.com/PowerDNS/pdns/pull/3995>`__ Fix comparison
2401 between signed and unsigned integer
2402 - `#4049 <https://github.com/PowerDNS/pdns/pull/4049>`__ Fix dnsdist
2403 rpm building script #4048 (Daniel Stirnimann)
2404 - `#4065 <https://github.com/PowerDNS/pdns/pull/4065>`__ Include
2405 editline/readline.h instead of readline.h/history.h
2406 - `#4067 <https://github.com/PowerDNS/pdns/pull/4067>`__ Disable eBPF
2407 support when BPF\_FUNC\_tail\_call is not found
2408 - `#4069 <https://github.com/PowerDNS/pdns/pull/4069>`__ Fix a buffer
2409 overflow when displaying an OpcodeRule
2410 - `#4101 <https://github.com/PowerDNS/pdns/pull/4101>`__ Fix $
2411 expansion in build-dnsdist-rpm
2412 - `#4198 <https://github.com/PowerDNS/pdns/pull/4198>`__ newServer
2413 setting maxCheckFailures makes no sense (stutiredboy)
2414 - `#4205 <https://github.com/PowerDNS/pdns/pull/4205>`__ Prevent the
2415 use of "any" addresses for downstream server
2416 - `#4220 <https://github.com/PowerDNS/pdns/pull/4220>`__ Don't log an
2417 error when parsing an invalid UDP query
2418 - `#4348 <https://github.com/PowerDNS/pdns/pull/4348>`__ Fix invalid
2419 outstanding count for {A,I}XFR over TCP
2420 - `#4365 <https://github.com/PowerDNS/pdns/pull/4365>`__ Reset origFD
2421 asap to keep the outstanding count correct
2422 - `#4375 <https://github.com/PowerDNS/pdns/pull/4375>`__ Tuple requires
2423 make\_tuple to initialize
2424 - `#4380 <https://github.com/PowerDNS/pdns/pull/4380>`__ Fix
2425 compilation with clang when eBPF support is enabled
2430 Released April 21st 2016
2432 Changes since 1.0.0-beta1:
2437 - `#3700 <https://github.com/PowerDNS/pdns/pull/3700>`__ Create user
2438 from the RPM package to drop privs
2439 - `#3712 <https://github.com/PowerDNS/pdns/pull/3712>`__ Make check
2440 should run testrunner
2441 - `#3713 <https://github.com/PowerDNS/pdns/pull/3713>`__ Remove
2442 contrib/dnsdist.service (Ruben Kerkhof)
2443 - `#3722 <https://github.com/PowerDNS/pdns/pull/3722>`__ Use LT\_INIT
2444 and disable static objects (Ruben Kerkhof)
2445 - `#3724 <https://github.com/PowerDNS/pdns/pull/3724>`__ Include
2446 PDNS\_CHECK\_OS in configure (Christian Hofstaedtler)
2447 - `#3728 <https://github.com/PowerDNS/pdns/pull/3728>`__ Document
2448 libedit Ctrl-R workaround for CentOS 6
2449 - `#3730 <https://github.com/PowerDNS/pdns/pull/3730>`__ Make
2450 ``topBandwidth()`` behave like other top\* functions
2451 - `#3731 <https://github.com/PowerDNS/pdns/pull/3731>`__ Clarify a bit
2452 the documentation of load-balancing policies
2457 - `#3711 <https://github.com/PowerDNS/pdns/pull/3711>`__ Building rpm
2458 needs systemd headers (Ruben Kerkhof)
2459 - `#3736 <https://github.com/PowerDNS/pdns/pull/3736>`__ Add missing
2460 Lua binding for NetmaskGroupRule()
2461 - `#3739 <https://github.com/PowerDNS/pdns/pull/3739>`__ Drop
2462 privileges after daemonizing and writing our pid
2467 Released April 14th 2016
2469 Changes since 1.0.0-alpha2:
2474 - Per-pool packet cache
2475 - Some actions do not stop the processing anymore when they match,
2476 allowing more complex setups: Delay, Disable Validation, Log,
2477 MacAddr, No Recurse and of course None
2478 - The new RE2Rule() is available, using the RE2 regular expression
