From: Otto Moerbeek Date: Tue, 14 May 2024 11:35:11 +0000 (+0200) Subject: rec: prep rec-5.1.0-alpha1 X-Git-Tag: rec-5.1.0-beta1~50^2 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=refs%2Fpull%2F14172%2Fhead;p=thirdparty%2Fpdns.git rec: prep rec-5.1.0-alpha1 --- diff --git a/docs/secpoll.zone b/docs/secpoll.zone index 041dbb62e2..da1d61f034 100644 --- a/docs/secpoll.zone +++ b/docs/secpoll.zone @@ -1,4 +1,4 @@ -@ 86400 IN SOA pdns-public-ns1.powerdns.com. peter\.van\.dijk.powerdns.com. 2024051401 10800 3600 604800 10800 +@ 86400 IN SOA pdns-public-ns1.powerdns.com. peter\.van\.dijk.powerdns.com. 2024051501 10800 3600 604800 10800 @ 3600 IN NS pdns-public-ns1.powerdns.com. @ 3600 IN NS pdns-public-ns2.powerdns.com. @@ -383,6 +383,7 @@ recursor-5.0.2.security-status 60 IN TXT "1 OK" recursor-5.0.3.security-status 60 IN TXT "3 Upgrade now, see https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2024-02.html" recursor-5.0.4.security-status 60 IN TXT "1 OK" recursor-5.0.5.security-status 60 IN TXT "1 OK" +recursor-5.1.0-alpha1.security-status 60 IN TXT "1 OK" ; Recursor Debian recursor-3.6.2-2.debian.security-status 60 IN TXT "3 Upgrade now, see https://doc.powerdns.com/3/security/powerdns-advisory-2015-01/ and https://doc.powerdns.com/3/security/powerdns-advisory-2016-02/" diff --git a/pdns/recursordist/docs/changelog/5.1.rst b/pdns/recursordist/docs/changelog/5.1.rst new file mode 100644 index 0000000000..71abe192aa --- /dev/null +++ b/pdns/recursordist/docs/changelog/5.1.rst @@ -0,0 +1,208 @@ +Changelogs for 5.1.X +==================== + +Before upgrading, it is advised to read the :doc:`../upgrade`. + +.. changelog:: + :version: 5.1.0-alpha1 + :released: 15th of May 2024 + + .. change:: + :tags: Improvements + :pullreq: 13819 + + Add possibility to set existing Lua config in YAML settings. + + .. change:: + :tags: Improvements + :pullreq: 14097,14139 + + Tidy iputils.hh and iputils.cc + + .. change:: + :tags: Improvements + :pullreq: 14023 + :tickets: 13730 + + Add interface (not subject to proxy protocol substitutions) addresses in Lua DNSQuestion and corresponding FFI. + + .. change:: + :tags: Bug Fixes + :pullreq: 13596 + + Configure.ac fixup: do not require bash (Eli Schwartz) + + .. change:: + :tags: Improvements + :pullreq: 14018 + :tickets: 13948 + + Add setting to exclude specific listen socket addresses from requiring proxy protocol. + + .. change:: + :tags: Bug Fixes + :pullreq: 14006 + + FDWrapper: Do not try to close negative file descriptors. + + .. change:: + :tags: Improvements + :pullreq: 13969 + :tickets: 13677 + + Use shared NOD (and/or UDR) DB, to avoid multiple copies in memory and on disk. + + .. change:: + :tags: Bug Fixes + :pullreq: 13985 + + Fixup res-system-resolve.cc on FreeBSD: resolve.h needs netinet/in.h. + + .. change:: + :tags: Improvements + :pullreq: 13921 + :tickets: 11393 + + Add feature to allow names (resolved by system resolver) in forwarding config. + + .. change:: + :tags: Improvements + :pullreq: 10933 + + Enable 64-bit time_t on 32-bit systems with glibc-2.34 (Sven Wegener). + + .. change:: + :tags: Improvements + :pullreq: 13844 + + Remove the possibility to disable structured logging. + + .. change:: + :tags: Improvements + :pullreq: 13842 + + Add structured logging backend that uses JSON representation. + + .. change:: + :tags: Bug Fixes + :pullreq: 13919 + + Don't throttle lame servers if they are marked as dontThrottle. + + .. change:: + :tags: Bug Fixes + :pullreq: 13894 + + Fix Coverity 1534473 Unintended sign extension. + + .. change:: + :tags: Improvements + :pullreq: 13889 + + Tidy recursor-lua4.cc and recursor-lua4.hh. + + .. change:: + :tags: Bug Fixes + :pullreq: 13866 + + Don't enter wildcard qnames into the cache in the ZoneToCache function. + + .. change:: + :tags: Improvements + :pullreq: 13864 + + Support v6 in FrameStreamLogger, including tidy. + + .. change:: + :tags: Improvements + :pullreq: 13861 + + Tidy rpzloader.cc and .hh. + + .. change:: + :tags: Improvements + :pullreq: 13824 + + Log if a dnssec related limit was hit (if log_bogus is set). + + .. change:: + :tags: Improvements + :pullreq: 13746 + + Tidy ResolveContext class. + + .. change:: + :tags: Bug Fixes + :pullreq: 13741 + + Fix Coverity issues in new RPZ code. + + .. change:: + :tags: Improvements + :pullreq: 13744 + + Tidy filterpo.?? (reaching into iputils.hh as well). + + .. change:: + :tags: Improvements + :pullreq: 13504 + :tickets: 13265 + + Introduce command to set aggressive NSEC cache size. + + .. change:: + :tags: Improvements + :pullreq: 13701 + :tickets: 12777 + + RPZ from primary refactor and allow notifies for RPZs + + .. change:: + :tags: Improvements + :pullreq: 13702 + + Use ref wrapper instead of raw pointer in variant. + + .. change:: + :tags: Improvements + :pullreq: 13706, 13719 + + Fix a few coverity reports. + + .. change:: + :tags: Improvements + :pullreq: 13711 + + Cleanup of code doing SNMP OID handling. + + .. change:: + :tags: Improvements + :pullreq: 13654 + + Allow out-of-tree builds (Chris Hofstaedtler) + + .. change:: + :tags: Improvements + :pullreq: 13714 + + Fix country()/countryCode() mixup in example Lua Record documentation (Edward Dore) + + .. change:: + :tags: Bug Fixes + :pullreq: 13680 + + Fix a potential null deref in `MTasker::schedule()`. + + .. change:: + :tags: Improvements + :pullreq: 13652 + + MTasker cleanup and move to recursordist. + + .. change:: + :tags: Improvements + :pullreq: 13566 + :tickets: 8646 + + Lower default max-qperq limit. + diff --git a/pdns/recursordist/docs/changelog/index.rst b/pdns/recursordist/docs/changelog/index.rst index 08ff1324b3..fec1fd0032 100644 --- a/pdns/recursordist/docs/changelog/index.rst +++ b/pdns/recursordist/docs/changelog/index.rst @@ -8,6 +8,7 @@ Before upgrading, it is advised to read the :doc:`../upgrade`. .. toctree:: :maxdepth: 2 + 5.1 5.0 4.9 4.8 diff --git a/pdns/recursordist/docs/upgrade.rst b/pdns/recursordist/docs/upgrade.rst index 8e6484b0d0..51713eefde 100644 --- a/pdns/recursordist/docs/upgrade.rst +++ b/pdns/recursordist/docs/upgrade.rst @@ -4,18 +4,25 @@ Upgrade Guide Before upgrading, it is advised to read the :doc:`changelog/index`. When upgrading several versions, please read **all** notes applying to the upgrade. -5.0.5 to master ---------------- +5.0.5 to 5.1.0 and master +------------------------- -New Settings +New settings ^^^^^^^^^^^^ -- The :ref:`setting-proxy-protocol-exceptions` has been added. It allows to exclude specific listen addresses from requiring the Proxy Protocol. +- All settings that can be set in the Lua config now can alternatively be set in YAML. See :doc:`yamlsettings`. +- The :ref:`setting-new-domain-db-snapshot-interval` settings has been introduced to set the interval of NOD DB snapshots taken. +- The :ref:`setting-proxy-protocol-exceptions` setting has been introduced to exempt addresses from using the proxy protocol. +- The :ref:`setting-system-resolver-ttl` setting has been introduced to set the TTL of the system resolver. The system resolver can be used to resolve forwarding names. +- The :ref:`setting-system-resolver-interval` setting has been introduced to set the interval of resolve checks done by the system resolver. +- The :ref:`setting-system-resolver-self-resolve-check` setting has been introduced to disable to discovery of self-resolving configurations. Changed settings ----------------- +^^^^^^^^^^^^^^^^ +- The :ref:`setting-max-qperq` default value has been lowered to 50, and the qname-minimization special case has been removed. - Disabling :ref:`setting-structured-logging` is no longer supported. +- The :ref:`setting-structured-logging-backend` setting has gained the possibility to request JSON formatted output of structured logging information. 5.0.4 to 5.0.5 -------------- @@ -28,14 +35,14 @@ Changed settings 5.0.2 to 5.0.3, 4.9.3 to 4.9.4 and 4.8.6 to 4.8.7 ------------------------------------------------- -Known Issue Solved +Known issue solved ^^^^^^^^^^^^^^^^^^ The DNSSEC validation issue with the :func:`zoneToCache` function has been resolved and workarounds can be removed. 5.0.1 to 5.0.2, 4.9.2 to 4.9.3 and 4.8.5 to 4.8.6 ------------------------------------------------- -Known Issues +Known issues ^^^^^^^^^^^^ The :func:`zoneToCache` function fails to perform DNSSEC validation if the zone has more than :ref:`setting-max-rrsigs-per-record` RRSIG records at its apex. There are two workarounds: either increase the :ref:`setting-max-rrsigs-per-record` to the number of RRSIGs in the zone's apex, or tell :func:`zoneToCache` to skip DNSSEC validation. by adding ``dnssec="ignore"``, e.g.::