blob: 2829fa1425ae8c2d0395e6af1c8fd948abcc4e65 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
|
Knot Resolver 1.2.1 (2017-02-01)
====================================
Security:
---------
- Under certain conditions, a cached negative answer from a CD query
would be reused to construct response for non-CD queries, resulting
in Insecure status instead of Bogus. Only 1.2.0 release was affected.
Documentation
-------------
- Update the typo in the documentation: The query trace policy is
named policy.QTRACE (and not policy.TRACE)
Bugfixes:
---------
- lua: make the map command check its arguments
Knot Resolver 1.2.0 (2017-01-24)
====================================
Security:
---------
- In a policy.FORWARD() mode, the AD flag was being always set by mistake.
It is now cleared, as the policy.FORWARD() doesn't do DNSSEC validation yet.
Improvements:
-------------
- The DNSSEC Validation has been refactored, fixing many resolving
failures.
- Add module `version` that checks for updates and CVEs periodically.
- Support RFC7830: EDNS(0) padding in responses over TLS.
- Support CD flag on incoming requests.
- hints module: previously /etc/hosts was loaded by default, but not anymore.
Users can now actually avoid loading any file.
- DNS over TLS now creates ephemeral certs.
- Configurable cache.{min,max}_tll option, with max_ttl defaulting to 6 days.
- Option to reorder RRs in the response.
- New policy.QTRACE policy to print packet contents
Bugfixes:
---------
- Trust Anchor configuration is now more robust.
- Correctly answer NOTIMPL for meta-types and non-IN RR classes.
- Free TCP buffer on cancelled connection.
- Fix crash in hints module on empty hints file, and fix non-lowercase hints.
Miscelaneous:
-------------
- It now requires knot >= 2.3.1 to link successfully.
- The API+ABI for modules changed slightly.
- New LRU implementation.
Knot Resolver 1.1.1 (2016-08-24)
================================
Bugfixes:
---------
- Fix 0x20 randomization with retransmit
- Fix pass-through for the stub mode
- Fix the root hints IPv6 addresses
- Fix dst addr for retries over TCP
Improvements:
-------------
- Track RTT of all tried servers for faster retransmit
- DAF: Allow forwarding to custom port
- systemd: Read EnvironmentFile and user $KRESD_ARGS
- systemd: Update systemd units to be named after daemon
Knot Resolver 1.1.0 (2016-08-12)
================================
Improvements:
-------------
- RFC7873 DNS Cookies
- RFC7858 DNS over TLS
- HTTP/2 web interface, RESTful API
- Metrics exported in Prometheus
- DNS firewall module
- Explicit CNAME target fetching in strict mode
- Query minimisation improvements
- Improved integration with systemd
Knot Resolver 1.0.0 (2016-05-30)
================================
Initial release:
----------------
- The first initial release
|
