* Fri Dec 09 2022 Michael Ströder <michael@stroeder.com>
- Update to 4.7.3
* Improvements
- API: slightly clearer message when a backend cannot create domains PR#12296
* Bug Fixes
- lmdb: make outgoing notifications work PR#12299
- lmdb: implement alsoNotifies PR#12266
- API: do not create SOA and NS records for consumer zones PR#12291
- API: fix newly created zone not rectified PR#12273
- fix invalid catalog zone sql query for gpgsqlbackend PR#12272
- fix pdns_control list-zones PR#12181
* Tue Nov 01 2022 Michael Ströder <michael@stroeder.com>
- Update to 4.7.2
* Un-reverse xfr freshness check PR#12130
* Mon Oct 31 2022 Michael Ströder <michael@stroeder.com>
- Update to 4.7.1
* include auth 4.7 schema upgrade files in tarballs and packages PR#12110
* catalog zones: avoid bulk zone reset while migrating to a catalog PR#12124
* catalog zones: stop wasting options update queries PR#12124
* Thu Oct 20 2022 Michael Ströder <michael@stroeder.com>
- Update to 4.7.0
* LUA records, when queried over TCP, can now re-use a Lua state,
giving a serious performance boost.
* lmdbbackend databases now get a UUID assigned, making it easy for
external software to spot if a database was completely replaced
* lmdbbackend databases now optionally use random IDs for objects
* a new LUA function called ifurlextup, and improvements in other LUA
record functions
* autoprimary management in pdnsutil and the HTTP API
* in beta, a key roller daemon, currently not packaged
* pdnsutil check-zone, skip metadata check for backends without getAllDomainMetadata() PR#12085
* Fix compilation of the event ports multiplexer PR#12069
* Wed Aug 10 2022 Adam Majer <adam.majer@suse.de>
- Use systemd_ordering macro so we can use pdns inside containers
* Wed Jul 13 2022 Michael Ströder <michael@stroeder.com>
- Update to 4.6.3
* fix deleteDomain() in lmdb backend (Kees Monshouwer) PR#11765
* RFC2136: match autosplit TXT correctly PR#11746
* Tue Apr 12 2022 Michael Ströder <michael@stroeder.com>
- Update to 4.6.2
* New Features
- API: fetch individual rrsets
References: pull request 11409
- LUA: add ifurlextup function
References: pull request 11408
* Improvements
- LMDB backports:
+ each LMDB database now gets a UUID
+ lmdbbackend can now (optionally: lmdb-random-ids) use random IDs instead of incremental IDs for objects
+ LMDB map size is now configurable (lmdb-map-size)
+ one uninitialised memory issue that was fixed
References: pull request 11406
* Bug Fixes
- fix proxy protocol query statistics and add more detailed latency metrics
References: pull request 11407
* Mon Mar 28 2022 Adam Majer <adam.majer@suse.de>
- Fix build for SLE12
- Remove dependency on protobuf since pdns now includes protozero
- Add bundled provides to spec file
Version: 4.6.1-bp154.1.33
* Tue Jan 25 2022 Michael Ströder <michael@stroeder.com>
- Removed random from --with-dynmodules= because randombackend was removed
- Update to 4.6.0
* New Features
- support for incoming PROXY headers
- support for EDNS cookies
- autoprimary management via pdnsutil and the API
* Improvements
- add zone removal to the zone cache (Kees Monshouwer)
- docker images: Remove capability requirements
* Bug Fixes
- pdnsutil edit-zone: fix n and e behaviour on increase-serial prompt
- lmdb: check if the lookup name is part of the zone (Kees Monshouwer)
- lmdb: fix records removal in deleteDomain(); improve tcp exception handling
* Fri Jan 21 2022 Michael Ströder <michael@stroeder.com>
- Update to 4.5.3
* Improvements
- 2136: improve some log messages
* Bug Fixes
- lmdb, check if the lookup name is part of the zone
- pdnsutil edit-zone: fix n and e behaviour on increase-serial prompt
- improve tcp exception handling
- lmdb: fix records removal in deleteDomain()
- 2136: apply new TTL to whole RRset, not only to the added record
* Wed Nov 10 2021 Michael Ströder <michael@stroeder.com>
- Update to 4.5.2 with bug fixes:
* bindbackend: skip rejected zones during list and search PR#10968
* make the zone cache more robust for bad data and save some SOA queries for DNSSEC zones PR#10964
* api, check SOA location PR#10962
* improve dnsname exception handling for SOA records PR#10952
* improve SOA parse exception handling PR#10792
* try to reload rejected zones in bind-backend once every bind-check-interval PR#10778
* Mon Jul 26 2021 Adam Majer <adam.majer@suse.de>
- Update to 4.5.1
* Fixes a remote DoS when server receives query with QTYPE 65535
(bsc#1188495, CVE-2021-36754)
- update keyring file
- no longer builds on 32-bit arches (since 4.5.0 release)
* Tue Jul 13 2021 Michael Ströder <michael@stroeder.com>
- Update to 4.5.0
* With version 4.5.0, support for platforms with a time_t type smaller
than 64 bits is dropped.
