Changelogs for 4.2.x
====================

.. changelog::
  :version: 4.2.3
  :released: September 2nd 2020

  This release contains the fix for :doc:`PowerDNS Security Advisory 2020-05 <../security-advisories/powerdns-advisory-2020-05>` (CVE-2020-17482)

  .. change::
    :tags: Bug Fixes
    :pullreq: 9499

    Raise an exception on invalid hex content in unknown records.

  .. change::
    :tags: Bug Fixes
    :pullreq: 9191
    :tickets: 9181

    mydns: add SOA to list() output

.. changelog::
  :version: 4.2.2
  :released: 9th of April 2020

  .. change::
    :tags: Bug Fixes
    :pullreq: 9010

    fix records ending up in wrong packet section (Kees Monshouwer)

  .. change::
    :tags: Improvements
    :pullreq: 9003, 8736

    cache: strictly enforce maximum size, and improve cleanup routine

  .. change::
    :tags: Bug Fixes
    :pullreq: 9001

    avoid IXFR-in corruption when deltas come in close together (please see the :ref:`ixfr-in-corruption-4.2.2` upgrade notes)

  .. change::
    :tags: New Features
    :pullreq: 8786

    api: add includerings option to statistics endpoint

  .. change::
    :tags: Bug Fixes
    :pullreq: 8612

    fix out-of-bound access for zero length "serialized" string when using lmdbbackend. (Kees Monshouwer)

  .. change::
    :tags: Bug Fixes
    :pullreq: 8602

    bind backend: pthread_mutex_t should be inited and destroyed and not be copied

.. changelog::
  :version: 4.2.1
  :released: 2nd of December 2019

  This release fixes several bugs and makes a few features more robust or intuitive. It also contains a few performance improvements for API users.

  .. change::
    :tags: Bug Fixes
    :pullreq: 8589
    :tickets: 8572

    LUA view: do not crash on empty IP list

  .. change::
    :tags: Bug Fixes
    :pullreq: 8576

    API: Accept headers without spaces

  .. change::
    :tags: Bug Fixes
    :pullreq: 8570
    :tickets: 8299

    Avoid database state-related SERVFAILs after a LUA error

  .. change::
    :tags: Bug Fixes, Improvements, LMDB
    :pullreq: 8568
    :tickets: 8134

    Just before 4.2.0, some SQL-related fixes broke edit-zone and other features with the LMDB backend. This has been fixed now. (backport by Kees Monshouwer)

  .. change::
    :tags: Performance, Improvements
    :pullreq: 8457

    API: reduce number of database connections (Kees Monshouwer)

  .. change::
    :tags: Bug Fixes
    :pullreq: 8497

    Clear the caches for the entire zone after a patch operation (was apex only).
    The default default-api-rectify setting was ignored in patchZone(), rectify only took place when the API-RECTIFY metadata was set to "1".
    (Kees Monshouwer)

  .. change::
    :tags: Improvements
    :pullreq: 8546

    Register a few known RR types and remove an unknown one

  .. change::
    :tags: New Features, Improvements
    :pullreq: 8549

    Add SLAVE-RENOTIFY zone metadata support (Matti Hiljanen)

  .. change::
    :tags: Bug Fixes
    :pullreq: 8507
    :tickets: 8217

    rfc2136, pdnsutil: somewhat improve duplicate record handling

  .. change::
    :tags: Improvements
    :pullreq: 8548

    bindbackend: use metadata for also-notifies as well (Matti Hiljanen)

  .. change::
    :tags: Improvements
    :pullreq: 8508
    :tickets: 8218

    pdnsutil increase-serial: under SOA-EDIT=INCEPTION-EPOCH, bump as if it is EPOCH

  .. change::
    :tags: New Features, Improvements
    :pullreq: 8547

    Add configurable timeout for inbound AXFR (Matti Hiljanen)

  .. change::
    :tags: Performance, Improvements
    :pullreq: 8541

    API: optionally do not return dnssec info in domain list (Chris Hofstaedtler)

  .. change::
    :tags: Improvements
    :pullreq: 8454

    Basic validation of $GENERATE parameters

  .. change::
    :tags: New Features, Improvements
    :pullreq: 8428

    Add CentOS 8 as builder target

  .. change::
    :tags: New Features, Improvements
    :pullreq: 8341

    gmysql backend, add an option to send the SSL capability flag

.. changelog::
  :version: 4.2.0
  :released: 30th of August 2019

  Compared to the last release candidate, one more bug has been fixed.

  The LMDB backend is incomplete in this version. Slaving zones works, loading zones with pdnsutil works, but more fine-grained edits (using edit-zone, or the REST API) fail. We hope to fix this soon in a 4.2.x release.

  For an overview of features new since 4.1.x, please see `the 4.2.0 announcement blog post <http://blog.powerdns.com/2019/08/29/powerdns-authoritative-server-4-2-0/>`__.

  .. change::
    :tags: Bug Fixes
    :pullreq: 8229

    bind getAllDomains: ignore per-zone exceptions

.. changelog::
  :version: 4.2.0-rc3
  :released: 29th of July 2019

  Thanks to an overwhelming amount of testing by our fabulous user community, this release candidate contains a ton of bug fixes (and a few improvements) compared to the previous one. We hope this has shaken out all of the important bugs, so that we can release 4.2.0 soon!

