Path to this page:
Subject: CVS commit: pkgsrc/net/knot
From: Fredrik Pettai
Date: 2018-03-07 17:42:10
Message id: 20180307164210.55719FB40@cvs.NetBSD.org
Log Message:
Knot DNS 2.4.5 (2017-06-23)
===========================
Security:
---------
- Improper TSIG validity period check can allow TSIG forgery (Thanks to Synacktiv!)
Bugfixes:
---------
- Corner case journal fixes (huge changesets, OpenWRT operation)
Knot DNS 2.4.4 (2017-06-05)
===========================
Improvements:
-------------
- Improved error handling in kjournalprint
Bugfixes:
---------
- Zone flush not replanned upon unsuccessful flush
- Journal inconsistency after deleting deleted zone
- Zone events not rescheduled upon server reload (Thanks to Mark Warren)
- Unreliable LMDB mapsize detection in kjournalprint
- Some minor issues found by AddressSanitizer
Knot DNS 2.4.3 (2017-04-11)
===========================
Improvements:
-------------
- New 'journal-db-mode' optimization configuration option
- The default TSIG algorithm for utilities input is HMAC-SHA256
- Implemented sensible default EDNS(0) padding policy (Thanks to D. K. Gillmor)
- Added some more semantic checks on the knotc configuration operations
Bugfixes:
---------
- Missing 'zone' keyword in the YAML output
- Missing trailing dot in the keymgr DS owner output
- Journal logs 'invalid parameter' in several cases
- Some minor journal-related problems
Knot DNS 2.4.2 (2017-03-23)
===========================
Features:
---------
- Zscanner can store record comments placed on the same line
- Knotc status extension with version, configure, and workers parameters
Improvements:
-------------
- Significant incoming XFR speed-up in the case of many zones
Bugfixes:
---------
- Double OPT RR insertion when a global module returns KNOT_STATE_FAIL
- User-driven zscanner parsing logic inconsistency
- Lower serial at master doesn't trigger any errors
- Queries with too long DNAME substitution do not return YXDOMAIN response
- Incorrect elapsed time in the DDNS log
- Failed to process forwarded DDNS request with TSIG
Knot DNS 2.4.1 (2017-02-10)
===========================
Improvements:
-------------
- Speed-up of rdata addition into a huge rrset
- Introduce check of minumum timeout for next refresh
- Dnsproxy module can forward all queries without local resolving
Bugfixes:
--------
- Transfer of a huge rrset goes into an infinite loop
- Huge response over TCP contains useless TC bit instead of SERVFAIL
- Failed to build utilities with disabled daemon
- Memory leaks during keys removal
- Rough TSIG packet reservation causes early truncation
- Minor out-of-bounds string termination write in rrset dump
- Server crash during stop if failed to open timers DB
- Failed to compile on OS X older than Sierra
- Poor minimum UDP-max-size configuration check
- Failed to receive one-record-per-message IXFR-style AXFR
- Kdig timeouts when receiving RCODE != NOERROR on subsequent transfer message
Knot DNS 2.4.0 (2017-01-18)
===========================
- Kdig timeouts when receiving RCODE != NOERROR on subsequent transfer message
Knot DNS 2.4.0 (2017-01-18)
===========================
Bugfixes:
--------
- False positive semantic-check warning about invalid bitmap in NSEC
- Unnecessary SOA queries upon notify with up to date serial
- Timers for expired zones are reset on reload
- Zone doesn't expire when the server is down
- Failed to handle keys with duplicate keytags
- Per zone module and global module insconsistency
- Obsolete online signing module configuration
- Malformed output from kjournalprint
- Redundant SO_REUSEPORT activation on the TCP socket
- Failed to use higher number of background workers
Improvements:
-------------
- Lower memory consumption with qp-trie
- Zone events and zone timers improvements
- Print all zone names in the FQDN format
- Simplified query module interface
- Shared TCP connection between SOA query and transfer
- Response Rate Limiting as a module with statistics support
- Key filters in keymgr
Features:
---------
- New unified LMDB-based zone journal
- Server statistics support
- New statistics module for traffic measuring
- Automatic deletion of retired DNSSEC keys
- New control logging category
Files: