From: Peter van Dijk Date: Fri, 23 May 2025 17:37:14 +0000 (+0200) Subject: auth 5.0.0-alpha1: changelog & secpoll X-Git-Tag: dnsdist-2.0.0-beta1~66^2~1 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=bc521ed7156d8849c768beef50d523ac2e9bab4f;p=thirdparty%2Fpdns.git auth 5.0.0-alpha1: changelog & secpoll --- diff --git a/.github/actions/spell-check/expect.txt b/.github/actions/spell-check/expect.txt index a48c1e4ad8..6708d377cf 100644 --- a/.github/actions/spell-check/expect.txt +++ b/.github/actions/spell-check/expect.txt @@ -56,6 +56,7 @@ Asenov ASEP Ashish associateddomain +Assumeru asyncresolve ATHENE Atlassian @@ -124,6 +125,7 @@ Binero binlog bitfield bitmaps +bjacquin bla Bleker blockfilter @@ -137,6 +139,7 @@ bolditalic bonafide Bortzmeyer botnet +Bozhan bpf bpo Brainspark @@ -643,12 +646,14 @@ Jorn journalctl jpmens jsonstat +jsoref jsrender Juergen jumpbox Juraj Kadyshev Kaminsky +karelbilek Kaseorg Kdhcp Kdhcpdupdate @@ -821,6 +826,7 @@ modeline modifyingpolicydecisions modindex monshouwer +mortenstevens motherboards mozilla mplexer @@ -1278,6 +1284,7 @@ singlethreaded Sipek siphash Sjoerd +sjorgedeaguiar slapindex slaveness SLES @@ -1371,6 +1378,7 @@ supervacuus supervisord Surfnet swapcontext +swegener swoga syncer syncres @@ -1379,6 +1387,7 @@ syscalls Sysdream systemcall sysv +tacerus tarballs Tarjei Tarnell @@ -1422,6 +1431,7 @@ tinydns tinydnsbackend tisr tlsa +tlu tmpfs tobool TOCTOU @@ -1466,6 +1476,7 @@ Ueber Ueli UIDs Uisms +ukleinek UMEM unauth unbreak @@ -1539,6 +1550,7 @@ westes Wevers wextra whashed +wibowo Wieger Wielicki Wijk @@ -1556,6 +1568,7 @@ Wojas Worldnic would've wouter +Woutifier wpad wproduction wrandom @@ -1569,6 +1582,7 @@ xdp Xek Xeon XForwarded +XFRs Xiang xorbooter xpf diff --git a/docs/changelog/5.0.rst b/docs/changelog/5.0.rst new file mode 100644 index 0000000000..09e9906491 --- /dev/null +++ b/docs/changelog/5.0.rst @@ -0,0 +1,593 @@ +Changelogs for 5.0.x +==================== + +.. changelog:: + :version: 5.0.0-alpha1 + :released: 27th of May 2025 + + This is release 5.0.0-alpha1 of the Authoritative Server. + The major new feature in 5.0.0 is :ref:`views` support. + Besides that, this release also contains a long list of other improvements. + + .. change:: + :tags: New Features + :pullreq: 15393, 15441, 15421, 15470, 15512 + + new feature: :ref:`views` + + .. change:: + :tags: Bug Fixes + :pullreq: 15570 + + Trust inet_pton to validate IPv6 addresses and nothing more + + .. change:: + :tags: Improvements + :pullreq: 15520 + + Fix building with GCC 15.1: missing `cstdint` include + + .. change:: + :tags: Improvements + :pullreq: 15474 + + Use a unique type for domain ids + + .. change:: + :tags: Improvements + :pullreq: 15451 + + Better behaviour with non-working DNSSEC configurations + + .. change:: + :tags: Improvements + :pullreq: 15443 + + Add a quiet option to pdnsutil + + .. change:: + :tags: Improvements + :pullreq: 15390 + + Log DNS packet parse errors + + .. change:: + :tags: Improvements + :pullreq: 15353 + + fix log string in case there are notifies needed + + .. change:: + :tags: Bug Fixes + :pullreq: 15340 + + mysql: use MYSQL_TYPE_LONGLONG on 64bit platforms (zeha) + + .. change:: + :tags: Bug Fixes + :pullreq: 15339 + + lmdb: be more robust against marked-as-deleted items + + .. change:: + :tags: Improvements + :pullreq: 15334 + + [geoip] Try and be more helpful in YAML error exceptions + + .. change:: + :tags: Improvements + :pullreq: 15299 + + API: allow fetching disabled RRsets + + .. change:: + :tags: New Features + :pullreq: 15265 + + webserver Unix socket support (tacerus) + + .. change:: + :tags: Bug Fixes + :pullreq: 15238 + + Fix list-all-zones in multi-backend configuration involving LMDB + + .. change:: + :tags: Improvements + :pullreq: 15222 + + Damage control in Lua createForward() + + .. change:: + :tags: Improvements + :pullreq: 15207 + + [pdnsutil] Command aliases + + .. change:: + :tags: Improvements + :pullreq: 15197 + + [pdnsutil] Suggest increase-serial after create-zone + + .. change:: + :tags: Improvements + :pullreq: 15176 + + lmdb-safe: add prefix() cursor; use it in list/lookup/get + + .. change:: + :tags: Bug Fixes + :pullreq: 15175 + + Improve LMDBBackend reliability + + .. change:: + :tags: Improvements + :pullreq: 15170 + + [pdnsutil] dedup in add-record + + .. change:: + :tags: Improvements + :pullreq: 15160 + + [pdnsutil] Better error message when disk full + + .. change:: + :tags: Improvements + :pullreq: 15152 + + Make the record representation of ALIAS match CNAME + + .. change:: + :tags: Improvements + :pullreq: 15147 + + Low-hanging LMDB fruits + + .. change:: + :tags: New Features + :pullreq: 15140 + + sdig: implement cookie support + + .. change:: + :tags: Bug Fixes + :pullreq: 15133 + + [pdnsutil] Do not allow increase-serial on secondary zones + + .. change:: + :tags: Improvements + :pullreq: 15131 + + [pdnsutil] Let add-zone-key use defaults from pdns.conf + + .. change:: + :tags: New Features + :pullreq: 15127 + + lua records: new option to set the http status code to match in ifurlup function + + .. change:: + :tags: Improvements + :pullreq: 15105 + + Let pdnsutil warn when creating local files + + .. change:: + :tags: Improvements + :pullreq: 15103 + + Grow tinydnsbackend capabilities a bit + + .. change:: + :tags: New Features + :pullreq: 15098 + + Add a "failOnIncompleteCheck" option to if\*up Lua functions + + .. change:: + :tags: Bug Fixes + :pullreq: 15093 + + check return value of getCatalogMembers() (Kees Monshouwer) + + .. change:: + :tags: Bug Fixes + :pullreq: 15090 + + Avoid LMDB exception during recursive lookup + + .. change:: + :tags: Improvements + :pullreq: 15086 + + try to find ldap libs in case pkg-config is missing (happens on debian11) + + .. change:: + :tags: New Features + :pullreq: 15083, 15253 + + Provide additional answers in NAPTR queries + + .. change:: + :tags: Improvements + :pullreq: 15082 + + More helpful pdnsutil help output + + .. change:: + :tags: Improvements + :pullreq: 15080 + + pdnsutil: check for key presence after import + + .. change:: + :tags: Improvements + :pullreq: 15072 + + Adjust Content-Type header for Prometheus endpoint to include version (Woutifier) + + .. change:: + :tags: Improvements + :pullreq: 15063 + + Include cstdint to get uint64_t + + .. change:: + :tags: Improvements + :pullreq: 15049 + + Correctly report SQL insertion errors + + .. change:: + :tags: Improvements + :pullreq: 15041 + + Exit gracefully on ^D on control-console + + .. change:: + :tags: Improvements + :pullreq: 15004 + + [lmdb] Ignore unreachable TSIG keys in getTSIGKeys + + .. change:: + :tags: Improvements + :pullreq: 14996 + + Lua up checks: finer control + + .. change:: + :tags: Improvements + :pullreq: 14993 + + createForward and createForward6 will use the zone_record as base (BozhanL) + + .. change:: + :tags: Improvements + :pullreq: 14975 + + prevent createReverse6 from generating illegal IDN record (BozhanL) + + .. change:: + :tags: Bug Fixes + :pullreq: 14931 + + Fix ipv\*hint=auto on lmdb backend + + .. change:: + :tags: