[knot-dns-users] Knot DNS 2.2.0 release
jan.vcelak at nic.cz
Tue Apr 26 16:44:42 CEST 2016
Knot DNS 2.2.0 by CZ.NIC Labs has been just released! This release
brings only a few new features, but it contains a bunch of important
bugs fixes and many significant changes under the hood.
Let's start with the bug fixes and improvements:
- We have resolved build dependency issues on FreeBSD. And we have fixed
a problem when detecting PKCS #11 support in GnuTLS.
- Some bugs related to Dnstap were resolved as well. The logging module
now correctly sets query/response message type. And kdig properly uses
the remote address when showing the capture.
- The global instances of query modules were not executed for queries
hitting existing zones. This problem is fixed in the new release.
- We have enabled execution of semantic checks after IXFR to unify the
behavior with AXFR. Also the logging of messages related to transfers
was improved a little bit.
- The DNSSEC signing produces correct NSEC/NSEC3 bitmap for delegations
where a glue record has the same name as the delegated zone.
- We have added some fixes hopefully improving compatibility with
PKCS #11 devices. The most significant change is that the generated
keys are marked as sensitive. It makes perfect sense and some devices
(e.g. Luna SA) actually require this attribute to be set.
- The configuration transaction is not aborted when some consistency
check fails. This is particularly useful, if you make a typo when
changing the server configuration with knotc. We have also eliminated
an incorrect error when the last zone was being removed from the
- There are also some bug fixes and improvements in the utilities. The
keymgr utility should provide more sensible error messages, new
consistency checks were added, and some commands were extended
a little bit. The kdig utility now properly handles AXFR responses
containing only the SOA record in the first message. And kdig will
also use a local resolver if the resolv.conf file is empty.
- The zone event scheduler was improved. And we hope that it will speed
up the event lookup if you have many many zones.
And finally the new features:
- We have added RRL white listing. This allows to exempt some clients
from rate limiting, for example your monitoring hosts. See the
rate-limit-whitelist configuration option for details.
- We have added support for URI (RFC 7553) and CAA (RFC 6844) resource
- The knotc utility now supports interactive mode with command line
editing, tab completion, and history. Just start knotc without any
command and give it a try.
- And the server has a new control interface we will be extending in the
future. The knotc utility already uses this interface. And we also
have a simple Python binding for this interface. We are definitely
looking for some feedback.
That's all folks. Thank you for using Knot DNS.
Jan Včelák, Knot DNS
CZ.NIC Labs https://www.knot-dns.cz
Milešovská 5, 130 00 Praha 3, Czech Republic
WWW: https://labs.nic.cz https://www.nic.cz
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 801 bytes
Desc: OpenPGP digital signature
More information about the knot-dns-users