From: Peter van Dijk Date: Fri, 1 May 2015 08:30:21 +0000 (+0200) Subject: 3.3.2 notes X-Git-Tag: dnsdist-1.0.0-alpha1~248^2~80^2~1 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=1a358ea630f108f26d7b3f3a094751e8dda2b508;p=thirdparty%2Fpdns.git 3.3.2 notes --- diff --git a/docs/markdown/authoritative/upgrading.md b/docs/markdown/authoritative/upgrading.md index 2c6367401a..81f94ddbfb 100644 --- a/docs/markdown/authoritative/upgrading.md +++ b/docs/markdown/authoritative/upgrading.md @@ -2,6 +2,12 @@ Before proceeding, it is advised to check the release notes for your PDNS versio **WARNING**: Version 3.X of the PowerDNS Authoritative Server is a major upgrade if you are coming from 2.9.x. Please follow **all** instructions. +# 3.X.X to 3.3.2 + +Please run "pdnssec rectify-all-zones" and trigger an AXFR for all DNSSEC +zones to make sure you benefit from all the compliance improvements present in +this version. + # 3.4.X to HEAD ## API diff --git a/docs/markdown/changelog.md.raw b/docs/markdown/changelog.md.raw index 555f2e34c2..3f44f4fa6c 100644 --- a/docs/markdown/changelog.md.raw +++ b/docs/markdown/changelog.md.raw @@ -4,11 +4,21 @@ Released 1st of May, 2015 -Among other bug fixes and improvements (as listed below), this release incorporates a fix for -CVE-2015-1868, as detailed in [PowerDNS Security Advisory 2015-01](security/powerdns-advisory-2015-01.md) +Among other bug fixes and improvements (as listed below), this release +incorporates a fix for CVE-2015-1868, as detailed in [PowerDNS Security +Advisory 2015-01](security/powerdns-advisory-2015-01.md) + +If you are running DNSSEC with version 3.3.1, and you cannot currently upgrade +to 3.4.4, please consider upgrading to 3.3.2; it has a lot of improvements and +bug fixes and tremendously increases compliance. + +We want to explicitly thank Kees Monshouwer for digging up all the DNSSEC +improvements and porting them back to this release. + +When upgrading, please run "pdnssec rectify-all-zones" and trigger an AXFR for +all DNSSEC zones to make sure you benefit from all the compliance improvements +present in this version. -If you are running DNSSEC with version 3.3.1, and you cannot currently upgrade to 3.4.4, please consider -upgrading to 3.3.2; it has a lot of improvements and bug fixes and tremendously increases compliance. Security fixes: @@ -17,36 +27,35 @@ Security fixes: Improvements: -- [commit d0af589](https://github.com/PowerDNS/pdns/commit/d0af589): -- [commit c45b6db](https://github.com/PowerDNS/pdns/commit/c45b6db): auth: limit long version strings to 63 characters and catch exceptions in secpoll (Kees Monshouwer) -- [commit 88c1f21](https://github.com/PowerDNS/pdns/commit/88c1f21): force PACKAGEVERSION to string, fixes [ticket #2030](https://github.com/PowerDNS/pdns/issues/2030) (Peter van Dijk) -- [commit 2a4c620](https://github.com/PowerDNS/pdns/commit/2a4c620): secpoll: Replace ~ with _, too (Christian Hofstaedtler) -- [commit 4a4597e](https://github.com/PowerDNS/pdns/commit/4a4597e): if no nameserver configured in /etc/resolv.conf, send to 127.0.0.1. Closes [ticket #1851](https://github.com/PowerDNS/pdns/issues/1851). (bert hubert) -- [commit 9fa7373](https://github.com/PowerDNS/pdns/commit/9fa7373): initialize security_status to 0 (unknown) (bert hubert) -- [commit 8115a83](https://github.com/PowerDNS/pdns/commit/8115a83): implement security polling for auth (bert hubert) +- [commit d0af589](https://github.com/PowerDNS/pdns/commit/d0af589) +, [commit c45b6db](https://github.com/PowerDNS/pdns/commit/c45b6db) +, [commit 88c1f21](https://github.com/PowerDNS/pdns/commit/88c1f21) +, [commit 2a4c620](https://github.com/PowerDNS/pdns/commit/2a4c620) +, [commit 4a4597e](https://github.com/PowerDNS/pdns/commit/4a4597e) +, [commit 