Changelogs for 4.5.x
====================

.. changelog::
  :version: 4.5.5
  :released: 9th of December 2022

  This is release 4.5.5 of the Authoritative Server.
  It contains various small fixes.

  .. change::
    :tags: Bug Fixes
    :pullreq: 12032

    axfr-retriever: abort on chunk with TC set

  .. change::
    :tags: Bug Fixes
    :pullreq: 12034

    LUA records: we only need one IsUpOracle checker thread

  .. change::
    :tags: Improvements
    :pullreq: 11979

    docker: upgrade to bullseye

  .. change::
    :tags: Bug Fixes
    :pullreq: 11454

    IXFR-in: Fix a case where an incomplete read caused by network error might result in a truncated zone

.. changelog::
  :version: 4.5.4
  :released: 25th of March 2022

  This is a security fix release for :doc:`PowerDNS Security Advisory 2022-01 <../security-advisories/powerdns-advisory-2022-01>`.
  Additionally, because CentOS 8 is End Of Life now, we have switched those builds to Oracle Linux 8. The resulting packages are compatible with RHEL and all derivatives.

  .. change::
    :tags: Bug Fixes
    :pullreq: 11454

    Fix validation of incremental zone transfers (IXFRs).

.. changelog::
  :version: 4.5.3
  :released: 21th of January 2022

  This is release 4.5.3 of the Authoritative Server.
  It mostly contains several robustness fixes for the LMDB backend, and for the zone cache.
  Please see the full list of fixes here:

  .. change::
    :tags: Bug Fixes
    :pullreq: 11158

    lmdb, check if the lookup name is part of the zone (Kees Monshouwer)

  .. change::
    :tags: Bug Fixes
    :pullreq: 11146

    pdnsutil edit-zone: fix n and e behaviour on increase-serial prompt

  .. change::
    :tags: Bug Fixes
    :pullreq: 11123

    improve tcp exception handling (Kees Monshouwer)

  .. change::
    :tags: Bug Fixes
    :pullreq: 11123

    lmdb: fix records removal in deleteDomain() (Kees Monshouwer)

  .. change::
    :tags: Bug Fixes
    :pullreq: 11002

    2136: apply new TTL to whole RRset, not only to the added record

  .. change::
    :tags: Improvements
    :pullreq: 11002

    2136: improve some log messages

.. changelog::
  :version: 4.5.2
  :released: 10th of November 2021

  This is release 4.5.2 of the Authoritative Server.
  It contains several robustness fixes for the bindbackend, and for SOA handling.
  These fixes are especially important for zone cache users.

  .. change::
    :tags: Bug Fixes
    :pullreq: 10968

    bindbackend: skip rejected zones during list and search

  .. change::
    :tags: Bug Fixes
    :pullreq: 10964

    make the zone cache more robust for bad data and save some SOA queries for DNSSEC zones (Kees Monshouwer)

  .. change::
    :tags: Bug Fixes
    :pullreq: 10962

    api, check SOA location (Kees Monshouwer)

  .. change::
    :tags: Bug Fixes
    :pullreq: 10952

    improve dnsname exception handling for SOA records (Kees Monshouwer)

  .. change::
    :tags: Bug Fixes
    :pullreq: 10792

    improve SOA parse exception handling (Kees Monshouwer)

  .. change::
    :tags: Bug Fixes
    :pullreq: 10778

    try to reload rejected zones in bind-backend once every bind-check-interval (Kees Monshouwer)

.. changelog::
  :version: 4.5.1
  :released: 26th of July 2021

  This is release 4.5.1 of the Authoritative Server.
  It is strictly a security fix release for :doc:`Advisory 2021-01 <../security-advisories/powerdns-advisory-2021-01>`.

  .. change::
    :tags: Bug Fixes
    :pullreq: 10611

    auth: correct upper bounds on d_qtypecounters

.. changelog::
  :version: 4.5.0
  :released: 13th of July 2021

  This is release 4.5.0 of the Authoritative Server.
  This release contains a ton of improvements and bug fixes compared to 4.4, but very few user visible changes.

