File knot.changes of Package knot
-------------------------------------------------------------------
Mon Sep 15 19:44:38 UTC 2014 - ondrej@sury.org
- Updated to 1.5.3
Bugfixes:
- Some specific incoming IXFRs were causing server to crash
- Rare sychronization error during reload caused read-after-free
- Response synthetization module did not work properly with DNSSEC-enabled zones
- When Knot sent AXFR when IXFR was requested, message ID and opcode were wrong
- Knot failed to send large messages to remote control (present since 1.5.1)
- Some RR parsing corner cases were not handled properly
- AXFR-style IXFR was refused and had to be retransfered
- Hash character (#) was not properly escaped when storing text zone file
- DNSSEC: DNAMEs in RDATA were not lowercased before signing
- EDNS: OPT RR were not put into responsing for some errors
- TSIG: DDNS responses were not signed with TSIG
- DDNS: Prerequisite checks failed for some inputs
- knsupdate: Zone origin was not used for deletions
Features:
- Basic support for logging using systemd journal
- DDNS: Ability to process updates in bulk
Improvements:
- Unified logging messages structure
- DNSSEC: More strict controls for signing keys
- Refreshed patches on top of 1.5.3 release:
* 0001-loosen-openssl-dependency.patch
* 0002-make-configure.ac-compatible-with-old-tools.patch
-------------------------------------------------------------------
Fri Jul 11 09:06:45 UTC 2014 - ondrej@sury.org
- Squash 0002-remove-AM_SILENT_RULES.patch and 0003-no-dist-xz.patch
into 0002-make-configure.ac-compatible-with-old-tools.patch that
removes configure.ac options incompatible with SLES_11_SP[23].
- added patches:
* 0002-make-configure.ac-compatible-with-old-tools.patch
- removed patches:
* 0002-remove-AM_SILENT_RULES.patch
* 0003-no-dist-xz.patch
-------------------------------------------------------------------
Thu Jul 10 08:18:29 UTC 2014 - ondrej@sury.org
- Updated to 1.5.0
Features:
* DDNS forwarding reimplemented
* edns-client-subnet support in kdig
* Optional asynchronous startup (config "asynchronous-start")
* Pluggable query processing modules
* Synthetic IPv4/IPv6 reverse/forward records (optional module)
* dnstap support in both utilities & server (optional module)
* NOTIFY message support and new TSIG section in kdig
* Multi-master support
Improvements:
* Transfer sizes logged in bytes if needed
* Logging outgoing NOTIFY messages
* Logging unauthorized incoming NOTIFYs
* Preempt task queue for faster reload
* Lazy zone file write after zone transfer (governed by "zonefile-sync")
* Query processing and core functionality overhaul
* Performance and reduced memory footprint
* Faster zone events scheduling
* RFC compliant queries/responses in some corner cases
* Log messages
* New documentation (Sphinx)
Bugfixes:
* Zone flush planning after bootstrap
* Incorrect incoming AXFR message sizes
* DDNS signing changes were freed too soon, posibility of stale data
* knotc remote control key handling
* Close zone transfer after SERVFAIL response
* Incremental to full zone transfer fallback, wrong log message
* Zone events corner cases, reload replanning
-------------------------------------------------------------------
Tue Jun 24 12:56:27 UTC 2014 - pgajdos@suse.com
- updated to 1.4.7:
* Fixed DDNS corner cases
* Fixed zone EXPIRE timer
* Fixed semantic checks false positives
* Fixed sending malformed IXFR with automatic DNSSEC
* Fixed NAPTR record serialization
-------------------------------------------------------------------
Mon May 12 12:38:02 UTC 2014 - ondrej@sury.org
- Fixed the missing 1.4.5 tarball
-------------------------------------------------------------------
Tue Apr 15 07:08:27 UTC 2014 - ondrej@sury.org
- updated to 1.4.5
Bugfixes:
* Fix possible weakness in TSIG signature checking
-------------------------------------------------------------------
Fri Mar 28 10:56:24 UTC 2014 - pgajdos@suse.com
- updated to 1.4.4
Features:
* Server is logging remote control commands
* 'knotc reload' doesn't refresh unchanged zones
* 'knotc -f refresh' forces zone retransfer
Bugfixes:
* Missing notifications after DDNS/automatic resign
* Zone is rebootstrapped if the zone file is unreadable
* Progressive bootstrap retry backoff
* Zone file parser allows asterisk as part of the label
* Journal maximum entry size fixes
* Sign DNSKEYs in non-apex nodes as regular RR sets
-------------------------------------------------------------------
Tue Feb 18 14:56:36 UTC 2014 - ondrej@sury.org
- Enable recvmmsg support in the build to increase performance
