- knot-resolver-announce

by Aleš Mrázek

Dear Knot Resolver users, Knot Resolver 5.5.3 has been released! Security - fix CPU-expensive DoS by malicious domains - CVE-2022-40188 Improvements - fix config_tests on macOS (both HW variants) Full changelog: https://gitlab.nic.cz/knot/knot-resolver/raw/v5.5.3/NEWS Sources: https://secure.nic.cz/files/knot-resolver/knot-resolver-5.5.3.tar.xz GPG signature: https://secure.nic.cz/files/knot-resolver/knot-resolver-5.5.3.tar.xz.asc Documentation: https://knot-resolver.readthedocs.io/en/v5.5.3/ -- Ales Mrazek PGP: 3057 EE9A 448F 362D 7420 5A77 9AB1 20DA 0A76 F6DE

2 roky, 2 měsíce

1
0
0 0

Knot Resolver 5.5.1

by Aleš Mrázek

Dear Knot Resolver users, Knot Resolver 5.5.1 has been released! Improvements - daemon/tls: disable TLS resumption via tickets for TLS <= 1.2 (#742, !1295) - daemon/http: DoH now responds with proper HTTP codes (#728, !1279) - renumber module: allow rewriting subnet to a single IP (!1302) - renumber module: allow arbitrary netmask (!1306) - nameserver selection algorithm: improve IPv6 avoidance if broken (!1298) Bugfixes - modules/dns64: fix incorrect packet writes for cached packets (#727, !1275) - xdp: make it work also with libknot 3.1 (#735, !1276) - prefill module: fix lockup when starting multiple idle instances (!1285) - validator: fix some failing negative NSEC proofs (!1294, #738, #443) Full changelog: https://gitlab.nic.cz/knot/knot-resolver/raw/v5.5.1/NEWS Sources: https://secure.nic.cz/files/knot-resolver/knot-resolver-5.5.1.tar.xz GPG signature: https://secure.nic.cz/files/knot-resolver/knot-resolver-5.5.1.tar.xz.asc Documentation: https://knot-resolver.readthedocs.io/en/v5.5.1/ Donation: https://donations.nic.cz/en/donate/?project=knot-resolver -- Ales Mrazek PGP: 3057 EE9A 448F 362D 7420 5A77 9AB1 20DA 0A76 F6DE

2 roky, 4 měsíce

1
1
0 0

Knot Resolver 5.5.0

by Aleš Mrázek

Dear Knot Resolver users, Knot Resolver 5.5.0 has been released! Improvements - extended_errors: module for extended DNS error support, RFC8914 (!1234) - policy: log policy actions; useful for RPZ debugging (!1239) - policy: new action policy.IPTRACE for logging request origin (!1239) - prefill module: prepare for ZONEMD, improve performance (!1225) - validator: conditionally ignore SHA1 DS, as SHOULD by RFC4509 (!1251) - lib/resolve: use EDNS padding for outgoing TLS queries (!1254) - support for PROXYv2 protocol (!1238) - lib/resolve, policy: new NO_ANSWER flag for not responding to clients (!1257) Incompatible changes - libknot >= 3.0.2 is required Bugfixes - doh2: fix CORS by adding `access-control-allow-origin: *` (!1246) - net: fix listen by interface - add interface suffix to link-local IPv6 (!1253) - daemon/tls: fix resumption for outgoing TLS (e.g. TLS_FORWARD) (!1261) - nameserver selection: fix interaction of timeouts with reboots (#722, !1269) Full changelog: https://gitlab.nic.cz/knot/knot-resolver/raw/v5.5.0/NEWS Sources: https://secure.nic.cz/files/knot-resolver/knot-resolver-5.5.0.tar.xz GPG signature: https://secure.nic.cz/files/knot-resolver/knot-resolver-5.5.0.tar.xz.asc Documentation: https://knot-resolver.readthedocs.io/en/v5.5.0/ Donation: https://donations.nic.cz/en/donate/?project=knot-resolver -- Ales Mrazek PGP: 3057 EE9A 448F 362D 7420 5A77 9AB1 20DA 0A76 F6DE

