- knot-resolver-announce

by Aleš Mrázek

Dear Knot Resolver users, Knot Resolver 6.2.0 has been released! Improvements: - DNS-over-QUIC (DoQ) is available for serving (beta, !1747) Bugfixes: - fix UDP answers without sendmmsg, e.g. on non-Linux (!1795) - fix /logging/groups in python 3.8 (!1799) Full changelog: https://gitlab.nic.cz/knot/knot-resolver/raw/v6.2.0/NEWS Sources: https://secure.nic.cz/files/knot-resolver/knot-resolver-6.2.0.tar.xz GPG signature: https://secure.nic.cz/files/knot-resolver/knot-resolver-6.2.0.tar.xz.asc Documentation: https://www.knot-resolver.cz/documentation/v6.2.0/ -- Ales Mrazek PGP: 3057 EE9A 448F 362D 7420 5A77 9AB1 20DA 0A76 F6DE

2 months

1
0
0 0

Knot Resolver 6.1.0 (stable)

by Aleš Mrázek

Dear Knot Resolver users, Knot Resolver 6.1.0, the first officially stable version 6, has been released! As of this release, version 6 is preferred over version 5. Improvements: - logging: improved logging groups (!1768) - support libdnssec merged into libknot, as planned for knot >= 3.6 (!1769) - support cmocka 2.0.0 (!1772) - avoid AD=1 in reply if ANSWER+AUTHORITY are empty (#914, !1780) - defer: enabled by default in declarative configuration (!1785) - /defer/enable: false -> true - datamodel: lua: added Lua scripts for policy-loader (!1771) Bugfixes: - reload did not apply changes to /fallback (!1763) - fix config.cache.clear test on apple silicon (!1766) - cache: fix wrong TTL in some cases, typically 32768 (!1774) Full changelog: https://gitlab.nic.cz/knot/knot-resolver/raw/v6.1.0/NEWS Sources: https://secure.nic.cz/files/knot-resolver/knot-resolver-6.1.0.tar.xz GPG signature: https://secure.nic.cz/files/knot-resolver/knot-resolver-6.1.0.tar.xz.asc Documentation: https://www.knot-resolver.cz/documentation/v6.1.0/ -- Ales Mrazek PGP: 3057 EE9A 448F 362D 7420 5A77 9AB1 20DA 0A76 F6DE

3 months

1
0
0 0

Knot Resolver 6.0.17

by Aleš Mrázek

Dear Knot Resolver users, Knot Resolver 6.0.17 (early-access) has been released! Improvements: - kresctl migrate: new command for migrating the configuration to a newer version (!1672) - manager: basic support for non-Linux systems (macOS, FreeBSD) (!1758) - cache: collect garbage based on usage statistics (!1726) This results in using the cache space better, and in practice it reduces latency especially in case of answers that are *not* fully cached. Incompatible changes: See upgrading guide for incompatible configuration changes: https://www.knot-resolver.cz/documentation/v6.0.17/upgrading.html - Removed options from declarative configuration model (YAML). (!1672, !1754) These are mostly experimental and debugging/testing options that are not useful for general users (remain in Lua): - /dnssec/refresh-time - /dnssec/hold-down-time - /dnssec/time-skew-detection - /dnssec/keep-removed - /local-data/root-fallback-addresses* - /logging/debugging - /max-workers - /network/tls/auto-discovery - /webmgmt - Renamed/moved options in the declarative configuration model (YAML). (!1672) - /cache/garbage-collector -> /cache/garbage-collector/enable - /cache/prefetch/prediction -> /cache/prefetch/prediction/enable - /defer/enabled -> /defer/enable - /dns64: true|false -> /dns64/enable: true|false - /dns64/rev-ttl -> /dns64/reverse-ttl - /dnssec: true|false -> /dnssec/enable: true|false - /dnssec/trust-anchor-sentinel -> /dnssec/sentinel - /dnssec/trust-anchor-signal-query -> /dnssec/signal-query - /logging/dnstap -> /logging/dnstap/enable - /logging/dnssec-bogus -> /dnssec/log-bogus - /monitoring/enabled -> /monitoring/metrics - /monitoring/graphite -> /monitoring/graphite/enable - /network/proxy_protocol -> /network/proxy_protocol/enable - /network/tls/files-watchdog -> /network/tls/watchdog - /rate-limiting -> /rate-limiting/enable - Changed default values in declarative configuration model (YAML). (!1672) - /logging/dnstap/log-queries: true -> false - /logging/dnstap/log-responses: true -> false - /logging/dnstap/log-tcp-rtt: true -> false Full changelog: https://gitlab.nic.cz/knot/knot-resolver/raw/v6.0.17/NEWS Sources: https://secure.nic.cz/files/knot-resolver/knot-resolver-6.0.17.tar.xz GPG signature: https://secure.nic.cz/files/knot-resolver/knot-resolver-6.0.17.tar.xz.asc Documentation: https://www.knot-resolver.cz/documentation/v6.0.17/ -- Ales Mrazek PGP: 3057 EE9A 448F 362D 7420 5A77 9AB1 20DA 0A76 F6DE

