From 439e8b6693cbd542ca43c891d9317c68ad9f1927 Mon Sep 17 00:00:00 2001 From: Peter van Dijk Date: Mon, 27 May 2013 15:10:10 +0200 Subject: [PATCH] categorise 3.3 changes --- pdns/docs/pdns.xml | 134 ++++++++++++++++++++++++--------------------- 1 file changed, 73 insertions(+), 61 deletions(-) diff --git a/pdns/docs/pdns.xml b/pdns/docs/pdns.xml index d8504f8b8..340b1f65b 100644 --- a/pdns/docs/pdns.xml +++ b/pdns/docs/pdns.xml @@ -114,36 +114,36 @@ either through bugfixes or by catering to their needs beyond the specifications. - Changes since 3.2: + New features and important changes since 3.2: - gd725755: make pdns-static Conflict with pdns-server, closes t640 + g04576ee, gb0e15c8: Implement pdnssec increase-serial, thanks Ruben. - g49977c6: fix bug in boost.m4 where it insists on setting -L, causing useless RPATH in our binaries. Closes t728 + gcee857b: PowerDNS now sets additional groups while dropping privileges. - g62ac758: use PolarSSL for MD5 hashing instead of shipping our own copy of md5 hashing code. + g7796a3b: Merge support for include-dir directive, thanks Aki Tuomi! - gc0d5504: pdnssec now emits 'INSERT INTO domain ..' queries when running without named.conf + gd725755: make pdns-static Conflict with pdns-server, closes t640 - ga1d6b0c: send extra NSEC3 because old BIND9 needs it, closes t814. + gc0d5504: pdnssec now emits 'INSERT INTO domain ..' queries when running without named.conf - g775acd9: give a better error on trying to add nsec3 parameters to a weird zone like "1 0 1 ab" (which indicates that you forgot to specify a zone name on the command line). Fixes t800. + ga1d6b0c: Older versions of the BIND 9 validating recursor need a superfluous NSEC3 record on positive wildcard responses. We now send this extra NSEC3. Closes t814. @@ -153,18 +153,19 @@ - g4af49b8, g4cec6ac: add ability to create an 'active' or inactive key using add-zone-key and import-zone-key, plus silenced some debugging. Fixes t707. + g032e390: make pdnssec exit with 1 on some error conditions, closes t677 + - gfae4167: Compiling against Lua 5.2 (--with-lua=lua5.2) now disables some code used for regression - testing. This means that Lua 5.2 can be used in production. + g4af49b8, g4cec6ac: add ability to create an 'active' or inactive key using add-zone-key and import-zone-key, plus silenced some debugging. Fixes t707. - g315dd2e: Simplify socket listening code, and make sure we always set the nonblocking flag correctly. Patch by Mark Zealey, closes t664. + gfae4167: Compiling against Lua 5.2 (--with-lua=lua5.2) now disables some code used for regression + testing, instead of breaking during compile. This means that Lua 5.2 can be used in production. @@ -182,189 +183,210 @@ - g830281f, Gaef7330: Accept chars >127 ('high ASCII') in TXT records, closing t541 and T723. + gdf55450: Non-DNSSEC ANY queries no longer get sent DNSSEC records. This improves + interoperability with some old resolvers. Patch by Kees Monshouwer. - gb35da1b: if_ether.h is in netinet/ not net/ on OpenBSD, thanks Florian Obser. + g04b4bf6: Merge support for not using opt-out with NSEC3. Many thanks to Kees Monshouwer. - g63347c6: Don't store edited soa serial for INCREMENT soa-edit kinds + g8db49a6: We now try not to NOTIFY ourselves. In convoluted cases involving REUSE_PORT and binding to + 0.0.0.0 and ::, it might be possible that we guess wrong, in which case you can set + prevent-self-notification to off. + + + + Important bug fixes: + - g71301b6: Replicate gsql backend feature of having separate -auth queries for DNSSEC into oraclebackend. Also lets you disable dnssec if you are not ready for it. Closes t527. + g63e365d: don't mess up encoding when copying qname from question to answer in packetcache. Based on + reports&debugging by Jimmy Bergman (sigint), Daniel Norman (Loopia) and the fine people at ISC. + This avoids most issues related to BIND 9 erroneously blacklisting PowerDNS for lack of EDNS support. - g032e390: make pdnssec exit with 1 on some error conditions, closes t677 + g3526186: fix backslash handling in TXT parser, includes test. Thanks jpmens - g2125dac: drop unused ignore-rd-bit flag + g830281f, Gaef7330: Accept chars >127 ('high ASCII') in TXT records, closing t541 and T723. - g8c1a6d6: NSECx optimizations, thanks Kees Monshouwer. + gfeef1ec: fix missing NSEC3 for secure delegation, thanks Kees Monshouwer, closes t682 - g664716a: drop unused variables in lua backend (t653) + gb61e407: around Thursday midnight, during signature rollovers, we would update the SOA serial too early. Fixed by reverting gd90efbf, adding 7 days margin to inception. Fix by Kees Monshouwer. - gd8ec70f: fix db2 backend includes (t653) + gff64750: make sure mixed-case queries get a correct apex NSEC3 type bitmap - g6477102: add goracle schema + g4b153d8: always lowercase next name in NSEC to avoid interop troubles with validators, thanks Marco Davids&Matthijs Mekking. + + + + Other changes: + - g9118638: make goraclebackend "at least work", closes t729 + g49977c6: fix bug in boost.m4 where it insists on setting -L, causing useless RPATH in our binaries. Closes t728 - ge0ad7bb: add DS digest type 4 to show-zone output; add algorithm names. Based on a patch by Aki Tuomi, - closes t744 + g62ac758: use PolarSSL