  There are two notable new features:

  * The "zone cache", which allows PowerDNS to keep a list of zones in memory, updated periodically.
    With this cache, PowerDNS can avoid hitting the database with queries for unknown domains.
    In some setups, and some attack scenarios, this can make a serious performance difference.
    Users of backends with dynamically generated zones may want to disable this or at least read the upgrade notes extremely carefully.
    Many thanks to Chris Hofstaedtler for implementing this.
    This work by Chris was supported by RcodeZero DNS.
  * Priority ordering in the AXFR queue in PowerDNS running as a secondary.
    Some users with a lot of domains (>100k) sometimes found real changes waiting behind signature refreshes on Thursdays.
    With the new ordering, those real changes can "skip the line" and get deployed on your secondaries faster.
    Many thanks to Robin Geuze of TransIP for implementing this.

  Since 4.5.0-beta1, the zone cache is enabled by default.

  Please make sure to read the :doc:`upgrade notes <../upgrading>` before upgrading.

  .. change::
    :tags: Bug Fixes
    :pullreq: 10579

    fix building without sqlite (this got broken between RC1 and RC2).
    Thanks to our trusty FreeBSD port maintainer Ralf van der Enden for noticing and reporting this.

.. changelog::
  :version: 4.5.0-rc2
  :released: 6th of July 2021

  This is the second, and hopefully last, release candidate for version 4.5.0 of the Authoritative Server.
  This release contains a ton of improvements and bug fixes compared to 4.4, but very few user visible changes.

  There are two notable new features:

  * The "zone cache", which allows PowerDNS to keep a list of zones in memory, updated periodically.
    With this cache, PowerDNS can avoid hitting the database with queries for unknown domains.
    In some setups, and some attack scenarios, this can make a serious performance difference.
    Many thanks to Chris Hofstaedtler for implementing this.
  * Priority ordering in the AXFR queue in PowerDNS running as a secondary.
    Some users with a lot of domains (>100k) sometimes found real changes waiting behind signature refreshes on Thursdays.
    With the new ordering, those real changes can "skip the line" and get deployed on your secondaries faster.
    Many thanks to Robin Geuze for implementing this.

  Since 4.5.0-beta1, the zone cache is enabled by default.

  Please make sure to read the :doc:`upgrade notes <../upgrading>` before upgrading.

  .. change::
    :tags: Bug Fixes
    :pullreq: 10552

    bindbackend: purge caches on zone reload; store nsec3 settings at zone load

  .. change::
    :tags: Bug Fixes
    :pullreq: 10551

    Use correct TTL when caching responses from backends (Robin Geuze)

.. changelog::
  :version: 4.5.0-rc1
  :released: 25th of June 2021

  This is the first release candidate for version 4.5.0 of the Authoritative Server.
  This release contains a ton of improvements and bug fixes compared to 4.4, but very few user visible changes.

  The one notable feature is the "zone cache", which allows PowerDNS to keep a list of zones in memory, updated periodically.
  With this cache, PowerDNS can avoid hitting the database with queries for unknown domains.
  In some setups, and some attack scenarios, this can make a serious performance difference.

  Since 4.5.0-beta1, the zone cache is enabled by default.

  Please make sure to read the :doc:`upgrade notes <../upgrading>` before upgrading.

  .. change::
    :tags: Bug Fixes
    :pullreq: 10522

    SVCB additional processing: delay inserts to avoid invalidating iterator; do not chase chains outside of zone

  .. change::
    :tags: Improvements
    :pullreq: 10514

    2136: allow placing DNSKEY/CDS/CDNSKEY regardless of direct-dnskey setting

  .. change::
    :tags: Bug Fixes
    :pullreq: 10513

    pdnsutil edit-zone: correctly reask inc-serial question

  .. change::
    :tags: Improvements
    :pullreq: 10512

    pdnsutil add-autoprimary: print error when exiting with 1

  .. change::
    :tags: Bug Fixes
    :pullreq: 10511

    SVCB: on parse error, throw instead of truncate

  .. change::
    :tags: Bug Fixes
    :pullreq: 10510

    SVCB: Fix auto hints removing non-auto hints

  .. change::
    :tags: Improvements
    :pullreq: 10509

    pdnsutil create-zone: better error if default-soa-content is broken

  .. change::
    :tags: Improvements
    :pullreq: 10373

    pdnsutil add-zone-key: clarify ZSK default

  .. change::
    :tags: New Features
    :pullreq: 9474

    newCAFromRaw(): create ComboAddress from raw 4/16 byte strings, plus test

.. changelog::
  :version: 4.5.0-beta1
  :released: 9th of June 2021

  This is version 4.5.0-beta1 of the Authoritative Server.
  This release contains a ton of improvements and bug fixes compared to 4.4, but very few user visible changes.

