Release Checklist
Use this checklist before tagging releases.
Build and correctness
Section titled “Build and correctness”go build ./...go vet ./...go test -race -count=1 ./...golangci-lint run ./...- resolver fuzz smoke run
Security gates
Section titled “Security gates”semgrep --config p/owasp-top-tengovulncheck ./...- path traversal protections validated
- hardened container security context validated
Functional gates
Section titled “Functional gates”- daemon boots from default config
/api/v1/healthreturns 200- zone, forwarder, and filter flows work through API + CLI + GUI
- recursion and caching benchmarks remain within target
Documentation gates
Section titled “Documentation gates”- README is current
- runbook is current
- deployment guide is current
- security model reflects current controls
- sample configuration is current
Known v1 limitations
Section titled “Known v1 limitations”- DoQ and DoH3 are roadmap items
- full DNSSEC validation/signing not in v1
- management-plane auth options are still evolving
- HA replication is out of scope for v1