for MD5 hashing instead of shipping our own copy of md5 hashing code. - g61a7fac: enable AM_SILENT_RULES, closing t647 + g775acd9: give a better error on trying to add nsec3 parameters to a weird zone like "1 0 1 ab" (which indicates that you forgot to specify a zone name on the command line). Fixes t800. - g7796a3b: Merge support for include-dir directive, thanks Aki Tuomi! + g315dd2e: Simplify socket listening code, and make sure we always set the nonblocking flag correctly. Patch by Mark Zealey, closes t664. - g04576ee, gb0e15c8: Implement pdnssec increase-serial, thanks Ruben. + gb35da1b: if_ether.h is in netinet/ not net/ on OpenBSD, thanks Florian Obser. - gcee857b: add supplementary groups support + g71301b6: Replicate gsql backend feature of having separate -auth queries for DNSSEC into oraclebackend. Also lets you disable dnssec if you are not ready for it. Closes t527. - gcc6bf4c: Merge branch 'nodnssecany' of github.com:mind04/pdns into mind04-nodnssecany + g2125dac: drop unused ignore-rd-bit flag - g837f4b4: do a better job at escaping TXT, fixes t795 + g8c1a6d6: NSECx optimizations, thanks Kees Monshouwer. - g6ca3fa7: add SOA-EDIT INCEPTION-INCREMENT mode, thanks stbuehler + g664716a: drop unused variables in lua backend (t653) - g6159c49: Add connection info to sql-connect message + gd8ec70f: fix db2 backend includes (t653) - g9f62e34, g0fc965f, g2035112: Added EUI48 and EUI64 record types + g6477102: add goracle schema - gf9cf6d9: cut the number of database queries in half for AXFR-in + g9118638: make goraclebackend "at least work", closes t729 - g04b4bf6: Merge support for not using opt-out with NSEC3. Many thanks to Kees Monshouwer. + ge0ad7bb: add DS digest type 4 to show-zone output; add algorithm names. Based on a patch by Aki Tuomi, + closes t744 - gfeef1ec: fix missing NSEC3 for secure delegation, thanks Kees Monshouwer, closes t682 + g61a7fac: enable AM_SILENT_RULES, closing t647 - g8db49a6: after a decade+.. finally try to stop notifying ourselves. In convoluted cases involving REUSE_PORT and binding to 0.0.0.0 and ::, it might be possible that we guess wrong, in which case we now provide & document the setting prevent-self-notification which you could then set to off. + gcc6bf4c: Merge branch 'nodnssecany' of github.com:mind04/pdns into mind04-nodnssecany - gc87f987: add default for SOA contact e-mail + g837f4b4: do a better job at escaping TXT, fixes t795 - gbb4a573: move random backend to modules + g6ca3fa7: add SOA-EDIT INCEPTION-INCREMENT mode, thanks stbuehler - g1071abd: restyle builtin webserver page + g6159c49: Add connection info to sql-connect message - gb61e407: revert gd90efbf and add 7 days margin to inception + g9f62e34, g0fc965f, g2035112: Added EUI48 and EUI64 record types - gcd5e158: correct bogus use of poll(2) related constants, improving non-Linux portability. Thanks Wouter de Jong + gf9cf6d9: cut the number of database queries in half for AXFR-in - g27ff60a: make sure our NSEC(3)s for names with spaces in them are correct. Reported by Jimmy Bergman. Includes test. + gc87f987: add default for SOA contact e-mail - g116e28a: reduce log level of successful gpgsql/gsqlite3 connection to Info + gbb4a573: move random backend to modules - gdf55450: Don't add dnssec info, to any query results, for non validating resolvers. + g1071abd: restyle builtin webserver page - gb23b90a: Metadata update is now in the same transaction as the AXFR. This improves slaving speed - tremendously, especially for SQLite users. + gcd5e158: correct bogus use of poll(2) related constants, improving non-Linux portability. Thanks Wouter de Jong - g4620e8a: Added zone2json + g27ff60a: make sure our NSEC(3)s for names with spaces in them are correct. Reported by Jimmy Bergman. Includes test. - gff64750: make sure mixed-case queries get a correct apex NSEC3 type bitmap + g116e28a: reduce log level of successful gpgsql/gsqlite3 connection to Info + + + + + + gb23b90a: Metadata update is now in the same transaction as the AXFR. This improves slaving speed + tremendously, especially for SQLite users. - g4b153d8: always lowercase next name in NSEC to avoid interop troubles with validators, thanks Marco Davids&Matthijs Mekking + g4620e8a: Added zone2json @@ -392,11 +414,6 @@ g6c4e531: disarm dead code that causes gcc crashes on ARM, thanks Morten Stevens - - - g63e365d: don't mess up encoding when copying qname from question to answer in packetcache. Based on reports&debugging by Jimmy Bergman (sigint), Daniel Norman (Loopia) and the fine people at ISC - - g36855b5: if we failed to make a new UDP socket, we'd report a confusing error about it @@ -439,7 +456,7 @@ - g36758d2: merge t476 by Aki Tuomi, providing default-ksk/zsk-algorithms/size configuration parameters for pdnssec. Also cleans up some duplicate code + g36758d2: merge t476 by Aki Tuomi, providing default-ksk/zsk-algorithms/size configuration parameters for pdnssec. @@ -452,11 +469,6 @@ g9566683: merge patch from ticket 712 addressing memory leak in remotebackend (thanks Aki for the fix!) - - - g3526186: fix backslash handling in TXT parser, includes test. Thanks jpmens - - gfb6ed6f: explicitly set domain id during bindbackend superslave domain create, thanks Kees Monshouwer&Aki Tuomi -- 2.50.1