Fri, 07 May 2021 14:27:19 UTC

Information for build knot-resolver-1.3.1-1.fc24

ID917165
Package Nameknot-resolver
Version1.3.1
Release1.fc24
Epoch
SummaryCaching full DNS Resolver
DescriptionThe Knot DNS Resolver is a caching full resolver implementation written in C and LuaJIT, including both a resolver library and a daemon. Modular architecture of the library keeps the core tiny and efficient, and provides a state-machine like API for extensions. The package is pre-configured as local caching resolver. To start using it, just start the local DNS socket: BEWARE: Because of https://bugzilla.redhat.com/show_bug.cgi?id=1366968 you need to switch your system to SELinux permissive mode.
Built bypspacek
State complete
Volume fedora_koji_archive01
StartedTue, 11 Jul 2017 10:52:48 UTC
CompletedTue, 11 Jul 2017 10:57:23 UTC
Taskbuild (f24-candidate, /rpms/knot-resolver:8a62324c62087955525175a67ece0e4654197f69)
Tags
f24-updates
RPMs
src
knot-resolver-1.3.1-1.fc24.src.rpm (info) (download)
armv7hl
knot-resolver-1.3.1-1.fc24.armv7hl.rpm (info) (download)
knot-resolver-devel-1.3.1-1.fc24.armv7hl.rpm (info) (download)
knot-resolver-debuginfo-1.3.1-1.fc24.armv7hl.rpm (info) (download)
i686
knot-resolver-1.3.1-1.fc24.i686.rpm (info) (download)
knot-resolver-devel-1.3.1-1.fc24.i686.rpm (info) (download)
knot-resolver-debuginfo-1.3.1-1.fc24.i686.rpm (info) (download)
x86_64
knot-resolver-1.3.1-1.fc24.x86_64.rpm (info) (download)
knot-resolver-devel-1.3.1-1.fc24.x86_64.rpm (info) (download)
knot-resolver-debuginfo-1.3.1-1.fc24.x86_64.rpm (info) (download)
Logs
armv7hl
state.log
hw_info.log
build.log
root.log
mock_output.log
x86_64
root.log
hw_info.log
state.log
build.log
mock_output.log
i686
state.log
root.log
build.log
hw_info.log
mock_output.log
Changelog * Tue Jul 11 2017 Petr Spacek <petr.spacek@nic.cz> - 1.3.1-2 - build experimental command line interface "kresc" * Tue Jul 11 2017 Petr Spacek <petr.spacek@nic.cz> - 1.3.1-1 New upstream release: Knot Resolver 1.3.1 (2017-06-23) ================================ Bugfixes -------- - modules/http: fix finding the static files (bug from 1.3.0) - policy.FORWARD: fix some cases of CNAMEs obstructing search for zone cuts Knot Resolver 1.3.0 (2017-06-13) ================================ Security -------- - Refactor handling of AD flag and security status of resource records. In some cases it was possible for secure domains to get cached as insecure, even for a TLD, leading to disabled validation. It also fixes answering with non-authoritative data about nameservers. Improvements ------------ - major feature: support for forwarding with validation (#112). The old policy.FORWARD action now does that; the previous non-validating mode is still avaliable as policy.STUB except that also uses caching (#122). - command line: specify ports via @ but still support # for compatibility - policy: recognize 100.64.0.0/10 as local addresses - layer/iterate: *do* retry repeatedly if REFUSED, as we can't yet easily retry with other NSs while avoiding retrying with those who REFUSED - modules: allow changing the directory where modules are found, and do not search the default library path anymore. Bugfixes -------- - validate: fix insufficient caching for some cases (relatively rare) - avoid putting "duplicate" record-sets into the answer (#198) Knot Resolver 1.2.6 (2017-04-24) ================================ Security -------- - dnssec: don't set AD flag for NODATA answers if wildcard non-existence is not guaranteed due to opt-out in NSEC3 Improvements ------------ - layer/iterate: don't retry repeatedly if REFUSED Bugfixes -------- - lib/nsrep: revert some changes to NS reputation tracking that caused severe problems to some users of 1.2.5 (#178 and #179) - dnssec: fix verification of wildcarded non-singleton RRsets - dnssec: allow wildcards located directly under the root - layer/rrcache: avoid putting answer records into queries in some cases * Thu Apr 06 2017 Petr Spacek <petr.spacek@nic.cz> - 1.2.5-1 - new upstream relase + security: layer/validate: clear AD if closest encloser proof has opt-outed NSEC3 (#169) + security: layer/validate: check if NSEC3 records in wildcard expansion proof has an opt-out + security: dnssec/nsec: missed wildcard no-data answers validation has been implemented + fix: trust anchors: Improve trust anchors storage format (#167) + fix: trust anchors: support non-root TAs, one domain per file + fix: policy.DENY: set AA flag and clear AD flag + fix: lib/resolve: avoid unnecessary DS queries + fix: lib/nsrep: don't treat servers with NOIP4 + NOIP6 flags as timeouted + fix: layer/iterate: During packet classification (answer vs. referral) don't analyze AUTHORITY section in authoritative answer if ANSWER section contains records that have been requested + enhancement: modules/dnstap: a DNSTAP support module (Contributed by Vicky Shrestha) + enhancement: modules/workarounds: a module adding