Next | Query returned 94 messages, browsing 11 to 20 | Previous

History of commit frequency

CVS Commit History:


   2023-12-09 07:10:07 by Ryo ONODERA | Files touched by this commit (3) | Package updated
Log message:
knot: Update to 3.3.2

Changelog:
Version 3.3.2

Friday, October 20, 2023

Features:

      + knotd: support for IXFR from AXFR computation (see
        'zone.ixfr-from-axfr')
      + knotd: support benevolent IXFR (see 'zone.ixfr-benevolent')
      + knot-exporter: new configuration option '--no-zone-serial' #880

Improvements:

      + libs: upgraded embedded libngtcp2 to 1.0.0
      + knotd: added logging of new SOA serial when signing is finished
      + knotd: unified some XDP-related logging
      + keymgr: improved error message if a key file is not accessible
      + keymgr: added offline RRSIGs validation at the end of their validity
        intervals
      + kdig: upgraded EDNS presentation format to draft version -02
      + kdig: simplified QUIC connection without extra PING frames
      + kzonecheck: removed requirement that DS is at delegation point
      + doc: various fixes and improvements

Bugfixes:

      + knotd: logged incorrect new SOA serial if 'zonefile-load: difference'
        is set #875
      + knotd: more signing threads with a PKCS #11 keystore has no effect #876
      + knotd: DNAME record returned with query domain name instead of actual
        name #873
      + knotd: failed to import configuration file if mod-geoip is in use #881
      + knotd: failed to sign RRSet that fits to 64k only if compressed
      + knotd: broken zone update context upon failed operation over control
        interface
      + keymgr: offline RRSIGs not refreshed if 'rrsig-refresh' is not set
      + knsupdate: incorrect processing of @ in the delete operation #879
      + knot-exporter: failed to parse knotd PIDs on FreeBSD

Version 3.2.11

Thursday, October 19, 2023

Improvements:

      + keymgr: improved error message if a key file is not accessible
      + keymgr: added offline RRSIGs validation at the end of their validity
        intervals
      + doc: fixed some typos

Bugfixes:

      + knotd: DNAME record returned with query domain name instead of actual
        name #873
      + knotd: failed to import configuration file if mod-geoip is in use #881
      + knotd: failed to sign RRSet that fits to 64k only if compressed
      + keymgr: offline RRSIGs not refreshed if 'rrsig-refresh' is not set
      + knsupdate: incorrect processing of @ in the delete operation #879

Version 3.3.1

Monday, September 11, 2023

Improvements:

      + knotd: multiple catalog groups per member are tolerated, but only one
        is used
      + modules: added const qualifier to various function parameters #877
        (Thanks to Robert Edmonds)
      + libs: upgraded embedded libngtcp2 to 0.19.1

Bugfixes:

      + knotd: TCP over XDP fails to respond
      + knotd: server can crash when adjusting a wildcard glue
      + knotd: failed to forward DDNS if 'zone.master' points to 'remotes'
      + knotd: broken YAML statistics if more modules are configured #874
      + knotd: DDNS forwarding isn't RFC 8945 compliant

Version 3.2.10

Sunday, September 10, 2023

Improvements:

      + knotd: multiple catalog groups per member are tolerated, but only one
        is used
      + knotd: server cleans up stale LMDB readers when opening a RW
        transaction

Bugfixes:

      + knotd: server can crash when adjusting a wildcard glue
      + knotd: failed to forward DDNS if 'zone.master' points to 'remotes'
      + knotd: subsequent addition and removal to catalog zone isn't handled
        properly
      + knotd: server can crash if a shared module is loaded and dynamic
        configuration used
      + knotc: configuration import fails if an explicit shared module is
        configured
      + kdig: double-free on some malformed responses over QUIC #869
      + kdig: some TLS parameters override QUIC parameters
      + libs: NULL record with empty RDATA isn't allowed

Version 3.3.0

Monday, August 28, 2023

Features:

