For details see:
https://www.knot-dns.cz/2021-06-16-version-307.html
Features:
knotd: new configuration policy option for CDS digest algorithm setting #738
keymgr: new command for primary SOA serial manipulation in on-secondary signing mode
Improvements:
knotd: improved algorithm rollover to shorten the last step of old RRSIG publication
Bugfixes:
knotd: zone is flushed upon server start, despite DNSSEC signing is up-to-date
knotd: wildcard nonexistence is proved on empty-non-terminal query
knotd: redundant wildcard proof for non-authoritative data in a reply
knotd: missing wildcard proofs in a wildcard-cname loop reply
knotd: incorrectly synthesized CNAME owner from a wildcard record #715
knotd: zone-in-journal changeset ignores journal-max-usage limit #736
knotd: incorrect processing of zone-in-journal changeset with SOA serial 0
knotd: broken initialization of processing workers if SO_REUSEPORT(_LB) not available
kjournalprint: reported journal usage is incorrect #736
keymgr: cannot parse algorithm name ed448 #739
keymgr: default key size not set properly
kdig: failed to process huge DoH responses
libknot/probe: some corner-case bugs
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
For details see:
https://www.knot-dns.cz/2021-05-12-version-306.html
"Features:
mod-probe: new module for simple traffic logging (Python API not yet included)
Improvements:
keymgr: new mode for listing zones with at least one key stored
keymgr: the pregenerate command accepts optional timestamp-from parameter
kzonecheck: accept '-' as substitution for standard input #727
knotd: print an error when unable to change owner of a logging file
knotd: new warning log if no interface is configured
knotd: new signing policy check for NSEC3 iterations higher than 20
knotd: don't allow backup to/restore from the DB storage directory
Various code (mostly zone backup/restore), tests, and documentation improvements
Bugfixes:
knotd: secondary fails to load zone file if HTTPS or SVCB record is present #725
knotd: (KSK roll-over) new KSK is not signing DNSKEY long enough before DS submission
knotd: (KSK roll-over) old KSK uselessly published after roll-over finished
knotd: malformed address in TCP-related logs when listening on a UNIX socket
knotd: server responds FORMERR instead of BADTIME if TSIG signed time is zero #730
modules: incorrect local and remote addresses in the XDP mode
modules: failed to read configuration from a section without identifiers
mod-synthrecord: queries on synthesized empty-non-terminals not answered with NODATA
keymgr: confusing error if del-all-old command fails"
For 3.0.5 (skipped):
https://www.knot-dns.cz/2021-03-25-version-305.html
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
For details see:
https://www.knot-dns.cz/2020-05-25-version-295.html
"Bugfixes:
Old ZSK can be withdrawn too early during a ZSK rollover if maximum
zone TTL is computed automatically
Server responds SERVFAIL to ANY queries on empty non-terminal nodes
Improvements:
Also module onlinesign returns minimized responses to ANY queries
Linking against libcap-ng can be disabled via a configure option"
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
