From fe6b104c8599464dd0863e6a2bd367caeae6a86f Mon Sep 17 00:00:00 2001 From: aerique Date: Fri, 3 Nov 2017 10:34:35 +0100 Subject: [PATCH] Merge pull request #5897 from aerique:feature/update-auth-4.1.0-rc2-changelog Update ChangeLog and secpoll for auth-4.1.0-rc2. --- docs/changelog/4.1.rst | 158 ++++++++++++++++++++++++++++++++++++++++- docs/secpoll.zone | 3 +- 2 files changed, 157 insertions(+), 4 deletions(-) diff --git a/docs/changelog/4.1.rst b/docs/changelog/4.1.rst index 9dd961cfc..67676d5b5 100644 --- a/docs/changelog/4.1.rst +++ b/docs/changelog/4.1.rst @@ -3,6 +3,107 @@ Changelogs for 4.1.x .. changelog:: :version: 4.1.0-rc2 + :released: 3rd of November 2017 + + This is the second release candidate of the PowerDNS Authoritative Server in the 4.1 release train. + + This release has several performance improvements, stability and + correctness fixes. + + .. change:: + :tags: Packages, New Features + :pullreq: 5665 + + Add :doc:`PKCS#11 <../../dnssec/pkcs11>` support to packages on Operating Systems that support it. + + .. change:: + :tags: Bug Fixes, Internals, Tools + :pullreq: 5684 + :tickets: 5673 + + Improve trailing dot handling internally which lead to a segfault in + pdnsutil before. + + .. change:: + :tags: Bug Fixes, Internals + :pullreq: 5678 + + Treat requestor's payload size lower than 512 as equal to 512. + Before, we did not follow :rfc:`RFC 6891 section 6.2.3 <6891#section-6.2.3>` correctly. + + .. change:: + :tags: Improvements, LDAP + :pullreq: 5584 + + Add support for new record types to the LDAP backend. + + .. change:: + :tags: API, Bug Fixes + :pullreq: 5696 + + For zone PATCH requests, add new ``X-PDNS-Old-Serial`` and + ``X-PDNS-New-Serial`` response headers with the zone serials before + and after the changes. + + .. change:: + :tags: Bug Fixes + :pullreq: 5710 + :tickets: 5692 + + Remove "" around secpoll result which fixes ``pdns_control show + security-status`` not working. + + .. change:: + :tags: Bug Fixes, BIND + :pullreq: 5702 + + Make bindbackend startTransaction to return false when it has + failed. (Aki Tuomi) + + .. change:: + :tags: Bug Fixes, DNSSEC, API + :pullreq: 5704 + + Make default options singular and use defaults in Cryptokey API-endpoint + + .. change:: + :tags: Bug Fixes, Tools + :pullreq: 5729 + :tickets: 5719 + + Remove printing of DS records from ``pdnsutil export-zone-dnskey …``. This was not only inconsistent behaviour but also done incorrectly. + + .. change:: + :tags: Bug Fixes, DNSSEC + :pullreq: 5722 + :tickets: 5721 + + Make the auth also publish CDS/CDNSKEY records for inactive keys, as + this is needed to roll without double sigs. + + .. change:: + :tags: Bug Fixes, DNSSEC + :pullreq: 5734 + + Fix a crash when getting a public GOST key if the private one is not set. + + .. change:: + :tags: Bug Fixes, Internals + :pullreq: 5766 + :tickets: 5767 + + Correctly purge entries from the caches after a transfer. Since the + QC/PC split up, we only removed entries for the AXFR'd domain from + the packet cache, not the query cache. + We also did not remove entries in case of IXFR. + + .. change:: + :tags: Bug Fixes, Internals + :pullreq: 5791 + + When throwing because of bogus content in the tinydns database, + report the offending name+type so the admin can find the