[knot-resolver-announce] Knot Resolver 2.4.0

Tomas Krizek tomas.krizek at nic.cz
Tue Jul 3 13:15:49 CEST 2018

Dear Knot Resolver users,

Knot Resolver 2.4.0 has been released.

Incompatible changes
- minimal libknot version is now 2.6.7 to pull in latest fixes (#366)

- fix a rare case of zones incorrectly downgraded to insecure status

New features
- TLS session resumption (RFC 5077), both server and client (!585, #105)
  (disabled when compiling with gnutls < 3.5)
- TLS_FORWARD policy uses system CA certificate store by default (!568)
- aggressive caching for NSEC3 zones (!600)
- optional protection from DNS Rebinding attack (module rebinding, !608)
- module bogus_log to log DNSSEC bogus queries without verbose logging

- prefill: fix ability to read certificate bundle (!578)
- avoid turning off qname minimization in some cases, e.g. co.uk. (#339)
- fix validation of explicit wildcard queries (#274)
- dns64 module: more properties from the RFC implemented (incl.
  bug #375)

- systemd: multiple enabled kresd instances can now be started using
- ta_sentinel: switch to version 14 of the RFC draft (!596)
- support for glibc systems with a non-Linux kernel (!588)
- support per-request variables for Lua modules (!533)
- support custom HTTP endpoints for Lua modules (!527)

Full changelog:


GPG signature:


Tomas Krizek
PGP: 4A8B A48C 2AED 933B D495  C509 A1FB A5F7 EF8C 4869

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.nic.cz/pipermail/knot-resolver-announce/attachments/20180703/36eb1443/attachment.sig>

More information about the knot-resolver-announce mailing list