Dear Knot Resolver users,
Knot Resolver 5.4.0 has been released! It comes with improved logging
facilities and new debugging options.
Improvements
------------
- fine grained logging and syslog support (!1181)
- expose HTTP headers for processing DoH requests (!1165)
- improve assertion mechanism for debugging (!1146)
- support apkg tool for packaging workflow (!1178)
- support Knot DNS 3.1 (!1192, !1194)
Bugfixes
--------
- trust_anchors.set_insecure: improve precision (#673, !1177)
- plug memory leaks related to TCP (!1182)
- policy.FLAGS: fix not applying properly in edge cases (!1179)
- fix a crash with older libuv inside timer processing (!1195)
Incompatible changes
--------------------
- see upgrading guide:
https://knot-resolver.readthedocs.io/en/stable/upgrading.html#to-5-4
- legacy DoH implementation configuration in net.listen() was renamed
from kind="doh" to kind="doh_legacy" (!1180)
Full changelog:
https://gitlab.nic.cz/knot/knot-resolver/raw/v5.4.0/NEWS
Sources:
https://secure.nic.cz/files/knot-resolver/knot-resolver-5.4.0.tar.xz
GPG signature:
https://secure.nic.cz/files/knot-resolver/knot-resolver-5.4.0.tar.xz.asc
Documentation:
https://knot-resolver.readthedocs.io/en/v5.4.0/
--
Tomas Krizek
PGP: 4A8B A48C 2AED 933B D495 C509 A1FB A5F7 EF8C 4869
Dear Knot Resolver users,
Knot Resolver 5.3.0 has been released!
Note regarding CentOS 8 packages: Due to the Red Hat's hostile decision
to exclude devel packages from their distribution, we won't be providing
upstream packages or maintaining knot-resolver package in EPEL8 until
libuv-devel has been included in official RHEL8 release [rhbz#1895872].
If you depend on these, we can find a solution for your use-case as part
of the paid support we offer [1].
[rhbz#1895872] - https://bugzilla.redhat.com/show_bug.cgi?id=1895872
[1] - https://www.knot-resolver.cz/support/pro/
Improvements
------------
- more consistency in using parent-side records for NS addresses (!1097)
- better algorithm for choosing nameservers (!1030, !1126, !1140, !1141,
!1143)
- daf module: add daf.clear() (!1114)
- dnstap module: more features and don't log internal requests (!1103)
- dnstap module: include in upstream packages and Docker image (!1110,
!1118)
- randomize record order by default, i.e. reorder_RR(true) (!1124)
- prometheus module: transform graphite tags into prometheus labels
(!1109)
- avoid excessive logging of UDP replies with sendmmsg (!1138)
Bugfixes
--------
- view: fail config if bad subnet is specified (!1112)
- doh2: fix memory leak (!1117)
- policy.ANSWER: minor fixes, mainly around NODATA answers (!1129)
- http, watchdog modules: fix stability problems (!1136)
Incompatible changes
--------------------
- dnstap module: `log_responses` option gets nested under `client`;
see new docs for config example (!1103)
- libknot >= 2.9 is required
Full changelog:
https://gitlab.nic.cz/knot/knot-resolver/raw/v5.3.0/NEWS
Sources:
https://secure.nic.cz/files/knot-resolver/knot-resolver-5.3.0.tar.xz
GPG signature:
https://secure.nic.cz/files/knot-resolver/knot-resolver-5.3.0.tar.xz.asc
Documentation:
https://knot-resolver.readthedocs.io/en/v5.3.0/
--
Tomas Krizek
PGP: 4A8B A48C 2AED 933B D495 C509 A1FB A5F7 EF8C 4869
Dear Knot Resolver users,
I have an early notification for those who rely on our upstream package
repositories for Debian 9 and Ubuntu 16.04.
Ubuntu 16.04: We'll no longer provide packages after April 2021 when the
distribution reaches end of life.
Debian 9: Knot Resolver 5.x is the last supported major version for
Debian 9. Once we release a new major version, we'll no longer provide
packages for Debian 9. We expect to release our next major version in
the second half of 2021.
Packages for other distributions remain unaffected and are supported as
usual.
Thanks for understanding.
--
Tomas Krizek
PGP: 4A8B A48C 2AED 933B D495 C509 A1FB A5F7 EF8C 4869
Dear Knot Resolver users,
Knot Resolver 5.2.0 has been released!
One of the notable features is a new DNS-over-HTTTPS implementation
which is more scalable and stable than the old one. It also has less
dependencies and simpler configuration.
Another new feature is experimental eXpress Data Path (XDP) support for
UDP. With support from both the network card and the kernel, it can
provide superior performance and lower latency for UDP answers.
Some of the improvements and bugfixes required a few backward
incompatible changes, mainly regarding control sockets or module API.
Please refer to our upgrading guide for details:
https://knot-resolver.readthedocs.io/en/v5.2.0/upgrading.html#to-5-2
Improvements
------------
- doh2: add native C module for DNS-over-HTTPS (#600, !997)
- xdp: add server-side XDP support for higher UDP performance (#533,
!1083)
- lower default EDNS buffer size to 1232 bytes (#538, #300, !920);
see https://dnsflagday.net/2020/
- net: split the EDNS buffer size into upstream and downstream (!1026)
- lua-http doh: answer to /dns-query endpoint as well as /doh (!1069)
- improve resiliency against UDP fragmentation attacks (disable PMTUD)
(!1061)
- ta_update: warn if there are differences between statically configured
keys and upstream (#251, !1051)
- human readable output in interactive mode was improved (!1020)
- doc: generate info page (!1079)
- packaging: improve sysusers and tmpfiles support (!1080)
Bugfixes
--------
- avoid an assert() error in stash_rrset() (!1072)
- fix emergency cache locking bug introduced in 5.1.3 (!1078)
- migrate map() command to control sockets; fix systemd integration
(!1000)
- fix crash when sending back errors over control socket (!1000)
- fix SERVFAIL while processing forwarded CNAME to a sibling zone (#614,
!1070)
Incompatible changes
--------------------
- see upgrading guide:
https://knot-resolver.readthedocs.io/en/v5.2.0/upgrading.html#to-5-2
- minor changes in module API
- control socket API commands have to be terminated by "\n"
- graphite: default prefix now contains instance identifier (!1000)
- build: meson >= 0.49 is required (!1082)
- planned changes in future versions:
https://knot-resolver.readthedocs.io/en/v5.2.0/upgrading.html#upcoming-chan…
Full changelog:
https://gitlab.nic.cz/knot/knot-resolver/raw/v5.2.0/NEWS
Sources:
https://secure.nic.cz/files/knot-resolver/knot-resolver-5.2.0.tar.xz
GPG signature:
https://secure.nic.cz/files/knot-resolver/knot-resolver-5.2.0.tar.xz.asc
Documentation:
https://knot-resolver.readthedocs.io/en/v5.2.0/
--
Tomas Krizek
PGP: 4A8B A48C 2AED 933B D495 C509 A1FB A5F7 EF8C 4869