./net/knot, Knot (auth) DNS server

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: CURRENT, Version: 2.3.3, Package name: knot-2.3.3, Maintainer: pettai

Knot DNS is a high-performance authoritative-only DNS server
which supports all key features of the domain name system including
zone transfers, dynamic updates and DNSSEC.


Required to run:
[security/gnutls] [devel/libidn] [devel/userspace-rcu] [textproc/jansson]

Required to build:
[pkgtools/cwrappers]

Master sites:

SHA1: a94bebb595eab6b3014aae9e2376300958864113
RMD160: d72fc69dd2a0fee769eb1c7261ea5df6d31c145e
Filesize: 1046.055 KB

Version history: (Expand)


CVS history: (Expand)


   2016-12-09 23:28:18 by Fredrik Pettai | Files touched by this commit (3)
Log message:
Knot DNS 2.3.3 (2016-12-08)
===========================

Bugfixes:
---------
 - Double free when failed to apply zone journal
 - Zone bootstrap retry interval not preserved upon zone reload
 - DNSSEC related records not flushed if not signed
 - False semantic checks warning about incorrect type in NSEC bitmap
 - Memory leak in kzonecheck

Improvements:
-------------
 - All zone names are fully-qualified in log

Features:
---------
 - New kjournalprint utility

Knot DNS 2.3.2 (2016-11-04)
===========================

Bugfixes:
---------
 - Incorrect %s expansion for the root zone
 - Failed to refresh not existing slave zone after restart
 - Immediate zone refresh upon restart if refresh already scheduled
 - Early zone transfer after restart if transfer already scheduled
 - Not ignoring empty non-terminal parents during delegation lookup
 - CD bit preservation in responses
 - Compilation error on GNU/kFreeBSD
 - Server crash after double zone-commit if journal error

Improvements:
-------------
 - Speed-up of knotc if control operation and known socket
 - Zone purge operation purges also zone timers

Features:
---------
 - Simple modules don't require empty configuration section
 - New zone journal path configuration option
 - New timeout configuration option for module dnsproxy
   2016-10-29 11:55:13 by Fredrik Pettai | Files touched by this commit (2)
Log message:
fix pkglint warning
   2016-10-29 11:42:48 by Fredrik Pettai | Files touched by this commit (3) | Package updated
Log message:
Knot DNS 2.3.1 (2016-10-07)
===========================

Bugfixes:
---------
 - Missing glue records in some responses
 - Knsupdate prompt printing on non-terminal
 - Mismatch between configuration policy item names and documentation
 - Segfault on OS X (Sierra)

Improvements:
-------------
 - Significant speed-up of conf-commit and conf-diff operations (in most cases)
 - New EDNS Client Subnet libknot API
 - Better semantic-checks error messages

Features:
---------
 - Print TLS certificate hierarchy in kdig verbose mode
 - New +subnet alias for +client
 - New mod-whoami and mod-noudp modules
 - New zone-purge control command
 - New log-queries and log-responses options for mod-dnstap
   2016-09-19 15:04:29 by Thomas Klausner | Files touched by this commit (147)
Log message:
Recursive PKGREVISION bump for gnutls shlib major bump.
   2016-08-25 16:11:49 by Fredrik Pettai | Files touched by this commit (3)
Log message:
Knot DNS 2.3.0 (2016-08-09)
===========================

Bugfixes:
---------
 - No wildcard expansion below empty non-terminal for NSEC signed zone
 - Avoid multiple loads of the same PKCS #11 module
 - Fix kdig IXFR response processing if the transfer content is empty
 - Don't ignore non-existing records to be removed in IXFR

Improvements:
-------------
 - Refactored semantic checks and improved error messages
 - Set TC flag in delegation only if mandatory glue doesn't fit the response
 - Separate EDNS(0) payload size configuration for IPv4 and IPv6

