Changelogs for 4.6.X
====================

.. changelog::
  :version: 4.6.6
  :released: 29th of March 2023

  .. change::
    :tags: Bug Fixes
    :pullreq: 12702

    PowerDNS Security Advisory 2023-02: Deterred spoofing attempts can lead to authoritative servers being marked unavailable.

.. changelog::
  :version: 4.6.5
  :released: 25th of November 2022

  .. change::
    :tags: Bug Fixes
    :pullreq: 12229
    :tickets: 12198

    Correct skip record condition in processRecords.

  .. change::
    :tags: Bug Fixes
    :pullreq: 12226
    :tickets: 12189, 12199

    Also consider recursive forward in the "forwarded DS should not end up in negCache code."

  .. change::
    :tags: Bug Fixes
    :pullreq: 12191
    :tickets: 12125

    Timeout handling for IXFRs as a client.

  .. change::
    :tags: Bug Fixes
    :pullreq: 12172
    :tickets: 12066

    Detect invalid bytes in makeBytesFromHex().

  .. change::
    :tags: Bug Fixes
    :pullreq: 12170
    :tickets: 12081

    Log invalid RPZ content when obtained via IXFR.

  .. change::
    :tags: Bug Fixes
    :pullreq: 12167
    :tickets: 12038

    When an expired NSEC3 entry is seen, move it to the front of the expiry queue.

.. changelog::
  :version: 4.6.4
  :released: 20th of September 2022

  .. change::
    :tags: Improvements
    :pullreq: 11937
    :tickets: 11904

    For zones having many NS records, we are not interested in all so take a sample.

  .. change::
    :tags: Bug Fixes
    :pullreq: 11941
    :tickets: 11890

    Failure to retrieve DNSKEYs of an Insecure zone should not be fatal.

  .. change::
    :tags: Improvements
    :pullreq: 11898
    :tickets: 11848

    Also check qperq limit if throttling happened, as it increases counters.

  .. change::
    :tags: Bug Fixes
    :pullreq: 11775
    :tickets: 11773

    Resize answer length to actual received length in udpQueryResponse.

.. changelog::
  :version: 4.6.3
  :released: 23th of August 2022

  .. change::
    :tags: Bug Fixes
    :pullreq: 11876,11874

    PowerDNS Security Advisory 2022-02: incomplete exception handling related to protobuf message generation.

  .. change::
    :tags: Bug Fixes
    :pullreq: 11633,11609

    Fix API issue when asking config values for allow-from or allow-notify-from.

.. changelog::
  :version: 4.6.2
  :released: 4th of April 2022

  .. change::
    :tags: Bug Fixes
    :pullreq: 11418
    :tickets: 11371

    Be more careful using refresh mode only for the record asked.

  .. change::
    :tags: Bug Fixes
    :pullreq: 11380
    :tickets: 11300

    Use the Lua context stored in SyncRes when calling hooks.

  .. change::
    :tags: Bug Fixes
    :pullreq: 11363
    :tickets: 11338

    QType ADDR is supposed to be used internally only.

  .. change::
    :tags: Bug Fixes
    :pullreq: 11362
    :tickets: 11327

    If we get NODATA on an AAAA in followCNAMERecords, try native dns64.

  .. change::
    :tags: Improvements
    :pullreq: 11360
    :tickets: 11283

    Allow disabling of processing the root hints.

  .. change::
    :tags:  Improvements
    :pullreq: 11361
    :tickets: 11288

    Log an error if pdns.DROP is used as rcode in Lua callbacks.

  .. change::
    :tags: Bug Fixes
    :pullreq: 11359
    :tickets: 11257

    Initialize isNew before calling a exception throwing function.

  .. change::
    :tags: Improvements
    :pullreq: 11358
    :tickets: 11245

    A CNAME answer on DS query should abort DS retrieval.

  .. change::
    :tags: Improvements
    :pullreq: 11357
    :tickets: 11225

    Reject non-apex NSEC(3)s that have both the NS and SOA bits set.

  .. change::
    :tags: Improvements
    :pullreq: 11260

    Fix build with OpenSSL 3.0.0.