* The ‘zone cache’, which allows PowerDNS to keep a list of zones in
memory, updated periodically.
* Priority ordering in the AXFR queue in PowerDNS running as a secondary.
* Small improvements and fixes.
* Mon Feb 08 2021 Michael Ströder <michael@stroeder.com>
- Update to 4.4.1
* Improvements
- debian packaging update #9965
- dockerfiles: do not claim equivs-dummy is built from the pdns source package #9953
- Fix missing #include for gcc-11#9952
- lmdb: Do a mdb_readers_check to clean up stale readers on database load #9946
* Bug Fixes
- fix TCP answer counters #10008
- run deleteDomain() inside a transaction #10039
- lmdb: do not reuse backend that has seen corrupted data #9985
- lmdb: serialise LMDBBackend construction to ensure only a single schema upgrade is attempted #9949
- backport some asan/ubsan fixes #9923
- pdnsutil edit-zone: do not exit on ZoneParser exception #9912
* Fri Dec 18 2020 Michael Ströder <michael@stroeder.com>
- Update to 4.4.0
* the LMDB backend now supports long record content, making it
production ready for everybody
* the SVCB and HTTPS record types are supported, with limited
additional processing
* transaction handling in the 2136 handler and the HTTP API was again
improved a lot, avoiding various spurious issues users may have noticed
if they do a lot of changes
* a new setting (consistent-backends) offers a roughly 30% speedup,
subject to conditions
* we finally emit Prometheus metrics!
- 9070.patch: upstreamed and removed
* Mon Dec 07 2020 Adam Majer <adam.majer@suse.de>
- Drop GSS-TSIG support in the spec file as it's a removed from the
upcoming 4.4.0 version due to security issues and lack of testing
https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2020-06.html
Version: 4.6.1-2.1
* Mon Mar 28 2022 adam.majer@suse.de
- Fix build for SLE12
- Remove dependency on protobuf since pdns now includes protozero
- Add bundled provides to spec file
* Fri Mar 25 2022 adam.majer@suse.de
- Update to 4.6.1
* fixes incomplete validation of incoming IXFR transfer for
secondary zones for which IXFR transfers have been enabled and
the network path to the primary server is not trusted. Note that
IXFR transfers are not enabled by default.