2 roky, 9 měsíců

1
0
0 0

Knot Resolver 5.4.4

by Tomas Krizek

Dear Knot Resolver users, Knot Resolver 5.4.4 has been released! Bugfixes -------- - fix bad zone cut update in certain cases (e.g. AWS; !1237) Full changelog: https://gitlab.nic.cz/knot/knot-resolver/raw/v5.4.4/NEWS Sources: https://secure.nic.cz/files/knot-resolver/knot-resolver-5.4.4.tar.xz GPG signature: https://secure.nic.cz/files/knot-resolver/knot-resolver-5.4.4.tar.xz.asc Documentation: https://knot-resolver.readthedocs.io/en/v5.4.4/ -- Tomas Krizek PGP: 4A8B A48C 2AED 933B D495 C509 A1FB A5F7 EF8C 4869

2 roky, 11 měsíců

1
0
0 0

Knot Resolver 5.4.3

by Tomas Krizek

Dear Knot Resolver users, Knot Resolver 5.4.3 has been released! Improvements ------------ - lua: add kres.parse_rdata() to parse RDATA from string to wire format (!1233) - lua: add policy.domains() for exact domain name matching (!1228) Bugfixes -------- - policy.rpz: fix origin detection in files without $ORIGIN (!1215) - lua: log() works again; broken in 5.4.2 (!1223) - policy: correctly include EDNS0 previously omitted by some actions (!1230) - edns_keepalive: module is now properly loaded (!1229, thanks Josh Soref!) Full changelog: https://gitlab.nic.cz/knot/knot-resolver/raw/v5.4.3/NEWS Sources: https://secure.nic.cz/files/knot-resolver/knot-resolver-5.4.3.tar.xz GPG signature: https://secure.nic.cz/files/knot-resolver/knot-resolver-5.4.3.tar.xz.asc Documentation: https://knot-resolver.readthedocs.io/en/v5.4.3/ -- Tomas Krizek PGP: 4A8B A48C 2AED 933B D495 C509 A1FB A5F7 EF8C 4869

3 roky

1
0
0 0

Knot Resolver 5.4.2

by Tomas Krizek

Dear Knot Resolver users, Knot Resolver 5.4.2 has been released! Improvements ------------ - dns64 module: also map the reverse (PTR) subtree (#478, !1201) - dns64 module: allow disabling based on client address (#368, !1201) - dns64 module: allow configuring AAAA subnets not allowed in answer (!1201) - nameserver selection algorithm: improve IPv6 avoidance if broken (!1207) Bugfixes -------- - lua: log() output is visible with default log level again (!1208) - build: fix when knot-dns headers are on non-standard location (!1210) Full changelog: https://gitlab.nic.cz/knot/knot-resolver/raw/v5.4.2/NEWS Sources: https://secure.nic.cz/files/knot-resolver/knot-resolver-5.4.2.tar.xz GPG signature: https://secure.nic.cz/files/knot-resolver/knot-resolver-5.4.2.tar.xz.asc Documentation: https://knot-resolver.readthedocs.io/en/v5.4.2/ -- Tomas Krizek PGP: 4A8B A48C 2AED 933B D495 C509 A1FB A5F7 EF8C 4869

3 roky, 2 měsíce

1
0
0 0

Knot Resolver 5.4.1

by Tomas Krizek

Dear Knot Resolver users, Knot Resolver 5.4.1 has been released! Improvements ------------ - docker: base image on Debian 11 (!1203) Bugfixes -------- - fix build without doh2 support after 5.4.0 (!1197) - fix policy.DEBUG* logging and -V/--version after 5.4.0 (!1199) - doh2: ensure memory from unsent streams is freed (!1202) Full changelog: https://gitlab.nic.cz/knot/knot-resolver/raw/v5.4.1/NEWS Sources: https://secure.nic.cz/files/knot-resolver/knot-resolver-5.4.1.tar.xz GPG signature: https://secure.nic.cz/files/knot-resolver/knot-resolver-5.4.1.tar.xz.asc Documentation: https://knot-resolver.readthedocs.io/en/v5.4.1/ -- Tomas Krizek PGP: 4A8B A48C 2AED 933B D495 C509 A1FB A5F7 EF8C 4869

