Dear Knot Resolver users,
Knot Resolver 6.0.16 (early-access) has been released!
Improvements:
- reduce validation strictness for domain names (#934, !1727)
- manager: force a configuration reload via management HTTP API
'api/reload/force' (#939, !1748)
- kresctl: reload: added '--force' flag
- /fallback: add this feature/module (!1733)
- systemd: do not force-fail knot-resolver.service on OOM (!1724)
In basically all cases the OOM killer will kill a kresd process
and supervisord will just restart it, and everything will keep working.
Bugfixes:
- /options/query-case-randomization: respect this even on TCP issues (!1732)
- prometheus metrics: make the latency histogram cumulative (!1731, GH#117)
- fix file permission checks when running as root (!1741)
- /network/address-renumbering: fix conversion to Lua configuration (!1739)
- manager: avoid uncommon bugs when starting/quitting policy-loader (!1742)
Full changelog:
https://gitlab.nic.cz/knot/knot-resolver/raw/v6.0.16/NEWS
Sources:
https://secure.nic.cz/files/knot-resolver/knot-resolver-6.0.16.tar.xz
GPG signature:
https://secure.nic.cz/files/knot-resolver/knot-resolver-6.0.16.tar.xz.asc
Documentation:
https://www.knot-resolver.cz/documentation/v6.0.16/
--
Ales Mrazek
PGP: 3057 EE9A 448F 362D 7420 5A77 9AB1 20DA 0A76 F6DE
Dear Knot Resolver users,
Knot Resolver 6.0.15 (early-access) has been released!
Security:
- DoS: fix a rare segfault in `resolve` function (!1717)
Someone controlling the DNS traffic might be able
to trigger this crash intentionally and too often.
- DoS: drop a wrong assertion/crash (!1718)
Someone controlling the DNS traffic will most likely be able
to trigger this crash intentionally and too often.
Bugfixes:
- manager: prometheus metrics update (!1703, #917, !1712)
- added missing metrics split by IPv4 and IPv6
- typo: resolver_answer_flags_rd_total -> resolver_answer_flag_rd_total
- /dnssec/trust-anchors-files: fix resolver startup (!1704)
- /network/edns-buffer-size: fix swapped upstream+downstream (!1711)
- cache: fix a crash in case garbage collection is too slow (!1713)
[system] assertion "env->is_cache" failed in cdb_write
- /cache/prefill: fix 6.0.13 regression (!1705)
- datamodel: improve file permission check (#933, !1714)
- NO_CACHE flag: fix and tweak its behavior (!1715)
Improvements:
- update/more precise default answers for special names (!1709)
https://www.iana.org/assignments/special-use-domain-nameshttps://www.iana.org/assignments/locally-served-dns-zones
- kresctl: strict validation is now disabled by default (!1714)
Full changelog:
https://gitlab.nic.cz/knot/knot-resolver/raw/v6.0.15/NEWS
Sources:
https://secure.nic.cz/files/knot-resolver/knot-resolver-6.0.15.tar.xz
GPG signature:
https://secure.nic.cz/files/knot-resolver/knot-resolver-6.0.15.tar.xz.asc
Documentation:
https://www.knot-resolver.cz/documentation/v6.0.15/
--
Ales Mrazek
PGP: 3057 EE9A 448F 362D 7420 5A77 9AB1 20DA 0A76 F6DE
Dear Knot Resolver users,
Knot Resolver 6.0.12 (early-access) has been released!
Security:
- DoS: fix rare crashes with either of the lines below (!1682)
[system] requirement "h && h->end > h->begin" failed in queue_pop_impl
[system] requirement "val == task" failed in session2_tasklist_del
Bugfixes:
- daemon: fix DoH with multiple "parallel" queries in one connection
(#931, !1677)
- /management/unix-socket: revert to absolute path (#926, !1664)
- fix `tags` when used in /local-data/rules/*/records (!1670)
- stats: request latency was very incorrect in some cases (!1676)
Improvements:
- /local-data/rpz/*/watchdog: new configuration to enable watchdog for
RPZ files (!1665)
Full changelog:
https://gitlab.nic.cz/knot/knot-resolver/raw/v6.0.12/NEWS
Sources:
https://secure.nic.cz/files/knot-resolver/knot-resolver-6.0.12.tar.xz
GPG signature:
https://secure.nic.cz/files/knot-resolver/knot-resolver-6.0.12.tar.xz.asc
Documentation:
https://www.knot-resolver.cz/documentation/v6.0.12/
--
Ales Mrazek
PGP: 3057 EE9A 448F 362D 7420 5A77 9AB1 20DA 0A76 F6DE
