| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
|
|
|
|
==========================
Bugfixes:
---------
- Some specific incoming IXFRs were causing server to crash
- Rare sychronization error during reload caused read-after-free
- Response synthetization module did not work properly with
DNSSEC-enabled zones
- When Knot sent AXFR when IXFR was requested, message ID and
opcode were wrong
- Knot failed to send large messages to remote control
(present since 1.5.1)
Knot DNS 1.5.2 (2014-09-08)
==========================
Bugfixes:
---------
- Some RR parsing corner cases were not handled properly
- AXFR-style IXFR was refused and had to be retransfered
- Hash character (#) was not properly escaped when storing text zone file
Knot DNS 1.5.1 (2014-08-19)
===========================
Features:
---------
- Basic support for logging using systemd journal
- DDNS: Ability to process updates in bulk
Improvements:
-------------
- Unified logging messages structure
- DNSSEC: More strict controls for signing keys
Bugfixes:
---------
- DNSSEC: DNAMEs in RDATA were not lowercased before signing
- EDNS: OPT RR were not put into responsing for some errors
- TSIG: DDNS responses were not signed with TSIG
- DDNS: Prerequisite checks failed for some inputs
- knsupdate: Zone origin was not used for deletions
Knot DNS 1.5.0 (2014-07-08)
===========================
Features:
---------
- DDNS forwarding reimplemented
Improvements:
-------------
- Transfer sizes logged in bytes if needed
- Logging outgoing NOTIFY messages
- Logging unauthorized incoming NOTIFYs
Bugfixes:
---------
- Zone flush planning after bootstrap
- Incorrect incoming AXFR message sizes
- DDNS signing changes were freed too soon, posibility of stale data
- knotc remote control key handling
Knot DNS 1.5.0-rc2 (2014-06-18)
===============================
Features:
---------
- edns-client-subnet support in kdig
- Optional asynchronous startup (config "asynchronous-start")
Improvements:
-------------
- Preempt task queue for faster reload
- Lazy zone file write after zone transfer (governed by
"zonefile-sync")
Bugfixes:
---------
- Close zone transfer after SERVFAIL response
- Incremental to full zone transfer fallback, wrong log message
- Zone events corner cases, reload replanning
Knot DNS 1.5.0-rc1 (2014-06-03)
===============================
Features:
---------
- Pluggable query processing modules
- Synthetic IPv4/IPv6 reverse/forward records (optional module)
- dnstap support in both utilities & server (optional module)
- NOTIFY message support and new TSIG section in kdig
- Zone transfer master failover
Improvements:
-------------
- Query processing and core functionality overhaul
- Performance and reduced memory footprint
- Faster zone events scheduling
- RFC compliant queries/responses in some corner cases
- Log messages
- New documentation (Sphinx)
|
|
---------------------
Bugfixes:
* Fixed DDNS corner cases
* Fixed zone EXPIRE timer
* Fixed semantic checks false positives
* Fixed sending malformed IXFR with automatic DNSSEC
* Fixed NAPTR record serialization
|
|
|
|
---------------------
Bugfixes:
* Fix possible signing loop when doing key rollover
* Fixed sending of malformed UDP empty responses
|
|
---------------------
Bugfixes:
* Fix possible weakness in TSIG signature checking
|
|
---------------------
Features:
* Server is logging remote control commands
* 'knotc reload' doesn't refresh unchanged zones
* 'knotc -f refresh' forces zone retransfer
Bugfixes:
* Missing notifications after DDNS/automatic resign
* Zone is rebootstrapped if the zone file is unreadable
* Progressive bootstrap retry backoff
* Zone file parser allows asterisk as part of the label
* Journal maximum entry size fixes
* Sign DNSKEYs in non-apex nodes as regular RR sets
* Various spelling and typo fixes
|
|
|
|
These are now handled dynamically if INIT_SYSTEM is set to "rc.d", or
ignored otherwise.
