From: Remi Gacogne Date: Fri, 12 Apr 2019 09:00:42 +0000 (+0200) Subject: Merge pull request #7701 from rgacogne/dnsdist-14 X-Git-Tag: dnsdist-1.4.0-alpha2~24 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=6da31e3ac5380bffc367907551d70a247078289d;p=pdns Merge pull request #7701 from rgacogne/dnsdist-14 dnsdist: Prepare secpoll, changelog and upgrade guide for 1.4.0a1. --- diff --git a/docs/secpoll.zone b/docs/secpoll.zone index 83c2a0ef8..21c25746b 100644 --- a/docs/secpoll.zone +++ b/docs/secpoll.zone @@ -1,4 +1,4 @@ -@ 86400 IN SOA pdns-public-ns1.powerdns.com. pieter\.lexis.powerdns.com. 2019040201 10800 3600 604800 10800 +@ 86400 IN SOA pdns-public-ns1.powerdns.com. pieter\.lexis.powerdns.com. 2019041201 10800 3600 604800 10800 @ 3600 IN NS pdns-public-ns1.powerdns.com. @ 3600 IN NS pdns-public-ns2.powerdns.com. ; Auth @@ -300,3 +300,4 @@ recursor-4.0.0_beta1-1pdns.jessie.raspbian.security-status 60 IN TXT "3 Upgrade ; dnsdist dnsdist-1.3.3.security-status 60 IN TXT "1 OK" +dnsdist-1.4.0-alpha1.security-status 60 IN TXT "1 OK" diff --git a/pdns/dnsdistdist/docs/changelog.rst b/pdns/dnsdistdist/docs/changelog.rst index 48ec0fa63..3fea22211 100644 --- a/pdns/dnsdistdist/docs/changelog.rst +++ b/pdns/dnsdistdist/docs/changelog.rst @@ -1,6 +1,270 @@ Changelog ========= +.. changelog:: + :version: 1.4.0-alpha1 + :released: 12th of April 2019 + + .. change:: + :tags: Improvements + :pullreq: 7167 + + Fix compiler warning about returning garbage (Adam Majer) + + .. change:: + :tags: Improvements + :pullreq: 7168 + + Fix warnings, mostly unused parameters, reported by -wextra + + .. change:: + :tags: New Features + :pullreq: 6959 + :tickets: 6941, 2362 + + Add namespace and instance variable to carbon key (Gibheer) + + .. change:: + :tags: Improvements + :pullreq: 7191 + + Add optional uuid column to showServers() + + .. change:: + :tags: New Features + :pullreq: 7087 + + Allow NoRecurse for use in dynamic blocks or Lua rules (phonedph1) + + .. change:: + :tags: New Features + :pullreq: 7197 + :tickets: 7194 + + Expose secpoll status + + .. change:: + :tags: Improvements + :pullreq: 7026 + + Configure --enable-pdns-option --with-third-party-module (Josh Soref) + + .. change:: + :tags: Bug Fixes + :pullreq: 7256 + + Protect GnuTLS tickets key rotation with a read-write lock + + .. change:: + :tags: Bug Fixes + :pullreq: 7267 + + Check that ``SO_ATTACH_BPF`` is defined before enabling eBPF + + .. change:: + :tags: Improvements + :pullreq: 7138 + + Drop remaining capabilities after startup + + .. change:: + :tags: New Features + :pullreq: 7323 + :tickets: 7236 + + Add an optional 'checkTimeout' parameter to 'newServer()' + + .. change:: + :tags: New Features + :pullreq: 7322 + :tickets: 7237 + + Add a 'rise' parameter to 'newServer()' + + .. change:: + :tags: New Features + :pullreq: 7310 + :tickets: 7239 + + Add a 'keepStaleData' option to the packet cache + + .. change:: + :tags: New Features + :pullreq: 6967 + :tickets: 6846, 6897 + + Expose trailing data (Richard Gibson) + + .. change:: + :tags: Improvements + :pullreq: 6634 + + More sandboxing using systemd's features + + .. change:: + :tags: Bug Fixes + :pullreq: 7426 + + Fix off-by-one in mvRule counting + + .. change:: + :tags: Improvements + :pullreq: 7428 + + Reduce systemcall usage in Protobuf logging + + .. change:: + :tags: Improvements + :pullreq: 7433 + + Resync YaHTTP code to cmouse/yahttp@11be77a1fc4032 (Chris Hofstaedtler) + + .. change:: + :tags: New Features + :pullreq: 7142 + + Add option to set interval between health checks (1848) + + .. change:: + :tags: New Features + :pullreq: 7406 + + Add EDNS unknown version handling (Dmitry Alenichev) + + .. change:: + :tags: Improvements + :pullreq: 7431 + + Pass empty response (Dmitry Alenichev) + + .. change:: + :tags: