doc/release-notes: mention pdns-recursor options changes
This commit is contained in:
parent
fe27976534
commit
bad701b1d3
|
@ -479,6 +479,31 @@
|
||||||
relying on the insecure behaviour before upgrading.
|
relying on the insecure behaviour before upgrading.
|
||||||
</para>
|
</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
In the PowerDNS Recursor module
|
||||||
|
(<literal>services.pdns-recursor</literal>), default values of
|
||||||
|
several IP address-related NixOS options have been updated to
|
||||||
|
match the default upstream behavior. In particular, Recursor
|
||||||
|
by default will:
|
||||||
|
</para>
|
||||||
|
<itemizedlist spacing="compact">
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
listen on (and allows connections from) both IPv4 and IPv6
|
||||||
|
addresses
|
||||||
|
(<literal>services.pdns-recursor.dns.address</literal>,
|
||||||
|
<literal>services.pdns-recursor.dns.allowFrom</literal>);
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
allow only local connections to the REST API server
|
||||||
|
(<literal>services.pdns-recursor.api.allowFrom</literal>).
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
</itemizedlist>
|
||||||
|
</listitem>
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>
|
<para>
|
||||||
<literal>openssh</literal> has been update to 8.9p1, changing
|
<literal>openssh</literal> has been update to 8.9p1, changing
|
||||||
|
|
|
@ -154,6 +154,12 @@ In addition to numerous new and upgraded packages, this release has the followin
|
||||||
|
|
||||||
- `services.kubernetes.scheduler.{port,address}` now set `--secure-port` and `--bind-address` instead of `--port` and `--address`, since the former have been deprecated and are no longer functional in kubernetes>=1.23. Ensure that you are not relying on the insecure behaviour before upgrading.
|
- `services.kubernetes.scheduler.{port,address}` now set `--secure-port` and `--bind-address` instead of `--port` and `--address`, since the former have been deprecated and are no longer functional in kubernetes>=1.23. Ensure that you are not relying on the insecure behaviour before upgrading.
|
||||||
|
|
||||||
|
- In the PowerDNS Recursor module (`services.pdns-recursor`), default values of several IP address-related NixOS options have been updated to match the default upstream behavior.
|
||||||
|
In particular, Recursor by default will:
|
||||||
|
- listen on (and allows connections from) both IPv4 and IPv6 addresses
|
||||||
|
(`services.pdns-recursor.dns.address`, `services.pdns-recursor.dns.allowFrom`);
|
||||||
|
- allow only local connections to the REST API server (`services.pdns-recursor.api.allowFrom`).
|
||||||
|
|
||||||
- `openssh` has been update to 8.9p1, changing the FIDO security key middleware interface.
|
- `openssh` has been update to 8.9p1, changing the FIDO security key middleware interface.
|
||||||
|
|
||||||
- `services.k3s.enable` no longer implies `systemd.enableUnifiedCgroupHierarchy = false`, and will default to the 'systemd' cgroup driver when using `services.k3s.docker = true`.
|
- `services.k3s.enable` no longer implies `systemd.enableUnifiedCgroupHierarchy = false`, and will default to the 'systemd' cgroup driver when using `services.k3s.docker = true`.
|
||||||
|
|
Loading…
Reference in a new issue