  This release, sadly, cripples the LMDB backend somewhat, due to `transaction-related fixes for the SQL backends <https://github.com/PowerDNS/pdns/pull/7891>`__. We hope to fix `this issue <https://github.com/PowerDNS/pdns/issues/8134>`__ before 4.2.0, or otherwise, early in 4.2.x.

  .. change::
    :tags: Bug Fixes
    :pullreq: 8168

    packethandler: Compare TSIG key name using DNSName

  .. change::
    :tags: Improvements
    :pullreq: 8172, 8173

    boost.m4 improvements

  .. change::
    :tags: Bug Fixes
    :pullreq: 8169

    Make sure we always compile with BOOST_CB_ENABLE_DEBUG set to 0

  .. change::
    :tags: Bug Fixes
    :pullreq: 8058

    Fix SERVFAIL when backend returns empty DNSName

  .. change::
    :tags: Improvements
    :pullreq: 8126

    add metric for open TCP connections

  .. change::
    :tags: Bug Fixes
    :pullreq: 8149

    stop using select() in places where FDs can be >1023

  .. change::
    :tags: Bug Fixes
    :pullreq: 8166

    pdnsutil increase-serial: set right ordername

  .. change::
    :tags: Bug Fixes
    :pullreq: 8097

    use BIGINT for notified_serial in pg schema (Klaus Darilion)

  .. change::
    :tags: Improvements, Robustness, Performance
    :pullreq: 8092

    Various robustness and performance improvements around domain IDs (Kees Monshouwer)

  .. change::
    :tags: Bug Fixes
    :pullreq: 8056

    Fix the accounting of servfail-queries in the distributor

  .. change::
    :tags: Improvements, Build
    :pullreq: 8064

    remove unused import to enable compile on illumos (Thomas Mieslinger)

  .. change::
    :tags: Improvements, Performance
    :pullreq: 8051

    ixfrdist: limit XFR chunk size to 16k

  .. change::
    :tags: Bug Fixes
    :pullreq: 8028

    limit compression pointers to 14 bits

  .. change::
    :tags: Bug Fixes
    :pullreq: 8037

    catch name & IP parse errors during outgoing notify preparations

  .. change::
    :tags: Improvements
    :pullreq: 7998

    Fix a memory leak when sqlite3_exec() fails

  .. change::
    :tags: Improvements, Build
    :pullreq: 8019, 7980

    don't enable the tbhandler when libc only pretends to be glibc (James Taylor)

  .. change::
    :tags: Improvements
    :pullreq: 8006

    Fix a leak on 'Backend reported permanent error which prevented lookup' error

  .. change::
    :tags: Improvements
    :pullreq: 7996

    Clear CMSG_SPACE(sizeof(data)) in cmsghdr to appease valgrind

  .. change::
    :tags: New Features
    :pullreq: 7550

    web: make max request/response body size configurable

  .. change::
    :tags: Improvements
    :pullreq: 7918

    deprecate SOA autocomplete in pdnsutil check-zone (Kees Monshouwer)

  .. change::
    :tags: Improvements, Packaging
    :pullreq: 7889

    move /var/lib/pdns to pdns-server debian package

  .. change::
    :tags: Improvements
    :pullreq: 7890

    Show newer features in configure output and --version

  .. change::
    :tags: Improvements, Performance
    :pullreq: 7910

    completely disable the packet when cache-ttl=0 (Kees Monshouwer)

  .. change::
    :tags: Improvements
    :pullreq: 7943

    Improve error when notification comes in for non-slave zone

  .. change::
    :tags: Improvements
    :pullreq: 7962

    web: add edited_serial to Zone object

  .. change::
    :tags: Improvements, Build
    :pullreq: 7871

    Adapt calidns for openbsd and other systems without rcvmmsg(2)

  .. change::
    :tags: Improvements, Performance
    :pullreq: 7699

    DNSName, speed up toString() conversion

.. changelog::
  :version: 4.2.0-rc2
  :released: 14th of June 2019

  .. change::
    :tags: Improvements, LMDB
    :pullreq: 7807

    Make explicit lmdbbackend synchronous option

  .. change::
    :tags: Improvements, LMDB
    :pullreq: 7700

    Reduce mmap size for lmdb on 32 bits plus restrict number of shards

  .. change::
    :tags: Bug Fixes, LMDB
    :pullreq: 7784, 7697, 7643

    LMDB improvements:

    * lmdbbackend: auth was unset in get() (always true) (Kees Monshouwer)
    * LMDB defaulted to port 0 for master addresses unless explicitly set
    * fix ``getAllDomains()`` (Kees Monshouwer)

  .. change::
    :tags: Bug fixes, Backends
    :pullreq: 7891

    auth API, pdnsutil: improve backend transaction correctness

  .. change::
    :tags: Robustness, Backends
    :pullreq: 7881

    detect SOA cache pollution caused by broken backends (Kees Monshouwer)

  .. change::
    :tags: Improvements, Backends
    :pullreq: 7852

    sqlite3: make journal mode configurable; default to WAL

  .. change::
    :tags: Bug Fixes, Backends
    :pullreq: 7854

    auth gsql ``getAllDomains``: ignore stou errors

  .. change::
    :tags: Performance, Backends
    :pullreq: 7460

    speedup ``getUpdatedMasters()`` for the gsql backends (Kees Monshouwer)