  .. change::
    :tags: Improvements
    :pullreq: 11170
    :tickets: 11137

    Shorter thread names.

  .. change::
    :tags: Improvements
    :pullreq: 11169
    :tickets: 11109

    Two more features to print (DoT and scrypt).

.. changelog::
  :version: 4.6.1
  :released: 25th of March 2022

  This is a security fix release for :doc:`PowerDNS Security Advisory 2022-01 <../security-advisories/powerdns-advisory-2022-01>`.
  Additionally, because CentOS 8 is End Of Life now, we have switched those builds to Oracle Linux 8. The resulting packages are compatible with RHEL and all derivatives.

  .. change::
    :tags: Bug Fixes
    :pullreq: 11458

    Fix validation of incremental zone transfers (IXFRs).

.. changelog::
  :version: 4.6.0
  :released: 17th of December 2021

  .. change::
    :tags: Improvements
    :pullreq: 11091

    Do not generate event trace records for Lua hooks if no Lua hook is defined.

  .. change::
    :tags: Improvements
    :pullreq: 11092

    Remove capability requirements from Docker images.

.. changelog::
  :version: 4.6.0-rc1
  :released: 3rd of December 2021

  .. change::
    :tags: Bug Fixes
    :pullreq: 11055
    :tickets: 10982

    Condition to HAVE_SYSTEMD_WITH_RUNTIME_DIR_ENV is reversed.
    During build, the runtime directory in the service files for virtual-hosting are now correctly generated.

  .. change::
    :tags: Bug Fixes
    :pullreq: 11025
    :tickets: 10994, 11010

    Do cache negative answers, even when the response was ECS-scoped.

  .. change::
    :tags: Bug Fixes
    :pullreq: 11022
    :tickets: 11018

    Fix logic botch in TCP code introduced by notify handling in 4.6.0-beta2.

  .. change::
    :tags: Bug Fixes
    :pullreq: 11016
    :tickets: 11005

    Include sys/time.h; needed on musl.

.. changelog::
  :version: 4.6.0-beta2
  :released: 17th of November 2021

  .. change::
    :tags: Bug Fixes
    :pullreq: 10980
    :tickets: 10936

    Return the proper extended error code on specific validation failures.

  .. change::
    :tags: Improvements
    :pullreq: 10751
    :tickets: 7014

    Add support for NOTIFY queries to wipe cache entries (Kevin P. Fleming).

  .. change::
    :tags: Bug Fixes
    :pullreq: 10971

    We need a libcurl dev lib for the zone-to-cache function.

.. changelog::
  :version: 4.6.0-beta1
  :released: 9th of November 2021

  .. change::
    :tags: Improvements
    :pullreq: 10865

    Return documented reply on /api/v1 access.

  .. change::
    :tags: Bug Fixes
    :pullreq: 10943
    :tickets: 10938

    Credentials: EVP_PKEY_CTX_set1_scrypt_salt() takes an `unsigned char*`.

  .. change::
    :tags: Improvements
    :pullreq: 10919
    :tickets: 10852

    Add more UDP error metrics (checksum, IPv6).

  .. change::
    :tags: Improvements
    :pullreq: 10930,10965

    Move to a stream based socket for the control channel.

  .. change::
    :tags: Improvements
    :pullreq: 10901

    ZoneParserTNG: Stricter checks when loading a zone file.

  .. change::
    :tags: Bug Fixes
    :pullreq: 10926

    Fix regression of carbon-ourname.

  .. change::
    :tags: Improvements
    :pullreq: 10891

    Implement fd-usage metric for OpenBSD.

.. changelog::
  :version: 4.6.0-alpha2
  :released: 25th of October 2021

  .. change::
    :tags: Improvements
    :pullreq: 10646,10868,10870

    Move to modern C++ constructs (Rosen Penev).

  .. change::
    :tags: Bug Fixes
    :pullreq: 10842

    Correct appliedPolicyTrigger value for IP matches.

  .. change::
    :tags: Improvements
    :pullreq: 10843

    NOD - use structured logging API.