(CVE-2022-27227, bsc#1197525)
* Tue Jan 25 2022 michael@stroeder.com
- Removed random from --with-dynmodules= because randombackend was removed
- Update to 4.6.0
* New Features
- support for incoming PROXY headers
- support for EDNS cookies
- autoprimary management via pdnsutil and the API
* Improvements
- add zone removal to the zone cache (Kees Monshouwer)
- docker images: Remove capability requirements
* Bug Fixes
- pdnsutil edit-zone: fix n and e behaviour on increase-serial prompt
- lmdb: check if the lookup name is part of the zone (Kees Monshouwer)
- lmdb: fix records removal in deleteDomain(); improve tcp exception handling
* Fri Jan 21 2022 michael@stroeder.com
- Update to 4.5.3
* Improvements
- 2136: improve some log messages
* Bug Fixes
- lmdb, check if the lookup name is part of the zone
- pdnsutil edit-zone: fix n and e behaviour on increase-serial prompt
- improve tcp exception handling
- lmdb: fix records removal in deleteDomain()
- 2136: apply new TTL to whole RRset, not only to the added record
* Wed Nov 10 2021 michael@stroeder.com
- Update to 4.5.2 with bug fixes:
* bindbackend: skip rejected zones during list and search PR#10968
* make the zone cache more robust for bad data and save some SOA queries for DNSSEC zones PR#10964
* api, check SOA location PR#10962
* improve dnsname exception handling for SOA records PR#10952
* improve SOA parse exception handling PR#10792
* try to reload rejected zones in bind-backend once every bind-check-interval PR#10778
* Mon Jul 26 2021 adam.majer@suse.de
- Update to 4.5.1
* Fixes a remote DoS when server receives query with QTYPE 65535
(bsc#1188495, CVE-2021-36754)
- update keyring file
- no longer builds on 32-bit arches (since 4.5.0 release)
* Tue Jul 13 2021 michael@stroeder.com
- Update to 4.5.0
* With version 4.5.0, support for platforms with a time_t type smaller
than 64 bits is dropped.
* The ?zone cache?, which allows PowerDNS to keep a list of zones in
memory, updated periodically.
* Priority ordering in the AXFR queue in PowerDNS running as a secondary.
* Small improvements and fixes.
* Mon Feb 08 2021 michael@stroeder.com
- Update to 4.4.1
* Improvements
- debian packaging update #9965
- dockerfiles: do not claim equivs-dummy is built from the pdns source package #9953
- Fix missing #include for gcc-11#9952
- lmdb: Do a mdb_readers_check to clean up stale readers on database load #9946
* Bug Fixes
- fix TCP answer counters #10008
- run deleteDomain() inside a transaction #10039
- lmdb: do not reuse backend that has seen corrupted data #9985
- lmdb: serialise LMDBBackend construction to ensure only a single schema upgrade is attempted #9949
- backport some asan/ubsan fixes #9923
- pdnsutil edit-zone: do not exit on ZoneParser exception #9912
* Fri Dec 18 2020 michael@stroeder.com
- Update to 4.4.0
* the LMDB backend now supports long record content, making it
production ready for everybody
* the SVCB and HTTPS record types are supported, with limited
additional processing
* transaction handling in the 2136 handler and the HTTP API was again
improved a lot, avoiding various spurious issues users may have noticed
if they do a lot of changes
* a new setting (consistent-backends) offers a roughly 30% speedup,
subject to conditions
* we finally emit Prometheus metrics!
- 9070.patch: upstreamed and removed
* Mon Dec 07 2020 adam.majer@suse.de
- Drop GSS-TSIG support in the spec file as it's a removed from the
upcoming 4.4.0 version due to security issues and lack of testing
https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2020-06.html
* Tue Sep 22 2020 michael@stroeder.com
- Update to 4.3.1 especially a security fix for
PowerDNS Security Advisory 2020-05 (CVE-2020-17482, bsc#1176535)
Other improvements and bug fixes include,
* gpgsql: Reintroduce prepared statements
* Handle the extra single-row result set of MySQL stored procedures
* Raise an exception on invalid hex content in unknown records
For details, see
https://doc.powerdns.com/authoritative/changelog/4.3.html#change-4.3.1
* Mon Sep 14 2020 adam.majer@suse.de
- 9070.patch: backport compilation fix vs. latest Boost 1.74
based on https://github.com/PowerDNS/pdns/pull/9070 (bsc#1176312)
* Tue Apr 07 2020 mrueckert@suse.de
- Update to 4.3.0:
A lot of internals have been reworked, with some visible changes
for users. If you read the upgrade notes for a beta or RC, please
read them again!
A notable new feature in 4.3 is support for hiding DNSSEC keys,
which makes it possible to do algorithm rollovers. This feature
was contributed by Robin Geuze of TransIP, thanks! Another
interesting new feature is support for automatically publishing
CDS/CDNSKEY records with a single pdns.conf setting.