      + knotd: full DNS over QUIC (DoQ, RFC 9250) implementation, also without
        XDP
      + knotd: bidirectional XFR over QUIC (XoQ) support with opportunistic,
        strict, and mutual authentication profiles
      + knotd: automatic reverse PTR records pre-generation (see
        'zone.reverse-generate')
      + knotd: new per zone statistic counters 'zone.size' and 'zone.max-ttl'
      + knotd: new primary server pinning (see 'zone.master-pin-tolerance')
      + knotd: new SOA serial modulo policy (see 'zone.serial-modulo')
      + knotd: new multi-signer operation mode (see 'policy.dnskey-sync' and
        'DNSSEC multi-signer')
      + kdig: support for EDNS presentation format, also in JSON mode (see
        '+optpresent')
      + kxdpgun: new TCP/QUIC debug mode 'R' for connection reuse
      + kxdpgun: new XDP mode parameter '--mode' (Thanks to Jan V?el??k)
      + kxdpgun: new parameter '--qlog' for qlog destination specification
      + kzonecheck: new '--print' parameter for dumping the zone on stdout

Improvements:

      + knotd: secondary can be configured not to forward DDNS (see
        'zone.ddns-master')
      + knotd: extended support for UNIX socket configuration (remote, acl)
      + knotd: stats no longer dump empty or zero counters
      + knotd: new 'keys-updated' D-Bus event
      + knotd: added transport protocol information to outgoing event and
        nameserver logs
      + knotd: server cleans up stale LMDB readers when opening a RW
        transaction
      + knotd,kzonecheck: semantic check allows DS only at delegation point
      + knotc: new zone backup filters '+quic' and '+noquic' for QUIC key
        backup
      + mod-dnstap: DNS over QUIC traffic is marked as QUIC
      + kxdpgun: QUIC connections are closed by default
      + libs: upgraded embedded libngtcp2 to 0.18.0
      + kdig: QUIC, TLS, or HTTPS protocol is printed in the final statistics
      + doc: new sections 'DNS over QUIC' and 'DNSSEC multi-signer'
      + doc: various improvements

Bugfixes:

      + knotd: server can crash if a shared module is loaded and dynamic
        configuration used
      + knotd: inaccurate transfer size is logged if EDNS EXPIRE, PADDING, or
        TSIG is present
      + knotd: subsequent addition and removal to catalog zone isn't handled
        properly
      + knotc: configuration import fails if an explicit shared module is
        configured
      + utils: database transactions not properly closed when terminated
        prematurely
      + kdig: double-free on some malformed responses over QUIC #869
      + kdig: some TLS parameters override QUIC parameters
      + libs: NULL record with empty RDATA isn't allowed
      + tests: dthreads destructor test sometimes fails

Compatibility:

      + knotd: responses to forwarded DDNS requests are signed with local TSIG
        key
      + knotd: NOTIFY-initiated refresh tries all configured addresses of the
        remote
      + knotd: configuration option 'xdp.quic-log' was replaced with 'log.quic'
      + libs: removed embedded libbpf, an external one is necessary for XDP
      + libs: DNS over QUIC implementation only supports 'doq' ALPN
      + ctl: removed 'Version: ' prefix from 'status version' output
      + modules: reduced parameters of 'knotd_qdata_local_addr()'

Packaging:

      + knot-exporter: Prometheus exporter imported from GitHub
      + knot-exporter: packages for Debian, Ubuntu, and PyPI
      + debian,ubuntu: new self-hosted repository (see https://pkg.labs.nic.cz/
        doc/)
      + docker: upgraded to Debian bookworm-slim

Version 3.2.9

Thursday, July 27, 2023

Improvements:

      + keymgr: 'import-pkcs11' not allowed if no PKCS #11 keystore backend is
        configured
      + keymgr: more verbose key import errors
      + doc: extended migration notes
      + doc: various improvements

Bugfixes:

