- knot-resolver-announce

by Tomas Krizek

Dear Knot Resolver users, Knot Resolver 5.4.1 has been released! Improvements ------------ - docker: base image on Debian 11 (!1203) Bugfixes -------- - fix build without doh2 support after 5.4.0 (!1197) - fix policy.DEBUG* logging and -V/--version after 5.4.0 (!1199) - doh2: ensure memory from unsent streams is freed (!1202) Full changelog: https://gitlab.nic.cz/knot/knot-resolver/raw/v5.4.1/NEWS Sources: https://secure.nic.cz/files/knot-resolver/knot-resolver-5.4.1.tar.xz GPG signature: https://secure.nic.cz/files/knot-resolver/knot-resolver-5.4.1.tar.xz.asc Documentation: https://knot-resolver.readthedocs.io/en/v5.4.1/ -- Tomas Krizek PGP: 4A8B A48C 2AED 933B D495 C509 A1FB A5F7 EF8C 4869

4 roky, 10 měsíců

1
0
0 0

Knot Resolver 5.4.0

by Tomas Krizek

Dear Knot Resolver users, Knot Resolver 5.4.0 has been released! It comes with improved logging facilities and new debugging options. Improvements ------------ - fine grained logging and syslog support (!1181) - expose HTTP headers for processing DoH requests (!1165) - improve assertion mechanism for debugging (!1146) - support apkg tool for packaging workflow (!1178) - support Knot DNS 3.1 (!1192, !1194) Bugfixes -------- - trust_anchors.set_insecure: improve precision (#673, !1177) - plug memory leaks related to TCP (!1182) - policy.FLAGS: fix not applying properly in edge cases (!1179) - fix a crash with older libuv inside timer processing (!1195) Incompatible changes -------------------- - see upgrading guide: https://knot-resolver.readthedocs.io/en/stable/upgrading.html#to-5-4 - legacy DoH implementation configuration in net.listen() was renamed from kind="doh" to kind="doh_legacy" (!1180) Full changelog: https://gitlab.nic.cz/knot/knot-resolver/raw/v5.4.0/NEWS Sources: https://secure.nic.cz/files/knot-resolver/knot-resolver-5.4.0.tar.xz GPG signature: https://secure.nic.cz/files/knot-resolver/knot-resolver-5.4.0.tar.xz.asc Documentation: https://knot-resolver.readthedocs.io/en/v5.4.0/ -- Tomas Krizek PGP: 4A8B A48C 2AED 933B D495 C509 A1FB A5F7 EF8C 4869

4 roky, 11 měsíců

1
0
0 0

Knot Resolver 5.3.2

by Tomas Krizek

Dear Knot Resolver users, Knot Resolver 5.3.2 has been released! Security -------- - validator: fix 5.3.1 regression on over-limit NSEC3 edge case (!1169) Assertion might be triggered by query/answer, potentially DoS. Improvements ------------ - cache: improve handling write errors from LMDB (!1159) - doh2: improve handling of stream errors (!1164) Bugfixes -------- - dnstap module: fix repeated configuration (!1168) - validator: fix SERVFAIL for some rare dynamic proofs (!1166) - fix SIGBUS on uncommon ARM machines (unaligned access; !1167, #426) - cache: better resilience on abnormal termination/restarts (!1172) - doh2: fix memleak on stream write failures (!1161) Full changelog: https://gitlab.nic.cz/knot/knot-resolver/raw/v5.3.2/NEWS Sources: https://secure.nic.cz/files/knot-resolver/knot-resolver-5.3.2.tar.xz GPG signature: https://secure.nic.cz/files/knot-resolver/knot-resolver-5.3.2.tar.xz.asc Documentation: https://knot-resolver.readthedocs.io/en/v5.3.2/ -- Tomas Krizek PGP: 4A8B A48C 2AED 933B D495 C509 A1FB A5F7 EF8C 4869