  .. change::
    :tags: Bug Fixes, Backends
    :pullreq: 7831, 7787

    Rectify/ENT fixes:

    * Allow updates to override existing ENT records
    * Fix ENTs removal when "replacing" new records via the API

  .. change::
    :tags: Bug Fixes, Backends
    :pullreq: 7363

    Cleanup SOA editing (Kees Monshouwer)

  .. change::
    :tags: Backends
    :pullreq: 7753

    pdns_control reopens geoip databases on reload (jpmens)

  .. change::
    :tags: Backends
    :pullreq: 7696

    b2b-migrate did not open a transaction, breaking it for lmdb

  .. change::
    :tags: Backends
    :pullreq: 7706

    No longer filter DNSSEC metadata when DNSSEC is enabled in gsql

  .. change::
    :tags: Backends
    :pullreq: 7580

    Rectify for ent records in narrow zones was slightly wrong. (Kees Monshouwer)

  .. change::
    :tags: Backends
    :pullreq: 7529

    Clear caches (meta-data, keys) on domain deletion

  .. change::
    :tags: Performance, LUA
    :pullreq: 7869, 7897

    optionally reuse Lua state

  .. change::
    :tags: Improvements, Portability
    :pullreq: 7862, 7861, 7818, 7668

    Portability/building improvements:

    * Update boost.m4 to the latest version
    * Check if ``-latomic`` is needed instead of hardcoding (neheb)
    * Use ``net-snmp-config --netsnmp-agent-libs`` instead of ``--agent-libs``
    * bump boost requirement to 1.42 unconditionally

  .. change::
    :tags: Improvements, Robustness
    :pullreq: 7864, 7865, 7708

    Robustness improvements:

    * Fix warnings reported by Coverity
    * Initialize cURL before starting any thread
    * Don't do unaligned memory access

  .. change::
    :tags: Improvements, Compliance
    :pullreq: 7873

    Always truncate when the additional records do not fit in a response (Kees Monshouwer)

  .. change::
    :tags: Improvements, Compliance
    :pullreq: 7859

    Remove ``disable-tcp`` option

  .. change::
    :tags: Improvements, Compliance
    :pullreq: 7615

    RKEY is missing algorithm field (DNS-Leo)

  .. change::
    :tags: Bug Fixes, Compliance
    :pullreq: 7789, 7772

    DNSSEC fixes:

    * Don't sign insecure records with keys from other zones (Kees Monshouwer)
    * always add DS for secure zones, broken since #7523 (Kees Monshouwer)

  .. change::
    :tags: Improvements, Compliance
    :pullreq: 7410

    Ignore Path MTU Discovery on UDP server socket

  .. change::
    :tags: Features, Tools
    :pullreq: 7832

    add DoH support to sdig

  .. change::
    :tags: Bug Fixes, Tools
    :pullreq: 7801
    :tickets: 7667

    pdnsutil: show DS for second and further keys too

  .. change::
    :tags: Features, Tools
    :pullreq: 7655

    dumresp: add TCP support

  .. change::
    :tags: Deprecation, API
    :pullreq: 7797

    API: mark ``set-ptr`` as deprecated (zeha)

  .. change::
    :tags: Robustness
    :pullreq: 7790, 7569, 7662, 7503, 7517, 7587

    Various robustness improvements:

    * Do not busy loop if we get lots of notifies.
    * Improve error reporting with garbage in the 'master' field of the database
    * Do not exit on exception resolving addresses to notify
    * Auth ringbuffer summaries were case-sensitive & accounted delegations incorrectly
    * plug mysql_thread_init memory leak
    * Ensure we increase the number of queued queries before decreasing it

  .. change::
    :tags: Performance, DNSSEC
    :pullreq: 7523

    disable dnssec pre-processing for non dnssec zones and avoid a lot of ``isSecuredZone()`` calls (Kees Monshouwer)

  .. change::
    :tags: Bug fixes
    :pullreq: 7723

    rename 'supermaster' option to 'superslave'

  .. change::
    :tags: Improvements, Webserver
    :pullreq: 5932

    improve logging in the web server

  .. change::
    :tags: Features, Tools
    :pullreq: 7481

    pdnsutil, dnswasher: add support for encrypting IP addresses

  .. change::
    :tags: Improvements
    :pullreq: 7584

    GSQL: Log more data in error messages

.. changelog::
  :version: 4.2.0-rc1
  :released: 19th of March 2019

  .. change::
    :tags: Bug Fixes
    :pullreq: 7576
    :tickets: 7573

    Insufficient validation in the HTTP remote backend (CVE-2019-3871, PowerDNS Security Advisory :doc:`2019-03 <../security-advisories/powerdns-advisory-2019-03>`)

  .. change::
    :tags: Bug Fixes, API
    :pullreq: 7546
    :tickets: 7545

    Fix API search failed with "Commands out of sync; you can't run this command now".

  .. change::
    :tags: Bug Fixes, GeoIP
    :pullreq: 7219

    Fix static lookup when using weighted records on multiple record types.