4 months, 1 week

1
0
0 0

Knot Resolver 6.0.16

by Aleš Mrázek

Dear Knot Resolver users, Knot Resolver 6.0.16 (early-access) has been released! Improvements: - reduce validation strictness for domain names (#934, !1727) - manager: force a configuration reload via management HTTP API 'api/reload/force' (#939, !1748) - kresctl: reload: added '--force' flag - /fallback: add this feature/module (!1733) - systemd: do not force-fail knot-resolver.service on OOM (!1724) In basically all cases the OOM killer will kill a kresd process and supervisord will just restart it, and everything will keep working. Bugfixes: - /options/query-case-randomization: respect this even on TCP issues (!1732) - prometheus metrics: make the latency histogram cumulative (!1731, GH#117) - fix file permission checks when running as root (!1741) - /network/address-renumbering: fix conversion to Lua configuration (!1739) - manager: avoid uncommon bugs when starting/quitting policy-loader (!1742) Full changelog: https://gitlab.nic.cz/knot/knot-resolver/raw/v6.0.16/NEWS Sources: https://secure.nic.cz/files/knot-resolver/knot-resolver-6.0.16.tar.xz GPG signature: https://secure.nic.cz/files/knot-resolver/knot-resolver-6.0.16.tar.xz.asc Documentation: https://www.knot-resolver.cz/documentation/v6.0.16/ -- Ales Mrazek PGP: 3057 EE9A 448F 362D 7420 5A77 9AB1 20DA 0A76 F6DE

5 months, 1 week

1
0
0 0

Knot Resolver 6.0.15

by Aleš Mrázek

Dear Knot Resolver users, Knot Resolver 6.0.15 (early-access) has been released! Security: - DoS: fix a rare segfault in `resolve` function (!1717) Someone controlling the DNS traffic might be able to trigger this crash intentionally and too often. - DoS: drop a wrong assertion/crash (!1718) Someone controlling the DNS traffic will most likely be able to trigger this crash intentionally and too often. Bugfixes: - manager: prometheus metrics update (!1703, #917, !1712) - added missing metrics split by IPv4 and IPv6 - typo: resolver_answer_flags_rd_total -> resolver_answer_flag_rd_total - /dnssec/trust-anchors-files: fix resolver startup (!1704) - /network/edns-buffer-size: fix swapped upstream+downstream (!1711) - cache: fix a crash in case garbage collection is too slow (!1713) [system] assertion "env->is_cache" failed in cdb_write - /cache/prefill: fix 6.0.13 regression (!1705) - datamodel: improve file permission check (#933, !1714) - NO_CACHE flag: fix and tweak its behavior (!1715) Improvements: - update/more precise default answers for special names (!1709) https://www.iana.org/assignments/special-use-domain-names https://www.iana.org/assignments/locally-served-dns-zones - kresctl: strict validation is now disabled by default (!1714) Full changelog: https://gitlab.nic.cz/knot/knot-resolver/raw/v6.0.15/NEWS Sources: https://secure.nic.cz/files/knot-resolver/knot-resolver-6.0.15.tar.xz GPG signature: https://secure.nic.cz/files/knot-resolver/knot-resolver-6.0.15.tar.xz.asc Documentation: https://www.knot-resolver.cz/documentation/v6.0.15/ -- Ales Mrazek PGP: 3057 EE9A 448F 362D 7420 5A77 9AB1 20DA 0A76 F6DE

8 months, 3 weeks

1
0
0 0

Knot Resolver 5.7.6

by Aleš Mrázek

Dear Knot Resolver users, Knot Resolver 5.7.6 (stable) has been released! Please consider using our packages from https://pkg.labs.nic.cz/doc/?project=knot-resolver and https://copr.fedorainfracloud.org/coprs/g/cznic/knot-resolver5 if you're not already using them. Security: - DoS: fix a rare segfault in `resolve` function (!1720) Someone controlling the DNS traffic might be able to trigger this crash intentionally and too often. - DoS: drop a wrong assertion/crash (!1721) Someone controlling the DNS traffic will most likely be able to trigger this crash intentionally and too often. Full changelog: https://gitlab.nic.cz/knot/knot-resolver/raw/v5.7.6/NEWS Sources: https://secure.nic.cz/files/knot-resolver/knot-resolver-5.7.6.tar.xz GPG signature: https://secure.nic.cz/files/knot-resolver/knot-resolver-5.7.6.tar.xz.asc Documentation: https://www.knot-resolver.cz/documentation/v5.7.6/ -- Ales Mrazek PGP: 3057 EE9A 448F 362D 7420 5A77 9AB1 20DA 0A76 F6DE