      + knotd: server may crash when storing changeset of a big zone migrating
        to/from NSEC3
      + knotd: zone refresh loop when all masters are outdated and timers
        cleared
      + knotd: failed to active D-Bus notifications if not started as systemd
        service
      + kjournalprint: database transaction not properly closed when terminated
        prematurely
   2023-11-08 14:21:43 by Thomas Klausner | Files touched by this commit (2377)
Log message:
*: recursive bump for icu 74.1
   2023-10-25 00:11:51 by Thomas Klausner | Files touched by this commit (2298)
Log message:
*: bump for openssl 3
   2023-08-14 07:25:36 by Thomas Klausner | Files touched by this commit (1247)
Log message:
*: recursive bump for Python 3.11 as new default
   2023-08-02 18:17:20 by Nia Alarie | Files touched by this commit (41)
Log message:
*: Use FORCE_C_STD=c99 for C packages that use for loop initial
declarations without setting -std=c99.
   2023-07-12 22:56:03 by Nia Alarie | Files touched by this commit (1)
Log message:
knot: Assumes compiler defaults to c99.
   2023-07-07 12:53:14 by Ryo ONODERA | Files touched by this commit (2) | Package updated
Log message:
knot: Update to 3.2.8

Changelog:
Version 3.2.8

Improvements:

        kdig: malformed messages are parsed and printed using a best-effort approach
        python: new dname from wire initialization

Bugfixes:

        knotd: missing outgoing NOTIFY upon refresh if one of more primaries is \ 
up-to-date
        knotd: journal loop detection can prevent zone from loading
        knotd: cryptic error message when journal is full #842
        knotd: failed to query catalog zone over UDP
        configure: libngtcp2 check wrongly requires version 0.13.0 instead of 0.13.1

Version 3.2.7

Features:

        knotd: new configuration option for preserving incoming IXFR changeset \ 
history (see 'zone.ixfr-by-one')

Improvements:

        knotd: journal ensures the stored changeset's SOA serials are strictly \ 
increasing
        knotd: more effective handling of zero KNOT_ZONE_LOAD_TIMEOUT_SEC \ 
environment value
        knotd, kdig: incoming transfer fails if a message has the TC bit set
        knotd, kjournalprint: store or print the timestamp of changeset creation
        kxdpgun: load only necessary number of queries (Thanks to Petr Špaček)
        kxdpgun: print ratio of sent vs. requested queries (Thanks to Petr Špaček)
        kxdpgun: print percentages as floats (Thanks to Petr Špaček)
        kjournalprint: ability to print a changeset loop
        kjournalprint: added changset serials information to '-z -d' output
        packaging: RHEL9 requires libxdp like fedora since RHEL 9.2 #844
        doc: various improvements

Bugfixes:

        knotd: journal loading can get stuck in a multi-changeset loop
        knotd: missing RCU lock when reading zone through the control interface
        knotd: server start D-Bus signaling doesn't work well if the zone file \ 
is missing, catalog zones are used, or in the async-start mode
        knotd: test suite fails on 32bit architectures on musl 1.2 and newer #843
        knotd: failed to process zero-length messages over QUIC
        libs: compilation with embedded ngtcp2 fails if there is another ngtcp2 \ 
in the path

Version 3.2.6

Improvements:

        libs: upgraded embedded libngtcp2 to 0.13.1
        libs: added support for building on Cygwin and MSYS (Thanks to \ 
Christopher Ng)
        mod-dnstap: improved precision of stored time values
        kdig: added option for EDNS EXPIRE (see '+expire') #836
        kdig: extended description of SOA timers in the multiline mode
        kdig: reduced latency of TLS communication
        libknot: added EDE codes 28 and 29
        doc: various improvements

