Hello.
In case you're using our upstream repositories for Debian or Ubuntu, as
suggested on https://www.knot-resolver.cz/download/
you'll be running into their signing key expiring since today. As we
didn't update it in time, you'll have to update it manually by re-running:
wgethttps://secure.nic.cz/files/knot-resolver/knot-resolver-release.deb
dpkg -i knot-resolver-release.deb
Ticket: https://gitlab.nic.cz/knot/knot-resolver/-/issues/747
We also forgot to add Ubuntu 22.04, so that is fixed now, too.
--Vladimir
Hello,
could you please help me with knot resolver configuration in the case when I
need to redirect each variation for the domain to some address.
e.g.
www.example.com, m.example.com, domain.example.com ...
like wildcard record
*.example.com 10.0.0.50
In my configuration is it handeled by file with static records
-- load static records
hints.add_hosts('/etc/knot-resolver/static_records.txt')
which contains address to be redirected and the domain.
10.0.0.50 1xbet.com
10.0.0.50 thelotter.com
10.0.0.50 webmoneycasino.com
10.0.0.50 betworld.com
10.0.0.50 bosscasino.eu
10.0.0.50 sportingbull.com
But I´m not able to handle the correct syntax for a wildcard domain
redirection.
Best regards,
--
Smil Milan Jeskyňka Kazatel
Dear Knot Resolver users,
Knot Resolver 5.6.0 has been released!
Security
- avoid excessive TCP reconnections in some cases (!1380)
For example, a DNS server that just closes connections without answer
could cause lots of work for the resolver (and itself, too).
The number of connections could be up to around 100 per client's query.
We thank Xiang Li from NISL Lab, Tsinghua University,
and Xuesong Bai and Qifan Zhang from DSP Lab, UCI.
Improvements
- daemon: feed server selection with more kinds of bad-answer events (!1380)
- cache.max_ttl(): lower the default from six days to one day
and apply both limits to the first uncached answer already (!1323 #127)
- depend on jemalloc, preferably, to improve memory usage (!1353)
- no longer accept DNS messages with trailing data (!1365)
- policy.STUB: avoid applying aggressive DNSSEC denial proofs (!1364)
- policy.STUB: avoid copying +dnssec flag from client to upstream (!1364)
Bugfixes
- policy.DEBUG_IF: don't print client's packet unconditionally (!1366)
Full changelog:
https://gitlab.nic.cz/knot/knot-resolver/raw/v5.6.0/NEWS
Sources:
https://secure.nic.cz/files/knot-resolver/knot-resolver-5.6.0.tar.xz
GPG signature:
https://secure.nic.cz/files/knot-resolver/knot-resolver-5.6.0.tar.xz.asc
Documentation:
https://knot-resolver.readthedocs.io/en/v5.6.0/
--
Ales Mrazek
PGP: 3057 EE9A 448F 362D 7420 5A77 9AB1 20DA 0A76 F6DE
