Changelogs for 4.3.x
====================

.. changelog::
  :version: 4.3.7
  :released: 22nd of March 2021

  .. change::
    :tags: Bug Fixes
    :pullreq: 10193
    :tickets: 10185

    Make sure we take the right minimum for the packet cache TTL data in the SERVFAIL case.

  .. change::
    :tags: Improvements
    :pullreq: 9804
    :tickets: 9790

    Do not chase CNAME during qname minimization step 4.

.. changelog::
  :version: 4.3.6
  :released: 25th of November 2020

  .. change::
    :tags: Bug Fixes
    :pullreq: 9718
    :tickets: 9707

    Do not add request to a wait chain that's already processed or being processed.

  .. change::
    :tags: Bug Fixes
    :pullreq: 9706
    :tickets: 9697

    Do not send overly long NOD lookups.

  .. change::
    :tags: Bug Fixes
    :pullreq: 9702
    :tickets: 9696

    Avoid a CNAME loop detection issue with DNS64.

  .. change::
    :tags: Bug Fixes
    :pullreq: 9684
    :tickets: 9680

    If a.b.c CNAME x.a.b.c is encountered, switch off QName Minimization.

  .. change::
    :tags: Bug Fixes, Internal
    :pullreq: 9609
    :tickets: 9070

    Previous placeholder fix was incomplete.



.. changelog::
  :version: 4.3.5
  :released: 13th of October 2020

  .. change::
    :tags: Bug Fixes
    :pullreq: 9604

    Backport of CVE-2020-25829: Cache pollution.

  .. change::
    :tags: Improvements
    :pullreq: 9527

    Log when going Bogus because of a missing SOA in authority.

  .. change::
    :tags: Bug Fixes
    :pullreq: 9525
    :tickets: 9495

    Watch the descriptor again after an out-of-order read timeout.

  .. change::
    :tags: Bug Fixes
    :pullreq: 9507
    :tickets: 9497

    Raise an exception on invalid content in unknown records.

  .. change::
    :tags: Bug Fixes
    :pullreq: 9501
    :tickets: 9070

    Boost 1.73 moved boost::bind placeholders to the placeholders namespace.x

  .. change::
    :tags: Bug Fixes
    :pullreq: 9457
    :tickets: 9454

    Fix the parsing of `dont-throttle-netmasks` in the presence of `dont-throttle-names`.

.. changelog::
  :version: 4.3.4
  :released: 8th of September 2020

  .. change::
    :tags: Bug Fixes
    :pullreq: 9416
    :tickets: 9375

    Allow some more depth headroom for the no-qname-minimization fallback case.

  .. change::
    :tags: Bug Fixes
    :pullreq: 9367

    Resize hostname to final size in getCarbonHostname().

  .. change::
    :tags: Improvements
    :pullreq: 9397
    :tickets: 9073

    Ensure runtime dirs for virtual services differ.

.. changelog::
  :version: 4.3.3
  :released: 17th of July 2020

  .. change::
    :tags: Bug Fixes
    :pullreq: 9330
    :tickets: 9309

    Validate cached DNSKEYs against the DSs, not the RRSIGs only.

  .. change::
    :tags: Bug Fixes
    :pullreq: 9329
    :tickets: 9297

    Ignore cache-only for DNSKEYs and DS retrieval.

  .. change::
    :tags: Bug Fixes
    :pullreq: 9328
    :tickets: 9292

    A ServFail while retrieving DS/DNSKEY records is just that.

  .. change::
    :tags: Bug Fixes
    :pullreq: 9327
    :tickets: 9188

    Refuse DS records received from child zones.

  .. change::
    :tags: Bug Fixes
    :pullreq: 9305
    :tickets: 9268

    Better exception handling in houseKeeping/handlePolicyHit.

  .. change::
    :tags: Bug Fixes
    :pullreq: 9304
    :tickets: 9299, 9301

    Take initial refresh time from loaded zone.

.. changelog::
  :version: 4.3.2
  :released: 1st of July 2020

   .. change::
     :tags: Bug Fixes
     :pullreq: 9285

     Backport of CVE-2020-14196: Enforce webserver ACL.

  .. change::
    :tags: Bug Fixes
    :pullreq: 9262
    :tickets: 9251

    Copy the negative cache entry before validating it.

  .. change::
    :tags: Bug Fixes
    :pullreq: 9242
    :tickets: 9031

    Fix compilation of the ports event multiplexer.

  .. change::
    :tags: Improvements
    :pullreq: 9243
    :tickets: 9142

    Defer the NOD lookup until after the response has been sent.

  .. change::
    :tags: Bug Fixes
    :pullreq: 9245
    :tickets: 9151

    Fix the handling of DS queries for the root.

