~samiam/MaraDNS

MaraDNS/CHANGELOG -rw-r--r-- 11.2 KiB View raw
a2036189 — Sam Trenholme coLunacyDNS: Getting closer to IPv6 socket support 12 hours ago
                                                                                
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
MaraDNS changelog

   maradns-3.5.0012:
   This is a stable release of MaraDNS (note that coLunacyDNS and
   mmLunacyDNS are unstable):

     * mmLunacyDNS security fix: We now use a secure hash compression
       function (HalfSipHash-1-3) for string hashing.
     * coLunacyDNS: hash compression function updated from 64-bit
       SipHash-2-4 to 32-bit HalfSipHash-1-3.  Compile time warnings
       removed from code.
     * lunacy: The code by default now uses HalfSipHash-1-3 for string
       hash compression.  Default compile optimization is now -O3
 
     (2020-08-12)

   maradns-3.5.0011:
   This is a stable release of MaraDNS:

     * min_ttl parameter added; this is the minimum time we keep a 
       record in the cache (in seconds)
     * Deadwood now compiles with IPv6 support by default.  For
       systems without IPv6 support, -DNOIP6 can be set when
       compiling Deadwood.
     * Automated tests now all run inside of Podman (Docker) container
       and all pass.  Tests are now completely automated, and can run
       from cron (and can be adapted to run inside Jenkins). 

     (2020-08-10)

   maradns-3.5.0010:
   This is a stable release of MaraDNS:

     * Hotfix: coLunacyDNS no longer fails after 20 calls to 
       processQuery() (we now properly clean the main stack before 
       calling processQuery() in a co-routine).
     * Security update: MaraDNS, Deadwood, and Duende now default to
       the user ID 707 instead of 99/66.  This minimizes the chances
       of the user used by MaraDNS being used by other processes, 
       which could be a security leak under some circumstances.  The
       problem with running multiple services as "nobody" is that
       the "nobody" account is only as secure as the least secure
       service running as that account.
     * coLunacyDNS feature update: coLunacyDNS can now open and
       read files (for security reasons, only in the same directory
       coLunacyDNS is running in).  In addition, the code to implement 
       IPv6 sockets is well under way.

     (2020-08-06)

   maradns-3.5.0009:
   This is a stable release of MaraDNS:

     * Add new program: coLunacyDNS.  This is a DNS server which runs a
       Lua function every time it gets a DNS query.  It uses Lua
       threads ("co-routines") to have a function which can get a
       DNS packet from an upstream server and return the result for
       processing by the Lua script (doing all this required setting up
       an entire select()-based state machine).  coLunacyDNS also supports
       sending proper "not there" replies and both sending and 
       receiving IPv6 DNS records (but presently only over IPv4).
     * Deadwood ip6 records can now have dashes and spaces in them
       to make reading a 128-bit IP easier.
     * SQA tests have been updated to run in CentOS 8.

     (2020-08-03)

   maradns-3.5.0008:
   This is a stable release of MaraDNS:

     * Add new program: mmLunacyDNS.  This is an updated version of the
       microdns program, a program which always returns the same IP for 
       any DNS query given to it, with Lua scripting support (so we
       can customize what gets logged, return different IPs for 
       different queries, and ignore non-IPv4 IP address queries).
       The program can also run as a Windows service.  The script can
       only return IPv4 IP addresses or ignore queries, but it’s quite
       flexible given those limitations.
     * Since mmLunacyDNS has Lua support, we now include the full source
       of my fork of Lua 5.1, “Lunacy”.  The reason why I am using an
       older version of Lua is because this is the version of Lua 
       supported by LuaJIT, and I like having the option of increasing
       performance with LuaJIT without breaking existing Lua-based
       configuration files.
     * Deadwood logging update: Only note if one can not open cache when
       verbose_level is 10 or more (since this is mostly harmless).
       This is a non-fatal error which can be safely ignored. The cache 
       file just keeps copies of previously resolved DNS names around 
       between invocations of Deadwood; if the cache file can’t be read, 
       then DNS resolution might be a bit slower for some names after 
       starting up Deadwood, but everything will be OK.
     * I have added the ability to have multiline comments in Deadwood
       configuration files by using _rem={ at the beginning of a line;
       this indicates that a comment should continue until a } character
       is seen.  The reason for the unusual syntax is so that we can have
       multi-line comments in script files which are compatible with
       Deadwood, Lua, and Python.

     (2020-07-24)

   maradns-3.5.0007:
   This is a stable release of MaraDNS:

     * Update name of “ip_blacklist” to be “ip_blocklist”.  The
       old name "ip_blacklist" still works (and I have no plans to 
       remove it), but “ip_blocklist” is more up to date.
     * Note in some older documents that while “primary” and “replica”
       are more up to date ways of saying “master” and “slave”, the
       documents will, in the interest of compatibility, retain the 
       “master” and “slave” wording.

     (2020-07-07)

   maradns-3.5.0006:
   This is a stable release of MaraDNS:

     * Deadwood configuration files can not have leading space in them.
       Deadwood no longer uses a subset of Python2 syntax, since Python2
       is now post-End of life.

     (2020-07-01)

   maradns-3.5.0005:
   This is a stable release of MaraDNS:

     * MaraDNS is now fully supported in Cygwin
     * Windows port of MaraDNS no longer includes maradns.exe; we instead
       tell people how to compile MaraDNS in Cygwin. Note We continue to
       fully support Deadwood for Windows, which is a proper Windows
       service (unlike the old maradns.exe).
     * Dockerfile now creates Docker image with working instance of
       MaraDNS. This is still a work in progress; one currently needs to
       enter the Docker container to change MaraDNS configuration files.
     * Version number fixed when compiling a MaraDNS release.