  The one notable feature is the "zone cache", which allows PowerDNS to keep a list of zones in memory, updated periodically.
  With this cache, PowerDNS can avoid hitting the database with queries for unknown domains.
  In some setups, and some attack scenarios, this can make a serious performance difference.

  In beta1, the zone cache is enabled by default.

  Please make sure to read the :doc:`upgrade notes <../upgrading>` before upgrading.

  .. change::
    :tags: New Features
    :pullreq: 10463

    LUA records: add filterForward function, to limit the scope of createForward[6]

  .. change::
    :tags: New Features
    :pullreq: 10454

    add/fix getAllDomains() and enable the zone cache by default (Kees Monshouwer)

  .. change::
    :tags: Improvements
    :pullreq: 10461

    simplify createDomain() (Kees Monshouwer)

  .. change::
    :tags: Improvements
    :pullreq: 10342

    SVCB: rename echconfig to ech and add test vectors from draft

.. changelog::
  :version: 4.5.0-alpha1
  :released: 27th of May 2021

  This is version 4.5.0-alpha1 of the Authoritative Server.
  This release contains a ton of improvements and bug fixes compared to 4.4, but very few user visible changes.

  The one notable feature is the "zone cache", which allows PowerDNS to keep a list of zones in memory, updated periodically.
  With this cache, PowerDNS can avoid hitting the database with queries for unknown domains.
  In some setups, and some attack scenarios, this can make a serious performance difference.

  Please make sure to read the :doc:`upgrade notes <../upgrading>` before upgrading.

  .. change::
    :tags: Improvements
    :pullreq: 10260

    Lower max-nsec3-iterations to 100 (Kees Monshouwer)

  .. change::
    :tags: Improvements
    :pullreq: 10421

    add an option to in/exclude disabled zones in the pdnsutil list-all-zone and list-keys output (Kees Monshouwer)

  .. change::
    :tags: Bug Fixes
    :pullreq: 10399

    Make sure we recheck failed SOA lookups for notifies (Kees Monshouwer)

  .. change::
    :tags: Improvements
    :pullreq: 8999, 9788

    Swagger/OpenAPI improvements (Kevin Fleming)

  .. change::
    :tags: Bug Fixes
    :pullreq: 9813

    geoip: set netmask on all string formatting types

  .. change::
    :tags: Bug Fixes
    :pullreq: 9768

    fix rounding inaccuracy in latency statistics (Kees Monshouwer)

  .. change::
    :tags: Improvements
    :pullreq: 9574

    Ensure socket-dir matches runtimedir on old systemd

  .. change::
    :tags: Bug Fixes
    :pullreq: 9775

    pdnsutil add-record: notice when backend does not support replaceRRSet

  .. change::
    :tags: Improvements
    :pullreq: 9764, 9847, 9848, 9910

    Various logging improvements (Kees Monshouwer, nzlosh)

  .. change::
    :tags: Improvements
    :pullreq: 9752, 9803, 10028, 10067, 10068, 10165

    Various improvements to the Docker image (rytis, james-crowley)

  .. change::
    :tags: Improvements
    :pullreq: 9749, 9819, 9831, 9832, 9857, 9876, 9895, 9911, 9914, 9920, 9930, 9932, 9937, 9955, 9979, 10016, 10137, 10141, 10216, 10245, 10269, 10271, 10310, 10329, 10336, 10344

    Build improvements (support for new compilers and boost versions, etc.), improved usage of some library constructs, and architecture specific fixes

  .. change::
    :tags: Improvements
    :pullreq: 9913

    Switch to C++17

  .. change::
    :tags: Improvements
    :pullreq: 9885, 9888, 9933, 10013, 10099, 10107, 10186

    LMDB improvements (better transaction safety; support for the ``disabled`` field; better upgrade handling; stale reader cleanup; other bug fixes) (Robin Geuze, Kees Monshouwer)

  .. change::
    :tags: Removed Features
    :pullreq: 10259

    gpgsql backend: drop refcursor support (it never worked anyway)

  .. change::
    :tags: Bug Fixes
    :pullreq: 9766, 9844, 9919

    Fixed bugs in the implementations of the ``SVCB``, ``HTTPS``, ``IPSECKEY`` and ``APL`` types.