  .. change::
    :tags: Bug Fixes
    :pullreq: 9246
    :tickets: 9172

    Fix RPZ removals when an update has several deltas.

  .. change::
    :tags: Bug Fixes.
    :pullreq: 9247
    :tickets: 9192, 9184

    Correct depth increments.

  .. change::
    :tags: Improvements
    :pullreq: 9248
    :tickets: 9194, 9202, 9216

    CNAME loop detection.

  .. change::
    :tags: Bug Fixes.
    :pullreq: 9249
    :tickets: 9205

    Limit the TTL of RRSIG records as well

  .. change::
    :tags: Bug Fixes
    :pullreq: 9128
    :tickets: 9127

    Fix compilation on systems that do not define HOST_NAME_MAX.

  .. change::
    :tags: Bug Fixes
    :pullreq: 9122
    :tickets: 8640

    Fix build with gcc-10.

.. changelog::
  :version: 4.3.1
  :released: 19th of May 2020

  .. change::
     :tags: Bug Fixes
     :pullreq: 9115

     Backport of security fixes for CVE-2020-10995, CVE-2020-12244 and
     CVE-2020-10030, plus avoid a crash when loading an invalid RPZ.

  .. change::
    :tags: Improvements
    :pullreq: 9082

    Add ubuntu focal target.

  .. change::
    :tags: Bug Fixes
    :pullreq: 9048
    :tickets: 8778

    RPZ dumpFile/seedFile: store/get SOA refresh on dump/load.

  .. change::
    :tags: Internals
    :pullreq: 8963
    :tickets: 8875

    Update boost.m4.

.. changelog::
  :version: 4.3.0
  :released: 3rd of March 2020

  .. change::
    :tags: Improvements
    :pullreq: 8870

    Only log qname parsing errors when 'log-common-errors' is set.

  .. change::
    :tags: Improvements
    :pullreq: 8863

    Update copyright year.

.. changelog::
  :version: 4.3.0-rc2
  :released: 18th of February 2020

  .. change::
    :tags: Bug Fixes
    :pullreq: 8831

    Refuse NSEC records with a bitmap length > 32.

  .. change::
    :tags: Improvements
    :pullreq: 8827

    Do continue rpz processing if the current policy is passthru.

.. changelog::
  :version: 4.3.0-rc1
  :released: 3rd of February 2020

  .. change::
    :tags: Improvements
    :pullreq: 8751

    Update boost.m4.

  .. change::
    :tags: Improvements
    :pullreq: 8738

    Explicitly enable dnstap for debian-stretch and buster.

  .. change::
    :tags: Bug Fixes
    :pullreq: 8730

    Make ``ComboAddress::setPort()`` update the current object.

  .. change::
    :tags: Improvements
    :pullreq: 8728

    EPEL 8 now has libfstrm-devel.

  .. change::
    :tags: Bug Fixes
    :pullreq: 8727

    Fix the evaluation order for filtering policies (RPZ).

  .. change::
    :tags: Improvements
    :pullreq: 8726

    Give an explicit message if something is wrong with socket-dir.

.. changelog::
  :version: 4.3.0-beta2
  :released: 16th of January 2020

  .. change::
    :tags: Improvements
    :pullreq: 8704

    Add the source and destination ports to the protobuf msg.

  .. change::
    :tags: Bug Fixes
    :pullreq: 8673

    Debian postinst / do not fail on user creation if it already exists.

  .. change::
    :tags: Bug Fixes
    :pullreq: 8685
    :tickets:  8676

    Parsing `dont-throttle-names` and `dont-throttle-netmasks` as comma separated lists. (costypetrisor)

  .. change::
    :tags: Bug Fixes
    :pullreq: 8692
    :tickets: 8664

    An Opt-Out NSEC3 RR only proves that there is no secure delegation.

  .. change::
    :tags: Bug Fixes
    :pullreq: 8670
    :tickets: 8642

    Fix wrong zoneCuts caused by cache only lookup.

  .. change::
    :tags: Improvements
    :pullreq: 8675
    :tickets: 8646

    Increase default max-qperq.

.. changelog::
  :version: 4.3.0-beta1
  :released: 12th of December 2019

  .. change::
    :tags: Improvements
    :pullreq: 8571

    Better time based data structures

  .. change::
    :tags: Bug Fixes
    :pullreq: 8512

    Remove duplicate RRs inside a RRSet when computing the signature

  .. change::
    :tags: Bug Fixes
    :pullreq: 8560

    Check return value of dup() and avoid fd leak if if fdopen() fails

  .. change::
    :tags: Bug Fixes
    :pullreq: 8559
    :tickets: 8558

    Avoid startup race by setting the state of a thread before starting it.

  .. change::
    :tags: Improvements
    :pullreq: 8561, 8477

    QName Minimization is no longer experimental and is now enabled by default.