- Update upstream config directory to /etc/knot (instead of /etc/knot/knot)
- Replace tar.xz with tar.gz to allow backporting to older releases
- Disable silent rules to have more verbose builds
- Add support to compile with OpenSSL << 1.0.0
- added patches:
* 0001-loosen-openssl-dependency.patch
-------------------------------------------------------------------
Tue Feb 18 12:07:36 UTC 2014 - ondrej@sury.org
- update to 1.4.3:
* Failure when expanding wildcard leading to apex and having DNSKEY records
* Failure for query to wildcard without wildcard expansion
* Bad cleanup when loading a faulty entry from a journal
* Zone file $ORIGIN and configuration comparison is case-insensitive
* Config "include" statement supports directory and includes all files within
-------------------------------------------------------------------
Mon Jan 27 15:17:49 UTC 2014 - ondrej@sury.org
- update to 1.4.2:
* AXFR/IXFR compatibility issues with tinydns/axfrdns
* Journal file is created only when needed
* Zone-related log messages are logged into correct category
* DNSSEC: Refresh signatures earlier (3 days before their expiration
with the default signature lifetime)
* Fixed RCU synchronization causing deadlock on 'knotc signzone'
* RRSIG not fitting in the additional records doesn't cause truncation
-------------------------------------------------------------------
Tue Jan 14 15:14:06 UTC 2014 - ondrej@sury.org
- update to 1.4.1:
* Empty APL record support
* 'zonestatus' when using immediate zone syncing
* Immediate zone syncing after reload
* Race condition writing time values to zone file
* Hard require OpenSSL >= 1.0.0
- removed patches:
* 0001-Add-support-for-OpenSSL-threads-in-OpenSSL-1.0.0.patch
* 0001-Check-the-OpenSSL-version-when-checking-for-GOST-alg.patch
-------------------------------------------------------------------
Wed Jan 8 08:58:19 UTC 2014 - ondrej@sury.org
- Add support to compile with OpenSSL << 1.0.0
- added patches:
* 0001-Add-support-for-OpenSSL-threads-in-OpenSSL-1.0.0.patch
* 0001-Check-the-OpenSSL-version-when-checking-for-GOST-alg.patch
-------------------------------------------------------------------
Wed Jan 8 08:40:45 UTC 2014 - ondrej@sury.org
- update to 1.4.0:
* Experimental automatic DNSSEC signing
* Fastest ragel parser enabled by default
* Reduced memory usage
* Zone SOA SERIAL policies (INCREMENT, UNIXTIME) for DDNS and
automatic DNSSEC signing
* IDN support in Knot utilities (kdig, knsupdate, ...)
* DNSSEC: support for GOST algorithm
* Support for DNSSEC key pre-publication
-------------------------------------------------------------------
Mon Dec 16 09:46:03 UTC 2013 - ondrej@sury.org
- update to 1.3.4:
* Bugfixes:
Crash in particular additionals processing
Race condition in event cancelation
Journal corruption after failed transactions
-------------------------------------------------------------------
Tue Nov 26 13:36:54 UTC 2013 - pgajdos@suse.com
- update to 1.3.3:
* New features:
Reduced memory usage
Improved performance
Experimental automatic DNSSEC signing
Refactored zone loading
Improved journal locking
* Bugfixes:
Fixed some race conditions
Various fixes in client utilities
-------------------------------------------------------------------
Mon Sep 9 15:16:04 UTC 2013 - pgajdos@suse.com
- update to 1.3.1
* Faster zone parser
* Full support for EUI and ILNP resource records
* Lower memory footprint for large zones
* No compilation of zones
* Improved scheduling of zone transfers
* Logging of serials and timing information for zone transfers
* see NEWS or https://www.knot-dns.cz/ for details
-------------------------------------------------------------------
Wed Apr 3 15:37:52 UTC 2013 - ondrej@sury.org
- Update to 1.2.0 final
Bugfixes:
* Memory leaks
-------------------------------------------------------------------
Fri Mar 22 15:32:38 UTC 2013 - ondrej@sury.org
- Update to 1.2.0-rc4
New features:
* knotc 'zonestatus' command
Bugfixes:
* Changing logfile ownership before dropping privileges
* knotc respects 'control' section from configuration
* RRL: resolved bucket collisions
* RRL: updated bucket mapping to conform RRL technical memo
-------------------------------------------------------------------
Tue Mar 12 08:37:55 UTC 2013 - ondrej@sury.org
- Update to 1.2.0-rc3
New features:
* Dynamic updates, including forwarding (limited on signed zones)
* Updated remote control utility
* Configurable TCP timeouts
* LOC RR support
* Response rate limiting (see documentation)
Bugfixes:
* Fixed processing of some non-standard dnames.