workarounds for known DNS protocol violators + enhancement: layer/iterate: fix logging of glue addresses + enhancement: kr_bitcmp: allow bits=0 and consequently 0.0.0.0/0 matches in view and renumber modules. + enhancement: modules/padding: Improve default padding of responses (Contributed by Daniel Kahn Gillmor) + enhancement: New kresc client utility (experimental; don't rely on the API yet) * Thu Mar 09 2017 Petr Spacek <petr.spacek@nic.cz> - 1.2.4-1 - new upstream release + security: Knot Resolver 1.2.0 and higher could return AD flag for insecure answer if the daemon received answer with invalid RRSIG several times in a row. + fix: layer/iterate: some improvements in cname chain unrolling + fix: layer/validate: fix duplicate records in AUTHORITY section in case + fix: of WC expansion proof + fix: lua: do *not* truncate cache size to unsigned + fix: forwarding mode: correctly forward +cd flag + fix: fix a potential memory leak + fix: don't treat answers that contain DS non-existance proof as insecure + fix: don't store NSEC3 and their signatures in the cache + fix: layer/iterate: when processing delegations, check if qname is at or below new authority + enhancement: modules/policy: allow QTRACE policy to be chained with other policies + enhancement: hints.add_hosts(path): a new property + enhancement: module: document the API and simplify the code + enhancement: policy.MIRROR: support IPv6 link-local addresses + enhancement: policy.FORWARD: support IPv6 link-local addresses + enhancement: add net.outgoing_{v4,v6} to allow specifying address to use for connections * Mon Feb 27 2017 Petr Spacek <petr.spacek@nic.cz> - 1.2.3-1 - new upstream release + security: a cached negative answer from a CD query would be reused to construct response for non-CD queries, resulting in Insecure status instead of Bogus. + fix: lua: make the map command check its arguments + fix: -k argument processing to avoid out-of-bounds memory accesses + fix: lib/resolve: fix zonecut fetching for explicit DS queries + fix: hints: more NULL checks + fix: TA bootstrapping for multiple TAs in the IANA XML file + fix: Disable storing GLUE records into the cache even in the + fix: (non-default) QUERY_PERMISSIVE mode + fix: iterate: skip answer RRs that don't match the query + fix: layer/iterate: some additional processing for referrals + fix: lib/resolve: zonecut fetching error was fixed * Fri Feb 10 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1.2.0-2.1 - Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild * Fri Jan 27 2017 Petr Spacek <petr.spacek@nic.cz> - 1.2.0-2 - rebuild against knot-2.4.0 * Fri Jan 27 2017 Petr Spacek <petr.spacek@nic.cz> - 1.2.0 - new upstream release: + fix: reworked DNSSEC Validation, that fixes several know problems with less standard DNS configurations + fix: the resolver was setting AD flag when running in a forwarding mode + fix: correctly return RCODE=NOTIMPL on meta-queries and non IN class queries + fix: crash in hints module when hints file was empty + fix: non-lowercase hints + features: optional EDNS(0) Padding support for DNS over TLS + features: support for debugging DNSSEC with CD bit + features: DNS over TLS is now able to create ephemeral certs on the runtime (Thanks Daniel Kahn Gilmore for contributing to DNS over TLS implementation in Knot Resolver.) + features: configurable minimum and maximum TTL (default 6 days) + features: configurable pseudo-random reordering of RR sets + features: new module 'version' that can call home and report new versions and security vulnerabilities to the log file * Mon Jan 23 2017 Petr Spacek <petr.spacek@nic.cz> - 1.2.0-rc1 - Update to latest upstream version - Fix packaging bug: depend on proper Lua library versions - Allow automatic trust anchor management to work * Sat Nov 19 2016 Peter Robinson <pbrobinson@fedoraproject.org> 1.1.1-3 - Add ExclusiveArch for architectures with LuaJIT * Mon Aug 29 2016 Igor Gnatenko <ignatenko@redhat.com> - 1.1.1-2 - Rebuild for LuaJIT 2.1.0 * Wed Aug 24 2016 Jan Vcelak <jvcelak@fedoraproject.org> - 1.1.1-1 - new upstream release: + fix name server fallback in case some of the servers are unreachable * Fri Aug 12 2016 Jan Vcelak <jvcelak@fedoraproject.org> - 1.1.0-1 - new upstream release: + RFC7873 DNS Cookies + RFC7858 DNS over TLS + Metrics exported in Prometheus + DNS firewall module + Explicit CNAME target fetching in strict mode + Query minimisation improvements + Improved integration with systemd * Tue May 31 2016 Jan Vcelak <jvcelak@fedoraproject.org> - 1.0.0-1 - final release * Thu May 05 2016 Jan Vcelak <jvcelak@fedoraproject.org> - 1.0.0-0.3.4f463d7 - update to latest git version - re-enable unit-test * Sat Apr 09 2016 Jan Vcelak <jvcelak@fedoraproject.org> - 1.0.0-0.2.79a8440 - update to latest git version - fix package review issues * Tue Feb 02 2016 Jan Vcelak <jvcelak@fedoraproject.org> - 1.0.0-0.1.beta3 - initial package