Features:
---------
 - DNSSEC policy can be defined in server configuration
 - Automatic NSEC3 resalt according to DNSSEC policy
 - Zone content editing using control interface
 - Zone size limit restriction for DDNS, AXFR, and IXFR (CVE-2016-6171)
 - DNS-over-TLS support in kdig (RFC 7858)
 - EDNS(0) padding and alignment support in kdig (RFC 7830)
   2016-06-16 19:12:27 by Fredrik Pettai | Files touched by this commit (3)
Log message:
Knot DNS 2.2.1 (2016-05-24)
===========================

Bugfixes:
---------
 - Fix separate logging of server and zone events
 - Fix concurrent zone file flushing with many zones
 - Fix possible server crash with empty hostname on OpenWRT
 - Fix control timeout parsing in knotc
 - Fix "Environment maxreaders limit reached" error in knotc
 - Don't apply journal changes on modified zone file
 - Remove broken LTO option from configure script
 - Enable multiple zone names completion in interactive knotc
 - Set the TC flag in a response if a glue doesn't fit the response
 - Disallow server reload when there is an active configuration transaction

Improvements:
-------------
 - Distinguish unavailable zones from zones with zero serial in log messages
 - Log warning and error messages to standard error output in all utilities
 - Document tested PKCS #11 devices
 - Extended Python configuration interface

Knot DNS 2.2.0 (2016-04-26)
===========================

Bugfixes:
---------
 - Fix build dependencies on FreeBSD
 - Fix query/response message type setting in dnstap module
 - Fix remote address retrieval from dnstap capture in kdig
 - Fix global modules execution for queries hitting existing zones
 - Fix execution of semantic checks after an IXFR transfer
 - Fix PKCS#11 support detection at build time
 - Fix kdig failure when the first AXFR message contains just the SOA record
 - Exclude non-authoritative types from NSEC/NSEC3 bitmap at a delegation
 - Mark PKCS#11 generated keys as sensitive (required by Luna SA)
 - Fix error when removing the only zone from the server
 - Don't abort knotc transaction when some check fails

Features:
---------
 - URI and CAA resource record types support
 - RRL client address based white list
 - knotc interactive mode

Improvements:
-------------
 - Consistent IXFR error messages
 - Various fixes for better compatibility with PKCS#11 devices
 - Various keymgr user interface improvements
 - Better zone event scheduler performance with many zones
 - New server control interface
 - kdig uses local resolver if resolv.conf is empty
   2016-02-28 18:02:38 by Fredrik Pettai | Files touched by this commit (3) | Package updated
Log message:
Knot DNS 2.1.1 (2016-02-10)
===========================

Bugfixes:
---------
 - DNSSEC: Allow import of duplicate private key into the KASP
 - DNSSEC: Avoid duplicate NSEC for Wildcard No Data answer
 - Fix server crash when an incomming transfer is in progress and reload is issued
 - Fix socket polling when configured with many interfaces and threads
 - Fix compilation against Nettle 3.2

Improvements:
-------------
 - Select correct source address for UDP messages recieved on ANY address
 - Extend documentation of knotc commands

Knot DNS 2.1.0 (2016-01-14)
===========================

Features:
---------
 - Per-thread UDP socket binding using SO_REUSEPORT on Linux
 - Support for dynamic configuration database
 - DNSSEC: Support for cryptographic tokens via PKCS #11 interface
 - DNSSEC: Experimental support for online signing

Improvements:
-------------
 - Support for zone file name patterns
 - Configurable location of zone timer database
 - Non-blocking network operations and better timeout handling
 - Caching of Critical configuration values for better performance
 - Logging of ACL failures
 - RRL: Add rate-limit-slip zero support to drop all responses
 - RRL: Document behavior for different rate-limit-slip options
 - kdig: Warning instead of error on TSIG validation failure
 - Cleanup of support libraries interfaces (libknot, libzscanner, libdnssec)
 - Remove possibly insecure server control over a network socket
 - Remove implementation limit for the number of network interfaces

Bugfixes:
---------
 - synth-record module: Fix application of default configuration options
 - TSIG: Allow compressed TSIG name when forwarding DDNS updates
 - Schedule zone bootstrap after slave zone fails to load from disk
   2016-02-25 17:20:53 by Jonathan Perkin | Files touched by this commit (47)
Log message:
Use OPSYSVARS.