Tags

Tags give the ability to mark specific points in history as being important
  • v0.3.3

    protected
    v0.3.3: fix release-pipeline registry auth (re-release of v0.3.2)
    
    v0.3.2's release pipeline built all artifacts but failed pushing the Docker
    image to the GitLab registry ('denied') due to a ci-catalog component bump
    changing the DOCKER_* credential contract. This tag carries the same code as
    v0.3.2 plus the CI fix (log in with CI_JOB_TOKEN / CI_REGISTRY*).
    
    Content is identical to v0.3.2: DNS DoS hardening (bounded caches, rate
    limiting, recursion depth/bailiwick guards), upstream-pool failover fix,
    501 for unenforced controls, /metrics auth, systemd sandboxing, go1.26.4.
    
  • v0.3.2

    protected
    v0.3.2: DNS DoS hardening and security audit remediation
    
    Security + reliability release closing a full appsec (OWASP 2025 + CIS v8.1.2)
    and multi-domain audit, plus the upstream-pool failover fix.
    
    Hardening:
    - Bound the DNS forwarding cache and recursive NS/addr caches (fixes a
      confirmed remote OOM via unique-subdomain / water-torture floods).
    - Per-client + global DNS rate limiting with a count-capped tracking map.
    - Cap pipeline worker goroutines (stream.Scaler.Max).
    - Recursive resolver: bailiwick validation + recursion depth guard
      (cache-poisoning and stack-exhaustion defenses).
    - Upstream pool: bounded attempts + per-upstream failure cooldown; route
      OTel export errors through slog.
    
    API / ops:
    - Return 501 for unenforced blocking/CIDR controls; drop misleading MCP tools.
    - Require API-key auth for /metrics.
    - Fail loud on unimplemented JWT auth and non-udp listeners.
    - Periodic remote blocklist sync with last-good retention.
    - systemd sandboxing; CI goreleaser checksum + docker --password-stdin.
    - Pin go1.26.4 toolchain to clear reachable stdlib advisories.
    
  • v0.3.1

    protected
    v0.3.1: runtime configuration API, MCP bridge, and env-seeded admin key
    
    Pins CI golangci-lint to v2.11.4 so the lint stage passes (the unreleased
    v0.3.0 tag failed lint under v2.8.0 and published no artifacts). This is the
    first published 0.3.x release.
    
  • v0.3.0

    protected
    v0.3.0 — Runtime configuration management, persistence, auth, and MCP
    
    - Runtime configuration API (genapi, TLS): add/remove/replace allow/local/block
      entries and reload files without a restart; atomic Swappable updates (no
      dropped queries); persisted in an embedded bbolt store.
    - Authentication: argon2id API keys with scopes + short-TTL verify cache;
      mTLS-gated key management; secure-by-default TLS.
    - CLI + admin socket: void apikey create/list/revoke/delete, void reload;
      SIGHUP/endpoint reload.
    - Env-seeded admin key (VOID_ADMIN_API_KEY / _FILE) + offline void apikey
      generate for Docker/first-boot.
    - void mcp: MCP server (official SDK; stdio + streamable-HTTP) for LLM agents,
      bridging to the management API with the same auth + scopes.
    - Documentation refreshed with Mermaid architecture diagrams (docs/ARCHITECTURE.md).
    
  • v0.2.19

    protected
    release v0.2.19
    
    OTLP gRPC default + HTTP/1.1 GOAWAY fix; OTel SDK v1.44.0; CI Go 1.26;
    apt publish jobs routed to k8s pool to escape OVH apt GPG fault.
    
  • v0.2.18

    protected
    release v0.2.18
    
    OTLP gRPC default + HTTP/1.1 (gitlab-o11y GOAWAY fix); OTel SDK v1.44.0;
    CI Go 1.26; apt-sign/apt-repo HTTP-cache bypass + install fix.
    
  • v0.2.17

    protected
    release v0.2.17
    
    OTLP transport default -> gRPC; OTLP/HTTP pinned to HTTP/1.1 (gitlab-o11y
    GOAWAY fix); OpenTelemetry SDK v1.44.0; CI Go 1.26; apt-sign/apt-repo
    HTTP-cache bypass to fix runner GPG signature errors.
    
  • v0.2.16

    protected
    release v0.2.16
    
    OpenTelemetry SDK upgraded to v1.44.0; default OTLP transport switched
    to gRPC and the OTLP/HTTP path pinned to HTTP/1.1 to stop dropping
    telemetry on gitlab-o11y HTTP/2 GOAWAY frames. CI Go bumped to 1.26.
    
