v0.2.0

[0.2.0] - 2026-06-13

Added

• resolver: Add pause-blocking flag and hot-path gate (E12.1)- web: Pause/resume blocking control + countdown banner (E12.2)- upstream: Surface answering upstream + per-attempt latency (E15.1)- upstream: Per-upstream health & latency stats (E15.2)- web: Per-upstream health table on the dashboard (E15.3)- upstream: Latency-weighted selector + parallel forwarding (E15.4)- web: Upstream selection strategy setting + UI (E15.5)- web: Dashboard System panel — version, uptime, qps, cache, memory (E15.7)- codec: PTR recognition + in-addr.arpa/ip6.arpa parsing (E13.1)- dns: Synthesize PTR answers from local records (E13.2)- forwarding: Forward_zones storage + config UI (E13.3)- forwarding: Conditional-forward routing on the hot path (E13.4)- web: Embedded Lucide icon sprite from icondata_lu (E18.1)- web: Responsive hamburger nav drawer (E18.2)- web: Icons on nav links, pause and logout (E18.3)- web: Dashboard section, card and panel icons (E18.4)- web: Icons on management page headings and actions (E18.5)- web: Mobile layout polish — forms, touch targets, tables (E18.6)- web: Topbar sun/moon theme toggle, drop settings dropdown- web: Declutter topbar, fix dark-mode contrast, shrink UI- web: Flatten nav, reorder topbar actions, slim the bar- web: Pause presets 5 min / 30 min / 1 h / 24 h, drop custom input- web: Show pause countdown as H:MM:SS past an hour- resolver: Internal reverse-lookup service + bounded cache- web: Decorate live log + top-clients with client hostnames

CI

• release: Publish to crates.io last, after all reversible steps

Documentation

• Document pause-blocking in SPEC and README (E12.3)- Upstream selection strategies + health, dashboard System panel (E15.6)- SPEC + README for LAN reverse DNS & conditional forwarding (E13.5)- Record icon sprite + responsive UI in SPEC/README (E18.7)- Document client-hostname decoration (E14)

Fixed

• web: Cache-bust assets so upgrades don't render stale CSS- web: Pause dropdown focus ring + mobile off-screen panel- web: Invalidate reverse-lookup cache on local-record/zone edits- web: Flush DNS cache on forward-zone edits- web: Label process memory as MiB, not MB- codec: Accept underscore labels in DNS names- web: Don't CSRF-reject login when a stale session cookie is present- cache: Apply min/max TTL changes live, not at restart only- listener: Floor advertised EDNS UDP payload at 512 (RFC 6891)- blocklist: Reject empty/HTML 200 bodies, keep last-good cache- codec: Reject non-query messages (QR=1 / unsupported opcode)

v0.1.1

[0.1.1] - 2026-06-13

Added

• storage: Add query_log schema, settings, and incremental vacuum- telemetry: Add QueryEvent receipt timestamp and stable Outcome tokens- storage: Add query_log repository with paginate, purge, aggregates- web: Add query-log enable toggle, retention, and clear-log action- telemetry: Persist query events via a decoupled writer task- telemetry: Add hourly query-log retention purge with incremental vacuum- web: DB-backed query log with scroll-back; remove the ring buffer- web: Add restart-surviving 24h window to the dashboard- codec: Name well-known QTYPEs in the query-log display- blocklist: Attribute each blocked domain to a primary source- storage: Add nullable query_log.blocklist_id attribution column- telemetry: Persist the primary blocklist source of blocked queries- web: Show per-list block effectiveness on the blocklists page- deploy: Add a curl-able install script for the systemd service

CI

• Add continuous fuzzing workflow for the DNS codec

Changed

• enums: Adopt strum for the string-token enums- codec: Give Qtype a canonical Display, share it across renders- time: Centralize day/window arithmetic on the Clock helpers- storage: Add Db repo accessors, route call sites through them- web: Return Result<Response, WebError> from handlers, use ?- web: Add datastar_response helper for one-shot SSE replies- web: Add WebResult alias for handler signatures- storage: Return impl Future from repository traits- codec: Drop unused UDP framing identity helpers- codec: Remove unreachable skip_rr byte-cap, clarify name comments- resolver: Scan EDNS info once per query, carry it on DnsRequest- resolver: Extract generic hot-swap core under the match sets- Drop redundant error mapping and accessor, fix select! indent

Documentation

• Scope the 0.2.0 milestone (E10–E17) and refresh the roadmap- Document the persistent query log in SPEC and README- Describe per-list blocklist attribution & effectiveness- Fix blocklist/engine doc drift, Safety headings, qtype log rendering