Bugfixes:

        knotd: generated catalog zone not updated upon server reload #834
        knotd: failed to check shared module configuration
        knotd: missing RCU registration of the statistics thread (Thanks to Qin \ 
Longfei)
        knotd: server logs failed to send QUIC packets in the XDP mode
        libs: inconsistent transformation of IPv4-Compatible IPv6 Addresses
        utils: failed to load configuration if dnstap module is enabled #831
        libknot: missing include string.h
   2023-04-19 10:12:01 by Adam Ciarcinski | Files touched by this commit (2359) | Package updated
Log message:
revbump after textproc/icu update
   2023-03-03 16:32:41 by Ryo ONODERA | Files touched by this commit (2) | Package updated
Log message:
knot: Update to 3.2.5

Changelog:
Version 3.2.5

Thursday, February 2, 2023

Features:

      + knotd: new configuration option for enforcing IXFR fallback (see
        'zone.provide-ixfr')

Improvements:

      + knotd: changed UNIX socket file mode to 0222 for answering and 0220 for
        control
      + mod-probe: new support for communication over a UNIX socket
      + kdig: new support for communication over a UNIX socket
      + libs: upgraded embedded libngtcp2 to 0.13.0
      + doc: various improvements

Bugfixes:

      + knotd: failed to get catalog member configuration if catalog template
        is in a template
      + knotd: failed to respond over a UNIX socket with EDNS
      + knotd: unexpected zone update upon restart or zone reload if ZONEMD
        generation is enabled
      + knotd: redundant zone flush of unchanged zone if zone file load is
        'difference-no-serial'
      + knotd/kxdpgun: failed to receive messages over XDP with drivers tap or
        ena
      + knotc: zone check doesn't report missing zone file #829
      + kxdpgun: program crashes when remote closes QUIC connection instead of
        resumption
      + mod-geoip: configuration check leaks memory in the geodb mode
      + utils: unwanted color reset sequences in non-color output
   2023-01-08 21:40:20 by Ryo ONODERA | Files touched by this commit (4) | Package updated
Log message:
knot: Update to 3.2.4

Changelog:
Version 3.2.4
Improvements:
      + knotd: significant speed-up of catalog zone update processing
      + knotd: new runtime check if RRSIG lifetime is lower than RRSIG refresh
      + knotd: reworked zone re-bootstrap scheduling to be less progressive
      + mod-synthrecord: module can work with CIDR-style reverse zones #826
      + python: new libknot wrappers for some dname transformation functions
      + doc: a few fixes and improvements

Bugfixes:
      + knotd: incomplete zone is received when IXFR falls back to AXFR due to
        connection timeout if primary puts initial SOA only to the first
        message
      + knotd: first zone re-bootstrap is planned after 24 hours
      + knotd: EDNS EXPIRE option is present in outgoing transfer of a catalog
        zone
      + knotd: catalog zone can expire upon EDNS EXPIRE processing
      + knotd: DNSSEC signing doesn't fail if no offline KSK records available

Version 3.2.3
Improvements:
      + knotd: new per-zone DS push configuration option (see 'zone.ds-push')
      + libs: upgraded embedded libngtcp2 to 0.11.0

Bugfixes:
      + knsupdate: program crashes when sending an update
      + knotd: server drops more responses over UDP under higher load
      + knotd: missing EDNS padding in responses over QUIC
      + knotd: some memory issues when handling unusual QUIC traffic
      + kxdpgun: broken IPv4 source subnet processing
      + kdig: incorrect handling of unsent data over QUIC

Version 3.2.2
Features:
      + knotd,kxdpgun: support for VLAN (802.1Q) traffic in the XDP mode
      + knotd: added configurable delay upon D-Bus initialization (see
        'server.dbus-init-delay')
      + kdig: support for JSON (RFC 8427) output format (see '+json')
      + kdig: support for PROXYv2 (see '+proxy') (Gift for Peter van Dijk)

Improvements:
      + mod-geoip: module respects the server configuration of answer rotation
      + libs: upgraded embedded libngtcp2 to 0.10.0
      + tests: improved robustness of some unit tests
      + doc: added description of zone bootstrap re-planning

