From 1c31d54dc7344f8626b330d9038a78062e052135 Mon Sep 17 00:00:00 2001 From: Pieter Lexis Date: Thu, 25 Feb 2016 12:30:57 +0100 Subject: [PATCH] Documentation on Auth 4.0.0 alpha2 --- docs/markdown/changelog.raw.md | 52 +++++++++++++++++++++++++++++++++- docs/secpoll.zone | 5 +++- 2 files changed, 55 insertions(+), 2 deletions(-) diff --git a/docs/markdown/changelog.raw.md b/docs/markdown/changelog.raw.md index 60789d0691..9871703730 100644 --- a/docs/markdown/changelog.raw.md +++ b/docs/markdown/changelog.raw.md @@ -50,12 +50,22 @@ As part of the general cleanup and improvements, we did the following: In addition to this cleanup, 4.0.0 brings the following new features: - A revived ODBC backend ([godbc](authoritative/backend-generic-odbc.md)). +- A revived LDAP backend ([ldap](authoritative/backend-ldap.md)). - Support for [CDS/CDNSKEY](authoritative/howtos.md#cds-cdnskey-key-rollover) and [RFC 7344](https://tools.ietf.org/html/rfc7344) key-rollovers. - Support for the [ALIAS](authoritative/howtos.md#using-alias-records) record. - The webserver and API are no longer marked experimental. + - The API-path has moved to `/api/v1` - DNSUpdate is no longer experimental. - Default ECDSA (algorithms 13 and 14) support without external dependencies. - Experimental support for ed25519 DNSSEC signatures (when compiled with libsodium support). +- Many new `pdnsutil` commands + - `help` command now produces the help + - Warns if the configuration file cannot be read + - Does not check disabled records with `check-zone` unless verbose mode is enabled + - `create-zone` command creates a new zone + - `add-record` command to add records + - `delete-rrset` and `replace-rrset` commands to delete and add rrsets + - `edit-zone` command that spawns `$EDITOR` with the zone contents in zonefile format regardless of the backend used ([blogpost](http://blog.powerdns.com/2016/02/02/powerdns-authoritative-the-new-old-way-to-manage-domains/) The following backend have been dropped in 4.0.0: @@ -67,14 +77,54 @@ Important changes: - `pdnssec` has been renamed to `pdnsutil` - PowerDNS Authoritative Server now listens by default on all IPv6 addresses. - The default for `pdnsutil secure-zone` has been changed from 1 2048 bit RSA KSK and 1 1024 bit RSA ZSK to a single 256 bit ECDSA (algorithm 13, ECDSAP256SHA256) key. +- Several superfluous queries have been dropped from the SQL backend, if you use a non-standard SQL schema, please review the new defaults + - `insert-ent-query`, `insert-empty-non-terminal-query`, `insert-ent-order-query` have been replaced by one query named `insert-empty-non-terminal-order-query` + - `insert-record-order-query` has been dropped, `insert-record-query` now sets the ordername (or NULL) + - `insert-slave-query` has been dropped, `insert-zone-query` now sets the type of zone +- Crypto++ and mbedTLS support is dropped, these are replaced by OpenSSL There are several **known issues** that will be fixed before the final 4.0.0 release: -- CDS/CDNSKEY publishing does not yet work with the new default key-scheme. - Several thrown exceptions are not caught, causing program abortion. Please run inside a supervisor or the guardian and reports these exceptions. +- When using the pipebackend in combination with another backend, a negative answer can lead to wrongly cached information, denying existence of a zone ([#3175](https://github.com/PowerDNS/pdns/issues/3175)) to be continued.... +## PowerDNS Authoritative Server 4.0.0-alpha2 +Released February 25th 2016 + +Notable changes since 4.0.0-alpha1 + +- [#3037](https://github.com/PowerDNS/pdns/pull/3037) Remove superfluous gsql queries and stop relying on schema defaults +- [#3176](https://github.com/PowerDNS/pdns/pull/3176), [#3139](https://github.com/PowerDNS/pdns/pull/3139) OpenSSL support (Christian Hofstaedtler and Kees Monshouwer) +- [#3128](https://github.com/PowerDNS/pdns/pull/3128) ECDSA support to DNSSEC infra via OpenSSL (Kees Monshouwer) +- [#3281](https://github.com/PowerDNS/pdns/pull/3281), [#3283](https://github.com/PowerDNS/pdns/pull/3283), [#3363](https://github.com/PowerDNS/pdns/pull/3363) Remove Crypto++ and mbedTLS support +- [#3298](https://github.com/PowerDNS/pdns/pull/3298) Implement pdnsutil create-zone zone nsname, add-record, delete-rrset, replace-rrset +- [#3407](https://github.com/PowerDNS/pdns/pull/3407) API: Permit wildcard manipulation (Aki Tuomi) +- [#3230](https://github.com/PowerDNS/pdns/pull/3230) API: drop JSONP, add web security headers (Christian Hofstaedtler) +- [#3428](https://github.com/PowerDNS/pdns/pull/3428) API: Fix zone/records design mistake (Christian Hofstaedtler) + - **Note**: this is a breaking change from alpha1, please review the [API documentation](httpapi/api_spec.md) + +### Bug fixes + +- [#3124](https://github.com/PowerDNS/pdns/pull/3124) Fix several bugs with introduced with the change to a single signing key +- [#3151](https://github.com/PowerDNS/pdns/pull/3151) Catch DNSName build errors in dynhandler (Christian Hofstaedtler) +- [#3264](https://github.com/PowerDNS/pdns/pull/3264) GeoIP backend: Use correct id numbers for domains (Aki Tuomi) +- [#3271](https://github.com/PowerDNS/pdns/pull/3271) ZoneParser: Throw PDNSException on too many SOA data elements +- [#3302](https://github.com/PowerDNS/pdns/pull/3302) Fix bindbackend's feedRecord to handle being slave for the root +- [#3399](https://github.com/PowerDNS/pdns/pull/3399) Report OpenSSL RSA keysize in bits (Kees Monshouwer) + +### Improvements + +- [#3119](https://github.com/PowerDNS/pdns/pull/3119) Show DNSSEC keys for slaved zone (Aki Tuomi) +- [#3255](https://github.com/PowerDNS/pdns/pull/3255) Don't log authentication errors before sending HTTP basic auth challenge (Jan Broer) +- [#3338](https://github.com/PowerDNS/pdns/pull/3338) Add weight feature to GeoIP backend (Aki Tuomi) +- [#3364](https://github.com/PowerDNS/pdns/pull/3364) Shrink PacketID by 10% by eliminating padding. (Andrew Nelless) +- [#3443](https://github.com/PowerDNS/pdns/pull/3443) Many speedup and correctness fixes + +## PowerDNS Authoritative Server 4.0.0-alpha1 +Released December 24th 2015 + # PowerDNS Authoritative Server 3.4.8 Released 3rd of February 2016 diff --git a/docs/secpoll.zone b/docs/secpoll.zone index 4a437ec55a..1555368eed 100644 --- a/docs/secpoll.zone +++ b/docs/secpoll.zone @@ -1,4 +1,4 @@ -@ 86400 IN SOA pdns-public-ns1.powerdns.com. pieter\.lexis.powerdns.com. 2016020201 10800 3600 604800 10800 +@ 86400 IN SOA pdns-public-ns1.powerdns.com. pieter\.lexis.powerdns.com. 2016022501 10800 3600 604800 10800 @ 3600 IN NS pdns-public-ns1.powerdns.com. @ 3600 IN NS pdns-public-ns2.powerdns.com. ; Auth @@ -16,9 +16,11 @@ auth-3.4.7.security-status 60 IN TXT "1 OK" auth-3.4.8.security-status 60 IN TXT "1 OK" auth-4.0.0-alpha1.security-status 60 IN TXT "0 Unknown, prerelease" +auth-4.0.0-alpha2.security-status 60 IN TXT "0 Unknown, prerelease" ; Auth Debian auth-4.0.0_alpha1-1.debian.security-status 60 IN TXT "0 Unknown, prerelease" +auth-4.0.0_alpha2-1.debian.security-status 60 IN TXT "0 Unknown, prerelease" auth-3.4.1-2.debian.security-status 60 IN TXT "3 Upgrade now, see https://doc.powerdns.com/md/security/powerdns-advisory-2015-01/ and https://doc.powerdns.com/md/security/powerdns-advisory-2015-02/" auth-3.4.1-3.debian.security-status 60 IN TXT "3 Upgrade now, see https://doc.powerdns.com/md/security/powerdns-advisory-2015-01/ and https://doc.powerdns.com/md/security/powerdns-advisory-2015-02/" @@ -48,6 +50,7 @@ auth-3.4.7-1_bpo8_1.debian.security-status 60 IN TXT "1 OK" ; Auth Ubuntu auth-4.0.0_alpha1-1.ubuntu.security-status 60 IN TXT "0 Unknown, prerelease" +auth-4.0.0_alpha2-1.ubuntu.security-status 60 IN TXT "0 Unknown, prerelease" auth-3.4.1-3.ubuntu.security-status 60 IN TXT "3 Upgrade now, see https://doc.powerdns.com/md/security/powerdns-advisory-2015-01/ and https://doc.powerdns.com/md/security/powerdns-advisory-2015-02/" auth-3.4.1-4.ubuntu.security-status 60 IN TXT "3 Upgrade now, see https://doc.powerdns.com/md/security/powerdns-advisory-2015-01/ and https://doc.powerdns.com/md/security/powerdns-advisory-2015-02/" auth-3.4.5-1.ubuntu.security-status 60 IN TXT "3 Upgrade now, see https://doc.powerdns.com/md/security/powerdns-advisory-2015-02/ and https://doc.powerdns.com/md/security/powerdns-advisory-2015-03" -- 2.47.2