NEWS 16.7 KB
Newer Older
1 2
Knot DNS NEWS

Jan Kadlec's avatar
Jan Kadlec committed
3
1.5.0-rc2 - Jun 17, 2014
4 5 6
-----------------------
Features:
	* edns-client-subnet support in kdig
7 8 9 10 11 12 13
	* Optional asynchronous startup (config "asynchronous-start")
Improvements:
	* Preempt task queue for faster reload
	* Lazy zone file write after zone transfer (governed by "zonefile-sync")
Bugfixes:
	* Close zone transfer after SERVFAIL response
	* Incremental to full zone transfer fallback, wrong log message
Jan Kadlec's avatar
Jan Kadlec committed
14
	* Zone events corner cases, reload replanning
15

Marek Vavruša's avatar
Marek Vavruša committed
16
1.5.0-rc1 - Jun 3, 2014
17
-----------------------
Marek Vavruša's avatar
Marek Vavruša committed
18 19
Features:
	* Pluggable query processing modules
20 21
	* Synthetic IPv4/IPv6 reverse/forward records (optional module)
	* dnstap support in both utilities & server (optional module)
22
	* NOTIFY message support and new TSIG section in kdig
23
	* Multi-master support
Marek Vavruša's avatar
Marek Vavruša committed
24 25
Improvements:
	* Query processing and core functionality overhaul 
26 27 28
	* Performance and reduced memory footprint
	* Faster zone events scheduling
	* RFC compliant queries/responses in some corner cases
Marek Vavruša's avatar
Marek Vavruša committed
29
	* Log messages
Marek Vavruša's avatar
Marek Vavruša committed
30
	* New documentation (Sphinx)
Daniel Salzman's avatar
Daniel Salzman committed
31

Marek Vavrusa's avatar
Marek Vavrusa committed
32
v1.4.2 - Jan 27, 2014
Marek Vavrusa's avatar
Marek Vavrusa committed
33 34 35 36 37
---------------------
Bugfixes:
	* AXFR/IXFR compatibility issues with tinydns/axfrdns
	* Journal file is created only when needed
	* Zone-related log messages are logged into correct category 
Jan Včelák's avatar
Jan Včelák committed
38 39
	* DNSSEC: Refresh signatures earlier (3 days before their expiration
	  with the default signature lifetime)
40
	* Fixed RCU synchronization causing deadlock on 'knotc signzone'
41
	* RRSIG not fitting in the additional records doesn't cause truncation
Marek Vavrusa's avatar
Marek Vavrusa committed
42

43
v1.4.1 - Jan 13, 2014
Marek Vavrusa's avatar
Marek Vavrusa committed
44 45 46 47 48 49 50
---------------------
Bugfixes:
	* Empty APL record support
	* 'zonestatus' when using immediate zone syncing
	* Immediate zone syncing after reload
	* Race condition writing time values to zone file

51
v1.4.0 - Jan 6, 2014
Marek Vavrusa's avatar
Marek Vavrusa committed
52 53 54 55 56 57 58 59 60 61 62
---------------------
Features:
	* Zone SERIAL policies (INCREMENT, UNIXTIME)
Bugfixes:
	* AXFR crash with specific packet 
	* QNAME case-sensitive since 1.4.0-rc0
	* DNSSEC records over DDNS
	* Semantic check fail in AXFR is only soft-error
	* Journal race condition
	* Notifies are sent immediately

63 64 65 66
v1.4.0-rc2 - Dec 13, 2013
-------------------------
Features:
	* IDN support in Knot utilities
67
	* DNSSEC: support for GOST algorithm
Lubos Slovak's avatar
Lubos Slovak committed
68

69 70
Bugfixes:
	* Crash in particular additionals processing
Daniel Salzman's avatar
Daniel Salzman committed
71
	* Race condition in event cancelation
72
	* Journal corruption after failed transactions
73
	* DNSSEC: fixed detection of ECDSA support
74

Lubos Slovak's avatar
Lubos Slovak committed
75 76 77 78 79
Other improvements:
	* ./configure prints build configuration summary
	* Pretty zone file output (DNSSEC-related data separately)
	* Lower memory consumption
	* config: option 'dnssec-keydir' can be set per zone
Lubos Slovak's avatar
Lubos Slovak committed
80
	* config: option 'storage' can be set per zone
Lubos Slovak's avatar
Lubos Slovak committed
81

Marek Vavrusa's avatar
Marek Vavrusa committed
82 83 84 85 86 87 88 89 90 91 92 93 94 95
v1.4.0-rc1 - Nov 20, 2013
-------------------------

Features:
	* Better logging of automatic DNSSEC events
	* Support for DNSSEC key pre-publication
Bugfixes:
	* Refactored zone loading
	* Improved journal locking and fixed some race conditions
	* Various fixes in client utilities
	* Fixed memory errors in automatic DNSSEC signing
	* 'dnssec-keydir' doesn't auto-enable signing
	* Fixed rescheduling of zone resigns

Marek Vavrusa's avatar
Marek Vavrusa committed
96
v1.4.0-beta - Oct 28, 2013
Marek Vavrusa's avatar
Marek Vavrusa committed
97
--------------------------
Marek Vavrusa's avatar
Marek Vavrusa committed
98 99 100 101
Features:
	* Experimental automatic DNSSEC signing
	* Reduced memory usage

Marek Vavrusa's avatar
Marek Vavrusa committed
102
v1.3.3 - Oct 28, 2013
Marek Vavrusa's avatar
Marek Vavrusa committed
103
---------------------
Marek Vavrusa's avatar
Marek Vavrusa committed
104 105 106 107 108 109 110
Bugfixes:
	* Improved zone loading error messages
	* Correct control socket permissions
	* Improved log syntax documentation 
	* Fixed wrong assertions in DDNS prerequisites checking
	* Fixed processing of some malformed DNS packets 
	* Fixed notify messages being ignored in some cases
111

Lubos Slovak's avatar
Lubos Slovak committed
112 113 114 115 116 117 118 119
v1.3.2 - Sep 30, 2013
---------------------
Bugfixes:
	* Configuration option for EDNS0 max UDP payload.
	* Max UDP payload from EDNS0 affected TCP responses.
	* Fixed build on SLE 10.
	* knotc reload did not close files included from config.

