./net/knot, Knot (auth) DNS server

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]

Branch: CURRENT, Version: 2.3.3nb1, Package name: knot-2.3.3nb1, Maintainer: pettai

Knot DNS is a high-performance authoritative-only DNS server
which supports all key features of the domain name system including
zone transfers, dynamic updates and DNSSEC.

Required to run:
[security/gnutls] [devel/libidn] [devel/userspace-rcu]

Required to build:

Master sites:

SHA1: a94bebb595eab6b3014aae9e2376300958864113
RMD160: d72fc69dd2a0fee769eb1c7261ea5df6d31c145e
Filesize: 1046.055 KB

Version history: (Expand)

CVS history: (Expand)

   2017-08-16 22:21:18 by Thomas Klausner | Files touched by this commit (180)
Log message:
Follow some http redirects.
   2017-08-07 10:44:14 by Johnny C. Lam | Files touched by this commit (1)
Log message:
Use PKG_SYSCONF* variables correctly in net/knot.

Set PKG_SYSCONFSUBDIR to "knot" to have all of the config files
located in the "knot" subdirectory of ${PKG_SYSCONFBASE}.

Pass ${PKG_SYSCONFBASE} to the configure script since the package's
build infrastructure automatically appends "/knot" to the value
passed in through --sysconfdir.

automatically created by the package install script.

Bump the PKGREVISION due to changes in the package install scripts.
   2016-12-09 23:28:18 by Fredrik Pettai | Files touched by this commit (3)
Log message:
Knot DNS 2.3.3 (2016-12-08)

 - Double free when failed to apply zone journal
 - Zone bootstrap retry interval not preserved upon zone reload
 - DNSSEC related records not flushed if not signed
 - False semantic checks warning about incorrect type in NSEC bitmap
 - Memory leak in kzonecheck

 - All zone names are fully-qualified in log

 - New kjournalprint utility

Knot DNS 2.3.2 (2016-11-04)

 - Incorrect %s expansion for the root zone
 - Failed to refresh not existing slave zone after restart
 - Immediate zone refresh upon restart if refresh already scheduled
 - Early zone transfer after restart if transfer already scheduled
 - Not ignoring empty non-terminal parents during delegation lookup
 - CD bit preservation in responses
 - Compilation error on GNU/kFreeBSD
 - Server crash after double zone-commit if journal error

 - Speed-up of knotc if control operation and known socket
 - Zone purge operation purges also zone timers

 - Simple modules don't require empty configuration section
 - New zone journal path configuration option
 - New timeout configuration option for module dnsproxy
   2016-10-29 11:55:13 by Fredrik Pettai | Files touched by this commit (2)
Log message:
fix pkglint warning
   2016-10-29 11:42:48 by Fredrik Pettai | Files touched by this commit (3) | Package updated
Log message:
Knot DNS 2.3.1 (2016-10-07)

 - Missing glue records in some responses
 - Knsupdate prompt printing on non-terminal
 - Mismatch between configuration policy item names and documentation
 - Segfault on OS X (Sierra)

 - Significant speed-up of conf-commit and conf-diff operations (in most cases)
 - New EDNS Client Subnet libknot API
 - Better semantic-checks error messages

 - Print TLS certificate hierarchy in kdig verbose mode
 - New +subnet alias for +client
 - New mod-whoami and mod-noudp modules
 - New zone-purge control command
 - New log-queries and log-responses options for mod-dnstap
   2016-09-19 15:04:29 by Thomas Klausner | Files touched by this commit (147)
Log message:
Recursive PKGREVISION bump for gnutls shlib major bump.
   2016-08-25 16:11:49 by Fredrik Pettai | Files touched by this commit (3)
Log message:
Knot DNS 2.3.0 (2016-08-09)

 - No wildcard expansion below empty non-terminal for NSEC signed zone
 - Avoid multiple loads of the same PKCS #11 module
 - Fix kdig IXFR response processing if the transfer content is empty
 - Don't ignore non-existing records to be removed in IXFR

 - Refactored semantic checks and improved error messages
 - Set TC flag in delegation only if mandatory glue doesn't fit the response
 - Separate EDNS(0) payload size configuration for IPv4 and IPv6

 - DNSSEC policy can be defined in server configuration
 - Automatic NSEC3 resalt according to DNSSEC policy
 - Zone content editing using control interface
 - Zone size limit restriction for DDNS, AXFR, and IXFR (CVE-2016-6171)
 - DNS-over-TLS support in kdig (RFC 7858)
 - EDNS(0) padding and alignment support in kdig (RFC 7830)
   2016-06-16 19:12:27 by Fredrik Pettai | Files touched by this commit (3)
Log message:
Knot DNS 2.2.1 (2016-05-24)

 - Fix separate logging of server and zone events
 - Fix concurrent zone file flushing with many zones
 - Fix possible server crash with empty hostname on OpenWRT
 - Fix control timeout parsing in knotc
 - Fix "Environment maxreaders limit reached" error in knotc
 - Don't apply journal changes on modified zone file
 - Remove broken LTO option from configure script
 - Enable multiple zone names completion in interactive knotc
 - Set the TC flag in a response if a glue doesn't fit the response
 - Disallow server reload when there is an active configuration transaction

 - Distinguish unavailable zones from zones with zero serial in log messages
 - Log warning and error messages to standard error output in all utilities
 - Document tested PKCS #11 devices
 - Extended Python configuration interface

Knot DNS 2.2.0 (2016-04-26)

 - Fix build dependencies on FreeBSD
 - Fix query/response message type setting in dnstap module
 - Fix remote address retrieval from dnstap capture in kdig
 - Fix global modules execution for queries hitting existing zones
 - Fix execution of semantic checks after an IXFR transfer
 - Fix PKCS#11 support detection at build time
 - Fix kdig failure when the first AXFR message contains just the SOA record
 - Exclude non-authoritative types from NSEC/NSEC3 bitmap at a delegation
 - Mark PKCS#11 generated keys as sensitive (required by Luna SA)
 - Fix error when removing the only zone from the server
 - Don't abort knotc transaction when some check fails

 - URI and CAA resource record types support
 - RRL client address based white list
 - knotc interactive mode

 - Consistent IXFR error messages
 - Various fixes for better compatibility with PKCS#11 devices
 - Various keymgr user interface improvements
 - Better zone event scheduler performance with many zones
 - New server control interface
 - kdig uses local resolver if resolv.conf is empty