7ee775588d
Changelog: Version 3.1.8 Thursday, April 28, 2022 Features: + knotd: optional automatic ACL for XFR and NOTIFY (see 'remote.automatic-acl') + knotd: new soft zone semantic check mode for allowing defective zone loading + knotc: added zone transfer freeze state to the zone status output Improvements: + knotd: added configuration check for serial policy of generated catalogs Bugfixes: + knotd/libknot: the server can crash when validating a malformed TSIG record + knotd: outgoing zone transfer freeze not preserved during server reload + knotd: catalog UPDATE not processed if previous UPDATE processing not finished #790 + knotd: zone refresh not started if planned during server reload + knotd: generated catalogs can be queried over UDP + knotd/utils: failed to open LMDB database if too many stale slots occupy the lock table Version 3.1.7 Wednesday, March 30, 2022 Features: + knotd: new configuration items for restricting minimum and maximum zone expire and retry intervals (see 'zone.expire-min-interval', 'zone.expire-max-interval', 'zone.retry-min-interval', 'zone.retry-max-interval') #785 + knotc: added catalog information to zone status Improvements: + knotd: better warning message if SOA serial comparison failed when loading from zone file + knotc: zone status shows all zone events when frozen + keymgr: better error message is returned when importing SKR with insufficient permissions + kdig: transfer status is also printed if failed Bugfixes: + knotd: incomplete implementation of the Offline KSK mode in the IXFR and DDNS processing + knotd: catalog zone accepts duplicate members via UPDATE #786 + knotd: server crashes if catalog database contains orphaned member zones + knotd: old journal is scraped when restoring just the zone file + knotd: some planned zone events can be lost during server reload + knotd: frozen zone gets thawed during server reload + knsupdate: missing section names in the show output + knsupdate: inappropriate log message if called from a script Version 3.1.6 Tuesday, February 8, 2022 Features: + knotd: optional D-Bus notifications for significant server and zone events (see 'server.dbus-event') + knotd: new submission configuration option for delayed KSK post-activation (see 'submission.parent-delay') + knotc: new commands for outgoing XFR freeze (see 'zone-xfr-freeze' and 'zone-xfr-thaw') + kzonesign: added multithreaded DNSSEC validation mode (see '--verify') Improvements: + kdig: trailing data in reply packet is accepted with a warning + kdig: XFR responses are checked if SOA owners match + knotd: failed remote operations are logged as info instead of debug + knsec3hash: added alternative and more natural parameter semantics + knsupdate: interactive mode is newly based on library Editline + Dockerfile: added UID argument to facilitate the use of unprivileged container #783 + doc: various fixes and improvements Bugfixes: + libknot: inaccurate KNOT_DNAME_TXT_MAXLEN constant value #781 + knotd: propagation delay not considered before DS push + knotd: excessive refresh retry delay when a few early attemps fail + knotd: duplicate KSK submission log message during a KSK rollover + kdig: dname letter case not preserved in XFR and Dnstap outputs + mod-cookies: missing server cookie in responses over TCP Version 3.1.5 Monday, December 20, 2021 Features: + knotd: optional outgoing TCP connection pool for faster communication with remotes (see 'server.remote-pool-limit' and 'server.remote-pool-timeout') + knotd: optional unreachable remote tracking to avoid zone events clogging (see 'server.remote-retry-delay') + knotd: new ZONEMD generation mode for the record removal from the zone apex #760 (see 'zone.zonemd-generate: remove') + mod-dnsproxy: new source address match option (see 'mod-dnsproxy.address') + scripts/probe_dump: simple mod-probe client Improvements: + knotd: DS push sets DS TTL equal to DNSKEY TTL + knotd: extended zone purge error logging + knotd: zone file parsing error message was extended by the file name + knotd: improved debug log message when TCP timeout is reached + knotd: new configuration check for using the default number of NSEC3 iterations + knotd: new configuration check for insufficient RRSIG refresh time + mod-geoip: configuration check newly verifies the module configuration file #778 + kdig: option +notimeout or +timeout=0 is interpreted as infinity + kdig: option +noretry is interpreted as zero retries + python/probe: more detailed default output format + doc: many spelling fixes (Thanks to Josh Soref) + doc: various fixes and improvements Bugfixes: + knotd: imperfect TCP connection closing in the XDP mode + knotd: TCP reset packets are wrongly checked for ackno in the XDP mode + knotd: only first zone name is logged for multi-zone control operations #776 + knotd: minor memory leak when full zone update fails to write to journal + knotc: configuration check doesn't check a configuration database + mod-dnstap: incorrect QNAME case restore in some corner cases (Thanks to Robert Edmonds) #777 |
||
---|---|---|
.. | ||
files | ||
patches | ||
DESCR | ||
distinfo | ||
Makefile | ||
PLIST |