[knot-dns-users] Knot DNS 1.4.2 patch release
jan.vcelak at nic.cz
Mon Jan 27 16:26:40 CET 2014
We really appreciate your feedback on the previous release - both positive and
negative. Thank you for that, it motivates us to make Knot DNS even better.
Today, CZ.NIC Labs proudly announce the Knot DNS 1.4.2.
There are quite a lot of changes:
* The new release includes a compatibility fix for the AXFR/IXFR issues, which
occurred when accepting transfers from tinydns/axfrdns.
* In some cases, a TSIG did not fit into the outgoing transfer causing the
transfer to be terminated. This problem was addressed as well.
* Also, journal files are newly created only when necessary. It means
that some disk space is spared when IXFR, DDNS, and DNSSEC signing are
disabled. Feel free to delete the existing journal files if the zones fits
into this category.
* In addition, problems with incorrect logging categories regarding zones were
reported. The logging was reviewed and should be appropriate with the new
* We also fixed several problems in DNSSEC. Firstly, the 'knotc signzone'
command was broken and caused a deadlock of the main server thread. It does
not happen with the new version.
Secondly, prior to this release, the signatures were refreshed two hours
before their expiration, which was found to be extremely insufficient. With
the new release, signatures are refreshed one tenth of the signature
lifetime before their expiration. With the default configuration, the
signature lifetime is 30 days, which implies that the signatures are
refreshed three days before the expiration.
* Moreover, RRSIGs in the additional records not-fitting into the DNS message
do not cause packet truncation, but are simply skipped.
We are looking forward to your reactions and comments.
Jan Včelák, Knot DNS
CZ.NIC Labs http://www.knot-dns.cz
Americká 23, 120 00 Praha 2, Czech Republic
WWW: http://labs.nic.cz http://www.nic.cz
More information about the knot-dns-users