[knot-resolver-announce] Knot Resolver 2.4.0

Tomas Krizek tomas.krizek at nic.cz
Tue Jul 3 13:15:49 CEST 2018


Dear Knot Resolver users,

Knot Resolver 2.4.0 has been released.

Incompatible changes
--------------------
- minimal libknot version is now 2.6.7 to pull in latest fixes (#366)

Security
--------
- fix a rare case of zones incorrectly downgraded to insecure status
  (!576)

New features
------------
- TLS session resumption (RFC 5077), both server and client (!585, #105)
  (disabled when compiling with gnutls < 3.5)
- TLS_FORWARD policy uses system CA certificate store by default (!568)
- aggressive caching for NSEC3 zones (!600)
- optional protection from DNS Rebinding attack (module rebinding, !608)
- module bogus_log to log DNSSEC bogus queries without verbose logging
  (!613)

Bugfixes
--------
- prefill: fix ability to read certificate bundle (!578)
- avoid turning off qname minimization in some cases, e.g. co.uk. (#339)
- fix validation of explicit wildcard queries (#274)
- dns64 module: more properties from the RFC implemented (incl.
  bug #375)

Improvements
------------
- systemd: multiple enabled kresd instances can now be started using
  kresd.target
- ta_sentinel: switch to version 14 of the RFC draft (!596)
- support for glibc systems with a non-Linux kernel (!588)
- support per-request variables for Lua modules (!533)
- support custom HTTP endpoints for Lua modules (!527)

Full changelog:
https://gitlab.labs.nic.cz/knot/knot-resolver/raw/v2.4.0/NEWS

Sources:
https://secure.nic.cz/files/knot-resolver/knot-resolver-2.4.0.tar.xz

GPG signature:
https://secure.nic.cz/files/knot-resolver/knot-resolver-2.4.0.tar.xz.asc

Documentation:
https://knot-resolver.readthedocs.io/en/v2.4.0/

-- 
Tomas Krizek
PGP: 4A8B A48C 2AED 933B D495  C509 A1FB A5F7 EF8C 4869

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.nic.cz/pipermail/knot-resolver-announce/attachments/20180703/36eb1443/attachment.sig>


More information about the knot-resolver-announce mailing list