diff --git a/NEWS b/NEWS index 2b6899a4e02b79f089377e3556e4125f82a1064f..edef30e3a98538b9de3e9ac2eb7adf37be26bdac 100644 --- a/NEWS +++ b/NEWS @@ -1,35 +1,28 @@ -Knot Resolver 3.x.y (201y-mm-dd) +Knot Resolver 3.2.0 (2018-12-17) ================================ -Incompatible changes --------------------- -- view module: keep trying rules until a "non-chain" action is executed. - This improves consistency with the policy module. - New features ------------ - module edns_keepalive to implement server side of RFC 7828 (#408) - module nsid to implement server side of RFC 5001 (#289) -- module bogus_log provides .frequent() table (!629) -- module stats collects flags from answer messages (!629) - -Module API changes ------------------- -- new layer is added: answer_finalize -- kr_request keeps ::qsource.packet beyond the begin layer -- kr_request::qsource.tcp renamed to ::qsource.flags.tcp -- kr_request::has_tls renamed to ::qsource.flags.tls -- kr_zonecut_add(), kr_zonecut_del() and kr_nsrep_sort() changed parameters slightly +- module bogus_log provides .frequent() table (!629, credit Ulrich Wisser) +- module stats collects flags from answer messages (!629, credit Ulrich Wisser) +- module view supports multiple rules with identical address/TSIG specification + and keeps trying rules until a "non-chain" action is executed (!678) +- module experimental_dot_auth implements an DNS-over-TLS to auth protocol + (!711, credit Manu Bretelle) +- net.bpf bindings allow advanced users to use eBPF socket filters Bugfixes -------- - http module: only run prometheus in parent process if using --forks=N, as the submodule collects metrics from all sub-processes as well. -- TLS fixes for corner cases (!700, !714, !716, !721) +- TLS fixes for corner cases (!700, !714, !716, !721, !728) - fix build with -DNOVERBOSELOG (#424) - policy.{FORWARD,TLS_FORWARD,STUB}: respect net.ipv{4,6} setting (!710) - avoid SERVFAILs due to certain kind of NS dependency cycles, again (#374) this time seen as 'circular dependency' in verbose logs +- policy and view modules do not overwrite result finished requests (!678) Improvements ------------ @@ -38,6 +31,15 @@ Improvements when choosing whom to ask, just as for iteration - use pseudo-randomness from gnutls instead of internal ISAAC (#233) - tune the way we deal with non-responsive servers (!716, !723) +- documentation clarifies interaction between policy and view modules (!678, !730) + +Module API changes +------------------ +- new layer is added: answer_finalize +- kr_request keeps ::qsource.packet beyond the begin layer +- kr_request::qsource.tcp renamed to ::qsource.flags.tcp +- kr_request::has_tls renamed to ::qsource.flags.tls +- kr_zonecut_add(), kr_zonecut_del() and kr_nsrep_sort() changed parameters slightly Knot Resolver 3.1.0 (2018-11-02)