Please note that 4.3.0 comes with a mandatory database schema
upgrade.
https://doc.powerdns.com/authoritative/upgrading.html#x-to-4-3-0
- refreshed patch pdns-4.0.3_allow_dacoverride_in_capset.patch
- dropped subpackages for mydns and opendbx
- change run directory from /var/run/ to /run/
- pdns-backend-lua now has the lua2 backend
* Sun Apr 05 2020 mrueckert@suse.de
- guard ixfrdist support so it is only enabled on the distros that
have the dependencies
* Sun Apr 05 2020 mrueckert@suse.de
- add ixfrdist to the systemd macros
- add instantiated services to the systemd macros
* Sun Apr 05 2020 mrueckert@suse.de
- enable ixfrdist
- enable lmdb support on Tumbleweed
- new BR for libboost_serialization-devel and lmdb-devel
- fix configure option for libsodium
* Thu Mar 05 2020 vcizek@suse.com
- Build with libmaxminddb instead of the obsolete GeoIP (bsc#1156196)
* Mon Dec 02 2019 adam.majer@suse.de
- Update to 4.2.1:
New features
* Add SLAVE-RENOTIFY zone metadata support
* Add configurable timeout for inbound
* for gmysql backend, add an option to send the SSL capability flag
Improvements
* Register a few known RR types
* bindbackend: use metadata for also-notifies as well
* pdnsutil increase-serial: under SOA-EDIT=INCEPTION-EPOCH,
bump as if it is EPOCH
* API: optionally do not return dnssec info in domain list
Bug Fixes
* LUA view: do not crash on empty IP list
* API: Accept headers without spaces
* Avoid database state-related SERVFAILs after a LUA error
* Fix broken edit-zone and other features with the LMDB backend
* rfc2136, pdnsutil: somewhat improve duplicate record handling
* Fri Aug 30 2019 michael@stroeder.com
- Update to 4.2.0:
- New features:
* Lua records
* ixfrdist
* a new LMDB backend
- Important functional changes:
* the default UDP response size limit has been changed from 1680 to 1232
* the autoserial feature has been removed
- pdns-4.0.3_allow_dacoverride_in_capset.patch: refreshed
* Thu Aug 08 2019 michael@stroeder.com
- Update to 4.1.13:
* #8157: gpgsqlbackend: add missing schema file to Makefile
* #8162: stop using select() in places where FDs can be >1023
Version: 4.3.0-bp152.1.2
* Tue Apr 07 2020 Marcus Rueckert <mrueckert@suse.de>
- Update to 4.3.0:
A lot of internals have been reworked, with some visible changes
for users. If you read the upgrade notes for a beta or RC, please
read them again!
A notable new feature in 4.3 is support for hiding DNSSEC keys,
which makes it possible to do algorithm rollovers. This feature
was contributed by Robin Geuze of TransIP, thanks! Another
interesting new feature is support for automatically publishing
CDS/CDNSKEY records with a single pdns.conf setting.
Please note that 4.3.0 comes with a mandatory database schema
upgrade.