Removed Features + :pullreq: 14926 + + [feature] remove support for libdecaf + + .. change:: + :tags: Bug Fixes + :pullreq: 14913 + + [bugfix] Reject hexadecimal blobs with odd number of characters + + .. change:: + :tags: Improvements + :pullreq: 14900 + + pdnsutil edit-zone: Emit the updated SOA serial (ukleinek) + + .. change:: + :tags: Bug Fixes + :pullreq: 14897 + + fix register type race + + .. change:: + :tags: Bug Fixes + :pullreq: 14842 + + don't log absence of GSS-TSIG functionality at such a high level, use DEBUG + + .. change:: + :tags: Bug Fixes + :pullreq: 14823 + + SVCB parser: allow quotes around port= + + .. change:: + :tags: Improvements + :pullreq: 14782 + + Rework MDBIn/OutVal + + .. change:: + :tags: Improvements + :pullreq: 14781 + + pdns: allow empty string in version-string (bjacquin) + + .. change:: + :tags: Bug Fixes + :pullreq: 14676 + + don't build .so for non-dyn modules + + .. change:: + :tags: Improvements + :pullreq: 14670 + + webserver.cc: try to pass exception text with 500 errors + + .. change:: + :tags: Improvements + :pullreq: 14665 + + sdig: some improvements for stdin mode + + .. change:: + :tags: Improvements + :pullreq: 14642 + + more and better thread names + + .. change:: + :tags: Bug Fixes + :pullreq: 14625 + + Fix leak of MDB_env object + + .. change:: + :tags: New Features + :pullreq: 14604 + + allow turning off across-zone resolving (zeha) + + .. change:: + :tags: Improvements + :pullreq: 14591 + + dnsproxy: make local port range configurable (zeha) + + .. change:: + :tags: New Features + :pullreq: 14581 + + added a new config for direct queries of dnskey signature (d-wibowo) + + .. change:: + :tags: Improvements + :pullreq: 14576 + + ssqlite3: use "begin immediate" to avoid later fights over upgrading to write + + .. change:: + :tags: Improvements + :pullreq: 14562 + + Fix build with boost 1.86.0 (cho-m) + + .. change:: + :tags: Improvements + :pullreq: 14561 + + Add doc reference to oversized chunk message (jsoref) + + .. change:: + :tags: Improvements + :pullreq: 14550 + + json11: add include for cstdint + + .. change:: + :tags: New Features + :pullreq: 14505 + + `pdnsutil`: Add `backend-lookup` subcommand + + .. change:: + :tags: Bug Fixes + :pullreq: 14500 + + fix domain ordering in query for mysql and odbc-sqlite, and test it + + .. change:: + :tags: Bug Fixes + :pullreq: 14454 + + catalogs SQL: force order of domains to avoid spurious rehashes + + .. change:: + :tags: Bug Fixes + :pullreq: 14419 + + Fix compile error on OPENSSL_VERSION_MAJOR < 3 + + .. change:: + :tags: Improvements + :pullreq: 14394 + + provide dns packet when doing lookup for presigned signatures (d-wibowo) + + .. change:: + :tags: Improvements + :pullreq: 14368 + + allow -lodbc in a non-standard location + + .. change:: + :tags: Bug Fixes + :pullreq: 14277 + + geoipbackend: link C++ filesystem lib if necessary + + .. change:: + :tags: Bug Fixes + :pullreq: 14261 + + pdnsutil check-zone: make LUA records optional (swegener) + + .. change:: + :tags: Bug Fixes + :pullreq: 14242 + + ixfrdist: Fix broken 'uid' and 'gid' parsing for non-numerical values + + .. change:: + :tags: Improvements + :pullreq: 14218 + + web: make request/response timeout configurable (ns-sjorgedeaguiar) + + .. change:: + :tags: Improvements + :pullreq: 14197 + + YaHTTP: Enforce max # of request fields and max request line size + + .. change:: + :tags: Bug Fixes + :pullreq: 14196 + + Fix memory leaks in the bind file format parser + + .. change:: + :tags: Improvements + :pullreq: 14047 + + dnsproxy: fix build on s390x (zeha) + + .. change:: + :tags: Bug Fixes + :pullreq: 14045 + + API: when querying with rrset_name, respect it for comments too + + .. change:: + :tags: Bug Fixes + :pullreq: 14029 + + Properly finalize PKCS11 modules before releasing them + + .. change:: + :tags: New Features + :pullreq: 14021 + + LUA: make whitespace insertion on chunk combine optional + + .. change:: + :tags: Improvements + :pullreq: 14011 + + pdnsutil check-zone: accept LUA A/AAAA as SVCB address targets + + .. change:: + :tags: Improvements + :pullreq: 13980 + + Do shuffle TCP responses except \*XFRs (karelbilek) + + .. change:: + :tags: Improvements + :pullreq: 13959 + + Add Meson as a build system for auth + + .. change:: + :tags: Improvements + :pullreq: 13951 + + deprecate output of SHA1, GOST hashes + + .. change:: + :tags: Bug Fixes + :pullreq: 13949 + + ixfrdist: use IPV6_V6ONLY on listening sockets, closes #13878 + + .. change:: + :tags: Improvements + :pullreq: 13930 + + sdig: remove xpf handling + + .. change:: + :tags: Improvements + :pullreq: 13879 + + LUA: support returning empty set in filterForward + + .. change:: + :tags: Improvements + :pullreq: 13867 + + on OpenBSD, try harder to send on a non-blocking socket + + .. change:: + :tags: Bug Fixes + :pullreq: 13841 + + do not disable ns records at apex in consumer zones (Kees Monshouwer) + + .. change:: + :tags: Improvements + :pullreq: 13772 + + RPM packages: change home directory to /var/lib/pdns (mortenstevens) + + .. change:: + :tags: New Features + :pullreq: 13770 + + Add setting to make TSIG required for DNS updates (Assumeru) + + .. change:: + :tags: Bug Fixes + :pullreq: 13205 + + catalog, include groups in hash calculation (Kees Monshouwer) + + .. change:: + :tags: Improvements + :pullreq: 13060 + + gmysql: modernise implementation of gmysql-ssl flag + + .. change:: + :tags: New Features + :pullreq: 11678 + + Lua global include (cmouse) + + .. change:: + :tags: Improvements + :pullreq: 10933 + + m4: Enable 64-bit time_t on 32-bit systems with glibc-2.34 (swegener) + + .. change:: + :tags: New Features + :pullreq: 10692 + + added self weighted lua function (n0tlu5) + diff --git a/docs/changelog/index.rst b/docs/changelog/index.rst index 87cc4a2d5f..6a5c314ede 100644 --- a/docs/changelog/index.rst +++ b/docs/changelog/index.rst @@ -6,6 +6,7 @@ The changelogs for the PowerDNS Authoritative Server are split between release t .. toctree:: :maxdepth: 2 + 5.0 4.9 4.8 4.7 diff --git a/docs/secpoll.zone b/docs/secpoll.zone index e43f5f6ea5..912bb470ce 100644 --- a/docs/secpoll.zone +++ b/docs/secpoll.zone @@ -1,4 +1,4 @@ -@ 86400 IN SOA pdns-public-ns1.powerdns.com. peter\.van\.dijk.powerdns.com. 2025052400 10800 3600 604800 10800 +@ 86400 IN SOA pdns-public-ns1.powerdns.com. peter\.van\.dijk.powerdns.com. 2025052700 10800 3600 604800 10800 @ 3600 IN NS pdns-public-ns1.powerdns.com. @ 3600 IN NS pdns-public-ns2.powerdns.com. @@ -134,6 +134,7 @@ auth-4.9.2.security-status 60 IN TXT "1 OK" auth-4.9.3.security-status 60 IN TXT "1 OK" auth-4.9.4.security-status 60 IN TXT "1 OK" auth-4.9.5.security-status 60 IN TXT "1 OK" +auth-5.0.0-alpha1.security-status 60 IN TXT "1 Unsupported pre-release (no known vulnerabilities)" ; Auth Debian auth-3.4.1-2.debian.security-status 60 IN TXT "3 Upgrade now, see https://docs.powerdns.com/authoritative/appendices/EOL.html" diff --git a/docs/views.rst b/docs/views.rst index 69b18e7672..2e7ba4cc2a 100644 --- a/docs/views.rst +++ b/docs/views.rst @@ -1,3 +1,5 @@ +.. _views: + Views =====