From: aerique Date: Mon, 30 Oct 2017 11:23:32 +0000 (+0100) Subject: Merge pull request #5869 from aerique:feature/update-rec-changelog X-Git-Tag: rec-4.1.0-rc2^0 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=6425370d60b78beee6a86c96990b6dcaa9a19658;p=pdns Merge pull request #5869 from aerique:feature/update-rec-changelog Update the ChangeLog and secpoll for Recursor 4.1.0 RC2. --- diff --git a/docs/secpoll.zone b/docs/secpoll.zone index 20f553db4..35545c016 100644 --- a/docs/secpoll.zone +++ b/docs/secpoll.zone @@ -140,6 +140,7 @@ recursor-4.0.5.security-status 60 IN TXT "1 OK" recursor-4.0.6.security-status 60 IN TXT "1 OK" recursor-4.1.0-alpha1.security-status 60 IN TXT "1 OK" recursor-4.1.0-rc1.security-status 60 IN TXT "1 OK" +recursor-4.1.0-rc2.security-status 60 IN TXT "1 OK" ; Recursor Debian recursor-3.6.2-2.debian.security-status 60 IN TXT "3 Upgrade now, see https://doc.powerdns.com/3/security/powerdns-advisory-2015-01/ and https://doc.powerdns.com/3/security/powerdns-advisory-2016-02/" diff --git a/pdns/recursordist/docs/changelog/4.1.rst b/pdns/recursordist/docs/changelog/4.1.rst index 2051ad1e4..fa1f71a34 100644 --- a/pdns/recursordist/docs/changelog/4.1.rst +++ b/pdns/recursordist/docs/changelog/4.1.rst @@ -1,6 +1,97 @@ Changelogs for 4.1.x ==================== +.. changelog:: + :version: 4.1.0-rc2 + :released: …th of November 2017 + + The second Release Candidate contains several correctness fixes for DNSSEC, + mostly in the area of verifying negative responses. + + Also thanks Christian Hofstaedtler for help on the documentation! + + .. change:: + :tags: API, Improvements + :pullreq: 5805 + + Improve logging for the built-in :doc:`webserver <../../http-api/index>` + and the :ref:`Carbon ` sender. + + .. change:: + :tags: DNSSEC, Bug Fixes + :pullreq: 5808 + + Check that the NSEC covers an empty non-terminal when looking for NODATA. + + .. change:: + :tags: Improvements, Internals + :pullreq: 5824 + :tickets: 5663 + + New b.root ipv4 address (Kees Monshouwer). + + .. change:: + :tags: Bug Fixes, Internals + :pullreq: 5740 + + Lowercase all outgoing qnames when :ref:`setting-lowercase-outgoing` is set. + + .. change:: + :tags: DNSSEC, Improvements + :pullreq: 5834 + + Don't directly store NSEC3 records in the positive cache. + + .. change:: + :tags: Improvements + :pullreq: 5774 + + Add :ref:`experimental metrics ` that track the time spent inside PowerDNS per query. + These metrics ignore time spent waiting for the network. + + .. change:: + :tags: DNSSEC, Bug Fixes + :pullreq: 5835 + :tickets: 5827 + + Disable validation for infrastructure queries (e.g. when recursing for a name). + Also validate entries from the Negative cache if they were not validated before. + + .. change:: + :tags: Improvements + :pullreq: 5842 + + Add :ref:`setting-log-timestamp` setting. This option can be used to disable + printing timestamps to stdout, this is useful when using ``systemd-journald`` + or another supervisor that timestamps output by itself. + + .. change:: + :tags: Bug Fixes + :pullreq: 5762 + :tickets: 5439 + + Create :ref:`setting-socket-dir` from the init-script. + + .. change:: + :tags: DNSSEC, Bug Fixes + :pullreq: 5868 + :tickets: 5861 + + Fix DNSSEC validation for denial of wildcards in negative answers and + denial of existence proofs in wildcard-expanded positive responses. + + .. change:: + :tags: DNSSEC, Bug Fixes + :pullreq: 5873 + + Fix DNSSEC validation when using ``-flto``. + + .. change:: + :tags: Bug Fixes, Internals + :pullreq: 5803 + + Fix crashes with uncaught exceptions in MThreads. + .. changelog:: :version: 4.1.0-rc1 :released: 9th of October 2017 diff --git a/pdns/recursordist/docs/metrics.rst b/pdns/recursordist/docs/metrics.rst index 85100ea8f..63d442dd2 100644 --- a/pdns/recursordist/docs/metrics.rst +++ b/pdns/recursordist/docs/metrics.rst @@ -440,60 +440,70 @@ user-msec ^^^^^^^^^ number of CPU milliseconds spent in 'user' mode +.. _stat-x-our-latency: + x-our-latency ^^^^^^^^^^^^^ .. versionadded:: 4.1 + Not yet proven to be reliable -New metric, which is not yet proven to be reliable. PowerDNS measures per query how much time has been spent waiting on -authoritative servers. In addition, the Recursor measures the total amount of time needed to answer a question. The -difference between these two durations is a measure of how much time was spent within PowerDNS. This metric is the average -of that difference, in microseconds. Since 4.1. +PowerDNS measures per query how much time has been spent waiting on authoritative servers. +In addition, the Recursor measures the total amount of time needed to answer a question. +The difference between these two durations is a measure of how much time was spent within PowerDNS. +This metric is the average of that difference, in microseconds. x-ourtime0-1 ^^^^^^^^^^^^ .. versionadded:: 4.1 + Not yet proven to be reliable -New metric, which is not yet proven to be reliable. See x-our-latency for further details. Counts responses -where between 0 and 1 milliseconds was spent within the Recursor. Since 4.1. +Counts responses where between 0 and 1 milliseconds was spent within the Recursor. +See :ref:`stat-x-our-latency` for further details. x-ourtime1-2 ^^^^^^^^^^^^ .. versionadded:: 4.1 + Not yet proven to be reliable -New metric, which is not yet proven to be reliable. See x-our-latency for further details. Counts responses -where between 1 and 2 milliseconds was spent within the Recursor. Since 4.1. +Counts responses where between 1 and 2 milliseconds was spent within the Recursor. +See :ref:`stat-x-our-latency` for further details. x-ourtime2-4 ^^^^^^^^^^^^ .. versionadded:: 4.1 + Not yet proven to be reliable -New metric, which is not yet proven to be reliable. See x-our-latency for further details. Counts responses -where between 2 and 4 milliseconds was spent within the Recursor. Since 4.1. +Counts responses where between 2 and 4 milliseconds was spent within the Recursor. Since 4.1. +See :ref:`stat-x-our-latency` for further details. x-ourtime4-8 ^^^^^^^^^^^^ .. versionadded:: 4.1 + Not yet proven to be reliable -New metric, which is not yet proven to be reliable. See x-our-latency for further details. Counts responses -where between 4 and 8 milliseconds was spent within the Recursor. Since 4.1. +Counts responses where between 4 and 8 milliseconds was spent within the Recursor. +See :ref:`stat-x-our-latency` for further details. x-ourtime8-16 ^^^^^^^^^^^^^ .. versionadded:: 4.1 + Not yet proven to be reliable -New metric, which is not yet proven to be reliable. See x-our-latency for further details. Counts responses -where between 8 and 16 milliseconds was spent within the Recursor. Since 4.1. +Counts responses where between 8 and 16 milliseconds was spent within the Recursor. +See :ref:`stat-x-our-latency` for further details. x-ourtime16-32 ^^^^^^^^^^^^^^ .. versionadded:: 4.1 + Not yet proven to be reliable -New metric, which is not yet proven to be reliable. See x-our-latency for further details. Counts responses -where between 16 and 32 milliseconds was spent within the Recursor. Since 4.1. +Counts responses where between 16 and 32 milliseconds was spent within the Recursor. +See :ref:`stat-x-our-latency` for further details. x-ourtime-slow ^^^^^^^^^^^^^^ .. versionadded:: 4.1 + Not yet proven to be reliable -New metric, which is not yet proven to be reliable. See x-our-latency for further details. Counts responses -where more than 32 milliseconds was spent within the Recursor. Since 4.1. +Counts responses where more than 32 milliseconds was spent within the Recursor. +See :ref:`stat-x-our-latency` for further details.