Navigation:
Browse pkgsrc
(this page)
New packages:Log Message:
net/knot: Update to 3.4.1
Changelog:
Version 3.4.1
Features:
+ knotd: ACL configuration allows protocol specification (see
'acl.protocol')
+ knotc: support for benevolent zone updates (see zone-begin with
'+benevolent')
+ knotd: implemented TLS session resumption
+ kjournalprint: added print merged changesets mode (see '-M')
+ libknot: added NXNAME meta type (Thanks to Jan V?el??k)
Improvements:
+ knotd: DNSKEY synchronization event logs removed/added CDS and (C)
DNSKEYs
+ knotd: control command log message contains filters and flags in the
debug mode
+ knotc: zone status prints running, pending, and frozen duration
+ knotd,knotc: unification of control flags and filters
+ keymgr: key listing reports configured keys that are inaccessible
+ libs: upgraded embedded libngtcp2 to 1.8.0
+ doc: various fixes and updates
Bugfixes:
+ knotd: missing support for IPv6 link local address configuration
+ knotd: zone reload occasionally causes a core dump #939 (Thanks to
solidcc2)
+ knotd: race condition in DDNS over QUIC processing
+ knotd: imperfect signal handling on some auxiliary threads
+ knotd: EDNS EXPIRE not updated when zone signing results in up-to-date
+ knotd: failed to reload autogenerated QUIC/TLS key after process
ownership change
+ knotc: zone backup filter +keysonly doesn't disable other defaults
+ kxdpgun: failed to receive more data over QUIC until 1-RTT handshake is
done
+ knsupdate: memory leak if rdata parsing fails
+ doc: failed to install manual pages from a tarball
+ Dockerfile: TCP port 853 not exposed for DoT
Version 3.4.0
Features:
+ knotd: full DNS over TLS (DoT, RFC 7858) implementation (see 'DNS over
TLS')
+ knotd: bidirectional XFR over TLS (XoT) support with opportunistic,
strict, and mutual authentication profiles
+ knotd: support for DDNS over QUIC and TLS
+ knotd: DNSSEC validation requires the remaining RRSIG validity is
longer than 'rrsig-refresh'
+ knotd: new event for automatic DNSSEC revalidation
+ knotd: if enabled DNSSEC signing, EDNS expire is adjusted to the
earliest RRSIG expiration
+ knotd: added support for libdbus as an alternative to systemd dbus (see
'--enable-dbus=libdbus' configure parameter)
+ knotd: new XDP-related configuration options (see 'xdp.ring-size',
'xdp.busypoll-budget', and 'xdp.busypoll-timeout')
+ knotc: new command for explicit triggering DNSSEC validation (see
'zone-validate' command)
+ keymgr: SKR verification requires end of DNSKEY RRSIG validity covers
next DNSKEY snapshot
+ kdig: +nocrypto applies also to CERT, DS, SSHFP, DHCID, TLSA, ZONEMD,
and TSIG
+ knsupdate: added support for DDNS over QUIC and TLS (see '-Q' and '-S'
parameters)
+ kxdpgun: support for reading a binary input file (see '-B' parameter)
+ kxdpgun: support for output in JSON (see '-j' parameter)
+ kxdpgun: support for periodical output (see '-S' parameter)
+ mod-rrl: module offers limiting of non-UDP protocols based on consumed
time (see 'mod-rrl.time-rate-limit' and 'mod-rrl.time-instant-limit')
+ utils: -VV option for listing compile time configuration summary
Improvements:
+ knotd: up to eight DDNS queries can be queued per zone when frozen
+ knotd: the number of created/validated RRSIGs is logged
+ knotd: overhaul of atomic operations usage
+ knotd: unified DNAME semantic errors with the CNAME ones (see 'Handling
CNAME and DNAME-related updates')
+ knotd: better DDNS pre-check to prevent dropping a bulk of updates
+ knotd: extended SOA presence semantic checks
+ knotd: disallowed concurrent control zone and config transactions to
avoid deadlock
+ knotd: disallowed opening zone transaction when blocking command is
running to avoid deadlock
+ knotd: new XDP statistic counters
+ knotd: remote zone serial is logged upon received incoming transfer
+ knotd: zone backup stores and zone restore checks the CPU architecture
compatibility
+ knotd: time configuration options support 'w', 'M', and 'y' units
+ knotd: some control commands can be processed asynchronously
+ knotc: zone backup overwrites already existing backupdir in the force
mode
+ kdig: EDNS is enabled by default
+ kdig: the default EDNS payload size was lowered to 1232
+ mod-rrl: completely reimplemented UDP rate limiting using an efficient
query-counting mechanism on several address prefix lengths
+ mod-rrl: module no longer requires explicit configuration
+ libknot: various XDP improvements and new configuration parameters
+ docker: increased -D_FORTIFY_SOURCE to 3
Bugfixes:
+ knotd: deadlock during zone-ksk-submitted processing of a frozen zone
+ kxdpgun: race condition in SIGUSR1 signal processing
+ doc: parallel build is unreliable #928
Compatibility:
+ configure: increase minimal GnuTLS version to 3.6.10
+ configure: removed deprecated libidn 1 support
+ configure: removed liburcu search fallback
+ configure: required GCC or LLVM Clang compiler with C11 support
+ knotd: removed already ignored obsolete configuration options
+ keymgr: removed legacy parameter '--brief'
+ kjournalprint: removed legacy parameter '--no-color'
+ kjournalprint: removed legacy database specification without '--dir'
+ kcatalogprint: removed legacy database specification without '--dir'
+ packaging: CentOS 7, Debian 10, and Ubuntu 18.04 no longer supported
+ doc: removed info pages
Version 3.3.9
Improvements:
+ libknot: added EDE code 30
+ libknot: improved performance of knot_rrset_to_wire_extra()
+ libs: upgraded embedded libngtcp2 to 1.7.0
+ doc: various fixes and updates
Bugfixes:
+ keymgr: pregenerate clears future timestamps of old keys and creates
new keys
+ mod-dnsproxy: defective TSIG processing
+ mod-dnsproxy: TCP not detected in the XDP mode
+ kxdpgun: unsuccessful interface initialization leaks memory
+ packaging: libknot not installed with python3-libknot
| Revision | Action | file |
| 1.86 | modify | pkgsrc/net/knot/Makefile |
| 1.20 | modify | pkgsrc/net/knot/PLIST |
| 1.49 | modify | pkgsrc/net/knot/distinfo |