From: Peter van Dijk Date: Mon, 10 May 2021 09:50:59 +0000 (+0200) Subject: changelog and secpoll for auth-4.5.0-alpha1 X-Git-Tag: auth-4.5.0-beta1~17^2~2 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=71f1dd2ce2378451e55ac80923ddef23f0326103;p=thirdparty%2Fpdns.git changelog and secpoll for auth-4.5.0-alpha1 --- diff --git a/.github/actions/spell-check/expect.txt b/.github/actions/spell-check/expect.txt index 10585b48f7..df7c6d79bd 100644 --- a/.github/actions/spell-check/expect.txt +++ b/.github/actions/spell-check/expect.txt @@ -293,6 +293,7 @@ createslavedomain Cremers criteo cron +crowley crv cryptokey Cryptoki @@ -1156,6 +1157,7 @@ nx nxd NXDATA nxdomain +nzlosh oarc oauth Obermayer @@ -1462,11 +1464,13 @@ rsync ru Rueckert rulesets +runtimedir Ruthensteiner rv Rvd rw rwlock +rytis Sakaguchi saltsa sandboxing diff --git a/docs/changelog/4.5.rst b/docs/changelog/4.5.rst new file mode 100644 index 0000000000..77ed8eda16 --- /dev/null +++ b/docs/changelog/4.5.rst @@ -0,0 +1,253 @@ +Changelogs for 4.5.x +==================== + +.. changelog:: + :version: 4.5.0-alpha1 + :released: 15th of May 2021 + + This is version 4.5.0-alpha1 of the Authoritative Server. + This release contains a ton of improvements and bug fixes compared to 4.4, but very few user visible changes. + + Please make sure to read the :doc:`upgrade notes <../upgrading>` before upgrading. + + .. change:: + :tags: Improvements + :pullreq: 10260 + + Lower max-nsec3-iterations to 100 (Kees Monshouwer) + + .. change:: + :tags: Improvements + :pullreq: 10421 + + add an option to in/exclude disabled zones in the pdnsutil list-all-zone and list-keys output (Kees Monshouwer) + + .. change:: + :tags: Bug Fixes + :pullreq: 10399 + + Make sure we recheck failed SOA lookups for notifies (Kees Monshouwer) + + .. change:: + :tags: Improvements + :pullreq: 8999, 9788 + + Swagger/OpenAPI improvements (Kevin Fleming) + + .. change:: + :tags: Bug Fixes + :pullreq: 9813 + + geoip: set netmask on all string formatting types + + .. change:: + :tags: Bug Fixes + :pullreq: 9768 + + fix rounding inaccuracy in latency statistics (Kees Monshouwer) + + .. change:: + :tags: Improvements + :pullreq: 9574 + + Ensure socket-dir matches runtimedir on old systemd + + .. change:: + :tags: Bug Fixes + :pullreq: 9775 + + pdnsutil add-record: notice when backend does not support replaceRRSet + + .. change:: + :tags: Improvements + :pullreq: 9764, 9847, 9848, 9910 + + Various logging improvements (Kees Monshouwer, nzlosh) + + .. change:: + :tags: Improvements + :pullreq: 9752, 9803, 10028, 10067, 10068, 10165 + + Various improvements to the Docker image (rytis, james-crowley) + + .. change:: + :tags: Improvements + :pullreq: 9749, 9819, 9831, 9832, 9857, 9876, 9895, 9911, 9914, 9920, 9930, 9932, 9937, 9955, 9979, 10016, 10137, 10141, 10216, 10245, 10269, 10271, 10310, 10329, 10336, 10344 + + Build improvements (support for new compilers and boost versions, etc.), improved usage of some library constructs, and architecture specific fixes + + .. change:: + :tags: Improvements + :pullreq: 9913 + + Switch to C++17 + + .. change:: + :tags: Improvements + :pullreq: 9885, 9888, 9933, 10013, 10099, 10107, 10186 + + LMDB improvements (better transaction safety; support for the ``disabled`` field; better upgrade handling; stale reader cleanup; other bug fixes) (Robin Geuze, Kees Monshouwer) + + .. change:: + :tags: Removed Features + :pullreq: 10259 + + gpgsql backend: drop refcursor support (it never worked anyway) + + .. change:: + :tags: Bug Fixes + :pullreq: 9766, 9844, 9919, 10074 + + Fixed bugs in the implementations of the ``SVCB``, ``HTTPS``, ``IPSECKEY`` and ``APL`` types. + + .. change:: + :tags: New Features + :pullreq: 10078, 10172, 10121, 10256, 10234 + + New RRtypes supported: ``CSYNC``, ``NID``, ``L32``, ``L64``, and ``LP`` + + .. change:: + :tags: Improvements + :pullreq: 10196 + + Implement priority levels in the AXFR queue (Robin Geuze) + + .. change:: + :tags: Improvements + :pullreq: 9658, 9669, 10430 + + pdns.conf, pdnsutil, pdns_control: add modern aliases for words like master and slave. Add a setting to ignore unknown settings, to make mixed-version testing easier. (Chris Hofstaedtler, Kees Monshouwer) + + While changing names, Kees Monshouwer also renamed 'domain' to 'zone' in a ton of places. + + .. change:: + :tags: Removed Features + :pullreq: 10251 + + remove local-ipv6, query-local-address6, after their deprecation in 4.4 + + .. change:: + :tags: New Features + :pullreq: 10217 + + API HTTP cryptokeys: add cds array when configured to do so + + .. change:: + :tags: Improvements + :pullreq: 10236 + + When rectifying, do not update ordernames/auth when there is no need (Kees Monshouwer) + + .. change:: + :tags: New Features + :pullreq: 9995, 10060, 10149 + + sdig: DoT support; TCP Fast Opens support for TCP/DoT/DoH + + .. change:: + :tags: Bug Fixes + :pullreq: 10155 + + ALIAS: Ensure A and AAAA are in the NSEC bitmap + + .. change:: + :tags: Improvements + :pullreq: 10161 + + memory usage reporting: use RES instead of "data" size + + .. change:: + :tags: Removed Features + :pullreq: 10010 + + Check ``sizeof(time_t)`` to be at least 8. This makes it easier for us to handle times beyond the years 2038 and 2106 safely. This removes support for platforms where ``time_t`` is still only 32 bits wide. + + .. change:: + :tags: Bug Fixes + :pullreq: 10081 + + pdnsutil load-zone: reject zones with broken rrs + + .. change:: + :tags: Bug Fixes + :pullreq: 9826 + + pdnsutil edit-zone: do not exit on ZoneParser exception + + .. change:: + :tags: Improvements + :pullreq: 10087 + + pdnsutil: Warn on CNAME targets for NS, MX and SRV + + .. change:: + :tags: Improvements + :pullreq: 10264 + + Also disable PMTU for IPv6 (it was disabled for IPv4 already) + + .. change:: + :tags: Improvements + :pullreq: 8813 + + Make check-zone also check whether there are duplicate key value pair metadatas for the zone (RobinGeuze) + + .. change:: + :tags: Bug Fixes + :pullreq: 10007 + + fix tcp answer counters (Kees Monshouwer) + + .. change:: + :tags: Bug Fixes + :pullreq: 10037 + + run deleteDomain() inside a transaction (Kees Monshouwer) + + .. change:: + :tags: New Features + :pullreq: 9958 + + Serve NSEC3PARAM when asked without DO + + .. change:: + :tags: Bug Fixes + :pullreq: 8829 + + gsqlite3: handle escaping correctly for API search + + .. change:: + :tags: Bug Fixes + :pullreq: 9872 + + fix direct-dnskey in AXFR-out (Kees Monshouwer) + + .. change:: + :tags: Improvements + :pullreq: 9520 + + detect possible metadata cache pollution (Kees Monshouwer) + + .. change:: + :tags: Bug Fixes + :pullreq: 10364 + + auth: Don't choke on non-base64 values when importing zone keys + + .. change:: + :tags: New Features + :pullreq: 9464, 10432 + + Add a cache of all domains, avoiding backend lookups for domains that do not exist, and for non-existing subdomains. (Chris Hofstaedtler) + + .. change:: + :tags: Improvements + :pullreq: 10401 + + change the consistent-backends default to 'yes' + + .. change:: + :tags: Bug Fixes + :pullreq: 10392 + + gpgsql: use SELECT .. RETURNING to get inserted row ID diff --git a/docs/changelog/index.rst b/docs/changelog/index.rst index 91280d4cf7..73a6df2b80 100644 --- a/docs/changelog/index.rst +++ b/docs/changelog/index.rst @@ -6,6 +6,7 @@ The changelogs for the PowerDNS Authoritative Server are split between release t .. toctree:: :maxdepth: 2 + 4.5 4.4 4.3 4.2 diff --git a/docs/secpoll.zone b/docs/secpoll.zone index abaf61a32c..b7bfcc0f14 100644 --- a/docs/secpoll.zone +++ b/docs/secpoll.zone @@ -1,4 +1,4 @@ -@ 86400 IN SOA pdns-public-ns1.powerdns.com. pieter\.lexis.powerdns.com. 2021051102 10800 3600 604800 10800 +@ 86400 IN SOA pdns-public-ns1.powerdns.com. pieter\.lexis.powerdns.com. 2021052600 10800 3600 604800 10800 @ 3600 IN NS pdns-public-ns1.powerdns.com. @ 3600 IN NS pdns-public-ns2.powerdns.com. @@ -78,6 +78,7 @@ auth-4.4.0-beta1.security-status 60 IN TXT "2 Unsupported auth-4.4.0-rc1.security-status 60 IN TXT "2 Unsupported pre-release (no known vulnerabilities)" auth-4.4.0.security-status 60 IN TXT "1 OK" auth-4.4.1.security-status 60 IN TXT "1 OK" +auth-4.5.0-alpha1.security-status 60 IN TXT "1 OK" ; Auth Debian auth-3.4.1-2.debian.security-status 60 IN TXT "3 Upgrade now, see https://doc.powerdns.com/3/security/powerdns-advisory-2015-01/ and https://doc.powerdns.com/3/security/powerdns-advisory-2015-02/ and https://doc.powerdns.com/3/security/powerdns-advisory-2016-02/ and https://doc.powerdns.com/3/security/powerdns-advisory-2016-03/ and https://doc.powerdns.com/3/security/powerdns-advisory-2016-04/ and https://doc.powerdns.com/3/security/powerdns-advisory-2016-05/" diff --git a/docs/upgrading.rst b/docs/upgrading.rst index 8e433279e5..c4992392e4 100644 --- a/docs/upgrading.rst +++ b/docs/upgrading.rst @@ -16,7 +16,10 @@ Record type changes The in-database format of ``CSYNC``, ``IPSECKEY``, ``NID``, ``L32``, ``L64``, and ``LP`` records has changed from 'generic' format to its specialized format. -API users might notice that replacing records of these types leaves the old TYPExx records around, even if PowerDNS is not serving them. +Generation of the in-database format of ``SVCB`` and ``HTTPS`` received some important bug fixes. +(For these two types, you can skip the :ref:`setting-upgrade-unknown-types` setting mentioned below, but we still recommend the re-transfer.) + +API users might notice that replacing records of the newly supported types leaves the old TYPExx records around, even if PowerDNS is not serving them. To fix this, enable :ref:`setting-upgrade-unknown-types` and replace the records; this will then delete those TYPExx records. Then, disable the setting again, because it has a serious performance impact on API operations.