./net/knot, Knot (auth) DNS server

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: CURRENT, Version: 2.5.7nb1, Package name: knot-2.5.7nb1, Maintainer: pettai

Knot DNS is a high-performance authoritative-only DNS server
which supports all key features of the domain name system including
zone transfers, dynamic updates and DNSSEC.


Required to run:
[security/gnutls] [devel/libidn] [lang/python27] [devel/userspace-rcu] [textproc/jansson]

Required to build:
[pkgtools/cwrappers]

Master sites:

SHA1: 26bcd2784a8d1c062a4a103d9f2cb651804e7d68
RMD160: 96ac63cf365ed10fc979a351c79c12e345d4c2f0
Filesize: 1059.234 KB

Version history: (Expand)


CVS history: (Expand)


   2018-04-18 00:29:53 by Thomas Klausner | Files touched by this commit (286)
Log message:
Add p11-kit to gnutls/bl3.mk and bump dependencies.
   2018-03-08 15:30:37 by Fredrik Pettai | Files touched by this commit (4) | Package updated
Log message:
Knot DNS 2.5.7 (2018-01-02)
===========================

Bugfixes:
---------
 - Unintentional zone re-sign during reload if empty NSEC3 salt
 - Inconsistent zone names in journald structured logs
 - Malformed outgoing transfer for big zone with TSIG
 - Unexpected reply for DS query with an owner below a delegation point
 - Old dependencies in the pkg-config file

[...]

Only new Features & Security fixes of the previous updates are shown below

For a complete of all Improvements & Bugfixes, see:
https://gitlab.labs.nic.cz/knot/knot-dns/blob/2.5/NEWS

Knot DNS 2.5.3 (2017-07-14)
===========================

Features:
---------
 - CSK rollover support for Single-Type Signing Scheme

[...]

Knot DNS 2.5.2 (2017-06-23)
===========================

Security:
---------
 - CVE-2017-11104: Improper TSIG validity period check can allow TSIG forgery \ 
(Thanks to Synacktiv!)

Knot DNS 2.5.0 (2017-06-05)
===========================

Features:
---------
 - KASP database switched from JSON files to LMDB database
 - KSK rollover support using CDNSKEY and CDS in the automatic DNSSEC signing
 - Dynamic module loading support with proper module API
 - Journal can store full zone contents (not only differences)
 - Zone freeze/thaw support
 - Updated knotc zone-status output with optional column filters
 - New '[no]crypto' option in kdig
 - New keymgr implementation reflecting KASP database changes
 - New pykeymgr for JSON-based KASP database migration
 - Removed obsolete knot1to2 utility
   2018-03-07 17:42:10 by Fredrik Pettai | Files touched by this commit (3)
Log message:
Knot DNS 2.4.5 (2017-06-23)
===========================

Security:
---------
 - Improper TSIG validity period check can allow TSIG forgery (Thanks to Synacktiv!)

Bugfixes:
---------
 - Corner case journal fixes (huge changesets, OpenWRT operation)

Knot DNS 2.4.4 (2017-06-05)
===========================

Improvements:
-------------
 - Improved error handling in kjournalprint

Bugfixes:
---------
 - Zone flush not replanned upon unsuccessful flush
 - Journal inconsistency after deleting deleted zone
 - Zone events not rescheduled upon server reload (Thanks to Mark Warren)
 - Unreliable LMDB mapsize detection in kjournalprint
 - Some minor issues found by AddressSanitizer

Knot DNS 2.4.3 (2017-04-11)
===========================

Improvements:
-------------
 - New 'journal-db-mode' optimization configuration option
 - The default TSIG algorithm for utilities input is HMAC-SHA256
 - Implemented sensible default EDNS(0) padding policy (Thanks to D. K. Gillmor)
 - Added some more semantic checks on the knotc configuration operations

Bugfixes:
---------
 - Missing 'zone' keyword in the YAML output
 - Missing trailing dot in the keymgr DS owner output
 - Journal logs 'invalid parameter' in several cases
 - Some minor journal-related problems

Knot DNS 2.4.2 (2017-03-23)
===========================

Features:
---------
 - Zscanner can store record comments placed on the same line
 - Knotc status extension with version, configure, and workers parameters

Improvements:
-------------
 - Significant incoming XFR speed-up in the case of many zones

Bugfixes:
---------
 - Double OPT RR insertion when a global module returns KNOT_STATE_FAIL
 - User-driven zscanner parsing logic inconsistency
 - Lower serial at master doesn't trigger any errors
 - Queries with too long DNAME substitution do not return YXDOMAIN response
 - Incorrect elapsed time in the DDNS log
 - Failed to process forwarded DDNS request with TSIG

Knot DNS 2.4.1 (2017-02-10)
===========================

Improvements:
-------------
 - Speed-up of rdata addition into a huge rrset
 - Introduce check of minumum timeout for next refresh
 - Dnsproxy module can forward all queries without local resolving