Bugfixes:
      + knotd: catalog confusion when a member is added and immediately deleted
        #818
      + knotd: defective handling of short messages with PROXYv2 header #816
      + knotd: inconsistent processing of malformed messages with PROXYv2
        header #817
      + kxdpgun: incorrect XDP mode is logged
      + packaging: outdated dependency check in RPM packages

Version 3.2.1
Improvements:
      + libknot: added compatibility with libbpf 1.0 and libxdp
      + libknot: removed some trailing white space characters from textual RR
        format
      + libs: upgraded embedded libngtcp2 to 0.8.1

Bugfixes:
      + knotd: some non-DNS packets not passed to OS if XDP mode enabled
      + knotd: inappropriate log about QUIC port change if QUIC not enabled
      + knotd/kxdpgun: various memory leaks related to QUIC and TCP
      + kxdpgun: can crash at high rates in emulated XDP mode
      + tests: broken XDP-TCP test on 32-bit platforms
      + kdig: failed to build with enabled QUIC on OpenBSD
      + systemd: failed to start server due to TemporaryFileSystem setting
      + packaging: missing knot-dnssecutils package on CentOS 7

Version 3.2.0
Features:
      + knotd: finalized TCP over XDP implementation
      + knotd: initial implementation of DNS over QUIC in the XDP mode (see
        'xdp.quic')
      + knotd: new incremental DNSKEY management for multi-signer deployment
        (see 'policy.dnskey-management')
      + knotd: support for remote grouping in configuration (see 'groups'
        section)
      + knotd: implemented EDNS Expire option (RFC 7314)
      + knotd: NSEC3 salt is changed with every ZSK rollover if lifetime is set
        to -1
      + knotd: support for PROXY v2 protocol over UDP (Thanks to Robert
        Edmonds) #762
      + knotd: support for key labels with PKCS #11 keystore (see
        'keystore.key-label')
      + knotd: SVCB/HTTPS treatment according to draft-ietf-dnsop-svcb-https
      + keymgr: new JSON output format (see '-j' parameter) for listing keys or
        zones (Thanks to JP Mens)
      + kxdpgun: support for DNS over QUIC with some testing modes (see '-U'
        parameter)
      + kdig: new DNS over QUIC support (see '+quic')

Improvements:
      + knotd: reduced memory consumption when processing IXFR, DNSSEC,
        catalog, or DDNS
      + knotd: RRSIG refresh values don't have to match in the mode Offline KSK
      + knotd: better decision whether AXFR fallback is needed upon a refresh
        error
      + knotd: NSEC3 resalt event was merged with the DNSSEC event
      + knotd: server logs when the connection to remote was taken from the
        pool
      + knotd: server logs zone expiration time when the zone is loaded
      + knotd: DS check verifies removal of old DS during algorithm rollover
      + knotd: DNSSEC-related records can be updated via DDNS
      + knotd: new 'xdp.udp' configuration option for disabling UDP over XDP
      + knotd: outgoing NOTIFY is replanned if failed
      + knotd: configuration checks if zone MIN interval values are lower or
        equal to MAX ones
      + knotd: DNSSEC-related zone semantic checks use DNSSEC validation
      + knotd: new configuration value 'query' for setting ACL action
      + knotd: new check on near end of imported Offline KSK records
      + knotd/knotc: implemented zone catalog purge, including orphaned member
        zones
      + knotc: interactive mode supports catalog zone completion, value
        completion, and more
      + knotc: new default brief and colorized output from zone status
      + knotc: unified empty values in zone status output
      + keymgr: DNSKEY TTL is taken from KSR in the Offline KSK mode
      + kjournalprint: path to journal DB is automatically taken from the
        configuration, which can be specified using '-c', '-C' (or '-D')
      + kcatalogprint: path to catalog DB is automatically taken from the
        configuration, which can be specified using '-c', '-C' (or '-D')
      + kzonesign: added automatic configuration file detection and '-C'
        parameter for configuration DB specificaion
      + kzonesign: all CPU threads are used for DNSSEC validation
      + libknot: dname pointer cannot point to another dname pointer when
        encoding RRsets #765
      + libknot: QNAME case is preserved in knot_pkt_t 'wire' field (Thanks to
        Robert Edmonds) #780
      + libknot: reduced memory consumption of the XDP mode
      + libknot: XDP filter supports up to 256 NIC queues
      + kxdpgun: new options for specifying source and remote MAC addresses
      + utils: extended logging of LMDB-related errors
      + utils: improved error outputs
      + kdig: query has AD bit set by default
      + doc: various improvements

