3e17f2c20a
Changelog:
Version 3.1.4
Features:
+ mod-dnstap: added 'responses-with-queries' configuration option (Thanks
to Robert Edmonds)
Improvements:
+ knotd: DNSSEC keys are logged in sorted order by timestamp
+ mod-cookies: added statistics counter for dropped queries due to the
slip limit
+ mod-dnstap: restored the original query QNAME case #773 (Thanks to
Robert Edmonds)
+ configure: improved compatibility of some scripts on macOS and BSDs
+ doc: updates on DNSSEC signing
Bugfixes:
+ knotd: server can crash when receiving queries with NSID EDNS flag #774
(Thanks to Romain Labolle)
+ knotd: server crashes on reload when no interfaces configured #770
+ knotd: ZONEMD without DNSSEC not handled correctly
+ knotd: generated catalog zone not updated on config reload #772
+ knotd: zone catalog not verified before its interpretation
+ knotd: ds-push fails to update the parent zone if a CNAME exists for a
non-terminal node
Version 3.1.3
Monday, October 18, 2021
Improvements:
+ knotd: added simple error logging to orphaned zone purge
+ knotd: allow manual public-only keys for unused algorithm
+ kdig: send ALPN when using DoT or XoT #769
+ doc: various fixes and improvements #767
Bugfixes:
+ knotd: catalog backup doesn't preserve version of the catalog
implementation
+ knotd: NOTIFY is scheduled even when DNSSEC signing is up-to-date
+ knotd: server can crash when zone difference is inconsistent upon cold
start
+ knotd: zone not bootstrapped when zone file load failed due to an error
+ knotd: broken AXFR with knot as slave and dnsmasq as master (Thanks to
Daniel Gr?ber)
+ knotd: journal not able to free up space when zone-in-journal present
and zonefile written
+ mod-stats: missing protocol counters for TCP over XDP
+ kzonesign: input zone name not lower-cased
Version 3.1.2
Features:
+ knotd: new policy configuration for postponing complete deletion of
previous keys
+ keymgr: new optional pretty mode (-b) of listing keys
+ kdig: added support for TCP keepopen #503
Improvements:
+ knotd: configuration item values can contain UTF-8 characters
+ knotd: added configuration check for database storage writability
+ knotd: better error reporting if zone is empty
+ knotd: smaller journal database chunks in order to mitigate LMDB
fragmentation
+ knotd/kxdpgun: CAP_SYS_RESOURCE capability no longer needed for XDP on
Linux >= 5.11
Bugfixes:
+ knotd: incomplete NSEC3 proof in response to opt-outed empty
non-terminal
+ knotd: wrong SOA serial handling when enabling signing on already
existing secondary zone
+ knotd: defective ZONEMD verification error reporting when loading zone
#759
+ knotd: server can crash when reloading catalog zone #761
+ knotd: DNSSEC validation doesn't work when only NSEC3 chain changes
+
knotd: DNSSEC validation doesn't check if empty non-terminal over
non-opt-outed
delegation isn't opt-outed too
+ knotd: ZONEMD generation doesn't cause flushing zone to disk #758
+ knotd: incorrect evaluation of ACL deny rule in combination with TSIG
+ knotd: failed DS-check is replaned even if no key is ready
+ kdig: abort when query times out #763
+ libzscanner: missing output overflow check in the SVCB parsing
Compatibility:
+ keymgr: parameter -d is marked deprecated in favor of new parameter -D
+ kjournalprint: parameter -n is marked deprecated in favor of new
parameter -x
Version 3.1.1
Improvements:
+ keymgr: import-bind sets publish and active timers to now if missing
timers #747
+ mod-rrl: added QNAME, which triggered an action, to log messages #757
+ systemd: added environment variable for setting maximum configuration
DB size
Bugfixes:
+ knotd: adding RRSIGs to a signed zone can lead to redundant RRSIGs for
some NSEC(3)s
+ knotd: code not compiled correctly for ARM on Fedora >= 33
+ knotd: server can crash when opening catalog DB on startup
+ knotd: incorrect catalog update counts in logs
+ knotd: journal discontinuity and zone-in-journal result in incorrectly
calculated journal occupation
+ kdig: +noall does not filter out AUTHORITY comment #749
+ tests: journal unit test not passing if memory page size is different
from 4096
Reverts:
+ libzscanner: reverted "omitted TTL value is correctly set to the last
explicitly stated value (RFC 1035)" #751
|
||
|---|---|---|
| .. | ||
| files | ||
| patches | ||
| DESCR | ||
| distinfo | ||
| Makefile | ||
| PLIST | ||