[knot-dns-users] Knot Resolver 1.2.4 release

Dear Knot Resolver users, a bugfix release of Knot Resolver 1.2.4 has been released. The release contains following improvements and bugfixes: Security -------- - Knot Resolver 1.2.0 and higher could return AD flag for insecure answer if the daemon received answer with invalid RRSIG several times in a row. Improvements ------------ - modules/policy: allow QTRACE policy to be chained with other policies - hints.add_hosts(path): a new property - module: document the API and simplify the code - policy.MIRROR: support IPv6 link-local addresses - policy.FORWARD: support IPv6 link-local addresses - add net.outgoing_{v4,v6} to allow specifying address to use for connections Bugfixes -------- - layer/iterate: some improvements in cname chain unrolling - layer/validate: fix duplicate records in AUTHORITY section in case of WC expansion proof - lua: do *not* truncate cache size to unsigned - forwarding mode: correctly forward +cd flag - fix a potential memory leak - don't treat answers that contain DS non-existance proof as insecure - don't store NSEC3 and their signatures in the cache - layer/iterate: when processing delegations, check if qname is at or below new authority The update from 1.2.3 to 1.2.4 is recommended. The update from 1.1.x to 1.2.x branch is strongly recommended, the 1.1.x branch is no longer supported. Full changelog: https://gitlab.labs.nic.cz/knot/resolver/raw/v1.2.4/NEWS Sources: https://secure.nic.cz/files/knot-resolver/knot-resolver-1.2.4.tar.xz GPG signature: https://secure.nic.cz/files/knot-resolver/knot-resolver-1.2.4.tar.xz.asc Documentation: http://knot-resolver.readthedocs.io/en/latest/ -- Ondřej Surý -- Technical Fellow -------------------------------------------- CZ.NIC, z.s.p.o. -- Laboratoře CZ.NIC Milesovska 5, 130 00 Praha 3, Czech Republic mailto:ondrej.sury@nic.cz https://nic.cz/ --------------------------------------------