2479 library to match queries, in addition to the existing POSIX-based
2481 - SpoofAction() now supports multiple A and AAAA records
2482 - Remote logging of questions and answers via Protocol Buffer
2487 - `#3405 <https://github.com/PowerDNS/pdns/pull/3405>`__ Add health
2488 check logging, ``maxCheckFailures`` to backend
2489 - `#3412 <https://github.com/PowerDNS/pdns/pull/3412>`__ Check config
2490 - `#3440 <https://github.com/PowerDNS/pdns/pull/3440>`__ Client
2491 operation improvements
2492 - `#3466 <https://github.com/PowerDNS/pdns/pull/3466>`__ Add dq binding
2493 for skipping packet cache in LuaAction (Jan Broer)
2494 - `#3499 <https://github.com/PowerDNS/pdns/pull/3499>`__ Add support
2495 for multiple carbon servers
2496 - `#3504 <https://github.com/PowerDNS/pdns/pull/3504>`__ Allow
2497 accessing the API with an optional API key
2498 - `#3556 <https://github.com/PowerDNS/pdns/pull/3556>`__ Add an option
2499 to limit the number of queued TCP connections
2500 - `#3578 <https://github.com/PowerDNS/pdns/pull/3578>`__ Add a
2501 ``disable-syslog`` option
2502 - `#3608 <https://github.com/PowerDNS/pdns/pull/3608>`__ Export cache
2504 - `#3622 <https://github.com/PowerDNS/pdns/pull/3622>`__ Display the
2505 ACL content on startup
2506 - `#3627 <https://github.com/PowerDNS/pdns/pull/3627>`__ Remove ECS
2507 option from response's OPT RR when necessary
2508 - `#3633 <https://github.com/PowerDNS/pdns/pull/3633>`__ Count "TTL too
2510 - `#3677 <https://github.com/PowerDNS/pdns/pull/3677>`__ systemd-notify
2516 - `#3388 <https://github.com/PowerDNS/pdns/pull/3388>`__ Lock the Lua
2517 context before executing a LuaAction
2518 - `#3433 <https://github.com/PowerDNS/pdns/pull/3433>`__ Check that the
2519 answer matches the initial query
2520 - `#3461 <https://github.com/PowerDNS/pdns/pull/3461>`__ Fix crash when
2521 calling rmServer() with an invalid index
2522 - `#3550 <https://github.com/PowerDNS/pdns/pull/3550>`__,\ `#3551 <https://github.com/PowerDNS/pdns/pull/3551>`__
2523 Fix build failure on FreeBSD (Ruben Kerkhof)
2524 - `#3594 <https://github.com/PowerDNS/pdns/pull/3594>`__ Prevent EOF
2525 error for empty console response w/o sodium
2526 - `#3634 <https://github.com/PowerDNS/pdns/pull/3634>`__ Prevent
2527 dangling TCP fd in case setupTCPDownstream() fails
2528 - `#3641 <https://github.com/PowerDNS/pdns/pull/3641>`__ Under
2529 threshold, QPS action should return None, not Allow
2530 - `#3658 <https://github.com/PowerDNS/pdns/pull/3658>`__ Fix a race
2531 condition in MaxQPSIPRule
2536 Released February 5th 2016
2538 Changes since 1.0.0-alpha1:
2543 - Lua functions now receive a DNSQuestion ``dq`` object instead of
2544 several parameters. This adds a greater compatibility with PowerDNS
2545 and allows adding more parameters without breaking the API
2546 (`#3198 <https://github.com/PowerDNS/pdns/issues/3198>`__)
2547 - Added a ``source`` option to ``newServer()`` to specify the local
2548 address or interface used to contact a downstream server
2549 (`#3138 <https://github.com/PowerDNS/pdns/issues/3138>`__)
2550 - CNAME and IPv6-only support have been added to spoofed responses
2551 (`#3064 <https://github.com/PowerDNS/pdns/issues/3064>`__)
