Hi,
second Release Candidate of Knot DNS 1.1 is out now. We slightly
improved and fixed the user manual, fixed two minor bugs:
- generating journal for IXFR when the zone contains IPSECKEY and APL
records in binary format,
- possible leak on server shutdown with a pending transfer
and fixed the behaviour of slave server using TSIG. It did not sign SOA
queries to master, causing it to fail the zone version check when
talking to Bind with allow-query configured to use TSIG key.
Source files are available here:
http://public.nic.cz/files/knot-dns/knot-1.1.0-rc2.tar.gz
GPG signature:
http://public.nic.cz/files/knot-dns/knot-1.1.0-rc2.tar.gz.asc
Packages will be updated soon at the usual place on http://www.knot-dns.cz.
Please provide us with any feedback before the final 1.1 release next week.
Regards,
Lubos
--
Ľuboš Slovák Knot DNS
CZ.NIC Labs http://www.knot-dns.cz
-------------------------------------------
Americká 23, 120 00 Praha 2, Czech Republic
Email: lubos.slovak(a)nic.cz
WWW: http://labs.nic.czhttp://www.nic.cz
-------------------------------------------
Please consider the environment before printing this email.
Join the campaign at http://thinkBeforePrinting.org
Dear Knot DNS users,
we've just released a Release Candidate of Knot DNS 1.1. The new version
brings a lot of enhancements and bugfixes which improve stability and
interoperability of Knot DNS. It also contains a complete User manual
for easier deployment. The manual can be either built from the sources
('make pdf' or 'make html'), or accessed online via Knot DNS website
(http://www.knot-dns.cz).
Here are some highlights of changes in the new version:
- Improved speed of incoming IXFR even more.
- Optimized loading of many zones.
- Option to disable authoritative ANY answers as a mitigation to recent
DDoS reflection attacks.
- Fixed some problems and leaks cased if an IXFR transfer failed (e.g.
because of malformed data).
- Improved malformed packet parsing and handling.
- Fixed answering in some special cases.
We also implemented an option to generate zone differences from zone
reload and using them for IXFR journal. Thus Knot DNS may serve as IXFR
primary master (until now, it needed to obtain the differences by a
transfer from some other master). However, this feature is only
experimental, so use it with care. We do not guarantee that the results
will be always good or that it won't compromise the stability of the server.
For full list of changes see RELNOTES in the source directory or here:
https://git.nic.cz/redmine/projects/knot-dns/repository/revisions/v1.1.0-rc…
Source files can be downloaded here:
http://public.nic.cz/files/knot-dns/knot-1.1.0-rc1.tar.gz
GPG signature:
Packages will be available soon on http://www.knot-dns.cz.
Kind regards,
Lubos
--
Ľuboš Slovák Knot DNS
CZ.NIC Labs http://www.knot-dns.cz
-------------------------------------------
Americká 23, 120 00 Praha 2, Czech Republic
Email: lubos.slovak(a)nic.cz
WWW: http://labs.nic.czhttp://www.nic.cz
-------------------------------------------
Please consider the environment before printing this email.
Join the campaign at http://thinkBeforePrinting.org
Hello list,
I found an article
http://blog.nic.cz/2012/07/19/zavazna-vzdalena-zranitelnost-v-dns-serveru-n…
which mentions "list of non-standard DNS queries" for test purposes.
Is it possible to obtain this list and related tools? I looked into latest
Knot sources tarball and I found nothing :-)
I'm developer of BIND 9 plugin and I want to explore and re-use mentioned
tests for configurations with this plugin
(https://fedorahosted.org/bind-dyndb-ldap/).
I'm not a member of knot-dns-users list, please add me to Cc in reply.
Thanks for your time.
--
Petr Spacek
Red Hat Czech
Hi,
I am having difficulties running knot on an dualstack host. I want Knot
to listen on all IPv4 and all IPv6 interfaces. I am using this
interfaces section in config file:
interfaces {
allv4 { address 0.0.0.0; }
allv6 { address [::]; }
}
Using this config, Knot listens only on v4 address and gives an error
binding the v6 address:
2012-07-27T13:21:44.646094+02:00 Binding to interface 0.0.0.0 port 53.
2012-07-27T13:21:44.646197+02:00 [error] Cannot bind to socket (98).
2012-07-27T13:21:44.646233+02:00 [error] Could not bind to TCP interface
:: port 53.
2012-07-27T13:21:44.646240+02:00 Binding to interface :: port 53.
Changing interface order the other way around results in listening on v6
only with same error, yet also v4 connections are accepted, probably due
to IPV6_V6ONLY socket option not being turned on by Knot.
When I tried changing listening port on either line, problem
disappeared. I am using Debian package, version 1.0.6-1~bpo60+1.
Cheers,
Ondřej Caletka
