From: Peter van Dijk <peter.van.dijk@powerdns.com>
Date: Mon, 28 Sep 2020 11:28:57 +0000 (+0200)
Subject: 4.4.0-alpha1 changelog, secpoll, notes
X-Git-Tag: auth-4.4.0-alpha2~59^2~2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a03aaad7554483ee6efe72a81eda00a9d1a94fe5;p=thirdparty%2Fpdns.git

4.4.0-alpha1 changelog, secpoll, notes
---

diff --git a/.github/actions/spell-check/expect.txt b/.github/actions/spell-check/expect.txt
index 67f36f2c9b..06bb794a62 100644
--- a/.github/actions/spell-check/expect.txt
+++ b/.github/actions/spell-check/expect.txt
@@ -364,6 +364,7 @@ cppcheck
 createdb
 createslavedomain
 Cremers
+criteo
 CRn
 cron
 Cruft
@@ -639,6 +640,7 @@ execfile
 Exort
 externalrefs
 extrahead
+Exx
 Ezb
 Ezbu
 ezdns
@@ -776,6 +778,7 @@ gmysqlbackend
 gnutls
 godbc
 godbcbackend
+Godwottery
 goodmatch
 google
 googleapis
@@ -816,6 +819,7 @@ hardcoded
 hardcoding
 hardlink
 Harker
+Hausberger
 headbgcolor
 headerlink
 headfont
@@ -954,6 +958,7 @@ Jeroen
 jessie
 jj
 Joaqu
+jonathaneen
 Jong
 Jorn
 journalctl
@@ -1190,6 +1195,7 @@ minbody
 mindex
 MINFO
 minipatch
+Mischan
 misconfigured
 mjt
 mkuchar
@@ -1879,6 +1885,7 @@ stutiredboy
 stylesheet
 subdomain
 subkey
+submitters
 subnetmask
 sudo
 suffixmatchtree
@@ -1888,9 +1895,11 @@ supernotification
 supersecretpassword
 superslave
 superslaving
+supervacuus
 supervisord
 Surfnet
 SUSE
+SVCB
 swapcontext
 swe
 swoga
@@ -1968,6 +1977,7 @@ toint
 tokenuser
 tolower
 Tolstov
+Toosarani
 Toshifumi
 tostring
 Travaille
diff --git a/docs/changelog/4.4.rst b/docs/changelog/4.4.rst
new file mode 100644
index 0000000000..5609eb39b0
--- /dev/null
+++ b/docs/changelog/4.4.rst
@@ -0,0 +1,300 @@
+Changelogs for 4.4.x
+====================
+
+.. changelog::
+  :version: 4.4.0-alpha1
+  :released: 30th of September 2020
+
+  This is version 4.4.0-alpha1 of the Authoritative Server.
+  This release drops GSS/TSIG support, please see :doc:`PowerDNS Security Advisory 2020-06 <../security-advisories/powerdns-advisory-2020-06>`.
+
+  Version 4.4.0 brings a bunch of exciting changes:
+
+  * the LMDB backend now supports long record content, making it production ready for everybody
+  * the SVCB and HTTPS record types are supported, with limited additional processing
+  * transaction handling in the 2136 handler and the HTTP API was again improved a lot, avoiding various spurious issues users may have noticed if they do a lot of changes
+  * we finally emit Prometheus metrics!
+
+  We want to specifically thank Robin Geuze, Kees Monshouwer, Mischan Toosarani-Hausberger, and Chris Hofstaedtler for their contributions to this release.
+  We are also grateful to all other reporters of bugs, issues, feature requests, and submitters of smaller fixes and features.
+
+  Please make sure to read the :doc:`upgrade notes <../upgrading>` before upgrading.
+
+  .. change::
+    :tags: Improvements
+    :pullreq: 9369, 8638, 9337
+
+    New RRtypes: SVCB, HTTPS, APL.
+    Fixed RRtypes: IPSECKEY.
+
+  .. change::
+    :tags: Improvements
+    :pullreq: 9389
+
+    LMDB: new schema that supports long records (Robin Geuze)
+
+  .. change::
+    :tags: Bug Fixes
+    :pullreq: 9518, 9427, 9409, 9407
+
+    Improved transaction handling, especially around the metadata cache (Kees Monshouwer)
+
+  .. change::
+    :tags: Improvements
+    :pullreq: 9524
+
+    bindbackend: 'rediscover' changes to master and also-notifies (Matti Hiljanen)
+
+  .. change::
+    :tags: Bug Fixes
+    :pullreq: 9496
+
+    ignore cryptokeys in presigned zones (Kees Monshouwer)
+
+  .. change::
+    :tags: Improvements
+    :pullreq: 9039
+
+    quote/escape PG connection parameters
+
+  .. change::
+    :tags: Improvements
+    :pullreq: 8942
+
+    lua: add backtraces to errors
+
+  .. change::
+    :tags: Bug Fixes
+    :pullreq: 9478
+
+    remove a '// HACK FIXME400' and fix the bugs it was hiding (Kees Monshouwer)
+
+  .. change::
+    :tags: Removed Features
+    :pullreq: 9385
+
+    Remove GSS/TSIG support
+
+  .. change::
+    :tags: Improvements
+    :pullreq: 8993
+
+    Skip EDNS Cookies in the packet cache
+
+  .. change::
+    :tags: Improvements
+    :pullreq: 8969
+
+    Use more of systemd's sandboxing options when available
+
+  .. change::
+    :tags: Improvements
+    :pullreq: 9387
+
+    auth slave: log successful NOTIFY (Chris Hofstaedtler)
+
+  .. change::
+    :tags: Bug Fixes
+    :pullreq: 9439
+
+    Fix the sample 'geoip.conf' for Debian-based packages
+
+  .. change::
