Merge pull request #13562 from omoerbeek/rec-prep-5.0.0-rc1

rec: prep 5.0.0 rc1
PowerDNS · Dec 6, 2023 · 4d3cd6b · 4d3cd6b
2 parents 0df0b23 + 58147e2
commit 4d3cd6b
Show file tree

Hide file tree

Showing 5 changed files with 100 additions and 13 deletions.
diff --git a/docs/secpoll.zone b/docs/secpoll.zone
@@ -1,4 +1,4 @@
-@       86400   IN  SOA pdns-public-ns1.powerdns.com. peter\.van\.dijk.powerdns.com. 2023111000 10800 3600 604800 10800
+@       86400   IN  SOA pdns-public-ns1.powerdns.com. peter\.van\.dijk.powerdns.com. 2023120600 10800 3600 604800 10800
 @       3600    IN  NS  pdns-public-ns1.powerdns.com.
 @       3600    IN  NS  pdns-public-ns2.powerdns.com.
 
@@ -362,7 +362,8 @@ recursor-4.9.1.security-status                          60 IN TXT "1 OK"
 recursor-4.9.2.security-status                          60 IN TXT "1 OK"
 recursor-5.0.0-alpha1.security-status                   60 IN TXT "2 Unsupported pre-release"
 recursor-5.0.0-alpha2.security-status                   60 IN TXT "2 Unsupported pre-release"
-recursor-5.0.0-beta1.security-status                    60 IN TXT "1 Unsupported pre-release"
+recursor-5.0.0-beta1.security-status                    60 IN TXT "2 Unsupported pre-release"
+recursor-5.0.0-rc1.security-status                      60 IN TXT "1 Unsupported pre-release"
 
 ; Recursor Debian
 recursor-3.6.2-2.debian.security-status                 60 IN TXT "3 Upgrade now, see https://doc.powerdns.com/3/security/powerdns-advisory-2015-01/ and https://doc.powerdns.com/3/security/powerdns-advisory-2016-02/"

diff --git a/pdns/recursordist/docs/appendices/EOL.rst b/pdns/recursordist/docs/appendices/EOL.rst
@@ -3,29 +3,29 @@
 End of life statements
 ======================
 
-We aim to have a release every six months.
-The latest release receives correctness, stability and security updates.
-The two releases before that get critical updates only.
+We aim to have a major release every six months.
+The latest major release train receives correctness, stability and security updates by the way of minor releases.
+We support older releases with critical updates for one year after the following major release.
 
 Older releases are marked end of life and receive no updates at all.
 Pre-releases do not receive immediate security updates.
 
 The currently supported release train of the PowerDNS Recursor is 4.9.
 
-PowerDNS Recursor 4.8 will only receive critical updates and will be
-end of life after PowerDNS Recursor 4.11 or 5.1 is released.
+PowerDNS Recursor 4.8 will only receive critical updates and will be End of Life one year after PowerDNS Recursor 4.9 was released.
 
-PowerDNS Recursor 4.7 will only receive critical updates and will be
-end of life after PowerDNS Recursor 4.10 or 5.0 is released.
+PowerDNS Recursor 4.7 will only receive critical updates and will be End of Life one year after PowerDNS Recursor 4.8 was released.
 
 PowerDNS Recursor 4.0 through 4.6, 3.x, and 2.x are End of Life.
 
 Note: Users with a commercial agreement with PowerDNS.COM BV or Open-Xchange
 can receive extended support for releases which are End Of Life. If you are
 such a user, these EOL statements do not apply to you.
-Please refer to the commercial support `commitment
+Please refer to the support `commitment
 <https://oxpedia.org/wiki/index.php?title=PowerDNS:Version_Support_Commitment>`_
 for details.
+Note that for the Open Source support channels we only support the latest minor release of a release train.
+That means that we ask you to reproduce potential issues on the latest minor release first.
 
