From: Peter van Dijk Date: Mon, 2 Nov 2020 14:22:44 +0000 (+0100) Subject: auth: changelog, secpoll, upgrade notes for 4.4.0-alpha2 X-Git-Tag: dnsdist-1.6.0-alpha0~33^2~1 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e756d0135c503c7a0c2c7e07928b3fcf5349ec3f;p=thirdparty%2Fpdns.git auth: changelog, secpoll, upgrade notes for 4.4.0-alpha2 --- diff --git a/.github/actions/spell-check/expect.txt b/.github/actions/spell-check/expect.txt index 6199044115..b0bde0d08d 100644 --- a/.github/actions/spell-check/expect.txt +++ b/.github/actions/spell-check/expect.txt @@ -115,6 +115,7 @@ autoconf autodetect autodetecting autodoc +autofilling autogenerated automagically automake @@ -1871,6 +1872,7 @@ Stillaway Stirnimann stmt Stol +Stolte Storbeck stou stoul diff --git a/docs/changelog/4.4.rst b/docs/changelog/4.4.rst index 5609eb39b0..f66a6fc332 100644 --- a/docs/changelog/4.4.rst +++ b/docs/changelog/4.4.rst @@ -1,6 +1,110 @@ Changelogs for 4.4.x ==================== +.. changelog:: + :version: 4.4.0-alpha2 + :released: 3rd of November 2020 + + This is version 4.4.0-alpha2 of the Authoritative Server. + This release drops GSS/TSIG support, please see :doc:`PowerDNS Security Advisory 2020-06 <../security-advisories/powerdns-advisory-2020-06>`. + + Version 4.4.0 brings a bunch of exciting changes: + + * the LMDB backend now supports long record content, making it production ready for everybody + * the SVCB and HTTPS record types are supported, with limited additional processing + * transaction handling in the 2136 handler and the HTTP API was again improved a lot, avoiding various spurious issues users may have noticed if they do a lot of changes + * a new setting (:ref:`setting-consistent-backends`) offers a roughly 30% speedup, subject to conditions + * we finally emit Prometheus metrics! + + We want to specifically thank Robin Geuze, Kees Monshouwer, Mischan Toosarani-Hausberger, and Chris Hofstaedtler for their contributions to this release. + We are also grateful to all other reporters of bugs, issues, feature requests, and submitters of smaller fixes and features. + + Please make sure to read the :doc:`upgrade notes <../upgrading>` before upgrading. + + .. change:: + :tags: Improvements + :pullreq: 9656, 9483 + + When :ref:`setting-consistent-backends` is enabled, use ANY queries toward backends whenever possible. (Kees Monshouwer) + + .. change:: + :tags: Improvements + :pullreq: 9625, 9552 + + Deprecate :ref:`setting-local-ipv6` and :ref:`setting-query-local-address6`, to prepare for removal in 4.5.0 (Chris Hofstaedtler, Kees Monshouwer) + + .. change:: + :tags: Improvements + :pullreq: 9611 + + pdns: bind-backend speedup feedRecord() (Kees Monshouwer) + + .. change:: + :tags: Improvements + :pullreq: 9568 + + auth: Speedup presigned signature lookups. (Kees Monshouwer) + + .. change:: + :tags: Improvements + :pullreq: 9645 + + auth: bindbackend: 'rediscover' changes to 'type' (Roald Stolte) + + .. change:: + :tags: Bug Fixes + :pullreq: 9647 + + auth lmdb: fill di.backend in getUnfreshSlaveInfos and getAllDomains (this makes the right serial appear in API calls) + + .. change:: + :tags: Improvements + :pullreq: 9623 + + gsql,bind: allow seamless serving of newly-supported TYPExx records (Chris Hofstaedtler) + + .. change:: + :tags: New Features + :pullreq: 9631 + + auth: add support for dnssec removal to CDS/CDNSKEY (Kees Monshouwer) + + .. change:: + :tags: Bug Fixes + :pullreq: 9627 + + auth: change "misconfigured" SOA MNAME to not mention powerdns and be RFC6761 compliant + + .. change:: + :tags: Removed Features + :pullreq: 9593 + + Auth: remove SOA autofilling, remove set-ptr feature from API (Kees Monshouwer) + + .. change:: + :tags: Bug Fixes + :pullreq: 9613 + + LUA records: handle a potentially uncaught exception + + .. change:: + :tags: Bug Fixes + :pullreq: 9580, 9550 + + Fixes for APL records pointing to fe80 (Chris Hofstaedtler) + + .. change:: + :tags: New Features + :pullreq: 9549 + + pdns_control: add show (Chris Hofstaedtler) + + .. change:: + :tags: Bug Fixes + :pullreq: 9544 + + svc-records: Initialize d_port + .. changelog:: :version: 4.4.0-alpha1 :released: 30th of September 2020 diff --git a/docs/secpoll.zone b/docs/secpoll.zone index a1603b4616..578377f73e 100644 --- a/docs/secpoll.zone +++ b/docs/secpoll.zone @@ -1,4 +1,4 @@ -@ 86400 IN SOA pdns-public-ns1.powerdns.com. pieter\.lexis.powerdns.com. 2020101901 10800 3600 604800 10800 +@ 86400 IN SOA pdns-public-ns1.powerdns.com. pieter\.lexis.powerdns.com. 2020110201 10800 3600 604800 10800 @ 3600 IN NS pdns-public-ns1.powerdns.com. @ 3600 IN NS pdns-public-ns2.powerdns.com. @@ -70,7 +70,8 @@ auth-4.3.0-rc1.security-status 60 IN TXT "2 Unsupported auth-4.3.0-rc2.security-status 60 IN TXT "2 Unsupported pre-release (known vulnerabilities)" auth-4.3.0.security-status 60 IN TXT "3 Upgrade now, see https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2020-05.html" auth-4.3.1.security-status 60 IN TXT "1 OK" -auth-4.4.0-alpha1.security-status 60 IN TXT "1 OK" +auth-4.4.0-alpha1.security-status 60 IN TXT "2 Unsupported pre-release (no known vulnerabilities)" +auth-4.4.0-alpha2.security-status 60 IN TXT "1 OK" ; Auth Debian auth-3.4.1-2.debian.security-status 60 IN TXT "3 Upgrade now, see https://doc.powerdns.com/3/security/powerdns-advisory-2015-01/ and https://doc.powerdns.com/3/security/powerdns-advisory-2015-02/ and https://doc.powerdns.com/3/security/powerdns-advisory-2016-02/ and https://doc.powerdns.com/3/security/powerdns-advisory-2016-03/ and https://doc.powerdns.com/3/security/powerdns-advisory-2016-04/ and https://doc.powerdns.com/3/security/powerdns-advisory-2016-05/" diff --git a/docs/upgrading.rst b/docs/upgrading.rst index c1127c8ca6..9d2e66569c 100644 --- a/docs/upgrading.rst +++ b/docs/upgrading.rst @@ -29,6 +29,12 @@ New LMDB schema An LMDB schema upgrade is mandatory. Please carefully read :ref:`setting-lmdb-schema-version` before upgrading to 4.4.x. +Removed features +^^^^^^^^^^^^^^^^ + +SOA autofilling (i.e. allowing incomplete SOAs in the database) and the API set-ptr feature, that both were deprecated in earlier releases, have now been removed. +Please run ``pdnsutil check-all-zones`` to check for incomplete SOAs. + 4.3.0 to 4.3.1 --------------