either through bugfixes or by catering to their needs beyond the specifications.
</para>
<para>
- Changes since 3.2:
+ New features and important changes since 3.2:
<itemizedlist>
<listitem>
<para>
- gd725755: make pdns-static Conflict with pdns-server, closes t640
+ g04576ee, gb0e15c8: Implement pdnssec increase-serial, thanks Ruben.
</para>
</listitem>
<listitem>
<para>
- g49977c6: fix bug in boost.m4 where it insists on setting -L, causing useless RPATH in our binaries. Closes t728
+ gcee857b: PowerDNS now sets additional groups while dropping privileges.
</para>
</listitem>
<listitem>
<para>
- g62ac758: use PolarSSL for MD5 hashing instead of shipping our own copy of md5 hashing code.
+ g7796a3b: Merge support for include-dir directive, thanks Aki Tuomi!
</para>
</listitem>
<listitem>
<para>
- gc0d5504: pdnssec now emits 'INSERT INTO domain ..' queries when running without named.conf
+ gd725755: make pdns-static Conflict with pdns-server, closes t640
</para>
</listitem>
<listitem>
<para>
- ga1d6b0c: send extra NSEC3 because old BIND9 needs it, closes t814.
+ gc0d5504: pdnssec now emits 'INSERT INTO domain ..' queries when running without named.conf
</para>
</listitem>
<listitem>
<para>
- g775acd9: give a better error on trying to add nsec3 parameters to a weird zone like "1 0 1 ab" (which indicates that you forgot to specify a zone name on the command line). Fixes t800.
+ ga1d6b0c: Older versions of the BIND 9 validating recursor need a superfluous NSEC3 record on positive wildcard responses. We now send this extra NSEC3. Closes t814.
</para>
</listitem>
<listitem>
</listitem>
<listitem>
<para>
- g4af49b8, g4cec6ac: add ability to create an 'active' or inactive key using add-zone-key and import-zone-key, plus silenced some debugging. Fixes t707.
+ g032e390: make pdnssec exit with 1 on some error conditions, closes t677
</para>
</listitem>
+
<listitem>
<para>
- gfae4167: Compiling against Lua 5.2 (--with-lua=lua5.2) now disables some code used for regression
- testing. This means that Lua 5.2 can be used in production.
+ g4af49b8, g4cec6ac: add ability to create an 'active' or inactive key using add-zone-key and import-zone-key, plus silenced some debugging. Fixes t707.
</para>
</listitem>
<listitem>
<para>
- g315dd2e: Simplify socket listening code, and make sure we always set the nonblocking flag correctly. Patch by Mark Zealey, closes t664.
+ gfae4167: Compiling against Lua 5.2 (--with-lua=lua5.2) now disables some code used for regression
+ testing, instead of breaking during compile. This means that Lua 5.2 can be used in production.
</para>
</listitem>
<listitem>
</listitem>
<listitem>
<para>
- g830281f, Gaef7330: Accept chars >127 ('high ASCII') in TXT records, closing t541 and T723.
+ gdf55450: Non-DNSSEC ANY queries no longer get sent DNSSEC records. This improves
+ interoperability with some old resolvers. Patch by Kees Monshouwer.
</para>
</listitem>
<listitem>
<para>
- gb35da1b: if_ether.h is in netinet/ not net/ on OpenBSD, thanks Florian Obser.
+ g04b4bf6: Merge support for not using opt-out with NSEC3. Many thanks to Kees Monshouwer.
</para>
</listitem>
<listitem>
<para>
- g63347c6: Don't store edited soa serial for INCREMENT soa-edit kinds
+ g8db49a6: We now try not to NOTIFY ourselves. In convoluted cases involving REUSE_PORT and binding to
+ 0.0.0.0 and ::, it might be possible that we guess wrong, in which case you can set
+ prevent-self-notification to off.
</para>
</listitem>
+ </itemizedlist>
+ </para>
+ <para>
+ Important bug fixes:
+ <itemizedlist>
<listitem>
<para>
- g71301b6: Replicate gsql backend feature of having separate -auth queries for DNSSEC into oraclebackend. Also lets you disable dnssec if you are not ready for it. Closes t527.
+ g63e365d: don't mess up encoding when copying qname from question to answer in packetcache. Based on
+ reports&debugging by Jimmy Bergman (sigint), Daniel Norman (Loopia) and the fine people at ISC.
+ This avoids most issues related to BIND 9 erroneously blacklisting PowerDNS for lack of EDNS support.