  • v0.2.15

    protected
    release v0.2.15: DNS upstream pool failover
    
  • v0.2.13

    protected
    v0.2.13
    
    Bug fixes
    - Merge matched variable declaration into conditional (staticcheck QF1007)
    - Route goreleaser and apt-publish to OVH dedicated runner for stable DNS
    - Remove haleth (lab server) dependency from release pipeline
    
  • v0.2.12

    protected
    v0.2.12
    
    Bug fixes
    - Merge matched variable declaration into conditional (staticcheck QF1007)
    - Pin apt-publish and goreleaser-release CI runners to avoid haleth DNS failure
    - Wait for DinD Docker daemon before running goreleaser on k8s
    
  • v0.2.11

    protected
    v0.2.11
    
    Bug fixes
    - Merge matched variable declaration into conditional (staticcheck QF1007)
    - Pin apt-publish CI runner to dedicated pool to avoid haleth DNS failure
    - Route goreleaser-release to k8s runner with non-TLS DinD for reliable Docker access
    
  • v0.2.10

    protected
    v0.2.10
    
    Bug fixes
    - Merge matched variable declaration into conditional (staticcheck QF1007)
    - Pin apt-publish CI runner to dedicated pool to avoid haleth DNS failure
    - Route goreleaser-release to k8s runner with DinD to avoid haleth DNS failure
    
  • v0.2.9

    protected
    v0.2.9
    
    Bug fixes
    - Merge matched variable declaration into conditional (staticcheck QF1007)
    - Pin apt-publish CI runner to dedicated pool to avoid haleth DNS failure
    
  • v0.2.8

    protected
    v0.2.8
    
    Bug fixes
    - Merge matched variable declaration into conditional (staticcheck QF1007)
    
  • v0.2.7

    protected
    v0.2.7
    
    Features
    - Split-DNS per-route exclusion list: `exclude: []` on a SplitRoute
      carves specific FQDNs (or `*.suffix` wildcards) out of an existing
      route. Excluded names fall through to the default dns.upstream pool
      without re-specifying it. Bare-only routes with an exclude are
      rejected at NewRouter time with an actionable diagnostic.
    
    Bug fixes
    - pkg/netbind wraps DNS and API binds with a short EADDRINUSE retry
      loop plus an operator-friendly diagnostic naming systemd-resolved
      (for :53) and the exact `ss`/`lsof` inspection command. Stops
      void.service from burning its systemd restart budget on bare
      `bind: address already in use` errors.
    - Config loader now includes the resolved config file path in load
      errors so duplicate-key YAML failures point at the offending file.
    - CI: default jobs route to the Company Cluster Runner with pinned
      tags to keep pipelines off the flaky Lab Servers pool while
      haleth DNS is broken.
    
  • v0.2.6

    protected
    v0.2.6
    
    feature: per-route SERVFAIL fallback for split-DNS routes (ddd73ce)
    
  • v0.2.5

    protected
    v0.2.5
    
    bug fix: write SERVFAIL on upstream exchange failure so the cache writer chain releases single-flight followers (02af4c4)
    
  • v0.2.4

    protected
    v0.2.4
    
    Fix the split DNS cache poisoning that made *.ts.net (Tailscale)
    lookups flaky and slow.
    
    - Do not cache non-success / non-NXDOMAIN responses; transient SERVFAIL
      from MagicDNS no longer pins a stale NOERROR/empty answer for
      DefaultTTL=3600s.
    - Preserve stored Rcode on cache hits (stop calling dns.Msg.SetReply on
      the stored msg, which was unconditionally rewriting Rcode to Success).
    - Deep-copy the cached *dns.Msg so concurrent hits cannot mutate it via
      SetReply / MsgHdr.Id (was a -race finding under concurrent A/AAAA).
    - Honor SOA MINIMUM (RFC 2308) for negative-cache TTL with a 300s cap
      and 60s fallback when no SOA is provided; skip caching when TTL is 0.
    - Coalesce N concurrent identical misses into a single upstream call
      (single-flight via sync.Map of *flight{done,msg}); reduces hammering
      of MagicDNS on cold-cache bursts.
    - Reproduction tests in pkg/resolver/cache_test.go and
      pkg/split/cache_integration_test.go lock in the contract.
    - Remove redundant Go 1.22+ loopvar copies in pkg/record/source.go and
      pkg/server/server.go to unblock the lint stage that failed on v0.2.3.