|
|
---------------------
Bugfixes:
* Failure when expanding wildcard leading to apex and having DNSKEY records
* Failure for query to wildcard without wildcard expansion
* Bad cleanup when loading a faulty entry from a journal
* Zone file $ORIGIN and configuration comparison is case-insensitive
Features:
* Config "include" statement supports directory and includes all files within
|
|
|
|
|
|
---------------------
Bugfixes:
* AXFR/IXFR compatibility issues with tinydns/axfrdns
* Journal file is created only when needed
* Zone-related log messages are logged into correct category
* DNSSEC: Refresh signatures earlier (3 days before their expiration
with the default signature lifetime)
* Fixed RCU synchronization causing deadlock on 'knotc signzone'
* RRSIG not fitting in the additional records doesn't cause truncation
v1.4.1 - Jan 13, 2014
---------------------
Bugfixes:
* Empty APL record support
* 'zonestatus' when using immediate zone syncing
* Immediate zone syncing after reload
* Race condition writing time values to zone file
v1.4.0 - Jan 6, 2014
---------------------
Features:
* Zone SERIAL policies (INCREMENT, UNIXTIME)
Bugfixes:
* AXFR crash with specific packet
* QNAME case-sensitive since 1.4.0-rc0
* DNSSEC records over DDNS
* Semantic check fail in AXFR is only soft-error
* Journal race condition
* Notifies are sent immediately
v1.4.0-rc2 - Dec 13, 2013
-------------------------
Features:
* IDN support in Knot utilities
* DNSSEC: support for GOST algorithm
Bugfixes:
* Crash in particular additionals processing
* Race condition in event cancelation
* Journal corruption after failed transactions
* DNSSEC: fixed detection of ECDSA support
Other improvements:
* ./configure prints build configuration summary
* Pretty zone file output (DNSSEC-related data separately)
* Lower memory consumption
* config: option 'dnssec-keydir' can be set per zone
* config: option 'storage' can be set per zone
v1.4.0-rc1 - Nov 20, 2013
-------------------------
Features:
* Better logging of automatic DNSSEC events
* Support for DNSSEC key pre-publication
Bugfixes:
* Refactored zone loading
* Improved journal locking and fixed some race conditions
* Various fixes in client utilities
* Fixed memory errors in automatic DNSSEC signing
* 'dnssec-keydir' doesn't auto-enable signing
* Fixed rescheduling of zone resigns
v1.4.0-beta - Oct 28, 2013
--------------------------
Features:
* Experimental automatic DNSSEC signing
* Reduced memory usage
|
|
|
|
--------------------------
Bugfixes:
* Improved zone loading error messages
* Correct control socket permissions
* Improved log syntax documentation
* Fixed wrong assertions in DDNS prerequisites checking
* Fixed processing of some malformed DNS packets
* Fixed notify messages being ignored in some cases
v1.3.2 - Sep 30, 2013
---------------------
Bugfixes:
* Configuration option for EDNS0 max UDP payload.
* Max UDP payload from EDNS0 affected TCP responses.
* Fixed build on SLE 10.
* knotc reload did not close files included from config.
|
|
---------------------
Bugfixes:
* Response with NSID contained extra bytes after reload
* List of remotes is scanned for longest prefix match
* Multipacket TSIG signatures for transfers
* Wrongly parsed TSIG key secret without quotes
* Removed autoconf checks for extended instruction sets
v1.3.0 - Aug 5, 2013
--------------------
Features:
* Defaults for CH TXT id.server,version.server (see doc)
Bugfixes:
* Progressive interval for bootstrap retry
* Transfers randomly cancelled
* Disabling RRL on reload
* Secondary groups not initialized when dropping privileges
* Responding to DS queries for names at or below delegation points
v1.3.0-rc5 - Jul 29, 2013
-------------------------
Features:
* Much faster bootstrap of many zones
Bugfixes:
* Removed deprecated 'knotc -w' option
* Slave ignores out-of-zone records in zone
* Support for obsolete types in zone transfers
* Slave zone file names fixes
* Long transfers being randomly dropped
v1.3.0-rc4 - Jul 15, 2013
-------------------------
Features:
* --with-configdir option for default config path
* Reintroducted 'pidfile' config option