</para>
</listitem>
<listitem>
<para>
- g032e390: make pdnssec exit with 1 on some error conditions, closes t677
+ g3526186: fix backslash handling in TXT parser, includes test. Thanks jpmens
</para>
</listitem>
<listitem>
<para>
- g2125dac: drop unused ignore-rd-bit flag
+ g830281f, Gaef7330: Accept chars >127 ('high ASCII') in TXT records, closing t541 and T723.
</para>
</listitem>
<listitem>
<para>
- g8c1a6d6: NSECx optimizations, thanks Kees Monshouwer.
+ gfeef1ec: fix missing NSEC3 for secure delegation, thanks Kees Monshouwer, closes t682
</para>
</listitem>
<listitem>
<para>
- g664716a: drop unused variables in lua backend (t653)
+ gb61e407: around Thursday midnight, during signature rollovers, we would update the SOA serial too early. Fixed by reverting gd90efbf, adding 7 days margin to inception. Fix by Kees Monshouwer.
</para>
</listitem>
<listitem>
<para>
- gd8ec70f: fix db2 backend includes (t653)
+ gff64750: make sure mixed-case queries get a correct apex NSEC3 type bitmap
</para>
</listitem>
<listitem>
<para>
- g6477102: add goracle schema
+ g4b153d8: always lowercase next name in NSEC to avoid interop troubles with validators, thanks Marco Davids&Matthijs Mekking.
</para>
</listitem>
+ </itemizedlist>
+ </para>
+ <para>
+ Other changes:
+ <itemizedlist>
<listitem>
<para>
- g9118638: make goraclebackend "at least work", closes t729
+ g49977c6: fix bug in boost.m4 where it insists on setting -L, causing useless RPATH in our binaries. Closes t728
</para>
</listitem>
<listitem>
<para>
- ge0ad7bb: add DS digest type 4 to show-zone output; add algorithm names. Based on a patch by Aki Tuomi,
- closes t744
+ g62ac758: use PolarSSL for MD5 hashing instead of shipping our own copy of md5 hashing code.
</para>
</listitem>
<listitem>
<para>
- g61a7fac: enable AM_SILENT_RULES, closing t647
+ g775acd9: give a better error on trying to add nsec3 parameters to a weird zone like "1 0 1 ab" (which indicates that you forgot to specify a zone name on the command line). Fixes t800.
</para>
</listitem>
<listitem>
<para>
- g7796a3b: Merge support for include-dir directive, thanks Aki Tuomi!
+ g315dd2e: Simplify socket listening code, and make sure we always set the nonblocking flag correctly. Patch by Mark Zealey, closes t664.
</para>
</listitem>
<listitem>
<para>
- g04576ee, gb0e15c8: Implement pdnssec increase-serial, thanks Ruben.
+ gb35da1b: if_ether.h is in netinet/ not net/ on OpenBSD, thanks Florian Obser.
</para>
</listitem>
<listitem>
<para>
- gcee857b: add supplementary groups support
+ g71301b6: Replicate gsql backend feature of having separate -auth queries for DNSSEC into oraclebackend. Also lets you disable dnssec if you are not ready for it. Closes t527.
</para>
</listitem>
<listitem>
<para>
- gcc6bf4c: Merge branch 'nodnssecany' of github.com:mind04/pdns into mind04-nodnssecany
+ g2125dac: drop unused ignore-rd-bit flag
</para>
</listitem>
<listitem>
<para>
- g837f4b4: do a better job at escaping TXT, fixes t795
+ g8c1a6d6: NSECx optimizations, thanks Kees Monshouwer.
</para>
</listitem>
<listitem>
<para>
- g6ca3fa7: add SOA-EDIT INCEPTION-INCREMENT mode, thanks stbuehler
+ g664716a: drop unused variables in lua backend (t653)
</para>
</listitem>
<listitem>
<para>
- g6159c49: Add connection info to sql-connect message
+ gd8ec70f: fix db2 backend includes (t653)
</para>
</listitem>
<listitem>
<para>
- g9f62e34, g0fc965f, g2035112: Added EUI48 and EUI64 record types
+ g6477102: add goracle schema
</para>
</listitem>
<listitem>
<para>
- gf9cf6d9: cut the number of database queries in half for AXFR-in
+ g9118638: make goraclebackend "at least work", closes t729
</para>
</listitem>
<listitem>
<para>
- g04b4bf6: Merge support for not using opt-out with NSEC3. Many thanks to Kees Monshouwer.