  .. change::
    :tags: New Features
    :pullreq: 10074

    ``SVCB`` improvements, including a new ``svc-autohints`` setting

  .. change::
    :tags: New Features
    :pullreq: 10078, 10172, 10121, 10256, 10234

    New RRtypes supported: ``CSYNC``, ``NID``, ``L32``, ``L64``, and ``LP``

  .. change::
    :tags: Improvements
    :pullreq: 10196

    Implement priority levels in the AXFR queue (Robin Geuze)

  .. change::
    :tags: Improvements
    :pullreq: 9658, 9669, 10430

    pdns.conf, pdnsutil, pdns_control: add modern aliases for words like master and slave. Add a setting to ignore unknown settings, to make mixed-version testing easier. (Chris Hofstaedtler, Kees Monshouwer)

    While changing names, Kees Monshouwer also renamed 'domain' to 'zone' in a ton of places.

  .. change::
    :tags: Removed Features
    :pullreq: 10251

    remove local-ipv6, query-local-address6, after their deprecation in 4.4

  .. change::
    :tags: New Features
    :pullreq: 10217

    API HTTP cryptokeys: add cds array when configured to do so

  .. change::
    :tags: Improvements
    :pullreq: 10236

    When rectifying, do not update ordernames/auth when there is no need (Kees Monshouwer)

  .. change::
    :tags: New Features
    :pullreq: 9995, 10060, 10149

    sdig: DoT support; TCP Fast Opens support for TCP/DoT/DoH

  .. change::
    :tags: Bug Fixes
    :pullreq: 10155

    ALIAS: Ensure A and AAAA are in the NSEC bitmap

  .. change::
    :tags: Improvements
    :pullreq: 10161

    memory usage reporting: use RES instead of "data" size

  .. change::
    :tags: Removed Features
    :pullreq: 10010

    Check ``sizeof(time_t)`` to be at least 8. This makes it easier for us to handle times beyond the years 2038 and 2106 safely. This removes support for platforms where ``time_t`` is still only 32 bits wide.

  .. change::
    :tags: Bug Fixes
    :pullreq: 10081

    pdnsutil load-zone: reject zones with broken rrs

  .. change::
    :tags: Bug Fixes
    :pullreq: 9826

    pdnsutil edit-zone: do not exit on ZoneParser exception

  .. change::
    :tags: Improvements
    :pullreq: 10087

    pdnsutil: Warn on CNAME targets for NS, MX and SRV

  .. change::
    :tags: Improvements
    :pullreq: 10264

    Also disable PMTU for IPv6 (it was disabled for IPv4 already)

  .. change::
    :tags: Improvements
    :pullreq: 8813

    Make check-zone also check whether there are duplicate key value pair metadatas for the zone (RobinGeuze)

  .. change::
    :tags: Bug Fixes
    :pullreq: 10007

    fix tcp answer counters (Kees Monshouwer)

  .. change::
    :tags: Bug Fixes
    :pullreq: 10037

    run deleteDomain() inside a transaction (Kees Monshouwer)

  .. change::
    :tags: New Features
    :pullreq: 9958

    Serve NSEC3PARAM when asked without DO

  .. change::
    :tags: Bug Fixes
    :pullreq: 8829

    gsqlite3: handle escaping correctly for API search

  .. change::
    :tags: Bug Fixes
    :pullreq: 9872

    fix direct-dnskey in AXFR-out (Kees Monshouwer)

  .. change::
    :tags: Improvements
    :pullreq: 9520

    detect possible metadata cache pollution (Kees Monshouwer)

  .. change::
    :tags: Bug Fixes
    :pullreq: 10364

    auth: Don't choke on non-base64 values when importing zone keys

  .. change::
    :tags: New Features
    :pullreq: 9464, 10432

    Add a cache of all zones, avoiding backend lookups for zones that do not exist, and for non-existing subzones. (Chris Hofstaedtler)

  .. change::
    :tags: Improvements
    :pullreq: 10401

    change the consistent-backends default to 'yes'

  .. change::
    :tags: Bug Fixes
    :pullreq: 10392

    gpgsql: use SELECT .. RETURNING to get inserted row ID
