[knot-dns-users] Knot DNS 1.4.2 patch release

Jan Včelák jan.vcelak at nic.cz
Mon Jan 27 16:26:40 CET 2014

Hello List!

We really appreciate your feedback on the previous release - both positive and 
negative. Thank you for that, it motivates us to make Knot DNS even better.

Today, CZ.NIC Labs proudly announce the Knot DNS 1.4.2.

There are quite a lot of changes:

* The new release includes a compatibility fix for the AXFR/IXFR issues, which
  occurred when accepting transfers from tinydns/axfrdns.

* In some cases, a TSIG did not fit into the outgoing transfer causing the
  transfer to be terminated. This problem was addressed as well.

* Also, journal files are newly created only when necessary. It means
  that some disk space is spared when IXFR, DDNS, and DNSSEC signing are
  disabled. Feel free to delete the existing journal files if the zones fits
  into this category.

* In addition, problems with incorrect logging categories regarding zones were
  reported. The logging was reviewed and should be appropriate with the new

* We also fixed several problems in DNSSEC. Firstly, the 'knotc signzone'
  command was broken and caused a deadlock of the main server thread. It does
  not happen with the new version.

  Secondly, prior to this release, the signatures were refreshed two hours
  before their expiration, which was found to be extremely insufficient. With
  the new release, signatures are refreshed one tenth of the signature
  lifetime before their expiration. With the default configuration, the
  signature lifetime is 30 days, which implies that the signatures are
  refreshed three days before the expiration.

* Moreover, RRSIGs in the additional records not-fitting into the DNS message
  do not cause packet truncation, but are simply skipped.

We are looking forward to your reactions and comments.

Full changelog:


GPG signatures:

Best Regards,


 Jan Včelák, Knot DNS
 CZ.NIC Labs http://www.knot-dns.cz
 Americká 23, 120 00 Praha 2, Czech Republic
 WWW: http://labs.nic.cz http://www.nic.cz

More information about the knot-dns-users mailing list