  .. change::
    :tags: Improvements, DNSSEC
    :pullreq: 7516

    Report ``checkKey`` errors upwards.

  .. change::
    :tags: Bug Fixes, MySQL
    :pullreq: 7496
    :tickets: 7493

    Fix invalid SOA record in MySQL which prevented the authoritative
    server from starting.

  .. change::
    :tags: Improvements
    :pullreq: 6872

    ixfrdist: Add option to limit AXFR record count.

  .. change::
    :tags: Improvements, API
    :pullreq: 7326
    :tickets: 5430

    Add ``type`` filter to search-data api.

  .. change::
    :tags: Improvements, Internals
    :pullreq: 7502

    Use a less expensive way to get memory stats for ``real-memory-usage``.

  .. change::
    :tags: Improvements, API
    :pullreq: 7359
    :tickets: 7357

    Add ``rcode`` response statistics on API.

  .. change::
    :tags: Improvements
    :pullreq: 7490
    :tickets: 7393

    Lua records: Add ``useragent`` option to ``ifurlup`` and set a default.

  .. change::
    :tags: Improvements, Remote
    :pullreq: 7448
    :tickets: 7444

    remotebackend: Implement ``getUpdatedMasters``.

  .. change::
    :tags: Bug Fixes
    :pullreq: 7494

    Correctly interpret an empty AXFR response to an IXFR query.

  .. change::
    :tags: Improvements
    :pullreq: 7492
    :tickets: 6853

    Lua: Expose ``dns_random`` as ``pdnsrandom``.

  .. change::
    :tags: Improvements, API
    :pullreq: 7491
    :tickets: 6451

    Use commas instead of spaces when setting Zone Masters via the REST API.

  .. change::
    :tags: Bug Fixes, API
    :pullreq: 7488
    :tickets: 6114

    Improve handling of out of range ``modified_at`` value.

  .. change::
    :tags: Bug Fixes, Tools
    :pullreq: 7482

    Fix output order of pdnsutil ``add-record``.

  .. change::
    :tags: Bug Fixes
    :pullreq: 7352

    Respect packet size limits, even with ECS and TSIG.

  .. change::
    :tags: Bug Fixes
    :pullreq: 7459
    :tickets: 7429

    Fix dot stripping in ``setcontent()``.

  .. change::
    :tags: Improvements, API
    :pullreq: 7463

    Improve RRset validation.

  .. change::
    :tags: Bug Fixes, MySQL
    :pullreq: 7475

    Avoid infinite loop in mydnsbackend.

  .. change::
    :tags: Bug Fixes, LMDB
    :pullreq: 7472
    :tickets: 7471

    Do not compress the root since LMDB backend cannot set a root zone
    with a compressible SOA record.

  .. change::
    :tags: Bug Fixes, LMDB
    :pullreq: 7470
    :tickets: 7453

    Avoid duplicate NSEC3 records in presigned zones in LMDB backend.

  .. change::
    :tags: New Features, LMDB
    :pullreq: 7453

    Authoritative LMDB backend.

  .. change::
    :tags: Improvements, Internals
    :pullreq: 7412

    Be smarter about trimming whitespace when creating records from ASCII.

  .. change::
    :tags: Improvements, Internals
    :pullreq: 6634

    More sandboxing using SystemD's features.

  .. change::
    :tags: Improvements, Internals
    :pullreq: 7353

    Fix attempt to restrict / speed-up additional processing to auth zone.

  .. change::
    :tags: Bug Fixes, Tools
    :pullreq: 7148

    sdig: Handle non-IN class records better.

  .. change::
    :tags: Improvements, DNSSEC
    :pullreq: 7340

    Error on DNSSEC default misconfiguration.

  .. change::
    :tags: Bug Fixes, Improvements, Tools
    :pullreq: 7364

    Dnsscope off-by-one + domain-filter.

  .. change::
    :tags: Bug Fixes, Internals
    :pullreq: 7382

    Fix ``dns_random()`` always returning 0 when the minimum acceptable value is 0.

  .. change::
    :tags: Bug Fixes, Internals
    :pullreq: 7320

    Lower ``udp-truncation-threshold`` by default to 1232.

  .. change::
    :tags: Improvements, Internals
    :pullreq: 7293

    Make ``pdns_control notify *`` also notify slaves zones.

  .. change::
    :tags: Improvements, Internals
    :pullreq: 7348

    Zero out QTYPE response numbers in our statistics. Makes Valgrind
    usable on auth again.

  .. change::
    :tags: Bug Fixes, Tools
    :pullreq: 7244
    :tickets: 7319

    pdns_notify: Support hostname for notification.

  .. change::
    :tags: Improvements, Internals
    :pullreq: 7345

    Improve memory handling for NSEC(3) records with lots of types.

  .. change::
    :tags: Bug Fixes
    :pullreq: 7341

    Fix replying from ANY address for non-standard port.

  .. change::
    :tags: Improvements, API
    :pullreq: 7286

    Fix a couple of Swagger / OpenAPI issues.

  .. change::
    :tags: Bug Fixes
    :pullreq: 7288

    Fix a few off-by-one errors.

  .. change::
    :tags: Bug Fixes, GeoIP
    :pullreq: 7227
    :tickets: 7219

    Forbid 0 as weight value.