     (2020-06-02)

   maradns-3.5.0004:
   This is a stable release of MaraDNS:

     * maximum_cache_elements no longer needs to include blocklist, root
       server, upstream server, or synthetic IP elements.
     * Documentation updates, mainly for maximum_cache_elements change

     (2020-04-18)

   maradns-3.5.0003:
   This is a stable release of MaraDNS:

     * Added support for blocklists as per GitHub issue #69 and GitHub
       issue #70
     * Minimize memory usage of blocklists by allowing the same entry to
       be used for IPv4 and IPv6

     (2020-04-16)

   maradns-3.5.0002:
   This is a stable release of MaraDNS:

     * Documentation and other updates and cleanups.
     * Windows port no longer needs to have secret.txt file to run; the
       Deadwood Windows port now uses the Windows call CryptGenRandom() to
       get entropy.

     (2020-02-03)

   maradns-3.5.0001:
   This is a stable release of MaraDNS:

     * bind2csv2.py updated to run in Python3.
     * This is the first “One Source of Truth” release of MaraDNS: All
       files in the release are derived directly from the Git version of
       MaraDNS.
     * Github history going back to 2014 is now included as part of the
       source code tarball.
     * Scripts to test the Git version of MaraDNS, to make the Windows
       binaries, and to convert the Git version in to a tarball and
       Windows zipfile added.

     (2020-01-25)

   maradns-3.4.02:
   This is a stable release of MaraDNS:

     * Tests updated to run and pass in CentOS 7
     * Fix typo in asktest.c.
     * Deadwood: Issue building Deadwood from the GitHub tree in CentOS8
       fixed
     * Deadwood: Update Windows documents in Deadwood source code tarball

     (2020-01-16)

   maradns-3.4.01:
   This is a stable release of MaraDNS:

     * Deadwood updated to 3.4.01

     (2019-10-24)

   Important: Deadwood 3.4.01 is updated to use the Quad9 upstream DNS
   servers as the default. If the old behavior of using the ICANN name
   servers as root servers is desired, add the following lines to one’s
   dwood3rc file:
root_servers = {}
root_servers["."]="198.41.0.4,"
root_servers["."]+="199.9.14.201,"
root_servers["."]+="192.33.4.12,"
root_servers["."]+="199.7.91.13,"
root_servers["."]+="192.203.230.10,"
root_servers["."]+="192.5.5.241,"
root_servers["."]+="192.112.36.4,"
root_servers["."]+="198.97.190.53,"
root_servers["."]+="192.36.148.17,"
root_servers["."]+="192.58.128.30,"
root_servers["."]+="193.0.14.129,"
root_servers["."]+="199.7.83.42,"
root_servers["."]+="202.12.27.33"

   Please note: The above list of IPs is current as of 2019-04-07, and was
   last changed in October of 2017.

   Please go to root-servers.org to get an up-to-date list of root
   servers.

   maradns-3.3.03:
   This is a development release of MaraDNS.

     * Updated numbering system to give MaraDNS the same version number as
       Deadwood.
     * Deadwood updated to 3.3.03.
     * Document how star records work.

     (2019-09-28)

   maradns-2.0.17:
   This is the stable release of MaraDNS. No security updates were made.

     * Deadwood updated to 3.2.14
     * Default max_mem value doubled as discussed in GitHub issue #52.

     (2019-01-20)

   maradns-2.0.16:
   This is the stable release of MaraDNS. A very minor security update was
   made.

     * Deadwood updated to 3.2.12

     (2018-08-16)

   maradns-2.0.15:
   This is the stable release of MaraDNS. No security updates were done in
   this release.

     * Deadwood updated to 3.2.11

     (2018-02-05)

   maradns-2.0.14:
   This is the stable release of MaraDNS. No security updates were done in
   this release.

     * Deadwood updated to 3.2.10

     (2017-06-10)

   maradns-2.0.13:
   This is the stable release of MaraDNS.

     * Two non-critical buffer overflows from ParseMaraRc fixed. One can
       never be exploited; the other one can only be exploted by the
       (usually) root user by writing to the system mararc file.
     * Deadwood updated to 3.2.09

     (2015-09-25)

   maradns-2.0.12:
   This is the stable release of MaraDNS.

     * Security fix for improper free() in zoneserver
     * Deadwood updated to 3.2.08
     * Zone transfers now work with newer versions of dig
     * Documentation updates

     (2015.08.19)

   maradns-2.0.11:
   This is the stable release of MaraDNS.

     * Deadwood updated to 3.2.07

     (2015.01.30)

   maradns-1.4.16:
   This is the final MaraDNS 1 release. Please be aware that MaraDNS 1 has
   at least one unpatched security hole

   This is the legacy branch of MaraDNS. Please upgrade to MaraDNS 2. All
   MaraDNS 1 support ends on June 21, 2015.

     * Deadwood updated to 3.2.07

     (2015.01.30)

   maradns-2.0.10:
   This is the stable release of MaraDNS.

     * Deadwood updated to 3.2.06
     * Zoneserver now compiles and runs in Cygwin (so Windows users can
       have DNS-over-TCP support).

     (2015.01.24)

   maradns-1.4.15:
   This is the legacy branch of MaraDNS. Please upgrade to MaraDNS 2. This
   will probably be the final MaraDNS 1 release; all MaraDNS 1 support
   ends on June 21, 2015.

     * Deadwood updated to 3.2.06
     * CERT vulnerability VU#264212 update: max_glueless_level now
       defaults to 4 instead of 10

     (2015.01.24)