5 let, 1 měsíc

1
0
0 0

Knot Resolver 5.3.1

by Tomas Krizek

Dear Knot Resolver users, Knot Resolver 5.3.1 has been released! Improvements ------------ - policy.STUB: try to avoid TCP (compared to 5.3.0; !1155) - validator: downgrade NSEC3 records with too many iterations (>150; !1160) - additional improvements to nameserver selection algorithm (!1154, !1150) Bugfixes -------- - dnstap module: don't break request resolution on dnstap errors (!1147) - cache garbage collector: fix crashes introduced in 5.3.0 (!1153) - policy.TLS_FORWARD: better avoid dead addresses (#671, !1156) Full changelog: https://gitlab.nic.cz/knot/knot-resolver/raw/v5.3.1/NEWS Sources: https://secure.nic.cz/files/knot-resolver/knot-resolver-5.3.1.tar.xz GPG signature: https://secure.nic.cz/files/knot-resolver/knot-resolver-5.3.1.tar.xz.asc Documentation: https://knot-resolver.readthedocs.io/en/v5.3.1/ -- Tomas Krizek PGP: 4A8B A48C 2AED 933B D495 C509 A1FB A5F7 EF8C 4869

5 let, 3 měsíce

1
0
0 0

Knot Resolver 5.3.0

by Tomas Krizek

Dear Knot Resolver users, Knot Resolver 5.3.0 has been released! Note regarding CentOS 8 packages: Due to the Red Hat's hostile decision to exclude devel packages from their distribution, we won't be providing upstream packages or maintaining knot-resolver package in EPEL8 until libuv-devel has been included in official RHEL8 release [rhbz#1895872]. If you depend on these, we can find a solution for your use-case as part of the paid support we offer [1]. [rhbz#1895872] - https://bugzilla.redhat.com/show_bug.cgi?id=1895872 [1] - https://www.knot-resolver.cz/support/pro/ Improvements ------------ - more consistency in using parent-side records for NS addresses (!1097) - better algorithm for choosing nameservers (!1030, !1126, !1140, !1141, !1143) - daf module: add daf.clear() (!1114) - dnstap module: more features and don't log internal requests (!1103) - dnstap module: include in upstream packages and Docker image (!1110, !1118) - randomize record order by default, i.e. reorder_RR(true) (!1124) - prometheus module: transform graphite tags into prometheus labels (!1109) - avoid excessive logging of UDP replies with sendmmsg (!1138) Bugfixes -------- - view: fail config if bad subnet is specified (!1112) - doh2: fix memory leak (!1117) - policy.ANSWER: minor fixes, mainly around NODATA answers (!1129) - http, watchdog modules: fix stability problems (!1136) Incompatible changes -------------------- - dnstap module: `log_responses` option gets nested under `client`; see new docs for config example (!1103) - libknot >= 2.9 is required Full changelog: https://gitlab.nic.cz/knot/knot-resolver/raw/v5.3.0/NEWS Sources: https://secure.nic.cz/files/knot-resolver/knot-resolver-5.3.0.tar.xz GPG signature: https://secure.nic.cz/files/knot-resolver/knot-resolver-5.3.0.tar.xz.asc Documentation: https://knot-resolver.readthedocs.io/en/v5.3.0/ -- Tomas Krizek PGP: 4A8B A48C 2AED 933B D495 C509 A1FB A5F7 EF8C 4869

5 let, 4 měsíce

1
0
0 0

Knot Resolver: Upcoming Debian 9 & Ubuntu 16.04 EOL

by Tomas Krizek

Dear Knot Resolver users, I have an early notification for those who rely on our upstream package repositories for Debian 9 and Ubuntu 16.04. Ubuntu 16.04: We'll no longer provide packages after April 2021 when the distribution reaches end of life. Debian 9: Knot Resolver 5.x is the last supported major version for Debian 9. Once we release a new major version, we'll no longer provide packages for Debian 9. We expect to release our next major version in the second half of 2021. Packages for other distributions remain unaffected and are supported as usual. Thanks for understanding. -- Tomas Krizek PGP: 4A8B A48C 2AED 933B D495 C509 A1FB A5F7 EF8C 4869

