Source tarball and GPG signature available at: https://github.com/gdnsd/gdnsd/releases/
3.4.0 - 2020-11-19 * The default value of 'experimental_no_chain' has changed from false to true. This change affects on-the-wire DNS responses in the case of a CNAME record which points to another record in the same zone. This is kind of an edge case for a semver minor version bump: this is not strictly a feature-add, but the behavioral change here is deep in the weeds most users will never see and has been about as widely tested as it can be without becoming a default like it is now. In case of issues, it can still be disabled by explicitly configuring it to false (which will also emit an error to syslog at startup pleading for bug reports about any such necessary case). This path seemed better than putting all the risks of this change in a future 4.0 release for the first time, where there would already be a ton of other core work built on top of it, making reversion much more difficult. * A new statistic 'tcp_acceptfail' was created to track all non-trivial failure returns from accept4(). * The daemon now makes a soft, non-fatal attempt to raise the soft limit on total file descriptors if internal calculations indicate it may be too small for the configuration (especially tcp listener config). It will complain to syslog on startup if it sees a potentially-bad fd limit situation that it can't fix due to the hard limits. * The TCP code now at least attempts to handle running into such a file descriptor limit more-gracefully by shutting down the most-idle of its older connections if possible, which is the same mechanism used by our existing internal limiter tcp_clients_per_thread. * Several sites in the code which may emit syslog errors driven by network input (e.g. recv() errors, accept4() errors, etc) now use a different logging call which applies some sanity-level ratelimiting to avoid excessive log spam. * max_edns_response[_v6] default values both changed to 1232, from previous defaults of 1410 and 1212, respectively. * The server now prefers the Linux IP_PMTUDISC_OMIT socket option over IP_PMTUDISC_DONT, when OMIT exists at compile time and works at runtime, which increases resilience against certain kinds of fragmentation attacks.