https://doc.powerdns.com/authoritative/upgrading.html#x-to-4-3-0
- refreshed patch pdns-4.0.3_allow_dacoverride_in_capset.patch
- dropped subpackages for mydns and opendbx
- change run directory from /var/run/ to /run/
- pdns-backend-lua now has the lua2 backend
* Sun Apr 05 2020 Marcus Rueckert <mrueckert@suse.de>
- guard ixfrdist support so it is only enabled on the distros that
have the dependencies
* Sun Apr 05 2020 Marcus Rueckert <mrueckert@suse.de>
- add ixfrdist to the systemd macros
- add instantiated services to the systemd macros
* Sun Apr 05 2020 Marcus Rueckert <mrueckert@suse.de>
- enable ixfrdist
- enable lmdb support on Tumbleweed
- new BR for libboost_serialization-devel and lmdb-devel
- fix configure option for libsodium
* Mon Dec 02 2019 Adam Majer <adam.majer@suse.de>
- Update to 4.2.1:
New features
* Add SLAVE-RENOTIFY zone metadata support
* Add configurable timeout for inbound
* for gmysql backend, add an option to send the SSL capability flag
Improvements
* Register a few known RR types
* bindbackend: use metadata for also-notifies as well
* pdnsutil increase-serial: under SOA-EDIT=INCEPTION-EPOCH,
bump as if it is EPOCH
* API: optionally do not return dnssec info in domain list
Bug Fixes
* LUA view: do not crash on empty IP list
* API: Accept headers without spaces
* Avoid database state-related SERVFAILs after a LUA error
* Fix broken edit-zone and other features with the LMDB backend
* rfc2136, pdnsutil: somewhat improve duplicate record handling
* Fri Aug 30 2019 Michael Ströder <michael@stroeder.com>
- Update to 4.2.0:
- New features:
* Lua records
* ixfrdist
* a new LMDB backend
- Important functional changes:
* the default UDP response size limit has been changed from 1680 to 1232
* the autoserial feature has been removed
- pdns-4.0.3_allow_dacoverride_in_capset.patch: refreshed
* Thu Aug 08 2019 Michael Ströder <michael@stroeder.com>
- Update to 4.1.13:
* #8157: gpgsqlbackend: add missing schema file to Makefile
* #8162: stop using select() in places where FDs can be >1023
* Thu Aug 01 2019 Adam Majer <adam.majer@suse.de>
- Update to 4.1.11:
* update postgresql schema to address a possible denial of service
by an authorized user by inserting a crafted record in a MASTER
type zone under their control. (bsc#1142810, CVE-2019-10203)
To fix the issue, run the following command against your PostgreSQL
pdns database:
ALTER TABLE domains ALTER notified_serial TYPE bigint
USING CASE WHEN notified_serial >= 0
THEN notified_serial::bigint END;
- spec file simplifications and cleanup
* Fri Jun 21 2019 Michael Ströder <michael@stroeder.com>
- Update to 4.1.10 with security fixes:
* fixes a denial of service but when authorized user to cause
the server to exit by inserting a crafted record in a MASTER
type zone under their control. (bsc#1138582, CVE-2019-10162)
* fixes a denial of service of slave server when an authorized
master server sends large number of NOTIFY messages
(bsc#1138582, CVE-2019-10163)
* Tue Jun 18 2019 Michael Ströder <michael@stroeder.com>
- Update to 4.1.9
* #7922: by popular demand, the option to disable superslave support
has been backported from 4.2.0 to 4.1.9
* #7921: `pdnsutil b2b-migrate` would lose NSEC3 settings.
This has been corrected now.
Version: 4.1.8-bp151.1.4
* Fri Mar 22 2019 Michael Ströder <michael@stroeder.com>
- Update to 4.1.8
* #7604: Correctly interpret an empty AXFR response to an IXFR query,
* #7610: Fix replying from ANY address for non-standard port,
* #7609: Fix rectify for ENT records in narrow zones,
* #7607: Do not compress the root,
* #7608: Fix dot stripping in `setcontent()`,
* #7605: Fix invalid SOA record in MySQL which prevented the authoritative server from starting,
* #7603: Prevent leak of file descriptor if running out of ports for incoming AXFR,
* #7602: Fix API search failed with ?Commands out of sync; you can?t run this command now?,
* #7509: Plug `mysql_thread_init` memory leak,
* #7567: EL6: fix `CXXFLAGS` to build with compiler optimizations.
