Hi Everyone,
while we in the CZ.NIC Labs are all focused on the next big thing, I
thought now it might be a good time to get out another of our
(admittedly highly irregular) monthly patch releases. Bug fixes aside,
there are a couple improvements that we hope will make your life
easier. Here's the breakdown:
- 'knotc reload' does not immediately refresh/notify unchanged zones.
This fixes the flurry of refresh messages after each reload and makes
it lightweight enough to be used frequently. Note that new/changed
zones are still added and old zones are removed. However, if you want
to refresh zones explicitly, you need to call 'knotc refresh' after
reload now.
- 'knotc -f refresh' now truly forces a zone refresh. To put it in
another words, it's akin to the 'retransfer' command that you missed
in the Knot DNS and instead of checking for new zone, it starts a full
transfer of the zone right away.
- 'knotc' remote commands are now logged in the daemon logfile
Now, there are several bugfixes as well. See the NEWS for a complete
list, but here's a selection of the most notable - in several cases
notify messages weren't sent after a zone resign, progressive
bootstrap retry regression was fixed, few issues with journal and
maximum entry size. There is also a slight behaviour change in the
zone file parser and the daemon itself. First - zone file parser now
accepts asterisk in the domain name labels (wildcards aside). As for
the daemon, if a zone is in a slave mode and fails to load for some
reason, it immediately tries to reboostrap from the master server
instead of just reporting an error.
I'd also like to thank to Robert S. Edmonds for amending various
spelling errors and typos in manpages and documentation, thanks!
So that's it, I hope the improvements make this update a little
worthwhile before new stuff
comes out later this spring.
Full changelog:
https://gitlab.labs.nic.cz/labs/knot/blob/v1.4.4/NEWS
Sources:
https://secure.nic.cz/files/knot-dns/knot-1.4.4.tar.gzhttps://secure.nic.cz/files/knot-dns/knot-1.4.4.tar.xz
GPG signatures:
https://secure.nic.cz/files/knot-dns/knot-1.4.4.tar.gz.aschttps://secure.nic.cz/files/knot-dns/knot-1.4.4.tar.xz.asc
Kind Regards,
Marek
--
Marek Vavrusa, Knot DNS
CZ.NIC Labs http://www.knot-dns.cz
-------------------------------------------
Americká 23, 120 00 Praha 2, Czech Republic
WWW: http://labs.nic.czhttp://www.nic.cz
Hi there,
I migrated our primary DNS from Bind to Knot. I runned some tests by
nic.cz's dnscheck, but there is an error:
DNSSEC signature RRSIG(fnhk.cz/IN/SOA/64431) fails to validate the RR set:
key 1: keytag does not match key 2:RSA Verification failed
Link to test:
http://dnscheck.labs.nic.cz/?time=1395821962&id=102810&view=advanced&test=s…
Knot doesn't complains to anything in the system log, fnhk.cz zone is
succefully signed.
What did I missed ?
Thanks and best regards
J.Karliak.