Fixed

• ci: Pin fuzz build to gnu target

Testing

• storage: Guard counts_since SQL tokens against Outcome mapping- web: Add a TestServer harness for the HTTP integration tests- Add a shared test_support::temp_db() helper- Use the shared temp_db helper in the remaining modules- Consolidate mock-upstream and wire-query fixtures in test_support

v0.1.0

[0.1.0] - 2026-05-30

Added

• app: Scaffold lib+bin crate, module layout & error strategy- config: Add clap CLI and typed Config with flag>env>default- telemetry: Add tracing subscriber init and startup line- app: Add runtime harness with graceful shutdown- codec: Add bounds-checked wire reader/writer and framing- codec: Add Name type, QNAME codec and bounded RR name-skip- codec: Add 12-byte header codec with typed flags- codec: Add shallow message parse with defensive validation- codec: Add bounded TTL scan for response caching- codec: Add EDNS/OPT-aware response synthesis- storage: Add sqlx SQLite connection pool with migrations- storage: Add schema DDL migration for v0.1 config tables- storage: Add idempotent seed-defaults migration- storage: Add settings & upstreams repositories- storage: Add blacklist, allowlist & local-records repositories- storage: Add blocklist-source & offline-cache repository- resolver: Add arc-swap MatchSet primitive- resolver: Add local-record matcher with wildcard suffix-probe- resolver: Add moka raw-bytes cache with serve-from-cache patching- resolver: Add ResolverState bundle with startup hydration- upstream: Add hickory 0.26 transport clients (UDP/TCP/DoT/DoH)- upstream: Forward queries and extract raw bytes + negative TTL- upstream: Add pool with random selection and failover- pipeline: Add request/response model and tower service shape- pipeline: Add decision stack (SPEC §5 match precedence)- pipeline: Add forward + cache-store inner service- pipeline: Add protective tower middleware (rate limit, concurrency, timeout)- telemetry: Add query event, live-log buffer, and runtime stats- pipeline: Add UDP/TCP listeners with SO_REUSEPORT pool and drain- pipeline: Wire the full DNS engine and add end-to-end tests- blocklist: Add HTTP fetcher with conditional requests- blocklist: Parse hosts and domain-list formats into Name sets- blocklist: Aggregate per-source sets and atomically swap them in- blocklist: Add background refresh scheduler and offline start- web: Add axum skeleton, AppState, embedded assets & base layout- web: Add Argon2id auth, session repos, and login/logout- web: Add CSRF protection on mutating routes- web: Add first-run wizard for the initial admin account- web: Add dashboard with runtime stats and blocklist size- web: Add live query log over SSE with filtering- web: Add one-click list management from the live log- web: Add blacklist/allowlist + local DNS record screens- web: Add upstream resolver + settings screens- web: Add blocklist source management + manual refresh- web: Hide custom IP inputs unless blocking mode is Custom- app: Surface bound addresses and lock in full-stack assembly

CI

• Add GitHub Actions workflow and local git hooks- storage: Commit sqlx offline cache and verify offline build- release: Add tag-triggered release workflow skeleton + version gate- release: Build Linux binaries and cut a changelog'd GitHub Release- release: Publish to crates.io on tag + packaging guard in CI- release: Build and push a multi-arch Docker image to ghcr.io

Changed

• config: Split clap Cli into its own cli module- storage: Use reversible, timestamped migrations- pipeline: Extract the cache as a read-through tower layer- storage: Type admin user role as an enum- web: Use Argon2::default() instead of explicit params- web: Move auth behavior onto types- web: Move wizard handlers and outcome category onto types- web: Make query-log actions outcome-driven, not stateful- resolver: Convert upstream_config_from_row to TryFrom- Consolidate triplicated now_epoch into time::Clock- resolver: Classify rejections via an extension trait- resolver: Move cache/message byte ops onto their types- resolver: Group DNS serve loops under a ServeLoop type- Adopt mod.rs module layout

Documentation

• Verify quickstart, sync SPEC, seed CHANGELOG + deploy examples- Add shell & tooling guidance to CLAUDE.md- Document the release process, secrets, and install paths

Fixed

• web: Open the live SSE stream with data-init, not data-on-load- web: Make one-click log actions work + add toggle feedback- web: Display domains without the canonical trailing dot- web: Strip trailing dot on local DNS record names too

Testing

• codec: Add cargo-fuzz targets and capture fixtures- upstream: End-to-end integration tests with a mock upstream- e2e: Add full-stack scenario suite driving the assembled binary