* Mon Mar 18 2019 Michael Ströder <michael@stroeder.com>
- Update to 4.1.7 with a security fix:
* Insufficient validation in the HTTP remote backend
(bsc#1129734, CVE-2019-3871)
* Mon Mar 18 2019 Michael Ströder <michael@stroeder.com>
- Update to 4.1.6
* Prevent more than one CNAME/SOA record in the same RRset
* Wed Mar 13 2019 Dirk Mueller <dmueller@suse.com>
- adjust buildrequires for mariadb 10.2.x on SLES
* Wed Nov 07 2018 Michael Ströder <michael@stroeder.com>
- Update to 4.1.5
* Improvements
- Apply alias scopemask after chasing
- Release memory in case of error in the openssl ecdsa constructor
- Switch to devtoolset 7 for el6
* Bug Fixes
- Crafted zone record can cause a denial of service
(bsc#1114157, CVE-2018-10851)
- Packet cache pollution via crafted query
(bsc#1114169, CVE-2018-14626)
- Fix compilation with libressl 2.7.0+
- Actually truncate truncated responses
Version: 4.1.5-14.1
* Wed Nov 07 2018 michael@stroeder.com
- Update to 4.1.5
* Improvements
- Apply alias scopemask after chasing
- Release memory in case of error in the openssl ecdsa constructor
- Switch to devtoolset 7 for el6
* Bug Fixes
- Crafted zone record can cause a denial of service
(bsc#1114157, CVE-2018-10851)
- Packet cache pollution via crafted query
(bsc#1114169, CVE-2018-14626)
- Fix compilation with libressl 2.7.0+
- Actually truncate truncated responses
* Wed Aug 29 2018 amajer@suse.com
- Update to 4.1.4
- Improvements
* #6590: Fix warnings reported by gcc 8.1.0.
* #6632, #6844, #6842, #6848: Make the gmysql backend future-proof
* #6685, #6686: Initialize some missed qtypes.
- Bug Fixes
* #6780: Avoid concurrent records/comments iteration from
running out of sync.
* #6816: Fix a crash in the API when adding records.
* #4457, #6691: pdns_control notify: handle slave without
renotify properly.
* #6736, #6738: Reset the TSIG state between queries.
* #6857: Remove SOA-check backoff on incoming notify and fix
lock handling.
* #6858: Fix an issue where updating a record via DNS-UPDATE in
a child zone that also exists in the parent zone, we would
incorrectly apply the update to the parent zone.
* #6676, #6677: Geoipbackend: check geoip_id_by_addr_gl and
geoip_id_by_addr_v6_gl return value. (Aki Tuomi)
* Thu May 24 2018 michael@stroeder.com
- Use HTTPS links in .spec file like mentioned in PowerDNS announcements
- removed obsolete 6370.patch
- Update to 4.1.3
- Improvements
* #6239, #6559: pdnsutil: use new domain in b2bmigrate (Aki Tuomi)
* #6130: Update copyright years to 2018 (Matt Nordhoff)
* #6312, #6545: Lower ?packet too short? loglevel
- Bug Fixes
* #6441, #6614: Restrict creation of OPT and TSIG RRsets
* #6228, #6370: Fix handling of user-defined axfr filters return values
* #6584, #6585, #6608: Prevent the GeoIP backend from copying
NetMaskTrees around, fixes slow-downs in certain configurations
(Aki Tuomi)
* #6654, #6659: Ensure alias answers over TCP have correct name
Version: 4.1.11-20.1
* Thu Aug 01 2019 adam.majer@suse.de
- Update to 4.1.11:
* update postgresql schema to address a possible denial of service
by an authorized user by inserting a crafted record in a MASTER
type zone under their control. (bsc#1142810, CVE-2019-10203)
To fix the issue, run the following command against your PostgreSQL
pdns database:
ALTER TABLE domains ALTER notified_serial TYPE bigint
USING CASE WHEN notified_serial >= 0
THEN notified_serial::bigint END;
- spec file simplifications and cleanup
* Fri Jun 21 2019 michael@stroeder.com
- Update to 4.1.10 with security fixes:
* fixes a denial of service but when authorized user to cause
the server to exit by inserting a crafted record in a MASTER
type zone under their control. (bsc#1138582, CVE-2019-10162)
* fixes a denial of service of slave server when an authorized
master server sends large number of NOTIFY messages
(bsc#1138582, CVE-2019-10163)
* Tue Jun 18 2019 michael@stroeder.com
- Update to 4.1.9
* #7922: by popular demand, the option to disable superslave support
has been backported from 4.2.0 to 4.1.9
* #7921: `pdnsutil b2b-migrate` would lose NSEC3 settings.
This has been corrected now.
