Changelogs for 4.7.X
====================

.. changelog::
  :version: 4.7.6
  :released: 25th of August 2023

  .. change::
    :tags: Bug Fixes
    :pullreq: 13157
    :tickets: 13105

    (I)XFR: handle partial read of len prefix.

  .. change::
    :tags: Bug Fixes
    :pullreq: 13079
    :tickets: 12892

    YaHTTP: Prevent integer overflow on very large chunks.

  .. change::
    :tags: Bug Fixes
    :pullreq: 13075
    :tickets: 12961

    Work around Red Hat 8 misfeature in OpenSSL's headers.

  .. change::
    :tags: Bug Fixes
    :pullreq: 13058
    :tickets: 13021

    Fix setting of policy tags for packet cache hits.

.. changelog::
  :version: 4.7.5
  :released: 29th of March 2023

  .. change::
    :tags: Bug Fixes
    :pullreq: 12701

    PowerDNS Security Advisory 2023-02: Deterred spoofing attempts can lead to authoritative servers being marked unavailable.

.. changelog::
  :version: 4.7.4
  :released: 25th of November 2022

  .. change::
    :tags: Bug Fixes
    :pullreq: 12231
    :tickets: 12046

    Fix compilation of the event ports multiplexer.

  .. change::
    :tags: Bug Fixes
    :pullreq: 12230
    :tickets: 12198

    Correct skip record condition in processRecords.

  .. change::
    :tags: Bug Fixes
    :pullreq: 12227
    :tickets: 12189, 12199

    Also consider recursive forward in the "forwarded DS should not end up in negCache code."

  .. change::
    :tags: Bug Fixes
    :pullreq: 12190
    :tickets: 12125

    Timeout handling for IXFRs as a client.

  .. change::
    :tags: Bug Fixes
    :pullreq: 12173
    :tickets: 12066

    Detect invalid bytes in makeBytesFromHex().

  .. change::
    :tags: Bug Fixes
    :pullreq: 12171
    :tickets: 12081

    Log invalid RPZ content when obtained via IXFR.

  .. change::
    :tags: Bug Fixes
    :pullreq: 12168
    :tickets: 12038

    When an expired NSEC3 entry is seen, move it to the front of the expiry queue.

.. changelog::
  :version: 4.7.3
  :released: 20th of September 2022

  .. change::
    :tags: Improvements
    :pullreq: 11936
    :tickets: 11904

    For zones having many NS records, we are not interested in all so take a sample.

  .. change::
    :tags: Bug Fixes
    :pullreq: 11940
    :tickets: 11890

    Failure to retrieve DNSKEYs of an Insecure zone should not be fatal.

  .. change::
    :tags: Improvements
    :pullreq: 11897
    :tickets: 11848

    Also check qperq limit if throttling happened, as it increases counters.

  .. change::
    :tags: Bug Fixes
    :pullreq: 11879
    :tickets: 11850

    Fix recursor not responsive after Lua config reload.

  .. change::
    :tags: Bug Fixes
    :pullreq: 11847
    :tickets: 11843

    Clear the caches *after* loading authzones.

  .. change::
    :tags: Bug Fixes
    :pullreq: 11774
    :tickets: 11773

    Resize answer length to actual received length in udpQueryResponse.

.. changelog::
  :version: 4.7.2
  :released: 23th of August 2022

  .. change::
    :tags: Bug Fixes
    :pullreq: 11877,11874

    PowerDNS Security Advisory 2022-02: incomplete exception handling related to protobuf message generation.

.. changelog::
  :version: 4.7.1
  :released: 8th of July 2022

  .. change::
    :tags: Improvements
    :pullreq: 11750
    :tickets: 11726, 11724

    Allow generic format while parsing zone files for ZoneToCache.

  .. change::
    :tags: Bug Fixes
    :pullreq: 11748
    :tickets: 11692

    Run tasks from housekeeping thread in the proper way, causing
    queued DoT probes to run more promptly. Thanks to Jerry Lundström!

  .. change::
    :tags: Improvements
    :pullreq: 11740
    :tickets: 11735

    Force gzip compression for debian packages (Zash).

.. changelog::
  :version: 4.7.0
  :released: 30th of May 2022

  .. change::
    :tags: Bug Fixes
    :pullreq: 11632
    :tickets: 11609

    Fix API issue when asking config values for allow-from or allow-notify-from.

.. changelog::
  :version: 4.7.0-rc1
  :released: 6th of May 2022

  .. change::
    :tags: Bug Fixes
    :pullreq: 11559
    :tickets: 11539

    Prometheus #HELP texts: DNSSEC counters track responses sent, not actual validations performed.

  .. change::
    :tags: Bug Fixes
    :pullreq: 11560
    :tickets: 11541

    Fix DoT port and protocol used for probed authoritative servers.