3 roky, 4 měsíce

1
0
0 0

Knot Resolver 5.4.0

by Tomas Krizek

Dear Knot Resolver users, Knot Resolver 5.4.0 has been released! It comes with improved logging facilities and new debugging options. Improvements ------------ - fine grained logging and syslog support (!1181) - expose HTTP headers for processing DoH requests (!1165) - improve assertion mechanism for debugging (!1146) - support apkg tool for packaging workflow (!1178) - support Knot DNS 3.1 (!1192, !1194) Bugfixes -------- - trust_anchors.set_insecure: improve precision (#673, !1177) - plug memory leaks related to TCP (!1182) - policy.FLAGS: fix not applying properly in edge cases (!1179) - fix a crash with older libuv inside timer processing (!1195) Incompatible changes -------------------- - see upgrading guide: https://knot-resolver.readthedocs.io/en/stable/upgrading.html#to-5-4 - legacy DoH implementation configuration in net.listen() was renamed from kind="doh" to kind="doh_legacy" (!1180) Full changelog: https://gitlab.nic.cz/knot/knot-resolver/raw/v5.4.0/NEWS Sources: https://secure.nic.cz/files/knot-resolver/knot-resolver-5.4.0.tar.xz GPG signature: https://secure.nic.cz/files/knot-resolver/knot-resolver-5.4.0.tar.xz.asc Documentation: https://knot-resolver.readthedocs.io/en/v5.4.0/ -- Tomas Krizek PGP: 4A8B A48C 2AED 933B D495 C509 A1FB A5F7 EF8C 4869

3 roky, 4 měsíce

1
0
0 0

Knot Resolver 5.3.2

by Tomas Krizek

Dear Knot Resolver users, Knot Resolver 5.3.2 has been released! Security -------- - validator: fix 5.3.1 regression on over-limit NSEC3 edge case (!1169) Assertion might be triggered by query/answer, potentially DoS. Improvements ------------ - cache: improve handling write errors from LMDB (!1159) - doh2: improve handling of stream errors (!1164) Bugfixes -------- - dnstap module: fix repeated configuration (!1168) - validator: fix SERVFAIL for some rare dynamic proofs (!1166) - fix SIGBUS on uncommon ARM machines (unaligned access; !1167, #426) - cache: better resilience on abnormal termination/restarts (!1172) - doh2: fix memleak on stream write failures (!1161) Full changelog: https://gitlab.nic.cz/knot/knot-resolver/raw/v5.3.2/NEWS Sources: https://secure.nic.cz/files/knot-resolver/knot-resolver-5.3.2.tar.xz GPG signature: https://secure.nic.cz/files/knot-resolver/knot-resolver-5.3.2.tar.xz.asc Documentation: https://knot-resolver.readthedocs.io/en/v5.3.2/ -- Tomas Krizek PGP: 4A8B A48C 2AED 933B D495 C509 A1FB A5F7 EF8C 4869

3 roky, 7 měsíců

1
0
0 0

Knot Resolver 5.3.1

by Tomas Krizek

Dear Knot Resolver users, Knot Resolver 5.3.1 has been released! Improvements ------------ - policy.STUB: try to avoid TCP (compared to 5.3.0; !1155) - validator: downgrade NSEC3 records with too many iterations (>150; !1160) - additional improvements to nameserver selection algorithm (!1154, !1150) Bugfixes -------- - dnstap module: don't break request resolution on dnstap errors (!1147) - cache garbage collector: fix crashes introduced in 5.3.0 (!1153) - policy.TLS_FORWARD: better avoid dead addresses (#671, !1156) Full changelog: https://gitlab.nic.cz/knot/knot-resolver/raw/v5.3.1/NEWS Sources: https://secure.nic.cz/files/knot-resolver/knot-resolver-5.3.1.tar.xz GPG signature: https://secure.nic.cz/files/knot-resolver/knot-resolver-5.3.1.tar.xz.asc Documentation: https://knot-resolver.readthedocs.io/en/v5.3.1/ -- Tomas Krizek PGP: 4A8B A48C 2AED 933B D495 C509 A1FB A5F7 EF8C 4869

3 roky, 8 měsíců

1
0
0 0

2024

2023

2022

2021

2020

2019

2018

knot-resolver-announce