.. changelog::
:version: 4.1.0-rc2
+ :released: 3rd of November 2017
+
+ This is the second release candidate of the PowerDNS Authoritative Server in the 4.1 release train.
+
+ This release has several performance improvements, stability and
+ correctness fixes.
+
+ .. change::
+ :tags: Packages, New Features
+ :pullreq: 5665
+
+ Add :doc:`PKCS#11 <../../dnssec/pkcs11>` support to packages on Operating Systems that support it.
+
+ .. change::
+ :tags: Bug Fixes, Internals, Tools
+ :pullreq: 5684
+ :tickets: 5673
+
+ Improve trailing dot handling internally which lead to a segfault in
+ pdnsutil before.
+
+ .. change::
+ :tags: Bug Fixes, Internals
+ :pullreq: 5678
+
+ Treat requestor's payload size lower than 512 as equal to 512.
+ Before, we did not follow :rfc:`RFC 6891 section 6.2.3 <6891#section-6.2.3>` correctly.
+
+ .. change::
+ :tags: Improvements, LDAP
+ :pullreq: 5584
+
+ Add support for new record types to the LDAP backend.
+
+ .. change::
+ :tags: API, Bug Fixes
+ :pullreq: 5696
+
+ For zone PATCH requests, add new ``X-PDNS-Old-Serial`` and
+ ``X-PDNS-New-Serial`` response headers with the zone serials before
+ and after the changes.
+
+ .. change::
+ :tags: Bug Fixes
+ :pullreq: 5710
+ :tickets: 5692
+
+ Remove "" around secpoll result which fixes ``pdns_control show
+ security-status`` not working.
+
+ .. change::
+ :tags: Bug Fixes, BIND
+ :pullreq: 5702
+
+ Make bindbackend startTransaction to return false when it has
+ failed. (Aki Tuomi)
+
+ .. change::
+ :tags: Bug Fixes, DNSSEC, API
+ :pullreq: 5704
+
+ Make default options singular and use defaults in Cryptokey API-endpoint
+
+ .. change::
+ :tags: Bug Fixes, Tools
+ :pullreq: 5729
+ :tickets: 5719
+
+ Remove printing of DS records from ``pdnsutil export-zone-dnskey …``. This was not only inconsistent behaviour but also done incorrectly.
+
+ .. change::
+ :tags: Bug Fixes, DNSSEC
+ :pullreq: 5722
+ :tickets: 5721
+
+ Make the auth also publish CDS/CDNSKEY records for inactive keys, as
+ this is needed to roll without double sigs.
+
+ .. change::
+ :tags: Bug Fixes, DNSSEC
+ :pullreq: 5734
+
+ Fix a crash when getting a public GOST key if the private one is not set.
+
+ .. change::
+ :tags: Bug Fixes, Internals
+ :pullreq: 5766
+ :tickets: 5767
+
+ Correctly purge entries from the caches after a transfer. Since the
+ QC/PC split up, we only removed entries for the AXFR'd domain from
+ the packet cache, not the query cache.
+ We also did not remove entries in case of IXFR.
+
+ .. change::
+ :tags: Bug Fixes, Internals
+ :pullreq: 5791
+
+ When throwing because of bogus content in the tinydns database,
+ report the offending name+type so the admin can find the offending
+ record.
.. change::
:tags: DNSSEC, Bug Fixes
Ignore SOA-EDIT for PRESIGNED zones.
.. change::
- :tags: Packages, New Features
- :pullreq: 5665
+ :tags: Bug Fixes, MySQL
+ :pullreq: 5820
+ :tickets: 5675
- Add :doc:`PKCS#11 <../../dnssec/pkcs11>` support to packages on Operating Systems that support it.
+ Log the needed size when a MySQL result was truncated.
+
+ .. change::
+ :tags: API, DNSSEC, New Features
+ :pullreq: 5779
+ :tickets: 3417, 5712
+
+ Rectify zones via the API. (Nils Wisiol)
+
+ * Move the pdnsutil rectification code to the DNSSECKeeper
+ * Generate DNSSEC keys for a zone when "dnssec" is true in an API POST/PATCH for zones
+ * Rectify DNSSEC zones after POST/PATCH when API-RECTIFY metadata is 1
+ * Allow setting this metadata via the "api-rectify" param in a Zone object
+ * Show "nsec3param" and "nsec3narrow" in Zone API responses
+ * Add an "rrsets" request parameter for a zone to skip sending RRSets in the response
+ * Add rectify endpoint in the API
+
+ .. change::
+ :tags: Improvements
+ :pullreq: 5842
+
+ Add :ref:`log-timestamp` option. This option can be used to disable
+ printing timestamps to stdout, this is useful when using
+ systemd-journald or another supervisor that timestamps stdout by
+ itself. As the logs will not have 2 timestamps.
+
+ .. change::
+ :tags: Internals, Improvements
+ :pullreq: 5498
+ :tickets: 2250, 5734, 5797, 5889
+
+ Add support for Botan 2.x and drop support for Botan 1.10 (the
+ latter thanks to Kees Monshouwer).
+
+ .. change::
+ :tags: DNSSEC, Improvements
+ :pullreq: 5838
+ :tickets: 5767
+
+ Stop doing individual RRSIG queries during outbound AXFR. (Kees Monshouwer)
+
+ .. change::
+ :tags: BIND, Improvements
+ :pullreq: 5810
+ :tickets: 5115, 5807
+
+ Fix issues when b2b-migrating from the BIND backend to a database:
+
+ * No masters were set in the target db (#5807)
+ * Only the last master in the list of masters would be added to the target database
+ * The BIND backend was not fully aware of native zones
.. changelog::
:version: 4.1.0-rc1
projects / pdns / commitdiff