* Correct checking of label length bounds in some cases.
* More compliant rcodes in case of DDNS/TSIG failures.
* Correct processing of malformed DDNS prereq section.
* Fixed OpenBSD build
* Responses to ANY should contain RRSIGs
-------------------------------------------------------------------
Sat Nov 24 09:12:42 UTC 2012 - aj@suse.de
- Documentation only needs makeinfo, thus require it instead of texinfo
where it's available as separate package.
-------------------------------------------------------------------
Thu Nov 22 17:22:37 UTC 2012 - ondrej@sury.org
- update to 1.1.2:
Bugfixes:
* Fixed crash on reload when config contained duplicate zones.
* Fixed scheduling of transfers.
* Fixed debug message.
- merge some changes from fedora spec file
- remove unittest files, they don't belong in binary packages
- depend on texinfo package to build the documentation
-------------------------------------------------------------------
Tue Nov 20 12:37:14 UTC 2012 - pgajdos@suse.com
- update to 1.1.1:
New features:
* Optionally disable ANY queries for authoritative answers.
* Dropping identical records in zone and incoming transfers.
* Support for '/' in zone names.
* Generating journal from reloaded zone (EXPERIMENTAL).
* Outgoing-only interfaces in configuration file.
* Following DNAME if the synthetized name is in the same zone.
* Signing SOA with TSIG queries when checking zone version with master.
* Improved compression of packets. Out-of-zone dnames present in RDATA
were not compressed.
* Slave zones are now automatically refreshed after startup.
* Proper response to IXFR/UDP query (returns SOA in Authority section).
Bugfixes:
* Crash when zone contained RRSIG signing a CNAME, but did not
contain the CNAME.
* Malformed packets parsing.
* Failed IXFR caused memory leaks.
* Failed IXFR might have resulted in inconsistent zone structures.
* Fixed answering to +dnssec queries when NSEC3 chain is corrupted.
* Fixed answering when transitioning from NSEC3 to NSEC.
* Fixed answering when zone contains multiple NSEC3 chains.
* Handling RRSets with different TTLs - TTL from the first RR is used.
* Synchronization of zone reload and zone transfers.
* Fixed build on NetBSD 5 and FreeBSD.
* Fixed binding to both IPv4 and IPv6 at the same time on special
interfaces.
* Fixed access rights of created files.
* Semantic checks corrupted RDATA domain names which are covered by
wildcard in the same zone.
* Fixed ixfr-from-differences journal generation in case of IPSECKEY
and APL records.
* Fixed possible leak on server shutdown with a pending transfer.
* Syncing journal to zone was not updating the compiled zone database.
* Crash after IXFR in certain cases when adding RRSIG in an IXFR.
* Fixed behaviour when incoming IXFR removes a zone cut. Previously
occluded names now become properly visible. Previously lead to a
crash when the server was asked for the previously occluded name.
* Fixed handling of zero-length strings in text zone dump. Caused the
compilation to fail.
* Fixed TSIG algorithm name comparison - the names should be in
canonical form.
* Fixed handling unknown RR types with type less than 251.
Other improvements:
* IXFR-in optimized.
* Many zones loading optimized.
* More detailed log messages (mostly transfer-related).
* Copying Question section to error responses.
* Using zone name from config file as default origin in zone file.
* Additional records are now added to response also from
wildcard-covered names.
* Improved user manual.
* Better checks of corrupted zone database.
-------------------------------------------------------------------
Tue Aug 28 10:02:40 UTC 2012 - pgajdos@suse.com
- fix build for older distributions (dont user %{make_install}
macro)
-------------------------------------------------------------------
Mon Jul 2 08:58:06 UTC 2012 - pgajdos@suse.com
- initial version 1.0.6
