Hello.
In case you're using our upstream repositories for Debian or Ubuntu, as
suggested on https://www.knot-resolver.cz/download/
you'll be running into their signing key expiring since today. As we
didn't update it in time, you'll have to update it manually by re-running:
wgethttps://secure.nic.cz/files/knot-resolver/knot-resolver-release.deb
dpkg -i knot-resolver-release.deb
Ticket: https://gitlab.nic.cz/knot/knot-resolver/-/issues/747
We also forgot to add Ubuntu 22.04, so that is fixed now, too.
--Vladimir
Dear Knot Resolver users,
Knot Resolver versions 5.7.2 (stable) and 6.0.7 (early-access) have been
released! Both fix running on 32-bit systems with 64-bit time; 6.0.7
additionally brings fixes to RPZ, cache clearing via kresctl, and more.
---
Knot Resolver 5.7.2:
Bugfixes:
- fix on 32-bit systems with 64-bit time_t (!1510)
Full changelog:
https://gitlab.nic.cz/knot/knot-resolver/raw/v5.7.2/NEWS
Sources:
https://secure.nic.cz/files/knot-resolver/knot-resolver-5.7.2.tar.xz
GPG signature:
https://secure.nic.cz/files/knot-resolver/knot-resolver-5.7.2.tar.xz.asc
Documentation:
https://www.knot-resolver.cz/documentation/artifacts/1056229/index.html
---
Knot Resolver 6.0.7:
Improvements:
- manager: clear the cache via management HTTP API (#876, !1491)
- manager: added support for Python 3.12 and removed for 3.7 (!1502)
- manager: use build-time install prefix to execute `kresd` instead of
PATH (!1511)
- docs: documentation is now separated into user and developer parts (!1514)
- daemon: ignore UDP requests from ports < 1024 (!1507)
- manager: increase startup timeout for processes (!1518, !1520)
- local-data: increase default DB size to 2G on 64-bit platforms (!1518)
Bugfixes:
- fix listening by interface name containing dashes (#900, !1500)
- fix kresctl http request timeout (!1505)
- fix RPZ if it contains apex NS record (!1516)
- fix RPZ if SOA is repated, as usual in AXFR output (!1521)
- avoid RPZ overriding the root SOA (!1521)
- fix on 32-bit systems with 64-bit time_t (!1510)
- fix paths to knot-dns libs if exec_prefix != prefix (!1503)
- manager: add missing early check that neither a custom port nor TLS is
set for authoritative server forwarding (#902, !1505)
Full changelog:
https://gitlab.nic.cz/knot/knot-resolver/raw/v6.0.7/NEWS
Documentation:
https://www.knot-resolver.cz/documentation/artifacts/1056245/index.html
--
Oto Šťáva | Knot Resolver team leader | CZ.NIC z.s.p.o.
PGP: 6DC2 B0CB 5935 EA7A 3961 4AA7 32B2 2D20 C9B4 E680
Hi,
I am in the process to migrate from unbound to knot-resolver.
This is on FreeBSD 14-STABLE, knot-resolver 5.7.1, and on a very small instance serving a handful users, around 100 mails a day and such.
The resolver is up and running, but I still have some questions left I cannot answer myself after reading the documentation et al.
1) I managed to run 'kres-cache-gc -c /var/run/kresd' but I am unsure whether I do need the garbage collector at all?
I read that after filling up of '/var/run/kresd/data.mdb' that file would become reset to 0 bytes, correct?
FYI: After 3 days '/var/run/kresd/data.mdb' uses less than 1 MB currently.
2) Does knot-resolver automatically update 'root.hints' and 'root.keys', or do I have to install a script in crontab doing the updates instead?
FYI: I didn't unload the modules 'ta_signal_query' and 'ta_sentinel‘
3) I am still struggeling to understand, how to get access to the statistics produced by the module 'stats'?
FYI: If I do try to use knotc (I know, it's experimental), I'll get:
|dns> kresc /var/run/kresd/control/17158
|Warning! kresc is highly experimental, use at own risk.
|Please tell authors what features you expect from client utility.
|
FYI: There is no 'kresd>' prompt …
I tried to modify that socket's privileges but to no avail.
4) If that socket is the way to get hold on all statistics information, how can one name that socket file? Currently, it is just the PID of kresd.
Thanks in advance and regards,
Michael