2552 - ``grepq()`` can be used to search for slow queries, along with
2554 - New Lua functions: ``addDomainCNAMESpoof()``, ``AllowAction()`` by
2555 @bearggg, ``exceedQRate()``, ``MacAddrAction()``, ``makeRule()``,
2556 ``NotRule()``, ``OrRule()``, ``QClassRule()``, ``RCodeAction()``,
2557 ``SpoofCNAMEAction()``, ``SuffixMatchNodeRule()``, ``TCPRule()``,
2559 - ``NetmaskGroup`` support have been added in Lua
2560 (`#3144 <https://github.com/PowerDNS/pdns/issues/3144>`__)
2561 - Added ``MacAddrAction()`` to add the source MAC address to the
2563 (`#3313 <https://github.com/PowerDNS/pdns/issues/3313>`__)
2568 - An issue in DelayPipe could make dnsdist crash at startup
2569 - ``downstream-timeouts`` metric was not always updated
2570 - ``truncateTC`` was unproperly updating the response length
2571 (`#3126 <https://github.com/PowerDNS/pdns/issues/3126>`__)
2572 - DNSCrypt responses larger than queries were unproperly truncated
2573 - An issue prevented info message from being displayed in non-verbose
2574 mode, fixed by Jan Broer
2575 - Reinstating an expired Dynamic Rule was not correctly logged
2576 (`#3323 <https://github.com/PowerDNS/pdns/issues/3323>`__)
2577 - Initialized counters in the TCP client thread might have cause FD and
2578 memory leak, reported by Martin Pels
2579 (`#3300 <https://github.com/PowerDNS/pdns/issues/3300>`__)
2580 - We now drop queries containing no question (qdcount == 0)
2581 (`#3290 <https://github.com/PowerDNS/pdns/issues/3290>`__)
2582 - Outstanding TCP queries count was not always correct
2583 (`#3288 <https://github.com/PowerDNS/pdns/issues/3288>`__)
2584 - A locking issue in exceedRespGen() might have caused crashs
2585 (`#3277 <https://github.com/PowerDNS/pdns/issues/3277>`__)
2586 - Useless sockets were created in client mode
2587 (`#3257 <https://github.com/PowerDNS/pdns/issues/3257>`__)
2588 - ``addAnyTCRule()`` was generating TC=1 responses even over TCP
2589 (`#3251 <https://github.com/PowerDNS/pdns/issues/3251>`__)
2594 - Cleanup of the HTML by Sander Hoentjen
2595 - Fixed an XSS reported by @janeczku
2596 (`#3217 <https://github.com/PowerDNS/pdns/issues/3217>`__)
2597 - Removed remote images
2598 - Set the charset to UTF-8, added some security-related and CORS HTTP
2600 - Added server latency by Jan Broer
2601 (`#3201 <https://github.com/PowerDNS/pdns/issues/3201>`__)
2602 - Switched to official minified versions of JS scripts, by Sander
2603 Hoentjen (`#3317 <https://github.com/PowerDNS/pdns/issues/3317>`__)
2604 - Don't log unauthenticated HTTP request as an authentication failure
2606 Various documentation updates and minor cleanups:
2607 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
2609 - Added documentation for Advanced DNS Protection features (Dynamic
2610 rules, ``maintenance()``)
2611 - Make ``topBandwidth()`` default to the top 10 clients
2612 - Replaced readline with libedit
2613 - Added GPL2 License
2614 (`#3200 <https://github.com/PowerDNS/pdns/issues/3200>`__)
2615 - Added incbin License
2616 (`#3269 <https://github.com/PowerDNS/pdns/issues/3269>`__)
2617 - Updated completion rules
2618 - Removed wrong option ``--daemon-no`` by Stefan Schmidt
2623 Released December 24th 2015