  .. change::
    :tags: Bug Fixes, Internals
    :pullreq: 7294

    Prevent leak of file descriptor if running out of ports for incoming AXFR.

  .. change::
    :tags: Improvements, DNSSEC
    :pullreq: 7284

    Fallback to SHA1 for the signatures cache if MD5 is not available.

  .. change::
    :tags: Bug Fixes, API
    :pullreq: 7278
    :tickets: 7277

    Prevent more than one CNAME / SOA record in the same RRset.

  .. change::
    :tags: Improvements, Internals
    :pullreq: 7245

    Use a cache-able soa record for the serial check caused by a notify.

  .. change::
    :tags: Improvements
    :pullreq: 6894

    Improved Lua records - Added all selector, and backupSelector fallbacks.

  .. change::
    :tags: Bug Fixes
    :pullreq: 6823
    :tickets: 6821

    On incoming NOTIFY load our serial from backend to have it available during slave-check.

    Also log ourserial to ease debugging.

  .. change::
    :tags: Improvements, API, DNSSEC
    :pullreq: 5988

    API: Add TSIG key manipulation endpoints.

  .. change::
    :tags: Improvements
    :pullreq: 7026

    Configure ``--enable-pdns-option`` ``--with-third-party-module``.

  .. change::
    :tags: Improvements
    :pullreq: 6731
    :tickets: 6693

    Address some known LUA Records issues:

    * Better check input lists,
    * Report lua wildcards errors,
    * Exposes ``DNSName::getRawLabels`` in lua env,
    * Better document LUA functions and objects.

  .. change::
    :tags: Improvements, API
    :pullreq: 7233

    Make API changes do a rectify by default, add an option to disable.

  .. change::
    :tags: Bug Fixes, Improvements
    :pullreq: 6838
    :tickets: 1355, 1366

    Remove ``autoserial`` from the Authoritative Server.  Serial 0 was a little bit too special in PowerDNS.

  .. change::
    :tags: Bug Fixes
    :pullreq: 7228

    Handle ANY queries with Lua records.

  .. change::
    :tags: Improvements
    :pullreq: 6869

    Remove ``out-of-zone-additional-processing`` setting.

  .. change::
    :tags: Bug Fixes
    :pullreq: 7217

    geoip: properly delete libGeoIP return values.

  .. change::
    :tags: Bug Fixes
    :pullreq: 7067

    SOA-check: reject NXDOMAIN response and check label of RR against qname.

  .. change::
    :tags: Improvements, DNSSEC
    :pullreq: 6958

    Improve RSA key warnings.

  .. change::
    :tags: Bug Fixes
    :pullreq: 7201

    Fix ``carbon-instance`` / ``carbon-namespace`` inconsistencies.

  .. change::
    :tags: <nil>
    :pullreq: 7196
    :tickets: 7195

    geoipbackend: Allow empty content for ENT record.

  .. change::
    :tags: Tools, DNSSEC
    :pullreq: 7187

    pdnsutil.1 & settings:

    * Add Ed25519 and Ed448,
    * Document ECC keysizes,
    * Remove old algos.

  .. change::
    :tags: Bug Fixes, API
    :pullreq: 6871

    Check DNSNames that should be hostnames.

  .. change::
    :tags: <nil>
    :pullreq: 6959
    :tickets: 2362, 6951

    Add namespace and instance variable to carbon key.

  .. change::
    :tags: Bug Fixes, Packages
    :pullreq: 7134

    Fix up the BIND config files on upgrade.

  .. change::
    :tags: Bug Fixes
    :pullreq: 7024

    geoipbackend: Handle read error for config file.

  .. change::
    :tags: Improvements
    :pullreq: 7069

    Use unique pointers in the OpenSSL signer.

  .. change::
    :tags: API, Removed Features
    :pullreq: 7025

    Remove ``api-logfile`` flag and grep API endpoint.

  .. change::
    :tags: Improvements
    :pullreq: 6962

    Store ``NetmaskTree`` nodes in a set for faster removal.

  .. change::
    :tags: New Features
    :pullreq: 6969

    Adds the glorious log-log histograms.

  .. change::
    :tags: Bug Fixes
    :pullreq: 7017

    Make sure we escape ``127`` in TXT records.

  .. change::
    :tags: Bug Fixes
    :pullreq: 4598

    Add support for NONE SOA-EDIT kind.

  .. change::
    :tags: Tools
    :pullreq: 6997

    Name threads in the programs.

  .. change::
    :tags: Improvements
    :pullreq: 6727

    ALIAS: Respond SERVFAIL on non-NOERRORs from resolver.

  .. change::
    :tags: Improvements
    :pullreq: 6910

    Add support for OpenSSL 1.1.1's ed25519 and ed448 for signing and verifying.

  .. change::
    :tags: Improvements
    :pullreq: 6822

    Add incremental ``slave-check`` backoff also for failed AXFR.

  .. change::
    :tags: Bug Fixes
    :pullreq: 6923

    Respond correctly to DS query at delegation in unsigned zone.

  .. change::
    :tags: Improvements
    :pullreq: 6975

    Enhance query-logging with timing for MySQL, PostgreSQL and SQLite.