Bugfixes:
--------
 - Transfer of a huge rrset goes into an infinite loop
 - Huge response over TCP contains useless TC bit instead of SERVFAIL
 - Failed to build utilities with disabled daemon
 - Memory leaks during keys removal
 - Rough TSIG packet reservation causes early truncation
 - Minor out-of-bounds string termination write in rrset dump
 - Server crash during stop if failed to open timers DB
 - Failed to compile on OS X older than Sierra
 - Poor minimum UDP-max-size configuration check
 - Failed to receive one-record-per-message IXFR-style AXFR
 - Kdig timeouts when receiving RCODE != NOERROR on subsequent transfer message

Knot DNS 2.4.0 (2017-01-18)
===========================
 - Kdig timeouts when receiving RCODE != NOERROR on subsequent transfer message

Knot DNS 2.4.0 (2017-01-18)
===========================

Bugfixes:
--------
 - False positive semantic-check warning about invalid bitmap in NSEC
 - Unnecessary SOA queries upon notify with up to date serial
 - Timers for expired zones are reset on reload
 - Zone doesn't expire when the server is down
 - Failed to handle keys with duplicate keytags
 - Per zone module and global module insconsistency
 - Obsolete online signing module configuration
 - Malformed output from kjournalprint
 - Redundant SO_REUSEPORT activation on the TCP socket
 - Failed to use higher number of background workers

Improvements:
-------------
 - Lower memory consumption with qp-trie
 - Zone events and zone timers improvements
 - Print all zone names in the FQDN format
 - Simplified query module interface
 - Shared TCP connection between SOA query and transfer
 - Response Rate Limiting as a module with statistics support
 - Key filters in keymgr

Features:
---------
 - New unified LMDB-based zone journal
 - Server statistics support
 - New statistics module for traffic measuring
 - Automatic deletion of retired DNSSEC keys
 - New control logging category
   2017-08-16 22:21:18 by Thomas Klausner | Files touched by this commit (180)
Log message:
Follow some http redirects.
   2017-08-07 10:44:14 by Johnny C. Lam | Files touched by this commit (1)
Log message:
Use PKG_SYSCONF* variables correctly in net/knot.

Set PKG_SYSCONFSUBDIR to "knot" to have all of the config files
located in the "knot" subdirectory of ${PKG_SYSCONFBASE}.

Pass ${PKG_SYSCONFBASE} to the configure script since the package's
build infrastructure automatically appends "/knot" to the value
passed in through --sysconfdir.

Remove ${PKG_SYSCONFDIR} from INSTALLATION_DIRS since it is
automatically created by the package install script.

Bump the PKGREVISION due to changes in the package install scripts.
   2016-12-09 23:28:18 by Fredrik Pettai | Files touched by this commit (3)
Log message:
Knot DNS 2.3.3 (2016-12-08)
===========================

Bugfixes:
---------
 - Double free when failed to apply zone journal
 - Zone bootstrap retry interval not preserved upon zone reload
 - DNSSEC related records not flushed if not signed
 - False semantic checks warning about incorrect type in NSEC bitmap
 - Memory leak in kzonecheck

Improvements:
-------------
 - All zone names are fully-qualified in log

Features:
---------
 - New kjournalprint utility

Knot DNS 2.3.2 (2016-11-04)
===========================

Bugfixes:
---------
 - Incorrect %s expansion for the root zone
 - Failed to refresh not existing slave zone after restart
 - Immediate zone refresh upon restart if refresh already scheduled
 - Early zone transfer after restart if transfer already scheduled
 - Not ignoring empty non-terminal parents during delegation lookup
 - CD bit preservation in responses
 - Compilation error on GNU/kFreeBSD
 - Server crash after double zone-commit if journal error

Improvements:
-------------
 - Speed-up of knotc if control operation and known socket
 - Zone purge operation purges also zone timers

Features:
---------
 - Simple modules don't require empty configuration section
 - New zone journal path configuration option
 - New timeout configuration option for module dnsproxy
   2016-10-29 11:55:13 by Fredrik Pettai | Files touched by this commit (2)
Log message:
fix pkglint warning
   2016-10-29 11:42:48 by Fredrik Pettai | Files touched by this commit (3) | Package updated
Log message:
Knot DNS 2.3.1 (2016-10-07)
===========================

Bugfixes:
---------
 - Missing glue records in some responses
 - Knsupdate prompt printing on non-terminal
 - Mismatch between configuration policy item names and documentation
 - Segfault on OS X (Sierra)

Improvements:
-------------
 - Significant speed-up of conf-commit and conf-diff operations (in most cases)
 - New EDNS Client Subnet libknot API
 - Better semantic-checks error messages

Features:
---------
 - Print TLS certificate hierarchy in kdig verbose mode
 - New +subnet alias for +client
 - New mod-whoami and mod-noudp modules
 - New zone-purge control command
 - New log-queries and log-responses options for mod-dnstap