Bugfixes:
      + knotd: zone changeset is stored to journal even if disabled
      + knotd: journal not applied to zone file if zone file changed during
        reload
      + knotd: possible out-of-order processing or postponed zone events to far
        future
      + knotd: incorrect TTL is used if updated RRSet is empty over control
        interface
      + knotd/libs: serial arithmetics not used for RRSIG expiration processing
      + knsupdate: incorrect RRTYPE in the question section

Compatibility:
      + knotd: default value for 'zone.journal-max-depth' was lowered to 20
      + knotd: default value for 'policy.nsec3-iterations' was lowered to 0
      + knotd: default value for 'policy.rrsig-refresh' is propagation delay +
        zone maximum TTL
      + knotd: server fails to load configuration if 'policy.rrsig-refresh' is
        too low
      + knotd: configuration option 'server.listen-xdp' has no effect
      + knotd: new configuration check on deprecated DNSSEC algorithm
      + knotc: new '-e' parameter for full zone status output
      + keymgr: new '-e' parameter for full key list output
      + keymgr: brief key listing mode is enabled by default
      + keymgr: renamed parameter '-d' to '-D'
      + knsupdate: default TTL is set to 3600
      + knsupdate: default zone is empty
      + kjournalprint: renamed parameter '-c' to '-H'
      + python/libknot: removed compatibility with Python 2

Packaging:
      + systemd: removed knot.tmpfile
      + systemd: added some hardening options
      + distro: Debian 9 and Ubuntu 16.04 no longer supported
      + distro: packages for CentOS 7 are built in a separate COPR repository
      + kzonecheck/kzonesign/knsec3hash: moved to new package knot-dnssecutils

Version 3.1.9
Improvements:
      + knotd: new configuration checks on unsupported catalog settings
      + knotd: semantic check issues have notice log level in the soft mode
      + keymgr: command generate-ksr automatically sets 'from' parameter to
        last offline KSK records' timestamp if it's not specified
      + keymgr: command show-offline starts from the first offline KSK record
        set if 'from' parameter isn't specified
      + kcatalogprint: new parameters for filtering catalog or member zone
      + mod-probe: default rate limit was increased to 100000
      + libknot: default control timeout was increased to 30 seconds
      + python/libknot: various exceptions are raised from class KnotCtl
      + doc: some improvements

Bugfixes:
      + knotd: incomplete outgoing IXFR is responded if journal history is
        inconsistent
      + knotd: manually triggered zone flush is suppressed if disabled zone
        synchronization
      + knotd: failed to configure XDP listen interface without port
        specification
      + knotd: de-cataloged member zone's file isn't deleted #805
      + knotd: member zone leaks memory when reloading catalog during dynamic
        configuration change
      + knotd: server can crash when reloading modules with DNSSEC signing
        (Thanks to iqinlongfei)
      + knotd: server crashes during shutdown if PKCS #11 keystore is used
      + keymgr: command del-all-old isn't applied to all keys in the removed
        state
      + kxdpgun: user specified network interface isn't used
      + libs: fixed compilation on illumos derivatives (Thanks to Nick Ewins)

Next | Query returned 94 messages, browsing 11 to 20 | Previous