8 months, 3 weeks

1
0
0 0

Knot Resolver 6.0.14

by Aleš Mrázek

Dear Knot Resolver users, Knot Resolver 6.0.14 (early-access) has been released! Bugfixes: - /local-data/**: fix 6.0.13 regressions (!1697, !1699) The errors read as "wrong number of arguments for function call" or "does not have field named 'log'" Full changelog: https://gitlab.nic.cz/knot/knot-resolver/raw/v6.0.14/NEWS Sources: https://secure.nic.cz/files/knot-resolver/knot-resolver-6.0.14.tar.xz GPG signature: https://secure.nic.cz/files/knot-resolver/knot-resolver-6.0.14.tar.xz.asc Documentation: https://www.knot-resolver.cz/documentation/v6.0.14/ -- Ales Mrazek PGP: 3057 EE9A 448F 362D 7420 5A77 9AB1 20DA 0A76 F6DE

10 months, 1 week

1
0
0 0

Knot Resolver 6.0.13

by Aleš Mrázek

Dear Knot Resolver users, Knot Resolver 6.0.13 (early-access) has been released! Security: - DoS: fix more rare crashes with `requirement` failing (#930, !1696) [system] requirement "session2_is_empty(s)" failed in session2_transport_event (and others not observed in practice) Bugfixes: - fix `dnssec: false` (!1687) - fix undefined disable_defer (!1685) - daemon: fix a memory leak present since v6.0.9 (#927) - fix logging `[prefil] empty zone file` (!1688) Improvements: - C++ compatibility of lib/ headers (!1689) - /local-data/rpz/*/log: add option to log RPZ matches (!1694) Full changelog: https://gitlab.nic.cz/knot/knot-resolver/raw/v6.0.13/NEWS Sources: https://secure.nic.cz/files/knot-resolver/knot-resolver-6.0.13.tar.xz GPG signature: https://secure.nic.cz/files/knot-resolver/knot-resolver-6.0.13.tar.xz.asc Documentation: https://www.knot-resolver.cz/documentation/v6.0.13/ -- Ales Mrazek PGP: 3057 EE9A 448F 362D 7420 5A77 9AB1 20DA 0A76 F6DE

10 months, 2 weeks

1
0
0 0

Knot Resolver 6.0.12

by Aleš Mrázek

Dear Knot Resolver users, Knot Resolver 6.0.12 (early-access) has been released! Security: - DoS: fix rare crashes with either of the lines below (!1682) [system] requirement "h && h->end > h->begin" failed in queue_pop_impl [system] requirement "val == task" failed in session2_tasklist_del Bugfixes: - daemon: fix DoH with multiple "parallel" queries in one connection (#931, !1677) - /management/unix-socket: revert to absolute path (#926, !1664) - fix `tags` when used in /local-data/rules/*/records (!1670) - stats: request latency was very incorrect in some cases (!1676) Improvements: - /local-data/rpz/*/watchdog: new configuration to enable watchdog for RPZ files (!1665) Full changelog: https://gitlab.nic.cz/knot/knot-resolver/raw/v6.0.12/NEWS Sources: https://secure.nic.cz/files/knot-resolver/knot-resolver-6.0.12.tar.xz GPG signature: https://secure.nic.cz/files/knot-resolver/knot-resolver-6.0.12.tar.xz.asc Documentation: https://www.knot-resolver.cz/documentation/v6.0.12/ -- Ales Mrazek PGP: 3057 EE9A 448F 362D 7420 5A77 9AB1 20DA 0A76 F6DE

11 months, 3 weeks

1
0
0 0

Knot Resolver 5.7.5

by Aleš Mrázek

Dear Knot Resolver users, Knot Resolver 5.7.5 (stable) has been released! Please consider using our packages from https://pkg.labs.nic.cz/doc/?project=knot-resolver and https://copr.fedorainfracloud.org/coprs/g/cznic/knot-resolver5 if you're not already using them. Security: - DoS: fix unconfirmed crashes with the line below (!1683) [system] requirement "h && h->end > h->begin" failed in queue_pop_impl Improvements: - tests: disable problematic config.http test (#925, !1678) - validator: accept a confusing NODATA proof with insecure delegation (!1678) Bugfixes: - daemon/http: DoH stream got stuck after returning an error code (!1652) - stats: request latency was very incorrect in some cases (!1678) Full changelog: https://gitlab.nic.cz/knot/knot-resolver/raw/v5.7.5/NEWS Sources: https://secure.nic.cz/files/knot-resolver/knot-resolver-5.7.5.tar.xz GPG signature: https://secure.nic.cz/files/knot-resolver/knot-resolver-5.7.5.tar.xz.asc Documentation: https://www.knot-resolver.cz/documentation/v5.7.5/ -- Ales Mrazek PGP: 3057 EE9A 448F 362D 7420 5A77 9AB1 20DA 0A76 F6DE

11 months, 3 weeks

1
0
0 0

2026

2025

2024

2023

2022

2021

2020

2019

2018

knot-resolver-announce