Log Message:
knot: Update to 3.1.8

Changelog:
Version 3.1.8

Thursday, April 28, 2022

Features:

      + knotd: optional automatic ACL for XFR and NOTIFY (see
        'remote.automatic-acl')
      + knotd: new soft zone semantic check mode for allowing defective zone
        loading
      + knotc: added zone transfer freeze state to the zone status output

Improvements:

      + knotd: added configuration check for serial policy of generated
        catalogs

Bugfixes:

      + knotd/libknot: the server can crash when validating a malformed TSIG
        record
      + knotd: outgoing zone transfer freeze not preserved during server reload
      + knotd: catalog UPDATE not processed if previous UPDATE processing not
        finished #790
      + knotd: zone refresh not started if planned during server reload
      + knotd: generated catalogs can be queried over UDP
      + knotd/utils: failed to open LMDB database if too many stale slots
        occupy the lock table

Version 3.1.7

Wednesday, March 30, 2022

Features:

      + knotd: new configuration items for restricting minimum and maximum zone
        expire and retry intervals (see 'zone.expire-min-interval',
        'zone.expire-max-interval', 'zone.retry-min-interval',
        'zone.retry-max-interval') #785
      + knotc: added catalog information to zone status

Improvements:

      + knotd: better warning message if SOA serial comparison failed when
        loading from zone file
      + knotc: zone status shows all zone events when frozen
      + keymgr: better error message is returned when importing SKR with
        insufficient permissions
      + kdig: transfer status is also printed if failed

Bugfixes:

      + knotd: incomplete implementation of the Offline KSK mode in the IXFR
        and DDNS processing
      + knotd: catalog zone accepts duplicate members via UPDATE #786
      + knotd: server crashes if catalog database contains orphaned member
        zones
      + knotd: old journal is scraped when restoring just the zone file
      + knotd: some planned zone events can be lost during server reload
      + knotd: frozen zone gets thawed during server reload
      + knsupdate: missing section names in the show output
      + knsupdate: inappropriate log message if called from a script

Version 3.1.6

Tuesday, February 8, 2022

Features:

      + knotd: optional D-Bus notifications for significant server and zone
        events (see 'server.dbus-event')
      + knotd: new submission configuration option for delayed KSK
        post-activation (see 'submission.parent-delay')
      + knotc: new commands for outgoing XFR freeze (see 'zone-xfr-freeze' and
        'zone-xfr-thaw')
      + kzonesign: added multithreaded DNSSEC validation mode (see '--verify')

Improvements:

      + kdig: trailing data in reply packet is accepted with a warning
      + kdig: XFR responses are checked if SOA owners match
      + knotd: failed remote operations are logged as info instead of debug
      + knsec3hash: added alternative and more natural parameter semantics
      + knsupdate: interactive mode is newly based on library Editline
      + Dockerfile: added UID argument to facilitate the use of unprivileged
        container #783
      + doc: various fixes and improvements

Bugfixes:

      + libknot: inaccurate KNOT_DNAME_TXT_MAXLEN constant value #781
      + knotd: propagation delay not considered before DS push
      + knotd: excessive refresh retry delay when a few early attemps fail
      + knotd: duplicate KSK submission log message during a KSK rollover
      + kdig: dname letter case not preserved in XFR and Dnstap outputs
      + mod-cookies: missing server cookie in responses over TCP

Version 3.1.5

Monday, December 20, 2021

Features:

      + knotd: optional outgoing TCP connection pool for faster communication
        with remotes (see 'server.remote-pool-limit' and
        'server.remote-pool-timeout')
      + knotd: optional unreachable remote tracking to avoid zone events
        clogging (see 'server.remote-retry-delay')
      + knotd: new ZONEMD generation mode for the record removal from the zone
        apex #760 (see 'zone.zonemd-generate: remove')
      + mod-dnsproxy: new source address match option (see
        'mod-dnsproxy.address')
      + scripts/probe_dump: simple mod-probe client

Improvements:

      + knotd: DS push sets DS TTL equal to DNSKEY TTL
      + knotd: extended zone purge error logging
      + knotd: zone file parsing error message was extended by the file name
      + knotd: improved debug log message when TCP timeout is reached
      + knotd: new configuration check for using the default number of NSEC3
        iterations
      + knotd: new configuration check for insufficient RRSIG refresh time
      + mod-geoip: configuration check newly verifies the module configuration
        file #778
      + kdig: option +notimeout or +timeout=0 is interpreted as infinity
      + kdig: option +noretry is interpreted as zero retries
      + python/probe: more detailed default output format
      + doc: many spelling fixes (Thanks to Josh Soref)
      + doc: various fixes and improvements

Bugfixes:

      + knotd: imperfect TCP connection closing in the XDP mode
      + knotd: TCP reset packets are wrongly checked for ackno in the XDP mode
      + knotd: only first zone name is logged for multi-zone control operations
        #776
      + knotd: minor memory leak when full zone update fails to write to
        journal
      + knotc: configuration check doesn't check a configuration database
      + mod-dnstap: incorrect QNAME case restore in some corner cases (Thanks
        to Robert Edmonds) #777