From: Peter van Dijk <peter.van.dijk@powerdns.com>
Date: Mon, 13 Dec 2021 11:05:44 +0000 (+0100)
Subject: dnsdist, rec, auth: upgrade notes for 11081
X-Git-Tag: auth-4.7.0-alpha1~119^2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d49c3e14e70de552003108f240d4673bdcbcafd9;p=thirdparty%2Fpdns.git

dnsdist, rec, auth: upgrade notes for 11081
---

diff --git a/docs/upgrading.rst b/docs/upgrading.rst
index de34d38030..8f7a7f16bc 100644
--- a/docs/upgrading.rst
+++ b/docs/upgrading.rst
@@ -31,6 +31,12 @@ SHA1 DSes
 
 ``pdnsutil show-zone`` and ``pdnsutil export-zone-ds`` no longer emit SHA1 DS records, unless ``--verbose`` is in use.
 
+Privileged port binding in Docker
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+In our Docker image, our binaries are no longer granted the ``net_bind_service`` capability, as this is unnecessary in many deployments.
+For more information, see the section ["Privileged ports" in Docker-README](https://github.com/PowerDNS/pdns/blob/master/Docker-README.md#privileged-ports).
+
 4.4.x to 4.5.0
 --------------
 
diff --git a/pdns/dnsdistdist/docs/upgrade_guide.rst b/pdns/dnsdistdist/docs/upgrade_guide.rst
index eb00fffddc..54753c3999 100644
--- a/pdns/dnsdistdist/docs/upgrade_guide.rst
+++ b/pdns/dnsdistdist/docs/upgrade_guide.rst
@@ -12,6 +12,9 @@ Unless set via :func:`setMaxTCPClientThreads` the number of TCP workers now defa
 
 Plain-text API keys and passwords for web server authentication are now strongly discouraged. The :func:`hashPassword` method can be used to generate a hashed and salted version of passwords and API keys instead, so that the plain-text version can no longer be found in either the configuration file or the memory of the running process.
 
+In our Docker image, our binaries are no longer granted the ``net_bind_service`` capability, as this is unnecessary in many deployments.
+For more information, see the section ["Privileged ports" in Docker-README](https://github.com/PowerDNS/pdns/blob/master/Docker-README.md#privileged-ports).
+
 1.5.x to 1.6.0
 --------------
 
diff --git a/pdns/recursordist/docs/upgrade.rst b/pdns/recursordist/docs/upgrade.rst
index 15b6ec3048..38e5a23441 100644
--- a/pdns/recursordist/docs/upgrade.rst
+++ b/pdns/recursordist/docs/upgrade.rst
@@ -26,6 +26,11 @@ Deprecated and changed settings
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 -  The :ref:`setting-api-key` and :ref:`setting-webserver-password` settings now accept a hashed and salted version (if the support is available in the openssl library used).
 
+Privileged port binding in Docker
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+In our Docker image, our binaries are no longer granted the ``net_bind_service`` capability, as this is unnecessary in many deployments.
+For more information, see the section ["Privileged ports" in Docker-README](https://github.com/PowerDNS/pdns/blob/master/Docker-README.md#privileged-ports).
 
 4.5.1 to 4.5.2
 --------------