+    :tags: Improvements
+    :pullreq: 9419, 9430
+
+    sdig: Increment the DNS message IDs when pipelining, report ID mismatches
+
+  .. change::
+    :tags: Bug Fixes
+    :pullreq: 9408
+
+    Fix building with LLVM11 (RvdE)
+
+  .. change::
+    :tags: Improvements
+    :pullreq: 9157
+
+    Add support for FreeBSD's SO_REUSEPORT_LB
+
+  .. change::
+    :tags: Improvements
+    :pullreq: 9101
+
+    LUA records: two improvements to createForward
+
+  .. change::
+    :tags: New Features
+    :pullreq: 8824
+
+    Allow forced secondary zone retrieval
+
+  .. change::
+    :tags: Bug Fixes
+    :pullreq: 8928
+
+    Ensure qtype is set before calling setContent() in axfrfilter()
+
+  .. change::
+    :tags: New Features
+    :pullreq: 7963
+
+    Add a new command to add a super-master to SQL backends (Godwottery)
+
+  .. change::
+    :tags: Improvements
+    :pullreq: 8564, 8565
+
+    geoipbackend: top looking after first weighted match, propagate weighted rounding gap fix (criteo-forks)
+
+  .. change::
+    :tags: Improvements
+    :pullreq: 8623
+
+    Make a combination of delete and replace for rrset possible (jonathaneen)
+
+  .. change::
+    :tags: Bug Fixes
+    :pullreq: 9340
+
+    Auth API: Allow removal of NSEC3PARAM metadata
+
+  .. change::
+    :tags: Improvements
+    :pullreq: 9218
+
+    log more pdns_control actions (Chris Hofstaedtler)
+
+  .. change::
+    :tags: Improvements
+    :pullreq: 9318
+
+    gsqlbackend: allow backend-specific queries (Chris Hofstaedtler)
+
+  .. change::
+    :tags: Improvements
+    :pullreq: 9265
+
+    add used master address to slave check logs (Chris Hofstaedtler)
+
+  .. change::
+    :tags: Improvements
+    :pullreq: 9280
+
+    immediately fill account, kind, masters on zone create (Chris Hofstaedtler)
+
+  .. change::
+    :tags: Improvements
+    :pullreq: 9169
+
+    fetch all metadata at once (Kees Monshouwer)
+
+  .. change::
+    :tags: Improvements
+    :pullreq: 9252
+
+    Add version 'statistic' to prometheus
+
+  .. change::
+    :tags: Bug Fixes
+    :pullreq: 9253
+    :issues: 4973
+
+    pdnsutil: make sure we let all destructors run.
+
+  .. change::
+    :tags: Improvements
+    :pullreq: 9215
+
+    PKCS11 improvements
+
+  .. change::
+    :tags: Improvements
+    :pullreq: 9189
+
+    gpgsqlbackend: add parameters to query logging (Chris Hofstaedtler)
+
+  .. change::
+    :tags: Improvements
+    :pullreq: 9187
+
+    Set SyslogIdentifier for multiple instances (Chris Hofstaedtler)
+
+  .. change::
+    :tags: New Features
+    :pullreq: 9183
+
+    API: Allow rectifying Slave zones (Chris Hofstaedtler)
+
+  .. change::
+    :tags: New Features
+    :pullreq: 9182
+
+    Implemented prometheus metrics-endpoint for auth (supervacuus)
+
+  .. change::
+    :tags: Improvements
+    :pullreq: 9163
+
+    Optimize IXFR-to-AXFR fallback path (Chris Hofstaedtler)
+
+  .. change::
+    :tags: Bug Fixes
+    :pullreq: 8943
+
+    Remote Backend: Throw DBException in functions that allow it
+
+  .. change::
+    :tags: Bug Fixes
+    :pullreq: 9073
+
+    Ensure runtime dirs for virtual services differ
+
+  .. change::
+    :tags: Bug Fixes
+    :pullreq: 9080
+
+    better (actual) fix for mem leak in SSQLite3::execute()
+
+  .. change::
+    :tags: Bug Fixes
+    :pullreq: 9069
+
+    Avoid "pthread_rwlock_destroy on rwlock with waiters!" on OpenBSD
+
+  .. change::
+    :tags: Bug Fixes
+    :pullreq: 9060
+
+    BIND-DOMAIN-EXTENDED-STATUS: don't look for a domain called BIND-DOMAIN-EXTENDED-STATUS
+
+  .. change::
+    :tags: Improvements
+    :pullreq: 9024
+
+    auth smysql: mimic error message format from mysql tooling
+
+  .. change::
+    :tags: Improvements
+    :pullreq: 8975
+
+    improve sql schema updates (Kees Monshouwer)
+
+  .. change::
+    :tags: Improvements
+    :pullreq: 8939, 8925
+
+    NSEC fixes for unpublished DNSKEY (RobinGeuze)
+
+  .. change::
+    :tags: Improvements
+    :pullreq: 8929
+
+    make sure we look at 10% of all cached items during cleanup (Kees Monshouwer)
+
+  .. change::
+    :tags: Improvements
+    :pullreq: 8714
+
+    Reduce the number of temporary memory allocations
+
diff --git a/docs/changelog/index.rst b/docs/changelog/index.rst
index 9357f1a997..91280d4cf7 100644
--- a/docs/changelog/index.rst
+++ b/docs/changelog/index.rst
@@ -6,6 +6,7 @@ The changelogs for the PowerDNS Authoritative Server are split between release t
 .. toctree::
     :maxdepth: 2
 