9fa7373](https://github.com/PowerDNS/pdns/commit/9fa7373) +, [commit 8115a83](https://github.com/PowerDNS/pdns/commit/8115a83): +implement security polling for auth +- [commit 5bbd868](https://github.com/PowerDNS/pdns/commit/5bbd868): import suck() from master (Kees Monshouwer) +- [commit 194f4d2](https://github.com/PowerDNS/pdns/commit/194f4d2): respond REFUSED instead of NOERROR for "unknown zone" situations (Peter van Dijk) +- [commit 55b0653](https://github.com/PowerDNS/pdns/commit/55b0653): set AA on CNAME into referral, fixes [ticket #589](https://github.com/PowerDNS/pdns/issues/589) (Peter van Dijk) +- [commit 71232aa](https://github.com/PowerDNS/pdns/commit/71232aa): update l.root ip (Kees Monshouwer) + +Bug fixes: +- [commit 88c52fe](https://github.com/PowerDNS/pdns/commit/88c52fe): make makeRelative() case insensitive (Kees Monshouwer) + +DNSSEC improvements: -- [commit 185bf20](https://github.com/PowerDNS/pdns/commit/185bf20): fix up compilation on RHEL (missing include) (bert hubert) - [commit b3dec9c](https://github.com/PowerDNS/pdns/commit/b3dec9c): change default for add-superfluous-nsec3-for-old-bind config option (Kees Monshouwer) - [commit 017a78b](https://github.com/PowerDNS/pdns/commit/017a78b): limit the number of NSEC3 iterations RFC5155 10.3 (Kees Monshouwer) -- [commit 88c52fe](https://github.com/PowerDNS/pdns/commit/88c52fe): make makeRelative() case insensitive (Kees Monshouwer) - [commit d768d7f](https://github.com/PowerDNS/pdns/commit/d768d7f): NSEC3 and related RRSIGS are not part of the dnstree (Kees Monshouwer) -- [commit 5bbd868](https://github.com/PowerDNS/pdns/commit/5bbd868): import suck() from master (Kees Monshouwer) - [commit 3a36a1c](https://github.com/PowerDNS/pdns/commit/3a36a1c): import bindbackend rectify code from master (Kees Monshouwer) - [commit 1ee7e22](https://github.com/PowerDNS/pdns/commit/1ee7e22): limit mode 0 closest provable encloser to optout (Kees Monshouwer) - [commit bbc0bc5](https://github.com/PowerDNS/pdns/commit/bbc0bc5): fix for errata 3441 of RFC5155 (Kees Monshouwer) - [commit e8bfa7b](https://github.com/PowerDNS/pdns/commit/e8bfa7b): allow covering NSEC3 record in NODATA response (Kees Monshouwer) -- [commit 194f4d2](https://github.com/PowerDNS/pdns/commit/194f4d2): respond REFUSED instead of NOERROR for "unknown zone" situations (Peter van Dijk) -- [commit 55b0653](https://github.com/PowerDNS/pdns/commit/55b0653): set AA on CNAME into referral, fixes [ticket #589](https://github.com/PowerDNS/pdns/issues/589) (Peter van Dijk) - [commit f0b3b24](https://github.com/PowerDNS/pdns/commit/f0b3b24): return NOTIMP for direct RRSIG request (Kees Monshouwer) - [commit c79addc](https://github.com/PowerDNS/pdns/commit/c79addc): import pdnssec checkZone() from master (Kees Monshouwer) - [commit 2f1fec7](https://github.com/PowerDNS/pdns/commit/2f1fec7): import pdnssec rectifyZone() from master (Kees Monshouwer) -- [commit 71232aa](https://github.com/PowerDNS/pdns/commit/71232aa): update l.root ip (Kees Monshouwer) -- [commit 1202d18](https://github.com/PowerDNS/pdns/commit/1202d18): update expected results for the regression tests (Kees Monshouwer) -- [commit 8ed113c](https://github.com/PowerDNS/pdns/commit/8ed113c): Revert "don't build .a files for backends, we do not use them at all; based on dbff3daf2a5354bbdd20058b356873327d1efc41" (Peter van Dijk) -- [commit d293d1b](https://github.com/PowerDNS/pdns/commit/d293d1b): don't build .a files for backends, we do not use them at all; based on dbff3daf2a5354bbdd20058b356873327d1efc41 (Peter van Dijk) -- [commit 1baa75d](https://github.com/PowerDNS/pdns/commit/1baa75d): move manpages (Peter van Dijk) -- [commit 9b13924](https://github.com/PowerDNS/pdns/commit/9b13924): move auth-git build script from jenkins config into git (Peter van Dijk) # PowerDNS Recursor 3.7.2