5 let, 4 měsíce

1
0
0 0

Knot Resolver 5.2.1

by Tomas Krizek

Dear Knot Resolver users, Knot Resolver 5.2.1 has been released! Improvements ------------ - doh2: send Cache-Control header with TTL (#617, !1095) Bugfixes -------- - fix map() command on 32-bit platforms; regressed in 5.2.0 (!1093) - doh2: restrict endpoints to doh and dns-query (#636, !1104) - renumber: map to correct subnet when using multiple rules (!1107) Full changelog: https://gitlab.nic.cz/knot/knot-resolver/raw/v5.2.1/NEWS Sources: https://secure.nic.cz/files/knot-resolver/knot-resolver-5.2.1.tar.xz GPG signature: https://secure.nic.cz/files/knot-resolver/knot-resolver-5.2.1.tar.xz.asc Documentation: https://knot-resolver.readthedocs.io/en/v5.2.1/ -- Tomas Krizek PGP: 4A8B A48C 2AED 933B D495 C509 A1FB A5F7 EF8C 4869

5 let, 6 měsíců

1
0
0 0

Knot Resolver 5.2.0

by Tomas Krizek

Dear Knot Resolver users, Knot Resolver 5.2.0 has been released! One of the notable features is a new DNS-over-HTTTPS implementation which is more scalable and stable than the old one. It also has less dependencies and simpler configuration. Another new feature is experimental eXpress Data Path (XDP) support for UDP. With support from both the network card and the kernel, it can provide superior performance and lower latency for UDP answers. Some of the improvements and bugfixes required a few backward incompatible changes, mainly regarding control sockets or module API. Please refer to our upgrading guide for details: https://knot-resolver.readthedocs.io/en/v5.2.0/upgrading.html#to-5-2 Improvements ------------ - doh2: add native C module for DNS-over-HTTPS (#600, !997) - xdp: add server-side XDP support for higher UDP performance (#533, !1083) - lower default EDNS buffer size to 1232 bytes (#538, #300, !920); see https://dnsflagday.net/2020/ - net: split the EDNS buffer size into upstream and downstream (!1026) - lua-http doh: answer to /dns-query endpoint as well as /doh (!1069) - improve resiliency against UDP fragmentation attacks (disable PMTUD) (!1061) - ta_update: warn if there are differences between statically configured keys and upstream (#251, !1051) - human readable output in interactive mode was improved (!1020) - doc: generate info page (!1079) - packaging: improve sysusers and tmpfiles support (!1080) Bugfixes -------- - avoid an assert() error in stash_rrset() (!1072) - fix emergency cache locking bug introduced in 5.1.3 (!1078) - migrate map() command to control sockets; fix systemd integration (!1000) - fix crash when sending back errors over control socket (!1000) - fix SERVFAIL while processing forwarded CNAME to a sibling zone (#614, !1070) Incompatible changes -------------------- - see upgrading guide: https://knot-resolver.readthedocs.io/en/v5.2.0/upgrading.html#to-5-2 - minor changes in module API - control socket API commands have to be terminated by "\n" - graphite: default prefix now contains instance identifier (!1000) - build: meson >= 0.49 is required (!1082) - planned changes in future versions: https://knot-resolver.readthedocs.io/en/v5.2.0/upgrading.html#upcoming-chan… Full changelog: https://gitlab.nic.cz/knot/knot-resolver/raw/v5.2.0/NEWS Sources: https://secure.nic.cz/files/knot-resolver/knot-resolver-5.2.0.tar.xz GPG signature: https://secure.nic.cz/files/knot-resolver/knot-resolver-5.2.0.tar.xz.asc Documentation: https://knot-resolver.readthedocs.io/en/v5.2.0/ -- Tomas Krizek PGP: 4A8B A48C 2AED 933B D495 C509 A1FB A5F7 EF8C 4869