Bugfixes:
* AXFR/IXFR subsystem performance improvements
* Rescheduling of AXFR in some cases
* RRSIGs not in the same section for DS records
* Log messages leaking to syslog
* 'knotc restart' option removed due to several limitations
v1.3.0-rc3 - Jun 28, 2013
-------------------------
Features:
* Utility to estimate memory consumption (see 'knotc memstats')
* PID file is not created when running on foreground
* UNIX sockets support for knotc
* Configurable 'rundir' and 'storage'
Bugfixes:
* IXFR with an arbitrary number of diffs
* Processing of knotc TSIG keyfile
* Atomic PID file writing, removed deprecated 'knotc start'
* Performance regression when RRSIGs came before covered RRs in AXFR
v1.3.0-rc2 - Jun 14, 2013
-------------------------
Bugfixes:
* Label compression related bug
* Proper resolution of some CNAME chains
* Unstable response rate in rare cases
* Several log messages
v1.3.0-rc1 - Jun 4, 2013
---------------------------
Features:
* Faster zone parser
* Full support for EUI and ILNP resource records
* Lower memory footprint for large zones
* No compilation of zones
* Improved scheduling of zone transfers
* Logging of serials and timing information for zone transfers
* Config: 'groups' keyword allowing to create groups of remotes
* Config: 'include' keyword allowing other file includes
* Client utilities: kdig, khost, knsupdate
* Server identification using TXT/CH queries (RFC 4892)
* Improved build scripts
* Improved dname compression and performance
Bugfixes:
* Fixed creating of PID file when dropping privileges
|
|
---------------------
Bugfixes:
* Memory leaks
(v1.2.0-rc4)
Features:
* knotc 'zonestatus' command
Bugfixes:
* Check for broken recvmmsg() implementation
* Changing logfile ownership before dropping privileges
* knotc respects 'control' section from configuration
* RRL: resolved bucket collisions
* RRL: updated bucket mapping to conform RRL technical memo
(v1.2.0-rc3)
Features:
* Response rate limiting (see documentation)
Bugfixes:
* Fixed OpenBSD build
* Responses to ANY should contain RRSIGs
(v1.2.0-rc2)
Bugfixes:
* Fixed processing of some non-standard dnames.
* Correct checking of label length bounds in some cases.
* More compliant rcodes in case of DDNS/TSIG failures.
* Correct processing of malformed DDNS prereq section.
(v1.2.0-rc1)
Features:
* Dynamic updates, including forwarding (limited on signed zones)
* Updated remote control utility
* Configurable TCP timeouts
* LOC RR support
|
|
---------------------
Bugfixes
* Updated manpage.
v1.1.3-rc1 - Dec 6, 2012
------------------------
Bugfixes
* Fixed answering DS queries (RRSIGs not together with DS, AA bit
missing).
* Fixed setting ARCOUNT in some error responses with EDNS enabled.
* Fixed crash when compiling zone zone with NSEC3PARAM but no NSEC3
and semantic checks enabled.
|
|
|
|
(instead of using incompatible (f)lex found on some platforms)
|
|
---------------------
Bugfixes:
* Fixed debug message.
v1.1.2-rc1 - Nov 14, 2012
-------------------------
Bugfixes:
* Fixed crash on reload when config contained duplicate zones.
* Fixed scheduling of transfers.
|
|
---------------------
Bugfixes:
* Fixed assertion failing when asking directly for a wildcard name.
v1.1.1-rc1 - Oct 23, 2012
-------------------------
Bugfixes:
* Crash after IXFR in certain cases when adding RRSIG in an IXFR.
* Fixed behaviour when incoming IXFR removes a zone cut. Previously
occluded names now become properly visible. Previously lead to a
crash when the server was asked for the previously occluded name.
* Fixed handling of zero-length strings in text zone dump. Caused the
compilation to fail.
* Fixed TSIG algorithm name comparison - the names should be in
canonical form.
* Fixed handling unknown RR types with type less than 251.
Features:
* Improved compression of packets. Out-of-zone dnames present in RDATA
were not compressed.
* Slave zones are now automatically refreshed after startup.
* Proper response to IXFR/UDP query (returns SOA in Authority section).
|
|
|
|
which supports all key features of the domain name system including
zone transfers, dynamic updates and DNSSEC.
|