  .. change::
    :tags: Bug Fixes
    :pullreq: 11538
    :tickets: 11536

    Fix Coverity 1487923 Out-of-bounds read (wrong use of sizeof).

.. changelog::
  :version: 4.7.0-beta1
  :released: 14th of April 2022

  .. change::
    :tags: Improvements
    :pullreq: 11487

    Probe authoritative servers for DoT support (experimental).

  .. change::
    :tags: Bug Fixes
    :pullreq: 11524

    Update moment.min.js (path traversal fix; we are unaffected).

  .. change::
    :tags: Improvements
    :pullreq: 11492

    Add deferred mode for retrieving additional records.

  .. change::
    :tags: Improvements
    :pullreq: 11484

    Use boost::mult-index for nsspeed table and make it shared.

  .. change::
    :tags: Bug Fixes
    :pullreq: 11496

    Prevent segfault with empty allow-from-file and allow-from options (Sven Wegener).

  .. change::
    :tags: Improvements
    :pullreq: 11312

    Packet cache improvements: do not fill beyond limit and use strict LRU eviction method.

  .. change::
    :tags: Improvements
    :pullreq: 11444

    Use nice format for timestamp printing.

  .. change::
    :tags: Bug Fixes
    :pullreq: 11471

    In the handler thread, call sd_notify() just before entering the main loop in RecursorThread.

  .. change::
    :tags: Improvements
    :pullreq: 11445
    :tickets: 11440

    Only log "Unable to send NOD lookup" if log-common-errors is set.

  .. change::
    :tags: Improvements
    :pullreq: 11443

    Remember parent NS set, to be able to fallback to it if needed.

  .. change::
    :tags: Improvements
    :pullreq: 11396, 11507

    Proxy by table: allow a table based mapping of source address.

  .. change::
    :tags: Bug Fixes
    :pullreq: 11405

    Distinguish between unreachable and timeout for throttling.

  .. change::
    :tags: Bug Fixes
    :pullreq: 11397

    Use correct task to clean outgoing TCP.

.. changelog::
  :version: 4.7.0-alpha1
  :released: 28th of February 2022

  .. change::
    :tags: Bug Fixes
    :pullreq: 11338, 11349
    :tickets: 11337

    QType ADDR is supposed to be used internally only.

  .. change::
    :tags: Bug Fixes
    :pullreq: 11347

    Fix unaligned access in murmur hash code used by the Newly Observed Domain feature.

  .. change::
    :tags: Improvements
    :pullreq: 11302
    :tickets: 11294

    Add Additional records to query results if appropriate and configured.

  .. change::
    :tags: Improvements
    :pullreq: 11294

    Resolve AAAA for NS in an async task if applicable.

  .. change::
    :tags: Bug Fixes
    :pullreq: 11327
    :tickets: 11320

    A Lua followCNAME result might need native dns64 processing.

  .. change::
    :tags: Improvements
    :pullreq: 11319

    Read the base Lua definitions into the Lua context for reading the Lua config.

  .. change::
    :tags: Bug Fixes
    :pullreq: 11300
    :tickets: 11289

    Use the Lua context stored in SyncRes when calling hooks.

  .. change::
    :tags: Improvements
    :pullreq: 11307

    Add SNI information to outgoing DoT if available.

  .. change::
    :tags: Improvements
    :pullreq: 11305

    Detect a malformed question early so we can drop it as soon as possible.

  .. change::
    :tags: Improvements
    :pullreq: 11252

    Thread management re-factoring.

  .. change::
    :tags: Improvements
    :pullreq: 11288
    :tickets: 11287

    Document changes to policy.DROP better and warn on using the now unsupported way.

  .. change::
    :tags: Improvements
    :pullreq: 11283

    Allow disabling of processing root hints and lower log level of some related messages.

  .. change::
    :tags: Improvements
    :pullreq: 11269

    Move two maps (failed servers and non-resolving nameservers) from thread_local to shared.

  .. change::
    :tags: Improvements
    :pullreq: 11245

    A CNAME answer on DS query should abort DS retrieval.

  .. change::
    :tags: Improvements
    :pullreq: 11189,11100

    ZONEMD validation for Zone to Cache function.

  .. change::
    :tags: Improvements
    :pullreq: 11186
    :tickets: 11178

    By default, build with symbol visibility hidden.

  .. change::
    :tags: Improvements
    :pullreq: 11164

    Update protozero to 1.7.1.

  .. change::
    :tags: Improvements
    :pullreq: 11074

    Add Lua postresolve_ffi hook.

  .. change::
    :tags: Improvements
    :pullreq: 11036

    Compute step sizes for Query Minimization according to RFC 9156.

  .. change::
    :tags: Bug Fixes
    :pullreq: 11030
    :tickets: 11021

    Make incoming TCP bookkeeping more correct.