  .. change::
    :tags: Improvements
    :pullreq: 6811

    Apply ALIAS scopemask after chasing.

  .. change::
    :tags: Improvements
    :pullreq: 6948

    Fix compilation with LibreSSL 2.7.0+.

  .. change::
    :tags: Bug Fixes
    :pullreq: 6917

    Release memory in case of error in the OpenSSL ECDSA constructor.

  .. change::
    :tags: Bug Fixes
    :pullreq: 6913
    :tickets: 6912

    Actually truncate truncated responses.

  .. change::
    :tags: Improvements, Packages
    :pullreq: 6921

    Remove GOST and Botan support.

  .. change::
    :tags: Improvements, API
    :pullreq: 6668

    Add zone lookup by ``/zones?zone=example.org``.

  .. change::
    :tags: Bug Fixes
    :pullreq: 6858

    RFC2136 fixes.

  .. change::
    :tags: Improvements
    :pullreq: 6825

    Add option ``send-signed-notify`` to send NOTIFYs without TSIG signature.

  .. change::
    :tags: Removed Features, API
    :pullreq: 6845

    Drop ``api-readonly`` configuration setting.

  .. change::
    :tags: Bug Fixes
    :pullreq: 6857

    Remove SOA-check backoff on incoming NOTIFY and fix ``d_lock`` handling.

  .. change::
    :tags: Bug Fixes, Tools
    :pullreq: 6859

    Make ``edit-zone`` catch zoneparser exceptions as well.

  .. change::
    :tags: Improvements, Tools
    :pullreq: 6843

    ``check-all-zones``: find duplicate zones and SOAs.

  .. change::
    :tags: Bug Fixes
    :pullreq: 6834

    ``check-zone``: allow null MX, SRV.

  .. change::
    :tags: Bug Fixes
    :pullreq: 6844

    Workaround MariaDB pretending to be MySQL.

  .. change::
    :tags: Improvements
    :pullreq: 6824

    Add the serials when logging the final result of a slave check.

  .. change::
    :tags: Bug Fixes, API
    :pullreq: 6780, 6816

    Make sure that we use strict weak records ordering in the API.
    (Doing this avoids concurrent records / comments iteration from running out of sync.)

  .. change::
    :tags: Bug Fixes
    :pullreq: 6738

    Reset the TSIG state between queries.

  .. change::
    :tags: Improvements, Tools
    :pullreq: 6774

    calidns: Accurate qps targets.

  .. change::
    :tags: <nil>
    :pullreq: 6769

    LuaWrapper: Disable maybe uninitialized warnings with boost optional.

  .. change::
    :tags: Bug Fixes
    :pullreq: 6495

    Only parse ``resolv.conf`` once - this avoids race conditions.

  .. change::
    :tags: Improvements
    :pullreq: 6730

    Implement a smarter dedup for filling packets in auth.

  .. change::
    :tags: Improvements, Tools
    :pullreq: 6691

    pdns_control notify: Handle slave w/o renotify properly.

  .. change::
    :tags: Improvements, Tools
    :pullreq: 6653

    pdnsutil: Occlusion and auth check improvements.

  .. change::
    :tags: Bug Fixes
    :pullreq: 6655

    Sign CDS/CDNSKEY RRsets with the KSK.

  .. change::
    :tags: Improvements
    :pullreq: 6658

    luawrapper: Report caught ``std::exception`` as ``lua_error``.

  .. change::
    :tags: Bug Fixes
    :pullreq: 6686

    Initialize some missed qtypes: WKS, SMIMEA.

  .. change::
    :tags: Bug Fixes
    :pullreq: 6677

    geoipbackend: Check ``GeoIP_id_by_addr_gl`` and ``GeoIP_id_by_addr_v6_gl`` return value.

  .. change::
    :tags: Bug Fixes
    :pullreq: 6499

    stubresolver: Improve locking.

  .. change::
    :tags: Improvements
    :pullreq: 6633

    Reject duplicate RRsets in patchZone.

  .. change::
    :tags: Bug Fixes, API
    :pullreq: 6647

    Remove ENTs when "replacing" new records.

  .. change::
    :tags: Bug Fixes
    :pullreq: 6648

    gmysql: Use future-proof statement for transaction isolation.

  .. change::
    :tags: Improvements, API
    :pullreq: 6649

    API export function output change to add IN to the output.

  .. change::
    :tags: Improvements, API
    :pullreq: 6662
    :tickets: 6652

    Send correct response codes for the CryptoKey endpoints.

  .. change::
    :tags: Improvements
    :pullreq: 6659

    Ensure ALIAS answers over TCP have correct name.

  .. change::
    :tags: Bug Fixes, Tools
    :pullreq: 6617

    calidns: Don't issue socket buffer or SCHED_FIFO warnings in quiet mode.

  .. change::
    :tags: Bug Fixes, API
    :pullreq: 6614

    Restrict creation of OPT and TSIG rrsets.

  .. change::
    :tags: Improvements
    :pullreq: 6561

    Fix some minor issues for presigned (large) bind zones.

  .. change::
    :tags: Tools
    :pullreq: 6582

    dnsreplay: Add more checks against bogus PCAP.

  .. change::
    :tags: Bug Fixes, Improvements
    :pullreq: 6585
    :tickets: 6584

    Geoip: Fix poisoning of cache when hit service's default network.