offending + record. .. change:: :tags: DNSSEC, Bug Fixes @@ -11,10 +112,61 @@ Changelogs for 4.1.x Ignore SOA-EDIT for PRESIGNED zones. .. change:: - :tags: Packages, New Features - :pullreq: 5665 + :tags: Bug Fixes, MySQL + :pullreq: 5820 + :tickets: 5675 - Add :doc:`PKCS#11 <../../dnssec/pkcs11>` support to packages on Operating Systems that support it. + Log the needed size when a MySQL result was truncated. + + .. change:: + :tags: API, DNSSEC, New Features + :pullreq: 5779 + :tickets: 3417, 5712 + + Rectify zones via the API. (Nils Wisiol) + + * Move the pdnsutil rectification code to the DNSSECKeeper + * Generate DNSSEC keys for a zone when "dnssec" is true in an API POST/PATCH for zones + * Rectify DNSSEC zones after POST/PATCH when API-RECTIFY metadata is 1 + * Allow setting this metadata via the "api-rectify" param in a Zone object + * Show "nsec3param" and "nsec3narrow" in Zone API responses + * Add an "rrsets" request parameter for a zone to skip sending RRSets in the response + * Add rectify endpoint in the API + + .. change:: + :tags: Improvements + :pullreq: 5842 + + Add :ref:`log-timestamp` option. This option can be used to disable + printing timestamps to stdout, this is useful when using + systemd-journald or another supervisor that timestamps stdout by + itself. As the logs will not have 2 timestamps. + + .. change:: + :tags: Internals, Improvements + :pullreq: 5498 + :tickets: 2250, 5734, 5797, 5889 + + Add support for Botan 2.x and drop support for Botan 1.10 (the + latter thanks to Kees Monshouwer). + + .. change:: + :tags: DNSSEC, Improvements + :pullreq: 5838 + :tickets: 5767 + + Stop doing individual RRSIG queries during outbound AXFR. (Kees Monshouwer) + + .. change:: + :tags: BIND, Improvements + :pullreq: 5810 + :tickets: 5115, 5807 + + Fix issues when b2b-migrating from the BIND backend to a database: + + * No masters were set in the target db (#5807) + * Only the last master in the list of masters would be added to the target database + * The BIND backend was not fully aware of native zones .. changelog:: :version: 4.1.0-rc1 diff --git a/docs/secpoll.zone b/docs/secpoll.zone index 23c030ffc..abfa4c38a 100644 --- a/docs/secpoll.zone +++ b/docs/secpoll.zone @@ -1,4 +1,4 @@ -@ 86400 IN SOA pdns-public-ns1.powerdns.com. pieter\.lexis.powerdns.com. 2017103001 10800 3600 604800 10800 +@ 86400 IN SOA pdns-public-ns1.powerdns.com. pieter\.lexis.powerdns.com. 2017110302 10800 3600 604800 10800 @ 3600 IN NS pdns-public-ns1.powerdns.com. @ 3600 IN NS pdns-public-ns2.powerdns.com. ; Auth @@ -31,6 +31,7 @@ auth-4.0.3.security-status 60 IN TXT "1 OK" auth-4.0.4-rc1.security-status 60 IN TXT "1 OK" auth-4.0.4.security-status 60 IN TXT "1 OK" auth-4.1.0-rc1.security-status 60 IN TXT "1 OK" +auth-4.1.0-rc2.security-status 60 IN TXT "1 OK" ; Auth Debian auth-3.4.1-2.debian.security-status 60 IN TXT "3 Upgrade now, see https://doc.powerdns.com/3/security/powerdns-advisory-2015-01/ and https://doc.powerdns.com/3/security/powerdns-advisory-2015-02/ and https://doc.powerdns.com/3/security/powerdns-advisory-2016-02/ and https://doc.powerdns.com/3/security/powerdns-advisory-2016-03/ and https://doc.powerdns.com/3/security/powerdns-advisory-2016-04/ and https://doc.powerdns.com/3/security/powerdns-advisory-2016-05/" -- 2.40.0