  .. change::
    :tags: Improvements
    :pullreq: 10847

    Sync dnsmessage.proto.

  .. change::
    :tags: Improvements
    :pullreq: 10567
    :tickets: 7558,7420

    Introduce experimental Event Trace function to get a more detailed view the work done by the Recursor.

  .. change::
    :tags: Improvements
    :pullreq: 10797
    :tickets: 9135

    Use packetcache-servfail-ttl for all packet cache entries considered an error reply.

  .. change::
    :tags: Improvements
    :pullreq: 10505,10794,10799

    Add a periodic zones-to-cache function.

  .. change::
    :tags: Bug Fixes
    :pullreq: 10768

    Use the correct RPZ policy name when loading via XFR.

  .. change::
    :tags: Bug Fixes
    :pullreq: 10760

    Don't create file with wide permissions.

  .. change::
    :tags: Bug Fixes
    :pullreq: 10757

    Update the stats (serial, number of records, timestamp) for RPZ files.


             
.. changelog::
  :version: 4.6.0-alpha1
  :released: 29th of September 2021

  .. change::
    :tags: Improvements
    :pullreq: 10669

    TCP/DoT outgoing connection pooling.

  .. change::
    :tags: Bug Fixes
    :pullreq: 10718
    :tickets: 10713

    Only the DNAME records are authoritative in DNAME answers.

  .. change::
    :tags: Improvements
    :pullreq: 10599

    Be more strict when validating DS with respect to parent/child NSEC(3)s.

  .. change::
    :tags: Bug Fixes
    :pullreq: 10633
    :tickets: 10632

    Pass the Lua context to follow up queries (follow CNAME, dns64).

  .. change::
    :tags: Improvements
    :pullreq: 10605
    :tickets: 10554

    Keep a count of per RPZ (or filter) hits.

  .. change::
    :tags: Bug Fixes
    :pullreq: 10622
    :tickets: 10621

    Detect a loop when the denial of the DS comes from the child zone.

  .. change::
    :tags: Improvements
    :pullreq: 10554,10738
    :tickets: 10735

    Modify per-thread cpu usage stats to be Prometheus-friendly.

  .. change::
    :tags: Improvements
    :pullreq: 10598

    Refactor almost-expired code and add more detailed stats.

  .. change::
    :tags: Improvements
    :pullreq: 10546

    Add dns64 metrics.

  .. change::
    :tags: Bug Fixes
    :pullreq: 10602

    Process policy and potential Drop action after Lua hooks.

  .. change::
    :tags: Improvements
    :pullreq: 10634
    :tickets: 10631

    Move macOS to kqueue event handler and assorted compile fixes.

  .. change::
    :tags: Bug Fixes
    :pullreq: 10565

    Do not use DNSKEYs found below an apex for validation.

  .. change::
    :tags: Improvements
    :pullreq: 10122,10663
    :tickets: 9077,10122

    Cumulative and Prometheus friendly histograms.

  .. change::
    :tags: Improvements
    :pullreq: 10428,10659,10533

    Rewrite of outgoing TCP code and implement DoT to auth or forwarders.

  .. change::
    :tags: Improvements
    :pullreq: 10467

    Switch OpenBSD to kqueue event handler.

  .. change::
    :tags: Improvements
    :pullreq: 10396
    :tickets: 10395

    Take into account g_quiet when determining loglevel and change a few loglevels.

  .. change::
    :tags: Improvements
    :pullreq: 10349,10623

    Move to tcpiohandler for outgoing TCP, sharing much more code with dnsdist.

  .. change::
    :tags: Improvements
    :pullreq: 10288

    Deprecate offensive setting names.

  .. change::
    :tags: Improvements
    :pullreq: 10160

    Implement structured logging API.

  .. change::
    :tags: Improvements
    :pullreq: 10264

    Disable PMTU for IPv6.

  .. change::
    :tags: Improvements
    :pullreq: 10157

    Move to hashed passwords for the web interface.

  .. change::
    :tags: Improvements
    :pullreq: 10491

    Rec: Add bindings to set arbitrary key-value metadata in logged messages