* Fri Mar 22 2019 michael@stroeder.com
- Update to 4.1.8
* #7604: Correctly interpret an empty AXFR response to an IXFR query,
* #7610: Fix replying from ANY address for non-standard port,
* #7609: Fix rectify for ENT records in narrow zones,
* #7607: Do not compress the root,
* #7608: Fix dot stripping in `setcontent()`,
* #7605: Fix invalid SOA record in MySQL which prevented the authoritative server from starting,
* #7603: Prevent leak of file descriptor if running out of ports for incoming AXFR,
* #7602: Fix API search failed with ?Commands out of sync; you can?t run this command now?,
* #7509: Plug `mysql_thread_init` memory leak,
* #7567: EL6: fix `CXXFLAGS` to build with compiler optimizations.
Version: 4.1.0-2.1
* Thu Nov 30 2017 adam.majer@suse.de
- Update to version 4.1.0:
+ Recursor passthrough removal. Migration plans for users of
recursor passthrough are in documentation and available at,
https://doc.powerdns.com/authoritative/guides/recursion.html
+ Improved performance: 4x speedup in some scenarios
+ Crypto API: DNSSEC fully configurable via RESTful API
+ Database: enhanced reconnection logic solving problems
associated with idle disonnection from database servers.
+ Documentation improvements
+ Support for TCP Fast Open
+ Removed deprecated SOA-EDIT values: INCEPTION and INCEPTION-WEEK
- pkgconfig(krb5) is now always required for building LDAP backend
- pdns-4.0.4_mysql-schema-mariadb.patch: removed, upstreamed
* Mon Nov 27 2017 mrueckert@suse.de
- package schema files in ldap subpackage
* Mon Nov 27 2017 adam.majer@suse.de
- Update to version 4.0.5:
+ fixes CVE-2017-15091: Missing check on API operations
+ Bindbackend: do not corrupt data supplied by other backends in
getAllDomains
+ For create-slave-zone, actually add all slaves, and not only
first n times
+ Check return value for all getTSIGKey calls.
+ Publish inactive KSK/CSK as CDNSKEY/CDS
+ Treat requestor?s payload size lower than 512 as equal to 512
+ Correctly purge entries from the caches after a transfer
+ LuaWrapper: Allow embedded NULs in strings received from Lua
+ Stubresolver: Use only recursor setting if given
+ mydnsbackend: Add getAllDomains
+ LuaJIT 2.1: Lua fallback functionality no longer uses Lua namespace
+ gpgsql: make statement names actually unique
+ API: prevent sending nameservers list and zone-level NS in rrsets
* Tue Oct 31 2017 jengelh@inai.de
- Ensure descriptions are neutral. Remove ineffective --with-pic.
- Do not ignore errors from useradd.
- Trim idempotent %if..%endif around %package.
* Thu Oct 19 2017 adam.majer@suse.de
- Added pdns.keyring linked from https://dnsdist.org/install.html
* Fri Sep 29 2017 vcizek@suse.com
- Don't BuildRequire Botan 1.x which will be dropped (bsc#1055322)
* upstream support for Botan was dropped in favor of OpenSSL, see
https://blog.powerdns.com/2016/07/11/powerdns-authoritative-server-4-0-0-released
* Sun Jul 30 2017 wr@rosenauer.org
- This makes the schema fit storage requirements of various
mysql/mariadb versions. pdns-4.0.4_mysql-schema-mariadb.patch
- preset uid and gid in configuration
* Fri Jun 23 2017 michael@stroeder.com
- fixed use of pdns_protobuf
* Fri Jun 23 2017 michael@stroeder.com
- fixed use of pdns_protobuf
* Fri Mar 31 2017 mrueckert@suse.de
- added pdns-4.0.3_allow_dacoverride_in_capset.patch:
Adding CAP_DAC_OVERRIDE to fix startup problems with sqlite3
backend
* Thu Feb 02 2017 adam.majer@suse.de
- use individual libboost-*-devel packages instead of boost-devel
* Tue Jan 17 2017 michael@stroeder.com
- update to 4.0.3 which obsoletes b854d9f.diff
* Fri Jan 13 2017 adam.majer@suse.de
- b854d9f.diff: revert upstream change that caused a regression
with multiple-backends
* Fri Jan 13 2017 adam.majer@suse.de
- b854d9f.diff: revert upstream change that caused a regression
with multiple-backends
* Mon Dec 12 2016 dimstar@opensuse.org
- BuildRequire pkgconfig(libsystemd) instead of
pkgconfig(libsystemd-daemon): these libs were merged in systemd
209 times. The build system is capable of finding either one.
