From: aerique <aerique@xs4all.nl>
Date: Mon, 4 Dec 2017 13:47:41 +0000 (+0100)
Subject: Merge pull request #6017 from aerique:feature/update-rec-4.1.0-changelog.
X-Git-Tag: dnsdist-1.3.0~218
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=b6a30c02d91e2efff4624bf8cbc7bf754d1c10bd;p=pdns

Merge pull request #6017 from aerique:feature/update-rec-4.1.0-changelog.

Update changelog and secpoll for 4.1.0.
---

diff --git a/docs/secpoll.zone b/docs/secpoll.zone
index 8b64fcbad..bfc48b344 100644
--- a/docs/secpoll.zone
+++ b/docs/secpoll.zone
@@ -1,4 +1,4 @@
-@       86400   IN  SOA pdns-public-ns1.powerdns.com. pieter\.lexis.powerdns.com. 2017113001 10800 3600 604800 10800
+@       86400   IN  SOA pdns-public-ns1.powerdns.com. pieter\.lexis.powerdns.com. 2017120401 10800 3600 604800 10800
 @       3600    IN  NS  pdns-public-ns1.powerdns.com.
 @       3600    IN  NS  pdns-public-ns2.powerdns.com.
 ; Auth
@@ -143,10 +143,11 @@ recursor-4.0.5-rc2.security-status                      60 IN TXT "3 Upgrade now
 recursor-4.0.5.security-status                          60 IN TXT "3 Upgrade now, see https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2017-03.html https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2017-05.html https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2017-06.html and https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2017-07.html"
 recursor-4.0.6.security-status                          60 IN TXT "3 Upgrade now, see https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2017-03.html https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2017-05.html https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2017-06.html and https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2017-07.html"
 recursor-4.0.7.security-status                          60 IN TXT "1 OK"
-recursor-4.1.0-alpha1.security-status                   60 IN TXT "1 OK"
-recursor-4.1.0-rc1.security-status                      60 IN TXT "1 OK"
-recursor-4.1.0-rc2.security-status                      60 IN TXT "1 OK"
-recursor-4.1.0-rc3.security-status                      60 IN TXT "1 OK"
+recursor-4.1.0-alpha1.security-status                   60 IN TXT "3 Unsupported pre-release (final release is out)"
+recursor-4.1.0-rc1.security-status                      60 IN TXT "3 Unsupported pre-release (final release is out)"
+recursor-4.1.0-rc2.security-status                      60 IN TXT "3 Unsupported pre-release (final release is out)"
+recursor-4.1.0-rc3.security-status                      60 IN TXT "3 Unsupported pre-release (final release is out)"
+recursor-4.1.0.security-status                          60 IN TXT "1 OK"
 
 ; Recursor Debian
 recursor-3.6.2-2.debian.security-status                 60 IN TXT "3 Upgrade now, see https://doc.powerdns.com/3/security/powerdns-advisory-2015-01/ and https://doc.powerdns.com/3/security/powerdns-advisory-2016-02/"
diff --git a/pdns/recursordist/docs/changelog/4.1.rst b/pdns/recursordist/docs/changelog/4.1.rst
index 1fc9143b7..396572b4f 100644
--- a/pdns/recursordist/docs/changelog/4.1.rst
+++ b/pdns/recursordist/docs/changelog/4.1.rst
@@ -1,6 +1,65 @@
 Changelogs for 4.1.x
 ====================
 
+.. changelog::
+  :version: 4.1.0
+  :released: 4th of December 2017
+
+  This is the first release in the 4.1 train.
+
+  The full release notes can be read `on the blog <https://blog.powerdns.com/2017/12/04/powerdns-recursor-4-1/>`_.
+
+  This is a major release containing significant speedups (both in throughput and latency), enhanced capabilities and a highly conformant and robust DNSSEC validation implementation that is ready for heavy production use. In addition, our EDNS Client Subnet implementation now scales effortlessly to networks needing very fine grained scopes (as used by some âcountry sizedâ service providers).
+
+  - Improved DNSSEC support,
+  - Improved documentation,
+  - Improved RPZ support,
+  - Improved EDNS Client Subnet support,
+  - Support for Botan 2.x (and removal of support for Botan 1.10),
+  - SNMP support,
+  - Lua engine has gained access to more parts of the recursor,
+  - CPU affinity can now be specified,
+  - TCP Fast Open support,
+  - New performance metrics.
+
+  Changes since 4.1.0-rc3:
+
+  .. change::
+    :tags: Internals, DNSSEC, Bug Fixes
+    :pullreq: 5972
+
+    Dump the validation status of negcache entries, fix DNSSEC type.
+
+  .. change::
+    :tags: Internals, Bug Fixes
+    :pullreq: 5980
+
+    Cache Secure validation state when inserting negcache entries.
+
+  .. change::
+    :tags: DNSSEC, Bug Fixes
+    :pullreq: 5978
+
+    Fix DNSSEC validation of DS denial from the negative cache.
+
+  .. change::
+    :tags: DNSSEC, Bug Fixes
+    :pullreq: 5997
+
+    Store additional records as non-auth, even on AA=1 answers.
+
+  .. change::
+    :tags: DNSSEC, Bug Fixes
+    :pullreq: 6008
+
+    Don't leak when the loading a public ECDSA key fails.
+
+  .. change::
+    :tags: DNSSEC, Bug Fixes
+    :pullreq: 6009
+
+    When validating DNSKeys, the zone should be part of the signer.
+
 .. changelog::
   :version: 4.1.0-rc3
   :released: 17th of November 2017