    Also includes an optimization to make lookups faster.

  .. change::
    :tags: Improvements, Tools
    :pullreq: 6594

    pdnsutil: also load modules through the ``load-modules`` directive.

  .. change::
    :tags: Improvements, Tools
    :pullreq: 6601

    calidns: Add ``quiet``, ``minimum-success-rate`` options to use from a script.

  .. change::
    :tags: New Features, Tools
    :pullreq: 6564

    Add ``dnspcap2calidns`` to convert PCAP to the calidns format.

  .. change::
    :tags: Bug Fixes, Tools
    :pullreq: 6580

    dnsreplay: Bail out on a too small outgoing buffer.

  .. change::
    :tags: Bug Fixes, Tools
    :pullreq: 6559

    pdnsutil: Use new domain in ``b2bmigrate``.

  .. change::
    :tags: Bug Fixes, API
    :pullreq: 6571

    Increase serial after DNSSEC related updates.

  .. change::
    :tags: Improvements
    :pullreq: 6558

    bindbackend: Refuse launch suffixes.

  .. change::
    :tags: Improvements, Tools
    :pullreq: 6526

    calidns: Add an option to read ECS values from the query file, skip comments.

  .. change::
    :tags: Bug Fixes
    :pullreq: 6531

    Avoid interleaved access to B (via ``d_dk``).  Before this patch,
    the meta lookup would interfere with the already-started
    ``B.lookup``. This caused failures with odbc/MSSQL.

  .. change::
    :tags: Improvements
    :pullreq: 6530

    Add missing overrides.

  .. change::
    :tags: Improvements, Tools
    :pullreq: 6525

    calidns: Add a ``maximum-qps`` option to stay at a given stable load.

  .. change::
    :tags: New Features
    :pullreq: 6171

    LUA Records (yes we know it is "Lua").

  .. change::
    :tags: Bug Fixes
    :pullreq: 6481

    Add return 0 for correct exit of ``set-kind`` and ``set-account``.

  .. change::
    :tags: Bug Fixes, Tools
    :pullreq: 6487

    Link ``dnspcap2protobuf`` against librt when needed.

  .. change::
    :tags: Bug Fixes
    :pullreq: 6484

    Recheck serial when AXFR is done.

  .. change::
    :tags: Improvements, Internals
    :pullreq: 5274

    dns_random: Implement new dns_random.

  .. change::
    :tags: New Features
    :pullreq: 5821
    :tickets: 5260

    LDAP misc updates:

    * ALIAS support,
    * DNAME support.

  .. change::
    :tags: Improvements
    :pullreq: 6427

    Avoid an isane amount of new backend connections during an AXFR.

  .. change::
    :tags: Improvements, Internals
    :pullreq: 6358

    Remove ``theLog`` and ``theL`` and replace this with a global ``g_log``.

  .. change::
    :tags: Improvements, Tools
    :pullreq: 6331

    Add TCP support for ALIAS.

  .. change::
    :tags: Improvements
    :pullreq: 6377

    Add support for MB and MG RR types.

  .. change::
    :tags: Improvements
    :pullreq: 6102

    Add actual EDNS buffer size logging, not just our interpretation.

  .. change::
    :tags: Improvements, Internals
    :pullreq: 6312

    Lower 'packet too short' loglevel.

  .. change::
    :tags: Bug Fixes
    :pullreq: 6396

    Report unparsable data in stoul ``invalid_argument`` exception.

  .. change::
    :tags: New Features, Tools
    :pullreq: 6374

    Add quiet modifier to pdnsutil ``rectify-all-zones`` command.

  .. change::
    :tags: Bug Fixes
    :pullreq: 6370

    Fix handling of user defined AXFR filters return values.

  .. change::
    :tags: Bug Fixes
    :pullreq: 6342
    :tickets: 6263

    Reload ``/etc/resolv.conf`` when modified.

  .. change::
    :tags: Bug Fixes, Tools
    :pullreq: 6354

    Rather than crash, sheepishly report no file/linenum in pdnsutil.

  .. change::
    :tags: Improvements, Tools
    :pullreq: 6326

    calidns: Add the ``--ecs`` parameter to add random ECS values to queries.

  .. change::
    :tags: Improvements
    :pullreq: 6157

    Lua2 backend: This is a rewrite of the lua backend. It uses AuthLua4 as basis and more strongly typed access using LuaContext.

  .. change::
    :tags: Improvements
    :pullreq: 5361
    :tickets: 3602

    Make requests always return to sender, for usage in multimaster slave zones. Also - made sure that the master that is questioned for updates will be selected randomly, to prevent repeatedly asking a dead master for updates.

  .. change::
    :tags: Improvements, API
    :pullreq: 6325

    Return status ``409`` if domain already exists.

  .. change::
    :tags: Improvements
    :pullreq: 6276

    Reject updates if they would lead to CNAME+Other data.

  .. change::
    :tags: Improvements
    :pullreq: 6243

    Fix rectify (ordername) for non-DNSSEC zones.

  .. change::
    :tags: Improvements
    :pullreq: 6278

    pkcs11signers: Fix yubikey NEO to work.