+    4.4
     4.3
     4.2
     4.1
diff --git a/docs/secpoll.zone b/docs/secpoll.zone
index 9ac5bce83c..e6845e9850 100644
--- a/docs/secpoll.zone
+++ b/docs/secpoll.zone
@@ -1,4 +1,4 @@
-@       86400   IN  SOA pdns-public-ns1.powerdns.com. pieter\.lexis.powerdns.com. 2020100101 10800 3600 604800 10800
+@       86400   IN  SOA pdns-public-ns1.powerdns.com. pieter\.lexis.powerdns.com. 2020100102 10800 3600 604800 10800
 @       3600    IN  NS  pdns-public-ns1.powerdns.com.
 @       3600    IN  NS  pdns-public-ns2.powerdns.com.
 
@@ -70,6 +70,7 @@ auth-4.3.0-rc1.security-status                          60 IN TXT "2 Unsupported
 auth-4.3.0-rc2.security-status                          60 IN TXT "2 Unsupported pre-release (no known vulnerabilities)"
 auth-4.3.0.security-status                              60 IN TXT "3 Upgrade now, see https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2020-05.html"
 auth-4.3.1.security-status                              60 IN TXT "1 OK"
+auth-4.4.0-alpha1.security-status                       60 IN TXT "1 OK"
 
 ; Auth Debian
 auth-3.4.1-2.debian.security-status                     60 IN TXT "3 Upgrade now, see https://doc.powerdns.com/3/security/powerdns-advisory-2015-01/ and https://doc.powerdns.com/3/security/powerdns-advisory-2015-02/ and https://doc.powerdns.com/3/security/powerdns-advisory-2016-02/ and https://doc.powerdns.com/3/security/powerdns-advisory-2016-03/ and https://doc.powerdns.com/3/security/powerdns-advisory-2016-04/ and https://doc.powerdns.com/3/security/powerdns-advisory-2016-05/"
diff --git a/docs/upgrading.rst b/docs/upgrading.rst
index b3660ee6bf..47392ad056 100644
--- a/docs/upgrading.rst
+++ b/docs/upgrading.rst
@@ -11,11 +11,11 @@ upgrade notes if your version is older than 3.4.2.
 4.3.x to 4.4.0
 --------------
 
-``IPSECKEY`` change on secondaries
+Record type changes on secondaries
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 
-The in-database format of the ``IPSECKEY`` has changed from 'generic' format to its specialized format.
-It is recommended to re-transfer, using ``pdns_control retrieve ZONE``, all zones that have ``IPSECKEY`` or ``TYPE45`` records.
+The in-database format of the ``IPSECKEY``, ``SVCB``, ``HTTPS`` and ``APL`` records has changed from 'generic' format to its specialized format.
+It is recommended to re-transfer, using ``pdns_control retrieve ZONE``, all zones that have records of those types, or ``TYPExx``, for numbers 42, 45, 64, 65.
 
 PostgreSQL configuration escaping
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
@@ -23,6 +23,15 @@ PostgreSQL configuration escaping
 We now correctly quote/escape Postgres connection parameters.
 If you used single quotes (or some other form of escaping) around your Postgres password because it contained spaces, you now need to put your unmodified, unescaped, unquoted password in your configuration.
 
+New LMDB schema
+^^^^^^^^^^^^^^^
+
+An LMDB schema upgrade is mandatory.
+Please carefully read :ref:`setting-lmdb-schema-version` before upgrading to 4.4.x.
+
+FIXME: 4.3.1 docs failed to mention #9233 (gsqlite3: add missing indexes)
+
+
 4.3.0 to 4.3.1
 --------------