From c63ff464c10a5351aa215da0668568154870aeb8 Mon Sep 17 00:00:00 2001
From: Peter van Dijk <peter.van.dijk@powerdns.com>
Date: Mon, 3 Oct 2022 13:16:49 +0200
Subject: [PATCH] auth-4.7.0-rc1: secpoll&changelog

---
 .github/actions/spell-check/expect.txt |  1 +
 docs/changelog/4.7.rst                 | 61 ++++++++++++++++++++++++++
 docs/secpoll.zone                      |  5 ++-
 3 files changed, 65 insertions(+), 2 deletions(-)

diff --git a/.github/actions/spell-check/expect.txt b/.github/actions/spell-check/expect.txt
index a5285d570a..98f0e13a48 100644
--- a/.github/actions/spell-check/expect.txt
+++ b/.github/actions/spell-check/expect.txt
@@ -819,6 +819,7 @@ keyname
 keypair
 keypairgen
 keyroll
+keyroller
 keysearch
 keysize
 keytab
diff --git a/docs/changelog/4.7.rst b/docs/changelog/4.7.rst
index 3d12eae59f..117aeb54b3 100644
--- a/docs/changelog/4.7.rst
+++ b/docs/changelog/4.7.rst
@@ -1,6 +1,67 @@
 Changelogs for 4.7.x
 ====================
 
+.. changelog::
+  :version: 4.7.0-rc1
+  :released: 3rd of October 2022
+
+  This is the first release candidate for Authoritative Server 4.7.0.
+
+  4.7.0 brings support for :doc:`Catalog Zones <../catalog>`, developed by Kees Monshouwer.
+  As part of that development, the freshness checks in the Primary code were reworked, reducing them from doing potentially thousands of SQL queries (if you have thousands of domains) to only a few.
+  Installations with lots of domains will benefit greatly from this, even without using catalog zones.
+
+  4.7.0 also brings back GSS-TSIG support, previously removed for quality reasons, now reworked with many stability improvements.
+
+  Other things of note:
+
+  * LUA records, when queried over TCP, can now re-use a Lua state, giving a serious performance boost.
+  * lmdbbackend databases now get a UUID assigned, making it easy for external software to spot if a database was completely replaced
+  * lmdbbackend databases now optionally use random IDs for objects
+  * a new LUA function called ``ifurlextup``, and improvements in other LUA record functions
+  * autoprimary management in ``pdnsutil`` and the HTTP API
+  * in beta, a key roller daemon, currently not packaged
+
+  Please make sure to read the :doc:`upgrade notes <../upgrading>` before upgrading.
+
+  Besides that, various other smaller features and improvements have landed - please browse the list below.
+
+  .. change::
+    :tags: 
+    :pullreq: 12043
+
+    AXFR server: abort on chunk with TC set
+
+  .. change::
+    :tags: 
+    :pullreq: 12042
+
+    add keyroller
+
+  .. change::
+    :tags: 
+    :pullreq: 12040
+
+    pdnsutil edit-zone, detect capitalization changes in LUA, TXT and SPF records (Kees Monshouwer)
+
+  .. change::
+    :tags: 
+    :pullreq: 12030
+
+    axfr-retriever: abort on chunk with TC set
+
+  .. change::
+    :tags: 
+    :pullreq: 12029
+
+    clang14 has reached MacOS
+
+  .. change::
+    :tags: 
+    :pullreq: 11972
+
+    docker: upgrade to bullseye
+
 .. changelog::
   :version: 4.7.0-beta2
   :released: 13th of September 2022
diff --git a/docs/secpoll.zone b/docs/secpoll.zone
index 5b8de6354c..77bb267c37 100644
--- a/docs/secpoll.zone
+++ b/docs/secpoll.zone
@@ -1,4 +1,4 @@
-@       86400   IN  SOA pdns-public-ns1.powerdns.com. peter\.van\.dijk.powerdns.com. 2022092301 10800 3600 604800 10800
+@       86400   IN  SOA pdns-public-ns1.powerdns.com. peter\.van\.dijk.powerdns.com. 2022100301 10800 3600 604800 10800
 @       3600    IN  NS  pdns-public-ns1.powerdns.com.
 @       3600    IN  NS  pdns-public-ns2.powerdns.com.
 
@@ -109,7 +109,8 @@ auth-4.6.1.security-status                              60 IN TXT "1 OK"
 auth-4.6.2.security-status                              60 IN TXT "1 OK"
 auth-4.6.3.security-status                              60 IN TXT "1 OK"
 auth-4.7.0-alpha1.security-status                       60 IN TXT "3 Unsupported pre-release (known vulnerabilities)"
-auth-4.7.0-beta2.security-status                        60 IN TXT "1 Unsupported pre-release"
+auth-4.7.0-beta2.security-status                        60 IN TXT "3 Unsupported pre-release"
+auth-4.7.0-rc1.security-status                          60 IN TXT "1 Unsupported pre-release"
 
 ; Auth Debian
 auth-3.4.1-2.debian.security-status                     60 IN TXT "3 Upgrade now, see https://doc.powerdns.com/3/security/powerdns-advisory-2015-01/ and https://doc.powerdns.com/3/security/powerdns-advisory-2015-02/ and https://doc.powerdns.com/3/security/powerdns-advisory-2016-02/ and https://doc.powerdns.com/3/security/powerdns-advisory-2016-03/ and https://doc.powerdns.com/3/security/powerdns-advisory-2016-04/ and https://doc.powerdns.com/3/security/powerdns-advisory-2016-05/"
-- 
2.47.2