  .. change::
    :tags: Bug Fixes
    :pullreq: 6297

    Make ``check-zone`` error on rows that have content but shouldn't.

  .. change::
    :tags: Improvements
    :pullreq: 6100

    Make ``outgoing-query-address`` and ``outgoing-query-address6``
    behaviours equivalent.

  .. change::
    :tags: Improvements
    :pullreq: 6128
    :tickets: 5268

    GeoIPbackend improvements:

    * Adds MMDB support. Now geoip backend can be compiled without geoip support,
    * Adds location support,
    * Fixes SERVFAIL if expansion is empty.

  .. change::
    :tags: Improvements
    :pullreq: 6295

    Fix syntax error for ``replace-rrset``. (@lordievader)

  .. change::
    :tags: Improvements, API
    :pullreq: 2603

    Expose ``ResponseStats`` via REST API.

  .. change::
    :tags: Improvements, Internals
    :pullreq: 6230

    Remove all traces of selectmplexer, fix up pollmplexer.

  .. change::
    :tags: Bug Fixes, Tools
    :pullreq: 6172

    IXFR: correct behavior of dealing with DNS Name with multiple records; speed up IXFR transaction.

  .. change::
    :tags: Bug Fixes
    :pullreq: 6152

    bindbackend: handle ``std::exception`` during startup zone-parsing.

  .. change::
    :tags: Improvements, Tools
    :pullreq: 6166

    Add an ``--initial-port`` option to dnsreplay.

  .. change::
    :tags: Improvements
    :pullreq: 6220
    :tickets: 5079, 5594, 5654

    Add XPF support to sdig, PowerDNS Recursor and dnsdist.

  .. change::
    :tags: Improvements, Internals
    :pullreq: 5068
    :tickets: 1010

    Change from ``time_t`` to ``uint32_t`` for serial in ``calculateSOASerial``.

  .. change::
    :tags: Improvements
    :pullreq: 5960

    Check more thoroughly the source of UDP answers.

  .. change::
    :tags: Improvements
    :pullreq: 6162

    Slave cleanups. (@zeha)

  .. change::
    :tags: Bug Fixes
    :pullreq: 6019
    :tickets: 5915

    gmysql-backend: set unsigned attribute on ``notified_serial`` column.

  .. change::
    :tags: Improvements
    :pullreq: 6158
    :tickets: 2611

    pdns: Improve record parsing

  .. change::
    :tags: Bug Fixes
    :pullreq: 6018

    Escaping unusual DNS label octets in DNSName is off by one.

  .. change::
    :tags: Improvements, Internals
    :pullreq: 5979

    Use ``toLogString()`` for logging and throwing.

  .. change::
    :tags: Improvements, Internals
    :pullreq: 6156

    Remove obsolete EDNS PING code. (@zeha)

  .. change::
    :tags: Bug Fixes
    :pullreq: 6155

    Update EDNS Option code list.

  .. change::
    :tags: Improvements
    :pullreq: 6146

    Changes to compile and run on NetBSD.

  .. change::
    :tags: Bug Fixes
    :pullreq: 4547

    Remove ``serializeSOAData``, refactor ``calculate``/``edit``/``increaseSOA``.

  .. change::
    :tags: Improvements, Tools
    :pullreq: 6063

    Add colour to diff output of pdnsutil.

  .. change::
    :tags: <nil>
    :pullreq: 6124
    :tickets: 6101, 6120

    Improve tests and two bugfixes:

    * Fix xfrIP to reject invalid ips,
    * Accept seconds since epoch in RRSIG timestamps too.

    (@stbuehler)

  .. change::
    :tags: Improvements
    :pullreq: 6139

    Forbid creating algo 5/8/10 keys with out-of-spec sizes.

  .. change::
    :tags: Bug Fixes
    :pullreq: 6132

    Add methods missing from AuthLua4 when Lua support is disabled.

  .. change::
    :tags: Bug Fixes
    :pullreq: 6129

    Init openssl and libsodium before chrooting in pdnsutil.

  .. change::
    :tags: Bug Fixes, LDAP
    :pullreq: 6122

    Fix listing zones incl. AXFR.

  .. change::
    :tags: Bug Fixes
    :pullreq: 6107

    Fix uninitialized index in Lua's DNSPacket::getRRS() binding.

  .. change::
    :tags: Bug Fixes
    :pullreq: 6103
    :tickets: 6089

    Fix out of bounds exception in CAA processing.

  .. change::
    :tags: Improvements, API
    :pullreq: 6076

    Return ``404`` for non-existing zones.

  .. change::
    :tags: Improvements
    :pullreq: 5862
    :tickets: 5854

    Add Draft of Swagger spec for Authoritative Server HTTP API.

  .. change::
    :tags: Bug Fixes
    :pullreq: 6029
    :tickets: 6028

    Forbid label compression in ALIAS wire format.

  .. change::
    :tags: Improvements
    :pullreq: 7359
    :tickets: 7357

    API: Add response-by-qtype and response-by-rcode on /statistics endpoint

  .. change::
    :tags: Improvements
    :pullreq: 6021

    Several improvements to processing of notifies.

    * Turn off supermaster support by default (adds new setting).
    * PowerDNS was wasting a lot of queries while processing notifies.
    * Use comboaddress for IPs (was strings)