* Sat Jul 30 2016 michael@stroeder.com
- update to 4.0.1
Bug fixes
- #4126 Wait for the connection to the carbon server to be established
- #4206 Don't try to deallocate empty PG statements
- #4245 Send the correct response when queried for an NSEC directly (Kees Monshouwer)
- #4252 Don't include bind files if length <= 2 or > sizeof(filename)
- #4255 Catch runtime_error when parsing a broken MNAME
Improvements
- #4044 Make DNSPacket return a ComboAddress for local and remote (Aki Tuomi)
- #4056 OpenSSL 1.1.0 support (Christian Hofstaedtler)
- #4169 Fix typos in a logmessage and exception (Christian Hofsteadtler)
- #4183 pdnsutil: Remove checking of ctime and always diff the changes (Hannu Ylitalo)
- #4192 dnsreplay: Only add Client Subnet stamp when asked
- #4250 Use toLogString() for ringAccount (Kees Monshouwer)
Additions
- #4133 Add limits to the size of received {A,I}XFR (CVE-2016-6172)
- #4142 Add used filedescriptor statistic (Kees Monshouwer)
* Mon Jul 11 2016 mrueckert@suse.de
- update to 4.0.0
https://blog.powerdns.com/2016/07/11/powerdns-authoritative-server-4-0-0-released/
https://blog.powerdns.com/2016/07/11/welcome-to-powerdns-4-0-0/
- packaging changes:
- remotebackend split out now
- enabled experimental_gss_tsig support
- enabled protobuf based stats support
- no more xdb and lmdb backend
- added odbc backend where supported
- drop pdns-3.4.0-no_date_time.patch: replaced with
- -enable-reproducible
* Sun May 29 2016 michael@stroeder.com
- update to 3.4.9
* use OpenSSL for ECDSA signing where available
* allow common signing key
* Add a disable-syslog setting
* fix SOA caching with multiple backends
* whitespace-related zone parsing fixes [ticket #3568]
* bindbackend: fix, set domain in list()
* Wed Feb 03 2016 michael@stroeder.com
- update to 3.4.8
* Use AC_SEARCH_LIBS (Ruben Kerkhof)
* Check for inet_aton in libresolv (Ruben Kerkhof)
* Remove hardcoded -lresolv, -lnsl and -lsocket (Ruben Kerkhof)
* pdnssec: don't check disabled records (Pieter Lexis)
* pdnssec: check all records (including disabled ones)
only in verbose mode (Kees Monshouwer)
* traling dot in DNAME content (Kees Monshouwer)
* Fix luabackend compilation on FreeBSD i386 (RvdE)
* silence g++ 6.0 warnings and error (Kees Monshouwer)
* add gcc 5.3 and 6.0 support to boost.m4 (Kees Monshouwer)
* Tue Nov 03 2015 michael@stroeder.com
- update to 3.4.7
Bug fixes:
* Ignore invalid/empty TKEY and TSIG records (Christian Hofstaedtler)
* Don't reply to truncated queries (Christian Hofstaedtler)
* don't log out-of-zone ents during AXFR in (Kees Monshouwer)
* Prevent XSS by escaping user input. Thanks to Pierre Jaury and Damien
Cauquil at Sysdream for pointing this out.
* Handle NULL and boolean properly in gPGSql (Aki Tuomi)
* Improve negative caching (Kees Monshouwer)
* Do not divide timeout twice (Aki Tuomi)
* Correctly sort records with a priority.
Improvements:
* Direct query answers and correct zone-rectification in the GeoIP
backend (Aki Tuomi)
* Use token names to identify PKCS#11 keys (Aki Tuomi)
* Fix typo in an error message (Arjen Zonneveld)
* limit NSEC3 iterations in bindbackend (Kees Monshouwer)
* Initialize minbody (Aki Tuomi)
New features:
* OPENPGPKEY record-type (James Cloos and Kees Monshouwer)
* add global soa-edit settings (Kees Monshouwer)