-
Mon Oct 01 2018 Tomas Krizek <tomas.krizek@nic.cz> - 2.6.9-1
Knot DNS 2.6.9 (2018-08-14)
===========================
Improvements:
-------------
- Added zone wire size to zone loading log message
- Added debug log message for each unsuccessful remote address operation
Bugfixes:
---------
- Zone not flushed after re-signing during zone load #594
- Server crashes when committing empty zone transaction
- Incoming IXFR with on-slave signing sometimes leads to memory corruption #595
-
Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2.6.8-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
-
Wed Jul 11 2018 Tomas Krizek <tomas.krizek@nic.cz> - 2.6.8-1
Knot DNS 2.6.8 (2018-07-10)
===========================
Features:
---------
- New 'import-pkcs11' command in keymgr
Improvements:
-------------
- Unixtime serial policy mimics Bind – increment if lower #593
Bugfixes:
---------
- Creeping memory consuption upon server reload #584
- Kdig incorrectly detects QNAME if 'notify' is a prefix
- Server crashes when zone sign fails #587
- CSK->KZSK rollover retires CSK early #588
- Server crashes when zone expires during outgoing multi-message transfer
- Kjournalprint doesn't convert zone name argument to lower-case
- Cannot switch to a previously used ksk-shared dnssec policy #589
-
Thu May 17 2018 Tomas Krizek <tomas.krizek@nic.cz> - 2.6.7-1
Knot DNS 2.6.7 (2018-05-17)
===========================
Features:
---------
- Added 'dateserial' (YYYYMMDDnn) serial policy configuration (Thanks to Wolfgang Jung)
Improvements:
-------------
- Trailing data indication from the packet parser (libknot)
- Better configuration check for a problematical option combination
Bugfixes:
---------
- Incomplete configuration option item name check
- Possible buffer overflow in 'knot_dname_to_str' (libknot)
- Module dnsproxy doesn't preserve letter case of QNAME
- Module dnsproxy duplicates OPT and TSIG in the non-fallback mode
-
Wed Apr 11 2018 Tomas Krizek <tomas.krizek@nic.cz> - 2.6.6-1
Knot DNS 2.6.6 (2018-04-11)
===========================
Features:
---------
- New EDNS option counters in the statistics module
- New '+orphan' filter for the 'zone-purge' operation
Improvements:
-------------
- Reduced memory consuption of disabled statistics metrics
- Some spelling fixes (Thanks to Daniel Kahn Gillmor)
- Server no longer fails to start if MODULE_DIR doesn't exist
- Configuration include doesn't fail if empty wildcard match
- Added a configuration check for a problematical option combination
Bugfixes:
---------
- NSEC3 chain not re-created when SOA minimum TTL changed
- Failed to start server if no template is configured
- Possibly incorrect SOA serial upon changed zone reload with DNSSEC signing
- Inaccurate outgoing zone transfer size in the log message
- Invalid dname compression if empty question section
- Missing EDNS in EMALF responses
-
Mon Mar 26 2018 Iryna Shcherbina <ishcherb@redhat.com> - 2.6.5-2
- Update Python 2 dependency declarations to new packaging standards
(See https://fedoraproject.org/wiki/FinalizingFedoraSwitchtoPython3)
-
Mon Feb 12 2018 Tomas Krizek <tomas.krizek@nic.cz> - 2.6.5-1
- New upstream release 2.6.5
Knot DNS 2.6.5 (2018-02-12)
===========================
Features:
---------
- New 'zone-notify' command in knotc
- Kdig uses '@server' as a hostname for TLS authenticaion if '+tls-ca' is set
Improvements:
-------------
- Better heap memory trimming for zone operations
- Added proper polling for TLS operations in kdig
- Configuration export uses stdout as a default output
- Simplified detection of atomic operations
- Added '--disable-modules' configure option
- Small documentation updates
Bugfixes:
---------
- Zone retransfer doesn't work well if more masters configured
- Kdig can leak or double free memory in corner cases
- Inconsistent error outputs from dynamic configuration operations
- Failed to generate documentation on OpenBSD
-
Fri Feb 09 2018 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 2.6.4-3
- Escape macros in %changelog
-
Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2.6.4-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
-
Mon Jan 22 2018 Tomas Krizek <tomas.krizek@nic.cz> - 2.6.4-1
- Added PGP signature verification
- Added integration test
- New upstream release 2.6.4
Knot DNS 2.6.4 (2018-01-02)
===========================
Features:
---------
- Module synthrecord allows multiple 'network' specification
- New CSK handling support in keymgr
Improvements:
-------------
- Allowed configuration for infinite zsk lifetime
- Increased performance and security of the module synthrecord
- Signing changeset is stored into journal even if 'zonefile-load' is whole
Bugfixes:
---------
- Unintentional zone re-sign during reload if empty NSEC3 salt
- Inconsistent zone names in journald structured logs
- Malformed outgoing transfer for big zone with TSIG
- Some minor DNSSEC-related issues
Knot DNS 2.6.3 (2017-11-24)
===========================
Bugfixes:
---------
- Wrong detection of signing scheme rollover
Knot DNS 2.6.2 (2017-11-23)
===========================
Features:
---------
- CSK algorithm rollover and (KSK, ZSK) <-> CSK rollover support
Improvements:
-------------
- Allowed explicit configuration for infinite ksk lifetime
- Proper error messages instead of unclear error codes in server log
- Better support for old compilers
Bugfixes:
---------
- Unexpected reply for DS query with an owner below a delegation point
- Old dependencies in the pkg-config file