From: Otto <otto.moerbeek@open-xchange.com>
Date: Fri, 5 Mar 2021 08:33:39 +0000 (+0100)
Subject: Prep for rec-4.5.0-alpha2
X-Git-Tag: rec-4.5.0-beta1~37^2~4
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=6e599acc0d54c93dafc0667826c490da3dc38161;p=thirdparty%2Fpdns.git

Prep for rec-4.5.0-alpha2
---

diff --git a/docs/secpoll.zone b/docs/secpoll.zone
index 6e01a69d86..f028c2a8b9 100644
--- a/docs/secpoll.zone
+++ b/docs/secpoll.zone
@@ -1,4 +1,4 @@
-@       86400   IN  SOA pdns-public-ns1.powerdns.com. pieter\.lexis.powerdns.com. 2021030401 10800 3600 604800 10800
+@       86400   IN  SOA pdns-public-ns1.powerdns.com. pieter\.lexis.powerdns.com. 2021030801 10800 3600 604800 10800
 @       3600    IN  NS  pdns-public-ns1.powerdns.com.
 @       3600    IN  NS  pdns-public-ns2.powerdns.com.
 
@@ -249,7 +249,8 @@ recursor-4.4.0-rc2.security-status                      60 IN TXT "3 Unsupported
 recursor-4.4.0.security-status                          60 IN TXT "1 OK"
 recursor-4.4.1.security-status                          60 IN TXT "1 OK"
 recursor-4.4.2.security-status                          60 IN TXT "1 OK"
-recursor-4.5.0-alpha1.security-status                   60 IN TXT "1 OK"
+recursor-4.5.0-alpha1.security-status                   60 IN TXT "1 "Unsupported pre-release"
+recursor-4.5.0-alpha2.security-status                   60 IN TXT "1 OK"
 
 ; Recursor Debian
 recursor-3.6.2-2.debian.security-status                 60 IN TXT "3 Upgrade now, see https://doc.powerdns.com/3/security/powerdns-advisory-2015-01/ and https://doc.powerdns.com/3/security/powerdns-advisory-2016-02/"
diff --git a/pdns/recursordist/docs/changelog/4.5.rst b/pdns/recursordist/docs/changelog/4.5.rst
index 390bb42a57..1406adb157 100644
--- a/pdns/recursordist/docs/changelog/4.5.rst
+++ b/pdns/recursordist/docs/changelog/4.5.rst
@@ -1,6 +1,126 @@
 Changelogs for 4.5.X
 ====================
 
+.. changelog::
+  :version: 4.5.0-alpha2
+  :released: 8th of March 2021
+
+  .. change::
+    :tags: Improvements
+    :pullreq: 10010
+
+    Check sizeof(time_t) to be at least 8.
+
+  .. change::
+    :tags: Improvements
+    :pullreq: 10118
+
+    Change dnssec default to `process`.
+
+  .. change::
+    :tags: Improvements
+    :pullreq: 10047
+
+    Implement rfc 8198 - Aggressive Use of DNSSEC-Validated Cache.
+
+  .. change::
+    :tags: Improvements
+    :pullreq: 10112
+
+    Be less verbose telling we are looking up CNAMEs or DNAMEs while tracing.
+
+  .. change::
+    :tags: Bug Fixes
+    :pullreq: 10111
+    :tickets: 10080
+
+    Handle policy (if needed) after postresolve and document the hooks better.
+
+  .. change::
+    :tags: Improvements
+    :pullreq: 9361
+
+    Bind __tostring instead of toString for Lua, so that conversion to string works automatically (Aki Tuomi).
+
+  .. change::
+    :tags: Improvements
+    :pullreq: 10113
+    :tickets: 8587
+
+    Add validation state to protobuf message.
+
+  .. change::
+    :tags: Improvements
+    :pullreq: 10109
+    :tickets: 9654, 9653
+
+    Add Policy Kind / RPZ action to Protobuf messages.
+
+  .. change::
+    :tags: Improvements
+    :pullreq: 10089
+    :tickets: 10058
+
+    Count DNSSEC stats for given names in a different set of counters.
+
+  .. change::
+    :tags: Improvements
+    :pullreq: 10096
+
+    Remember non resolving ns.
+
+  .. change::
+    :tags: Improvements
+    :pullreq: 9468
+
+    Pass an fd to dump to from rec_control to the recursor.
+
+  .. change::
+    :tags: Improvements
+    :pullreq: 10075
+
+    Introduce settings to never cache EDNS Client (v4/v6) Subnet carrying replies.
+
+  .. change::
+    :tags: Improvements
+    :pullreq: 10077
+    :tickets: 9845
+
+    Change spoof-nearmiss-max default to 1.
+
+  .. change::
+    :tags: Improvements
+    :pullreq: 10022
+    :tickets: 10021
+
+    Add missing entries to Prometheus metrics.
+
+  .. change::
+    :tags: Bug Fixes
+    :pullreq: 10064
+    :tickets: 9547
+
+    Return current rcode instead of 0 if there are no CNAME records to follow.
+
+  .. change::
+    :tags: Improvements
+    :pullreq: 9990
+
+    Also use packetcache for tcp queries.
+
+  .. change::
+    :tags: Improvements
+    :pullreq: 10020
+    :tickets: 10009
+
+    Document taskqueue metrics and add them to SNMP MIB.
+
+  .. change::
+    :tags: Improvements
+    :pullreq: 9996
+
+    Treat the .localhost domain as special.
+
 .. changelog::
   :version: 4.5.0-alpha1
   :released: 15th of January 2021
diff --git a/pdns/recursordist/docs/upgrade.rst b/pdns/recursordist/docs/upgrade.rst
index d136de152e..831d4e24b4 100644
--- a/pdns/recursordist/docs/upgrade.rst
+++ b/pdns/recursordist/docs/upgrade.rst
@@ -26,12 +26,19 @@ The next release will start deprecating them.
 Users are advised to start using the new names to avoid future
 trouble.
 
+Special Domains
+^^^^^^^^^^^^^^^
+Queries for all names in the ``.localhost`` domain will answer in accordance with :rfc:`6761` section 6.3 point 4.
+That means that they will be answered with ``127.0.0.1``, ``::1` or a negative` response.
+
 New Settings
 ^^^^^^^^^^^^
 - The :ref:`setting-extended-resolution-errors` has been added, enabling adding EDNS Extended Errors to responses.
 - The :ref:`setting-refresh-on-ttl-perc`, enabling an automatic cache-refresh mechanism.
 - The :ref:`setting-ecs-ipv4-never-cache` and :ref:`setting-ecs-ipv6-never-cache` settings have been added, allowing an overrule of the existing decision whether to cache EDNS responses carrying subnet information.
-
+- The :ref:`setting-aggressive-nsec-cache-size` setting has been added, enabling the functionality described in :rfc:`8198`.
+- The :ref:`setting-x-dnssec-names` setting has been added, allowing DNSSEC metrics to be recorded in a different set of counter for given domains.
+  
 Deprecated and changed settings
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 - The :ref:`setting-minimum-ttl-override` and :ref:`setting-ecs-minimum-ttl-override` defaults have ben changed from 0 to 1.