knot: Update to 3.1.8

Changelog:
Version 3.1.8

Thursday, April 28, 2022

Features:

      + knotd: optional automatic ACL for XFR and NOTIFY (see
        'remote.automatic-acl')
      + knotd: new soft zone semantic check mode for allowing defective zone
        loading
      + knotc: added zone transfer freeze state to the zone status output

Improvements:

      + knotd: added configuration check for serial policy of generated
        catalogs

Bugfixes:

      + knotd/libknot: the server can crash when validating a malformed TSIG
        record
      + knotd: outgoing zone transfer freeze not preserved during server reload
      + knotd: catalog UPDATE not processed if previous UPDATE processing not
        finished #790
      + knotd: zone refresh not started if planned during server reload
      + knotd: generated catalogs can be queried over UDP
      + knotd/utils: failed to open LMDB database if too many stale slots
        occupy the lock table


Version 3.1.7

Wednesday, March 30, 2022

Features:

      + knotd: new configuration items for restricting minimum and maximum zone
        expire and retry intervals (see 'zone.expire-min-interval',
        'zone.expire-max-interval', 'zone.retry-min-interval',
        'zone.retry-max-interval') #785
      + knotc: added catalog information to zone status

Improvements:

      + knotd: better warning message if SOA serial comparison failed when
        loading from zone file
      + knotc: zone status shows all zone events when frozen
      + keymgr: better error message is returned when importing SKR with
        insufficient permissions
      + kdig: transfer status is also printed if failed

Bugfixes:

      + knotd: incomplete implementation of the Offline KSK mode in the IXFR
        and DDNS processing
      + knotd: catalog zone accepts duplicate members via UPDATE #786
      + knotd: server crashes if catalog database contains orphaned member
        zones
      + knotd: old journal is scraped when restoring just the zone file
      + knotd: some planned zone events can be lost during server reload
      + knotd: frozen zone gets thawed during server reload
      + knsupdate: missing section names in the show output
      + knsupdate: inappropriate log message if called from a script


Version 3.1.6

Tuesday, February 8, 2022

Features:

      + knotd: optional D-Bus notifications for significant server and zone
        events (see 'server.dbus-event')
      + knotd: new submission configuration option for delayed KSK
        post-activation (see 'submission.parent-delay')
      + knotc: new commands for outgoing XFR freeze (see 'zone-xfr-freeze' and
        'zone-xfr-thaw')
      + kzonesign: added multithreaded DNSSEC validation mode (see '--verify')

Improvements:

      + kdig: trailing data in reply packet is accepted with a warning
      + kdig: XFR responses are checked if SOA owners match
      + knotd: failed remote operations are logged as info instead of debug
      + knsec3hash: added alternative and more natural parameter semantics
      + knsupdate: interactive mode is newly based on library Editline
      + Dockerfile: added UID argument to facilitate the use of unprivileged
        container #783
      + doc: various fixes and improvements

Bugfixes:

      + libknot: inaccurate KNOT_DNAME_TXT_MAXLEN constant value #781
      + knotd: propagation delay not considered before DS push
      + knotd: excessive refresh retry delay when a few early attemps fail
      + knotd: duplicate KSK submission log message during a KSK rollover
      + kdig: dname letter case not preserved in XFR and Dnstap outputs
      + mod-cookies: missing server cookie in responses over TCP


Version 3.1.5

Monday, December 20, 2021

Features:

      + knotd: optional outgoing TCP connection pool for faster communication
        with remotes (see 'server.remote-pool-limit' and
        'server.remote-pool-timeout')
      + knotd: optional unreachable remote tracking to avoid zone events
        clogging (see 'server.remote-retry-delay')
      + knotd: new ZONEMD generation mode for the record removal from the zone
        apex #760 (see 'zone.zonemd-generate: remove')
      + mod-dnsproxy: new source address match option (see
        'mod-dnsproxy.address')
      + scripts/probe_dump: simple mod-probe client

Improvements:

      + knotd: DS push sets DS TTL equal to DNSKEY TTL
      + knotd: extended zone purge error logging
      + knotd: zone file parsing error message was extended by the file name
      + knotd: improved debug log message when TCP timeout is reached
      + knotd: new configuration check for using the default number of NSEC3
        iterations
      + knotd: new configuration check for insufficient RRSIG refresh time
      + mod-geoip: configuration check newly verifies the module configuration
        file #778
      + kdig: option +notimeout or +timeout=0 is interpreted as infinity
      + kdig: option +noretry is interpreted as zero retries
      + python/probe: more detailed default output format
      + doc: many spelling fixes (Thanks to Josh Soref)
      + doc: various fixes and improvements

Bugfixes:

      + knotd: imperfect TCP connection closing in the XDP mode
      + knotd: TCP reset packets are wrongly checked for ackno in the XDP mode
      + knotd: only first zone name is logged for multi-zone control operations
        #776
      + knotd: minor memory leak when full zone update fails to write to
        journal
      + knotc: configuration check doesn't check a configuration database
      + mod-dnstap: incorrect QNAME case restore in some corner cases (Thanks
        to Robert Edmonds) #777
This commit is contained in:
ryoon 2022-06-16 16:31:04 +00:00
parent 6ae5683520
commit 7ee775588d
2 changed files with 6 additions and 6 deletions

View file

@ -1,6 +1,6 @@
# $NetBSD: Makefile,v 1.67 2021/12/17 15:15:58 ryoon Exp $ # $NetBSD: Makefile,v 1.68 2022/06/16 16:31:04 ryoon Exp $
DISTNAME= knot-3.1.4 DISTNAME= knot-3.1.8
CATEGORIES= net CATEGORIES= net
MASTER_SITES= https://secure.nic.cz/files/knot-dns/ MASTER_SITES= https://secure.nic.cz/files/knot-dns/
EXTRACT_SUFX= .tar.xz EXTRACT_SUFX= .tar.xz

View file

@ -1,6 +1,6 @@
$NetBSD: distinfo,v 1.40 2021/12/17 15:15:58 ryoon Exp $ $NetBSD: distinfo,v 1.41 2022/06/16 16:31:04 ryoon Exp $
BLAKE2s (knot-3.1.4.tar.xz) = bd81e6be3ee2a6f43f739d5529a5f35d18cf91b8ba2cfc602a8db77def442686 BLAKE2s (knot-3.1.8.tar.xz) = d9f7c1a9adee6b0b6ad67c845869ba458945d55c2a2bc611a6c2d09f51259afe
SHA512 (knot-3.1.4.tar.xz) = 307667a12b989fee443832d4642fc927231f38f0331439c8c7196c489d196245eca368d96a36fe49639b773f652f7cb80bf0c16bc1ad107e11b47b70e1f04060 SHA512 (knot-3.1.8.tar.xz) = af72cbcc5b511dad148e7ce990819df00bdf99c110b44b3b521eddd8690a6ebd4c76c24e63d843956971d5f158bbfa851804616630d34f3a0ec06888c78ecf2c
Size (knot-3.1.4.tar.xz) = 1408656 bytes Size (knot-3.1.8.tar.xz) = 1439912 bytes
SHA1 (patch-samples_Makefile.in) = 499b8742dbd948e489b01d512bc7a8d8e4fe2e7b SHA1 (patch-samples_Makefile.in) = 499b8742dbd948e489b01d512bc7a8d8e4fe2e7b