Improvements + :pullreq: 7502 + + Change the way getRealMemusage() works on linux (using statm) + + .. change:: + :tags: Bug Fixes + :pullreq: 7520 + + Don't convert nsec to usec if we need nsec + + .. change:: + :tags: New Features + :pullreq: 7537 + + DNSNameSet and QNameSetRule (Andrey) + + .. change:: + :tags: Bug Fixes + :pullreq: 7594 + + Fix setRules() + + .. change:: + :tags: Bug Fixes + :pullreq: 7560 + + Handle EAGAIN in the GnuTLS DNS over TLS provider + + .. change:: + :tags: Bug Fixes + :pullreq: 7586 + :tickets: 7461 + + Gracefully handle a null latency in the webserver's js + + .. change:: + :tags: Improvements + :pullreq: 7585 + :tickets: 7534 + + Prevent 0-ttl cache hits + + .. change:: + :tags: Improvements + :pullreq: 7343 + :tickets: 7139 + + Add addDynBlockSMT() support to dynBlockRulesGroup + + .. change:: + :tags: Improvements + :pullreq: 7578 + + Add frontend response statistics (Matti Hiljanen) + + .. change:: + :tags: Bug Fixes + :pullreq: 7652 + + EDNSOptionView improvements + + .. change:: + :tags: New Features + :pullreq: 7481 + :tickets: 6242 + + Add support for encrypting ip addresses #gdpr + + .. change:: + :tags: Improvements + :pullreq: 7670 + + Remove addLuaAction and addLuaResponseAction + + .. change:: + :tags: Improvements + :pullreq: 7559 + :tickets: 7526, 4814 + + Refactoring of the TCP stack + + .. change:: + :tags: Bug Fixes + :pullreq: 7674 + :tickets: 7481 + + Honor libcrypto include path + + .. change:: + :tags: New Features + :pullreq: 7677 + :tickets: 5653 + + Add 'setSyslogFacility()' + + .. change:: + :tags: Improvements + :pullreq: 7692 + :tickets: 7556 + + Prevent a conflict with BADSIG being clobbered + + .. change:: + :tags: Improvements + :pullreq: 7689 + + Switch to the new 'newPacketCache()' syntax for 1.4.0 + + .. change:: + :tags: New Features + :pullreq: 7676 + + Add 'reloadAllCertificates()' + + .. change:: + :tags: Improvements + :pullreq: 7678 + + Move constants to proper namespace + + .. change:: + :tags: Improvements + :pullreq: 7694 + + Unify the management of DNS/DNSCrypt/DoT frontends + .. changelog:: :version: 1.3.3 :released: 8th of November 2018 diff --git a/pdns/dnsdistdist/docs/upgrade_guide.rst b/pdns/dnsdistdist/docs/upgrade_guide.rst index 756c08249..4de4298cf 100644 --- a/pdns/dnsdistdist/docs/upgrade_guide.rst +++ b/pdns/dnsdistdist/docs/upgrade_guide.rst @@ -6,6 +6,20 @@ Upgrade Guide :func:`addLuaAction` and :func:`addLuaResponseAction` have been removed. Instead, use :func:`addAction` with a :func:`LuaAction`, or :func:`addResponseAction` with a :func:`LuaResponseAction`. +:func:`newPacketCache` now takes an optional table as its second argument, instead of several optional parameters. + +Lua's constants for DNS response codes and QTypes have been moved from the 'dnsdist' prefix to, respectively, the 'DNSQType' and 'DNSRCode' prefix. + +To improve security, all ambient capabilities are now dropped after the startup phase, which might prevent launching the webserver on a privileged port at run-time, or impact some custom Lua code. In addition, systemd's sandboxing features are now determined at compile-time, resulting in more restrictions on recent distributions. See pull requests 7138 and 6634 for more information. + +If you are compiling dnsdist, note that several ./configure options have been renamed to provide a more consistent experience. Features that depend on an external component have been prefixed with '--with-' while internal features use '--enable-'. This lead to the following changes: + +- ``--enable-fstrm`` to ``--enable-dnstap`` +- ``--enable-gnutls`` to ``--with-gnutls`` +- ``--enable-libsodium`` to ``--with-libsodium`` +- ``--enable-libssl`` to ``--with-libssl`` +- ``--enable-re2`` to ``--with-re2`` + 1.3.2 to 1.3.3 --------------