Dear Knot Resolver users,
Knot Resolver 4.2.1 has been released!
Note for Debian users: If you have previously installed
knot-resolver-dbgsym package on Debian, please remove it and install
knot-resolver-dbg instead.
Bugfixes
--------
- rebinding module: fix handling some requests, respect ALLOW_LOCAL flag
- fix incorrect SERVFAIL on cached bogus answer for +cd request (!860)
(regression since 4.1.0 release, in less common cases)
- prefill module: allow a different module-loading style (#506)
- validation: trim TTLs by RRSIG's expiration and original TTL (#319,
#504)
- NS choice algorithm: fix a regression since 4.0.0 (#497, !868)
- policy: special domains home.arpa. and local. get NXDOMAIN (!855)
Improvements
------------
- add compatibility with (future) libknot 2.9
Full changelog:
https://gitlab.labs.nic.cz/knot/knot-resolver/raw/v4.2.1/NEWS
Sources:
https://secure.nic.cz/files/knot-resolver/knot-resolver-4.2.1.tar.xz
GPG signature:
https://secure.nic.cz/files/knot-resolver/knot-resolver-4.2.1.tar.xz.asc
Documentation:
https://knot-resolver.readthedocs.io/en/v4.2.1/
--
Tomas Krizek
PGP: 4A8B A48C 2AED 933B D495 C509 A1FB A5F7 EF8C 4869
Hello Knot resolver folks, and especially the packagers,
I've noticed that the CentOS 7 packages published by CZNIC ship with
/etc/knot-resolver writable by the "knot-res" user (the directory mode
is 0775).
It seems that the directory is writable, because kresd (running as user
knot-res) runs a lua script to manage the /etc/knot-resolver/root.keys file.
My sysadmin mind is suspicious of this setup. If any other modules of
kresd have a bug, they have the potential to modify config files in
/etc/knot-resolver. My thinking is that the root.keys file should be
installed in /var/cache/knot-resolver, and that is writable by "knot-res".
Could someone please explain to me why the config directory is writable
by an unprivileged user? Is there a good reason I'm not seeing for this
setup?
Regards,
Anand Buddhdev
Hello,
Could someone help me to understand the behavior of Knot Resolver?
Can I somehow process a change in the list of static records for knot
resolver like a command for reloading configuration?
If I have in the kresd.conf file a module
modules = {
'hints> iterate', - Add static records to resolver
...
...
and the list is located
- Load static records
hints.add_hosts ('/ etc / knot-resolver / static_records.txt')
how can I reload the change in the static_records.txt list for the kresd @ 1
service
Or should I always restart the daemon kresd @ 1
systemctl restart Kresd @ 1
Thanks for any advice,
Regadrs,
--
Smil Milan Jeskyňka Kazatel
