| Changelog |
* Wed Nov 11 2020 Jakub Ružička <jakub.ruzicka@nic.cz> 5.2.0-1
- update to upstream version 5.2.0
- sync packaging from upstream
* Wed Sep 23 2020 Jakub Ružička <jakub.ruzicka@nic.cz> 5.1.3-2
- rebuild for Knot DNS 3.0.0
* Tue Sep 08 2020 Jakub Ružička <jakub.ruzicka@nic.cz> 5.1.3-1
- update to upstream version 5.1.3
* Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 5.1.2-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Wed Jul 01 2020 Tomas Krizek <tomas.krizek@nic.cz> - 5.1.2-1
- update to upstream version 5.1.2
* Tue May 19 2020 Tomas Krizek <tomas.krizek@nic.cz> - 5.1.1-1
- update to upstream version 5.1.1 (fixes CVE-2020-12667)
* Wed Apr 29 2020 Tomas Krizek <tomas.krizek@nic.cz> - 5.1.0-1
- update to upstream version 5.1.0
- make spec compatible with EPEL 8 (rhbz#1783252)
- support documentation build with Sphinx v3.0.0+ (rhbz#1823534)
* Thu Apr 02 2020 Tomas Krizek <tomas.krizek@nic.cz> - 5.0.1-2
- add patch to fix strict aliasing (!971) until next release
* Wed Feb 05 2020 Tomas Krizek <tomas.krizek@nic.cz> - 5.0.1-1
- update to upstream version 5.0.1
- ensure kres-cache-gc.service is restarted on upgrade
* Wed Jan 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 5.0.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
* Mon Jan 27 2020 Tomas Krizek <tomas.krizek@nic.cz> - 5.0.0-1
- update to new upstream version 5.0.0
- removed systemd socket files (no longer supported)
- add upgrade scriptlets for 5.x
- remove lua-sec, lua-socket, lua-filesystem dependencies
- create tmpfiles dirs with macro
* Wed Dec 04 2019 Tomas Krizek <tomas.krizek@nic.cz> - 4.3.0-1
- update to new upstream version 4.3.0
- make config directory read-only for knot-resolver, relocate root.keys to /var/lib
- http module now depends on the exact same binary version of knot-resolver
* Tue Nov 12 2019 Tomas Krizek <tomas.krizek@nic.cz> - 4.2.2-2
- rebuild for libknot10 (Knot DNS 2.9.1)
* Mon Oct 07 2019 Tomas Krizek <tomas.krizek@nic.cz> - 4.2.2-1
- update to new upstream version 4.2.2
* Thu Sep 26 2019 Tomas Krizek <tomas.krizek@nic.cz> - 4.2.1-1
- update to new upstream version 4.2.1
* Wed Aug 21 2019 Tomas Krizek <tomas.krizek@nic.cz> - 4.2.0-1
- update to new upstream version 4.2.0
- added lua-psl dependency for policy.slice() functionality
* Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 4.1.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
* Wed Jul 10 2019 Tomas Krizek <tomas.krizek@nic.cz> - 4.1.0-1
- update to new upstream version 4.1.0
- add kres-cache-gc.service
* Wed May 29 2019 Tomas Krizek <tomas.krizek@nic.cz> - 4.0.0.-1
- rebase to new upstream release 4.0.0
- bump Knot DNS libraries to 2.8 (ABI compat)
- use new upstream build system - meson
- add knot-resolver-module-http package along with new lua dependecies
* Fri Feb 01 2019 Fedora Release Engineering <releng@fedoraproject.org> - 3.2.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Thu Jan 10 2019 Tomas Krizek <tomas.krizek@nic.cz> - 3.2.1-1
Knot Resolver 3.2.1 (2019-01-10)
================================
Bugfixes
--------
- trust_anchors: respect validity time range during TA bootstrap (!748)
- fix TLS rehandshake handling (!739)
- make TLS_FORWARD compatible with GnuTLS 3.3 (!741)
- special thanks to Grigorii Demidov for his long-term work on Knot Resolver!
Improvements
------------
- improve handling of timeouted outgoing TCP connections (!734)
- trust_anchors: check syntax of public keys in DNSKEY RRs (!748)
- validator: clarify message about bogus non-authoritative data (!735)
- dnssec validation failures contain more verbose reasoning (!735)
- new function trust_anchors.summary() describes state of DNSSEC TAs (!737),
and logs new state of trust anchors after start up and automatic changes
- trust anchors: refuse revoked DNSKEY even if specified explicitly,
and downgrade missing the SEP bit to a warning
* Mon Dec 17 2018 Tomas Krizek <tomas.krizek@nic.cz> - 3.2.0-1
Knot Resolver 3.2.0 (2018-12-17)
================================
New features
------------
- module edns_keepalive to implement server side of RFC 7828 (#408)
- module nsid to implement server side of RFC 5001 (#289)
- module bogus_log provides .frequent() table (!629, credit Ulrich Wisser)
- module stats collects flags from answer messages (!629, credit Ulrich Wisser)
- module view supports multiple rules with identical address/TSIG specification
and keeps trying rules until a "non-chain" action is executed (!678)
- module experimental_dot_auth implements an DNS-over-TLS to auth protocol
(!711, credit Manu Bretelle)
- net.bpf bindings allow advanced users to use eBPF socket filters
Bugfixes
--------
- http module: only run prometheus in parent process if using --forks=N,
as the submodule collects metrics from all sub-processes as well.
- TLS fixes for corner cases (!700, !714, !716, !721, !728)
- fix build with -DNOVERBOSELOG (#424)
- policy.{FORWARD,TLS_FORWARD,STUB}: respect net.ipv{4,6} setting (!710)
- avoid SERVFAILs due to certain kind of NS dependency cycles, again
(#374) this time seen as 'circular dependency' in verbose logs
- policy and view modules do not overwrite result finished requests (!678)
Improvements
------------
- Dockerfile: rework, basing on Debian instead of Alpine
- policy.{FORWARD,TLS_FORWARD,STUB}: give advantage to IPv6
when choosing whom to ask, just as for iteration
- use pseudo-randomness from gnutls instead of internal ISAAC (#233)
- tune the way we deal with non-responsive servers (!716, !723)
- documentation clarifies interaction between policy and view modules (!678, !730)
Module API changes
------------------
- new layer is added: answer_finalize
- kr_request keeps ::qsource.packet beyond the begin layer
- kr_request::qsource.tcp renamed to ::qsource.flags.tcp
- kr_request::has_tls renamed to ::qsource.flags.tls
- kr_zonecut_add(), kr_zonecut_del() and kr_nsrep_sort() changed parameters slightly
|