 .. list-table:: PowerDNS Recursor Release Life Cycle
    :header-rows: 1
@@ -41,11 +41,11 @@ for details.
    * - 4.8
      - December 12 2022
      - June 30 2023
-     - ~ June 2024
+     - June 30 2024
    * - 4.7
      - May 30 2022
      - December 12 2022
-     - ~ December 2023
+     - December 12 2023
    * - 4.6
      - December 17 2021
      - May 30 2022

diff --git a/pdns/recursordist/docs/changelog/5.0.rst b/pdns/recursordist/docs/changelog/5.0.rst
@@ -1,6 +1,84 @@
 Changelogs for 5.0.X
 ====================
 
+Before upgrading, it is advised to read the :doc:`../upgrade`.
+
+.. changelog::
+  :version: 5.0.0-rc1
+  :released: 6th of December 2023
+
+  .. change::
+    :tags: Improvements
+    :pullreq: 13557
+
+    Remove experimental warnings for YAML.
+
+  .. change::
+    :tags: Improvements
+    :pullreq: 13507
+    :tickets: 13386
+
+    Disallow (by answering Refused) RD=0 by default.
+
+  .. change::
+    :tags: Bug Fixes
+    :pullreq: 13543
+    :tickets: 13542
+
+    A single NSEC3 record covering everything is a special case.
+
+  .. change::
+    :tags: Improvements
+    :pullreq: 13434
+
+    Make syncres code clang-tidy.
+
+  .. change::
+    :tags: Bug Fixes
+    :pullreq: 13511
+    :tickets: 13463
+
+    Document outgoing query counts better, including a small fix.
+
+  .. change::
+    :tags: Improvements
+    :pullreq: 13501
+    :tickets: 12842
+
+    Introduce a setting to allow RPZ duplicates, including a dup handling fix.
+
+  .. change::
+    :tags: Bug Fixes
+    :pullreq: 13497
+    :tickets: 13483
+
+    Take into account throttled queries when determining if we had a cache hit.
+
+  .. change::
+    :tags: Improvements
+    :pullreq: 13387
+
+    Update new b-root-server.net addresses in built-in hints.
+
+  .. change::
+    :tags: Bug Fixes
+    :pullreq: 13480
+    :tickets: 13467
+
+    Correctly apply outgoing.tcp_max_queries bound.
+
+  .. change::
+    :tags: Improvements
+    :pullreq: 13478
+
+    Change default of nsec3-max-iterations to 50.
+
+  .. change::
+    :tags: Improvements
+    :pullreq: 13477
+
+    Warn if truncation occurred dumping the trace.
+
 .. changelog::
   :version: 5.0.0-beta1
   :released: 10th of November 2023

diff --git a/pdns/recursordist/docs/changelog/index.rst b/pdns/recursordist/docs/changelog/index.rst
@@ -3,6 +3,8 @@ Changelogs
 
 The changelogs for the recursor are split between release trains.
 
+Before upgrading, it is advised to read the :doc:`../upgrade`.
+
 .. toctree::
     :maxdepth: 2
 

diff --git a/pdns/recursordist/docs/upgrade.rst b/pdns/recursordist/docs/upgrade.rst
@@ -17,7 +17,7 @@ Refer to :doc:`yamlsettings` for details and the :doc:`appendices/yamlconversion
 Rust
 ^^^^
 Some parts of the Recursor code are now written in Rust.
-This has impact if you do local builds or are third-package maintainer.
+This has impact if you do local builds or are a third-party package maintainer.
 According to `cargo msrv` the minimum version to compile the Rust code and its dependencies is 1.64.
 Some distributions ship with an older Rust compiler, see `Rustup <https://rustup.rs/>`__ for a way to install a more recent one.
 For our package builds, we install a Rust compiler from the ``Standalone`` section of `Other Rust Installation Methods <https://forge.rust-lang.org/infra/other-installation-methods.html>`__.
@@ -28,11 +28,17 @@ New settings
 - The :ref:`setting-tcp-threads` setting has been introduced to set the number of threads dedicated to processing incoming queries over TCP.
   Previously either the distributor thread(s) or the general worker threads would process TCP queries.
 - The :ref:`setting-qname-max-minimize-count` and :ref:`setting-qname-minimize-one-label` have been introduced to allow tuning of the parameters specified in :rfc:`9156`.
+- The :ref:`setting-allow-no-rd` has been introduced, default disabled, *disallowing* queries that do not have the ``Recursion Desired (RD)`` flag set.
+  This is a change in behavior compared to previous releases.
+- The setting ``ignoreDuplicates`` was added to the RPZ loading Lua functions :func:`rpzPrimary` and :func:`rpzFile`.
+  If set, duplicate records in RPZs will be allowed but ignored.
+  The default is to fail loading an RPZ with duplicate records.
 
 Changed settings
 ^^^^^^^^^^^^^^^^
 - The :ref:`setting-loglevel` can now be set to a level below 3 (error).
 - The :ref:`setting-extended-resolution-errors` now defaults to enabled.
+- The :ref:`setting-nsec3-max-iterations` now defaults to 50.
 
 4.8.0 to 4.9.0
 --------------