Version 3.4.0 Released2020-11-19

Source tarball and GPG signature available at:

3.4.0 - 2020-11-19
    * The default value of 'experimental_no_chain' has changed from false to
      true.  This change affects on-the-wire DNS responses in the case of a
      CNAME record which points to another record in the same zone. This is
      kind of an edge case for a semver minor version bump: this is not
      strictly a feature-add, but the behavioral change here is deep in the
      weeds most users will never see and has been about as widely tested as it
      can be without becoming a default like it is now.  In case of issues, it
      can still be disabled by explicitly configuring it to false (which will
      also emit an error to syslog at startup pleading for bug reports about
      any such necessary case).  This path seemed better than putting all the
      risks of this change in a future 4.0 release for the first time, where
      there would already be a ton of other core work built on top of it,
      making reversion much more difficult.
    * A new statistic 'tcp_acceptfail' was created to track all non-trivial
      failure returns from accept4().
    * The daemon now makes a soft, non-fatal attempt to raise the soft limit on
      total file descriptors if internal calculations indicate it may be too
      small for the configuration (especially tcp listener config).  It will
      complain to syslog on startup if it sees a potentially-bad fd limit
      situation that it can't fix due to the hard limits.
    * The TCP code now at least attempts to handle running into such a file
      descriptor limit more-gracefully by shutting down the most-idle of its
      older connections if possible, which is the same mechanism used by our
      existing internal limiter tcp_clients_per_thread.
    * Several sites in the code which may emit syslog errors driven by network
      input (e.g. recv() errors, accept4() errors, etc) now use a different
      logging call which applies some sanity-level ratelimiting to avoid
      excessive log spam.
    * max_edns_response[_v6] default values both changed to 1232, from previous
      defaults of 1410 and 1212, respectively.
    * The server now prefers the Linux IP_PMTUDISC_OMIT socket option over
      IP_PMTUDISC_DONT, when OMIT exists at compile time and works at runtime,
      which increases resilience against certain kinds of fragmentation