[knot-dns-users] Knot DNS 2.2.0 release

Jan Včelak jan.vcelak at nic.cz
Tue Apr 26 16:44:42 CEST 2016

Hello everyone!

Knot DNS 2.2.0 by CZ.NIC Labs has been just released! This release
brings only a few new features, but it contains a bunch of important
bugs fixes and many significant changes under the hood.

Let's start with the bug fixes and improvements:

- We have resolved build dependency issues on FreeBSD. And we have fixed
  a problem when detecting PKCS #11 support in GnuTLS.

- Some bugs related to Dnstap were resolved as well. The logging module
  now correctly sets query/response message type. And kdig properly uses
  the remote address when showing the capture.

- The global instances of query modules were not executed for queries
  hitting existing zones. This problem is fixed in the new release.

- We have enabled execution of semantic checks after IXFR to unify the
  behavior with AXFR. Also the logging of messages related to transfers
  was improved a little bit.

- The DNSSEC signing produces correct NSEC/NSEC3 bitmap for delegations
  where a glue record has the same name as the delegated zone.

- We have added some fixes hopefully improving compatibility with
  PKCS #11 devices. The most significant change is that the generated
  keys are marked as sensitive. It makes perfect sense and some devices
  (e.g. Luna SA) actually require this attribute to be set.

- The configuration transaction is not aborted when some consistency
  check fails. This is particularly useful, if you make a typo when
  changing the server configuration with knotc. We have also eliminated
  an incorrect error when the last zone was being removed from the

- There are also some bug fixes and improvements in the utilities. The
  keymgr utility should provide more sensible error messages, new
  consistency checks were added, and some commands were extended
  a little bit. The kdig utility now properly handles AXFR responses
  containing only the SOA record in the first message. And kdig will
  also use a local resolver if the resolv.conf file is empty.

- The zone event scheduler was improved. And we hope that it will speed
  up the event lookup if you have many many zones.

And finally the new features:

- We have added RRL white listing. This allows to exempt some clients
  from rate limiting, for example your monitoring hosts. See the
  rate-limit-whitelist configuration option for details.

- We have added support for URI (RFC 7553) and CAA (RFC 6844) resource
  record types.

- The knotc utility now supports interactive mode with command line
  editing, tab completion, and history. Just start knotc without any
  command and give it a try.

- And the server has a new control interface we will be extending in the
  future. The knotc utility already uses this interface. And we also
  have a simple Python binding for this interface. We are definitely
  looking for some feedback.

That's all folks. Thank you for using Knot DNS.

Full changelog:

Source archive:

GPG signature:



 Jan Včelák, Knot DNS
 CZ.NIC Labs https://www.knot-dns.cz
 Milešovská 5, 130 00 Praha 3, Czech Republic
 WWW: https://labs.nic.cz https://www.nic.cz

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: OpenPGP digital signature
URL: <http://lists.nic.cz/pipermail/knot-dns-users/attachments/20160426/fde1442e/attachment.sig>

More information about the knot-dns-users mailing list