  .. change::
    :tags: Bug Fixes
    :pullreq: 8525
    :tickets: 7771

    Purge map of failed auths periodically by keeping a last changed timestamp.

  .. change::
    :tags: Improvements
    :pullreq: 8521
    :tickets: 8518

    Make threads run until asked to stop.

  .. change::
    :tags: Improvements
    :pullreq: 8440

    Fix -Wshadow warnings (Aki Tuomi)

  .. change::
    :tags: Improvements
    :pullreq: 8511

    Do RFC 8020 only if cache entry is dnssec validated

  .. change::
    :tags: Bug Fixes
    :pullreq: 8510

    Avoid mthread race when using the set of rootNSZones.

  .. change::
    :tags: Improvements
    :pullreq: 8492

    Add a parameter to limit the number of '$GENERATE' steps

.. changelog::
  :version: 4.3.0-alpha3
  :released: 29th of October 2019

  .. change::
    :tags: Bug fixes
    :pullreq: 8470

    Prime NS records of root-servers.net parent (.net)

  .. change::
    :tags: Improvements
    :pullreq: 8463

    Update CentOS 6 init script (None)

  .. change::
    :tags: Improvements
    :pullreq: 8451

    Basic validation of $GENERATE parameters

  .. change::
    :tags: Bug fixes
    :pullreq: 8433

    Dns64: stop hiding PTR indirection

  .. change::
    :tags: New features
    :pullreq: 8391
    :tickets: 8358

    Allow multiple simultaneous incoming TCP queries over a connection

  .. change::
    :tags: Improvements
    :pullreq: 8344

    Add signal handling for SIGTERM and SIGINT in pdns_recursor, if we are PID1 (Frank Louwers)

  .. change::
    :tags: New Features
    :pullreq: 8367

    Implement RFC 8020 "NXDOMAIN: There Really Is Nothing Underneath"

  .. change::
    :tags: New features
    :pullreq: 8400

    Add CentOS 8 as builder target

  .. change::
    :tags: Bug fixes
    :pullreq: 8371

    Fix chmod paths in rules files

  .. change::
    :tags: New features
    :pullreq: 8366

    Build Newly Observed Domain (NOD) support by default.

  .. change::
    :tags: Bug fixes
    :pullreq: 8360
    :tickets: 8352

    Rec: chmod/own recursor.conf for the systemd case
    
  .. change::
    :tags: Bug fixes
    :pullreq: 8340
    :tickets: 8338

    Fix #8338: Issue with "zz" abbreviation for IPv6 RPZ triggers

  .. change::
    :tags: Bug fixes
    :pullreq: 8317

    Retry getrandom() on EINTR

  .. change::
    :tags: Improvements
    :pullreq: 8287

    Docs: Add small description for pipe backend about distributor-threads (Donatas Abraitis)

  .. change::
    :tags: Improvements
    :pullreq: 8290

    Improve commandline error reporting for non-opts

  .. change::
    :tags: New features
    :pullreq: 7758

    Recursor webhandler for prometheus metrics (Greg Cockroft)

.. changelog::
  :version: 4.3.0-alpha2
  :released: Never released

.. changelog::
  :version: 4.3.0-alpha1
  :released: 5th of September 2019

  .. change::
    :tags: Bug fixes
    :pullreq: 8256

    Rec: fix two coverity issues

  .. change::
    :tags: New Features
    :pullreq: 8210

    Rec: lua pdns_features table

  .. change::
    :tags: Bug fixes
    :pullreq: 8236

    Add missing inc in rpz findclientpolicy loop.

  .. change::
    :tags: Bug fixes
    :pullreq: 8227

    Fix inverse handler registration logic for snmp.

  .. change::
    :tags: Internals, Improvements
    :pullreq: 8122

    Bail out when no context library is available

  .. change::
    :tags: Internals, Improvements
    :pullreq: 8091

    Some unneeded float<->double conversions.

  .. change::
    :tags: Internals, Improvements
    :pullreq: 8140

    Rec: document that the special-memory-usage stat is excluded by default

  .. change::
    :tags: Bug fixes
    :pullreq: 8142

    Restore the lua binding for dnsname::wirelength()

  .. change::
    :tags: Bug fixes
    :pullreq: 8152

    Rec docs: fix versionadded for maintenance()

  .. change::
    :tags: Internals, Improvements
    :pullreq: 7951
    :tickets: 6942, 8084

    Update boost.m4

  .. change::
    :tags: Bug fixes
    :pullreq: 8089

    Fix the rfc1982lessthan template.