5 let, 7 měsíců

1
0
0 0

Upcoming changes in Knot Resolver 5.2.0

by Petr Špaček

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Dear Knot Resolver users, we would like to inform you about certain changes in upcoming Knot Resolver 5.2.0: - - Users of Control sockets API need to terminate each command sent to resolver with newline character (ASCII \n). Correct usage: "cache.stats()\n". Newline terminated commands are accepted by all resolver versions >= 1.0.0. - - Human readable output from Control sockets is not stable and changes from time to time. Users who need machine readable output for scripts should use Lua function "tojson()" to convert Lua values into standard JSON format instead of attempting to parse the human readable output. For example API call "tojson(cache.stats())\n" will return JSON string with "cache.stats()" results represented as dictionary. Function "tojson()" is available in all resolver versions >= 1.0.0. - - DoH served with http module DNS-over-HTTP (DoH) will be marked as legacy and won’t receive any more bugfixes. A more reliable and scalable DoH module will be available instead. The new DoH module will only support HTTP/2 over TLS. - - New releases since October 2020 will contain changes for DNS Flag Day 2020. Please double-check your firewall, it has to allow DNS traffic on UDP and also TCP port 53. See https://dnsflagday.net/2020/ for more information. This text with links to further documentation can be found here: https://knot-resolver.readthedocs.io/en/latest/upgrading.html#upcoming-chan… We plan to use the same URL to publish planned changes in not-yet-released versions. To make our version numbers easier to understand we have documented how we version new releases: https://knot-resolver.readthedocs.io/en/latest/NEWS.html#version-numbering Feedback is more than welcome. Do not hesitate to reach out on the usual channels: https://www.knot-resolver.cz/support/ - -- Petr Špaček @ CZ.NIC -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEvibrucvgWbORDKNbzo3WoaUKIeQFAl9+9kcACgkQzo3WoaUK IeR7Jg/5AT4QLP1ZJBR8Vkoa5DirCnTBrBx3GPkiW+hVEXZPl55AXWMu54i9ZTuY 4R38+I1PypAM924n5xk98AaX7iRbISVZ87kOEfeJOKR2tzB8TiYwzufl2Y3PUYo8 IlazzcUyNFcQw4ARE3BqiQF6DLKl/s8U812XMEUlRdryE7lURWVEJyo711XNLPPy 6PWuGpsNboMR2V6z/7yrX/i+/0XGpxoSL8S9Fv4hQrOJB3c0lIZNSfaj23GywDao ZgkqlxwBgPkOGAhSIq3r5Xqitl9fTh2Gb1565Lrbj+4OY5WbL8YqaNArZMp3poUD T2QCH1bUypa0EP+smzdcriuFDWwl3L0zwODsnH2ofLAnosWeGfxtHXHI5W7rwskF gAAZJJe+UhxSeBzwr01r6YwZbDYlHiDA9+AkGkYGjYwQmfLCTftXRhlqmJ3BvpeR Nr97D8lSuct9XugIN2pUJfR1cVIr40ViiO3TG4m2eL2dHExELB4OOf/ZCOTX5dQk KJuQSspz5zQvVFWZZh17L6iT9WUdgwmi0TkvR8aMmPlr75vokFvioQMAOHfHgGtq 7s10W9TtRGX5o9ioHtTLrDaqEC/0P79bMTVU5HCap1dSCzgk1AYXtUDu4AVc0pWC Aui8tih9ykESC8rPUaEBc6wpR3wgKSPclfIWgiJira4xB8eRCUs= =9lwy -----END PGP SIGNATURE-----

5 let, 8 měsíců

1
0
0 0

Knot Resolver 5.1.3

by Tomas Krizek

Dear Knot Resolver users, Knot Resolver 5.1.3 has been released! Improvements ------------ - capabilities are no longer constrained when running as root (!1012) - cache: add percentage usage to cache.stats() (#580, !1025) - cache: add number of cache entries to cache.stats() (#510, !1028) - aarch64 support again, as some systems still didn't work (!1033) - support building against Knot DNS 3.0 (!1053) Bugfixes -------- - tls: fix compilation to support net.tls_sticket_secret() (!1021) - validator: ignore bogus RRSIGs present in insecure domains (!1022, #587) - build if libsystemd version isn't detected as integer (#592, !1029) - validator: more robust reaction on missing RRSIGs (#390, !1020) - ta_update module: fix broken RFC5011 rollover (!1035) - garbage collector: avoid keeping multiple copies of cache (!1042) Full changelog: https://gitlab.nic.cz/knot/knot-resolver/raw/v5.1.3/NEWS Sources: https://secure.nic.cz/files/knot-resolver/knot-resolver-5.1.3.tar.xz GPG signature: https://secure.nic.cz/files/knot-resolver/knot-resolver-5.1.3.tar.xz.asc Documentation: https://knot-resolver.readthedocs.io/en/v5.1.3/ -- Tomas Krizek PGP: 4A8B A48C 2AED 933B D495 C509 A1FB A5F7 EF8C 4869

5 let, 9 měsíců

1
0
0 0

2026

2025

2024

2023

2022

2021

2020

2019

2018

knot-resolver-announce