+ ge0ad7bb: add DS digest type 4 to show-zone output; add algorithm names. Based on a patch by Aki Tuomi,
+ closes t744
</para>
</listitem>
<listitem>
<para>
- gfeef1ec: fix missing NSEC3 for secure delegation, thanks Kees Monshouwer, closes t682
+ g61a7fac: enable AM_SILENT_RULES, closing t647
</para>
</listitem>
<listitem>
<para>
- g8db49a6: after a decade+.. finally try to stop notifying ourselves. In convoluted cases involving REUSE_PORT and binding to 0.0.0.0 and ::, it might be possible that we guess wrong, in which case we now provide & document the setting prevent-self-notification which you could then set to off.
+ gcc6bf4c: Merge branch 'nodnssecany' of github.com:mind04/pdns into mind04-nodnssecany
</para>
</listitem>
<listitem>
<para>
- gc87f987: add default for SOA contact e-mail
+ g837f4b4: do a better job at escaping TXT, fixes t795
</para>
</listitem>
<listitem>
<para>
- gbb4a573: move random backend to modules
+ g6ca3fa7: add SOA-EDIT INCEPTION-INCREMENT mode, thanks stbuehler
</para>
</listitem>
<listitem>
<para>
- g1071abd: restyle builtin webserver page
+ g6159c49: Add connection info to sql-connect message
</para>
</listitem>
<listitem>
<para>
- gb61e407: revert gd90efbf and add 7 days margin to inception
+ g9f62e34, g0fc965f, g2035112: Added EUI48 and EUI64 record types
</para>
</listitem>
<listitem>
<para>
- gcd5e158: correct bogus use of poll(2) related constants, improving non-Linux portability. Thanks Wouter de Jong
+ gf9cf6d9: cut the number of database queries in half for AXFR-in
</para>
</listitem>
<listitem>
<para>
- g27ff60a: make sure our NSEC(3)s for names with spaces in them are correct. Reported by Jimmy Bergman. Includes test.
+ gc87f987: add default for SOA contact e-mail
</para>
</listitem>
<listitem>
<para>
- g116e28a: reduce log level of successful gpgsql/gsqlite3 connection to Info
+ gbb4a573: move random backend to modules
</para>
</listitem>
<listitem>
<para>
- gdf55450: Don't add dnssec info, to any query results, for non validating resolvers.
+ g1071abd: restyle builtin webserver page
</para>
</listitem>
<listitem>
<para>
- gb23b90a: Metadata update is now in the same transaction as the AXFR. This improves slaving speed
- tremendously, especially for SQLite users.
+ gcd5e158: correct bogus use of poll(2) related constants, improving non-Linux portability. Thanks Wouter de Jong
</para>
</listitem>
<listitem>
<para>
- g4620e8a: Added zone2json
+ g27ff60a: make sure our NSEC(3)s for names with spaces in them are correct. Reported by Jimmy Bergman. Includes test.
</para>
</listitem>
<listitem>
<para>
- gff64750: make sure mixed-case queries get a correct apex NSEC3 type bitmap
+ g116e28a: reduce log level of successful gpgsql/gsqlite3 connection to Info
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ gb23b90a: Metadata update is now in the same transaction as the AXFR. This improves slaving speed
+ tremendously, especially for SQLite users.
</para>
</listitem>
<listitem>
<para>
- g4b153d8: always lowercase next name in NSEC to avoid interop troubles with validators, thanks Marco Davids&Matthijs Mekking
+ g4620e8a: Added zone2json
</para>
</listitem>
<listitem>
g6c4e531: disarm dead code that causes gcc crashes on ARM, thanks Morten Stevens
</para>
</listitem>
- <listitem>
- <para>
- g63e365d: don't mess up encoding when copying qname from question to answer in packetcache. Based on reports&debugging by Jimmy Bergman (sigint), Daniel Norman (Loopia) and the fine people at ISC
- </para>
- </listitem>
<listitem>
<para>
g36855b5: if we failed to make a new UDP socket, we'd report a confusing error about it
</listitem>
<listitem>
<para>
- g36758d2: merge t476 by Aki Tuomi, providing default-ksk/zsk-algorithms/size configuration parameters for pdnssec. Also cleans up some duplicate code
+ g36758d2: merge t476 by Aki Tuomi, providing default-ksk/zsk-algorithms/size configuration parameters for pdnssec.
</para>
</listitem>
<listitem>
g9566683: merge patch from ticket 712 addressing memory leak in remotebackend (thanks Aki for the fix!)
</para>
</listitem>
- <listitem>
- <para>
- g3526186: fix backslash handling in TXT parser, includes test. Thanks jpmens
- </para>
- </listitem>
<listitem>
<para>
gfb6ed6f: explicitly set domain id during bindbackend superslave domain create, thanks Kees Monshouwer&Aki Tuomi
projects / pdns / commitdiff