Changelogs for 4.3.x
====================
+.. changelog::
+ :version: 4.3.0-beta1
+ :released: 31st of January 2020
+
+ This is the first beta for version 4.3.0 of the Authoritative Server.
+ Please see :doc:`the upgrade notes <../upgrading>` for some minor breaking changes.
+
+ Some minor fixes have been left out from the list below; some other bugs may have been fixed accidentally as a result of the tremendous amount of work that goes into each of our major releases.
+
+ As announced in `Backend removals in the upcoming Authoritative Server release <https://blog.powerdns.com/2019/10/17/backend-removals-in-the-upcoming-authoritative-server-release/>`_, we have removed five backends.
+
+ .. change::
+ :tags: Changes
+ :pullreq: 8754
+
+ remove the implicit 5->7 algorithm upgrade
+
+ .. change::
+ :tags: Improvements
+ :pullreq: 8749
+
+ allow local-ipv6 until 4.4.0
+
+ .. change::
+ :tags: New Features
+ :pullreq: 8594
+
+ add default-publish-{cds|cdnskey} options
+
+ .. change::
+ :tags: Changes
+ :pullreq: 8744
+
+ Make Lua mandatory for Auth (Chris Hofstaedtler)
+
+ .. change::
+ :tags: Improvements
+ :pullreq: 8681
+
+ Add metrics about the size of our in-memory rings
+
+ .. change::
+ :tags: Bug Fixes
+ :pullreq: 8628
+
+ make sure records from LMDB backend end up in the right packet section (Kees Monshouwer)
+
+ .. change::
+ :tags: Improvements
+ :pullreq: 8627
+
+ gpgsqlbackend: stop using prepared statements (Chris Hofstaedtler)
+
+ .. change::
+ :tags: Improvements
+ :pullreq: 8713
+
+ Enforce a strict maximum size for the packet and records caches
+
+ .. change::
+ :tags: New Features
+ :pullreq: 8701, 8732
+
+ remotebackend: Support alsoNotifies, setFresh, getUnfreshSlaveInfos
+
+ .. change::
+ :tags: Bug Fixes
+ :pullreq: 8649
+
+ Clear the TSIG algo between iterations in the API
+
+ .. change::
+ :tags: New Features
+ :pullreq: 8177
+
+ Add support for managing unpublished DNSSEC keys (Robin Geuze, TransIP)
+
+ .. change::
+ :tags: Bug Fixes
+ :pullreq: 8668
+
+ HTTP API: Allow DNAME in apex with SOA and NS records
+
.. changelog::
:version: 4.3.0-alpha1
:released: 10th of December 2019
This is the first alpha for version 4.3.0 of the Authoritative Server.
Please see :doc:`the upgrade notes <../upgrading>` for some minor breaking changes.
- Some minor fixes have been left out from the list below; some other bugs may have been fixed accidentally as a result of the tremendous amount of work that goes into each of our major releases.
- As announced in `Backend removals in the upcoming Authoritative Server release <https://blog.powerdns.com/2019/10/17/backend-removals-in-the-upcoming-authoritative-server-release/>`_, we have removed five backends.
.. change::
:tags: Removed Features
-@ 86400 IN SOA pdns-public-ns1.powerdns.com. pieter\.lexis.powerdns.com. 2020011600 10800 3600 604800 10800
+@ 86400 IN SOA pdns-public-ns1.powerdns.com. pieter\.lexis.powerdns.com. 2020013100 10800 3600 604800 10800
@ 3600 IN NS pdns-public-ns1.powerdns.com.
@ 3600 IN NS pdns-public-ns2.powerdns.com.
auth-4.2.0-rc3.security-status 60 IN TXT "2 Unsupported pre-release (no known vulnerabilities)"
auth-4.2.0.security-status 60 IN TXT "1 OK"
auth-4.2.1.security-status 60 IN TXT "1 OK"
-auth-4.3.0-alpha1.security-status 60 IN TXT "1 OK"
+auth-4.3.0-alpha1.security-status 60 IN TXT "2 Unsupported pre-release (no known vulnerabilities)"
+auth-4.3.0-beta1.security-status 60 IN TXT "1 OK"
; Auth Debian
auth-3.4.1-2.debian.security-status 60 IN TXT "3 Upgrade now, see https://doc.powerdns.com/3/security/powerdns-advisory-2015-01/ and https://doc.powerdns.com/3/security/powerdns-advisory-2015-02/ and https://doc.powerdns.com/3/security/powerdns-advisory-2016-02/ and https://doc.powerdns.com/3/security/powerdns-advisory-2016-03/ and https://doc.powerdns.com/3/security/powerdns-advisory-2016-04/ and https://doc.powerdns.com/3/security/powerdns-advisory-2016-05/"
----------------------------
.. versionchanged:: 4.3.0
- This setting has been removed, use :ref:`setting-localaddress-nonexist-fail`
+ This setting has been removed, use :ref:`setting-local-address-nonexist-fail`
- Boolean
- Default: no
- :ref:`setting-local-ipv6` has been deprecated, and will be removed in 4.4.0. IPv4 and IPv6 listen addresses can now be set with :ref:`setting-local-address`. The default for the latter has been changed to ``0.0.0.0, ::``.
+Schema changes
+^^^^^^^^^^^^^^
+- The new 'unpublished DNSSEC keys' feature comes with a mandatory schema change for all database backends (including BIND with a DNSSEC database). Please find files named "4.2.0_to_4.3.0_schema.X.sql" for your database backend in our Git repo, tarball, or distro-specific documentation path. For the LMDB backend, please review :ref:`setting-lmdb-schema-version`.
+
+Implicit 5->7 algorithm upgrades
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+Since version 3.0 (the first version of the PowerDNS Authoritative Server that supported DNSSEC signing), we have automatically, silently, upgraded algorithm 5 (RSASHA1) keys to algorithm 7 (RSASHA1-NSEC3-SHA1) when the user enabled DNSSEC. This has been a source of confusion, and because of that, we introduced warnings for users of this feature in 4.0 and 4.1. To see if you are affected, run ``pdnsutil check-all-zones`` from version 4.0 or up. In this release, the automatic upgrade is gone, and affected zones will break if no action is taken.
4.1.X to 4.2.0
--------------
projects / thirdparty / pdns.git / commitdiff