  .. change::
    :tags: Bug fixes
    :pullreq: 8034

    Ensure debian sysv users get set{g,u}id

  .. change::
    :tags: New Features
    :pullreq: 8075

    Builder: add raspbian-buster target

  .. change::
    :tags: Bug fixes
    :pullreq: 8067

    Make sure we always compile with boost_cb_enable_debug set to 0

  .. change::
    :tags: Bug fixes
    :pullreq: 8028

    Limit compression pointers to 14 bits

  .. change::
    :tags: Bug fixes
    :pullreq: 8047
    :tickets: 8008

    Another time sensitive test fixed with a fixednow construct.

  .. change::
    :tags: New Features
    :pullreq: 8000

    Rec: export a protobuf incoming response message for timeouts

  .. change::
    :tags: Internals, Improvements
    :pullreq: 8010

    Rec: small speed improvements in the syncres

  .. change::
    :tags: Internals, Improvements
    :pullreq: 8013

    Don't create temporary strings to escape dnsname labels

  .. change::
    :tags: New Features
    :pullreq: 8001

    Recursor: add devicename field to protobuf messages

  .. change::
    :tags: Bug fixes
    :pullreq: 8008

    Rec: don't go bogus if the auth zone delegation test takes too long

  .. change::
    :tags: Internals, Improvements
    :pullreq: 8007

    Add static assertions for the size of the src address control buffer

  .. change::
    :tags: Internals, Improvements
    :pullreq: 7996
    :tickets: 7981

    Clear cmsg_space(sizeof(data)) in cmsghdr to appease valgrind.

  .. change::
    :tags: Bug fixes
    :pullreq: 7997

    Rec: fix the export of only outgoing queries or incoming responses

  .. change::
    :tags: Internals, Improvements
    :pullreq: 7990
    :tickets: 7981

    Explicitly align the buffer used for cmsgs

  .. change::
    :tags: Bug fixes
    :pullreq: 7946

    Fix a few markup issues in our documentation

  .. change::
    :tags: Internals, Improvements
    :pullreq: 7967
    :tickets: 7949

    Silence unused lambda warning (retry) (fwSmit)

  .. change::
    :tags: New Features
    :pullreq: 7879

    Recursor: don't start as root in systemd

  .. change::
    :tags: Internals, Improvements
    :pullreq: 7945

    Rec: clean ups in the syncres::docnamecachelookup code

  .. change::
    :tags: New Features
    :pullreq: 7757

    Rec experimental qname minimization

  .. change::
    :tags: Bug fixes
    :pullreq: 7871

    Adapt calidns for openbsd and other systems without rcvmmsg(2)

  .. change::
    :tags: Bug fixes
    :pullreq: 7928

    Rec: better detection of bogus zone cuts for dnssec validation

  .. change::
    :tags: Bug fixes
    :pullreq: 7886

    suffixmatchtree: fix root removal, partial match of non-leaf nodes

  .. change::
    :tags: Internals, Improvements
    :pullreq: 7699

    All: dnsname, speeds up tostring() conversion

  .. change::
    :tags: New Features
    :pullreq: 7877

    Rec: set the query-zone field in the dnstap messages. 

  .. change::
    :tags: Internals, Improvements
    :pullreq: 7904

    rec: optimize for large number of filtering policies, empty sections

  .. change::
    :tags: Internals, Improvements
    :pullreq: 7901

    Rec: reuse the outgoing query protobuf for the incoming response

  .. change::
    :tags: Bug fixes
    :pullreq: 7884
    :tickets: 6160, 7235, 7883

    Rec: don't mix time() and gettimeofday() in our unit tests (again)

  .. change::
    :tags: Internals, Improvements
    :pullreq: 7905

    Rec: compare the cachekey type and place first then the name

  .. change::
    :tags: Internals, Improvements
    :pullreq: 7862

    Update boost.m4 to the latest version

  .. change::
    :tags: New Features
    :pullreq: 7868

    Allow unix domains sockets for dnstap destinations

  .. change::
    :tags: Bug fixes
    :pullreq: 7870

    Stubquery: fix handling of optional type arg.

  .. change::
    :tags: Bug fixes
    :pullreq: 7864

    Fix warnings reported by coverity

  .. change::
    :tags: Internals, Improvements
    :pullreq: 7861

    Check if -latomic is needed instead of hardcoding (Rosen Penev)

  .. change::
    :tags: New Features
    :pullreq: 7538

    DNSTAP logging for queries to, and responses from, auths

  .. change::
    :tags: Internals, Improvements
    :pullreq: 7843

    Rec: small speedups in the recursion 'slow' path

  .. change::
    :tags: Internals, Improvements
    :pullreq: 7857

    Add latomic to arc platform (Rosen Penev)

  .. change::
    :tags: Internals, Improvements
    :pullreq: 7548

    Eliminate the loop in syncres::getaddrs()

  .. change::
    :tags: Bug fixes
    :pullreq: 7841

    Recursor: log udp tc bits during trace