Marek Vavrusa's avatar
Marek Vavrusa committed
120 121 122 123 124 125 126 127 128
v1.3.1 - Aug 26, 2013
---------------------
Bugfixes:
	* Response with NSID contained extra bytes after reload
	* List of remotes is scanned for longest prefix match
	* Multipacket TSIG signatures for transfers
	* Wrongly parsed TSIG key secret without quotes
	* Removed autoconf checks for extended instruction sets

129 130 131 132 133 134 135 136 137
v1.3.0 - Aug 5, 2013
--------------------
Features:
	* Defaults for CH TXT id.server,version.server (see doc)
Bugfixes:
	* Progressive interval for bootstrap retry
	* Transfers randomly cancelled
	* Disabling RRL on reload
	* Secondary groups not initialized when dropping privileges
Lubos Slovak's avatar
Lubos Slovak committed
138
	* Responding to DS queries for names at or below delegation points
139

140 141 142 143 144 145 146 147 148 149 150
v1.3.0-rc5 - Jul 29, 2013
-------------------------
Features:
	* Much faster bootstrap of many zones
Bugfixes:
	* Removed deprecated 'knotc -w' option
	* Slave ignores out-of-zone records in zone
	* Support for obsolete types in zone transfers
	* Slave zone file names fixes
	* Long transfers being randomly dropped

151 152 153 154 155 156 157 158 159 160 161 162
v1.3.0-rc4 - Jul 15, 2013
-------------------------
Features:
	* --with-configdir option for default config path
	* Reintroducted 'pidfile' config option
Bugfixes:
	* AXFR/IXFR subsystem performance improvements
	* Rescheduling of AXFR in some cases
	* RRSIGs not in the same section for DS records
	* Log messages leaking to syslog
	* 'knotc restart' option removed due to several limitations

163 164 165 166 167 168 169 170
v1.3.0-rc3 - Jun 28, 2013
-------------------------

Features:
	* Utility to estimate memory consumption (see 'knotc memstats')
	* PID file is not created when running on foreground
	* UNIX sockets support for knotc
	* Configurable 'rundir' and 'storage'
171 172 173

Bugfixes:
	* IXFR with an arbitrary number of diffs
174 175 176
	* Processing of knotc TSIG keyfile
	* Atomic PID file writing, removed deprecated 'knotc start'
	* Performance regression when RRSIGs came before covered RRs in AXFR
177

178 179 180 181 182 183 184 185 186
v1.3.0-rc2 - Jun 14, 2013
-------------------------

Bugfixes:
	* Label compression related bug
	* Proper resolution of some CNAME chains
	* Unstable response rate in rare cases
	* Several log messages

187
v1.3.0-rc1 - Jun 4, 2013
188 189 190
---------------------------

Features:
191 192 193 194 195 196 197 198 199 200 201 202 203 204
        * Faster zone parser
        * Full support for EUI and ILNP resource records
        * Lower memory footprint for large zones
        * No compilation of zones
        * Improved scheduling of zone transfers
        * Logging of serials and timing information for zone transfers
        * Config: 'groups' keyword allowing to create groups of remotes
        * Config: 'include' keyword allowing other file includes
        * Client utilities: kdig, khost, knsupdate
        * Server identification using TXT/CH queries (RFC 4892)
	* Improved build scripts
	* Improved dname compression and performance
Bugfixes:
	* Fixed creating of PID file when dropping privileges
205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 379 380 381 382 383 384 385 386 387 388 389 390 391 392 393 394 395 396 397 398 399 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 418 419 420 421 422 423 424 425 426 427 428 429 430 431 432 433 434 435 436 437 438 439 440 441 442 443 444 445 446 447 448 449 450 451 452 453 454 455 456 457 458 459 460 461 462 463 464 465 466 467 468 469 470 471 472 473 474 475 476 477 478 479 480 481 482 483 484 485 486 487 488 489 490 491 492 493 494 495 496 497 498 499 500 501 502 503 504 505 506 507 508 509 510 511 512 513 514 515 516 517 518 519 520 521 522 523 524 525 526 527 528 529 530 531 532 533 534 535 536 537 538 539 540 541 542 543 544 545 546 547 548 549 550 551 552 553 554 555 556 557 558 559 560

v1.2.0 - Mar 29, 2013
---------------------

Bugfixes:
	* Memory leaks

v1.2.0-rc4 - Mar 22, 2013
-------------------------

Features:
	* knotc 'zonestatus' command

Bugfixes:
	* Check for broken recvmmsg() implementation
	* Changing logfile ownership before dropping privileges
	* knotc respects 'control' section from configuration
	* RRL: resolved bucket collisions
	* RRL: updated bucket mapping to conform RRL technical memo

v1.2.0-rc3 - Mar 1, 2013
------------------------

Features:
	* Response rate limiting (see documentation)

Bugfixes:
	* Fixed OpenBSD build
	* Responses to ANY should contain RRSIGs

v1.2.0-rc2 - Feb 15, 2013
-------------------------

Bugfixes:
	* Fixed processing of some non-standard dnames.
	* Correct checking of label length bounds in some cases.
	* More compliant rcodes in case of DDNS/TSIG failures.
	* Correct processing of malformed DDNS prereq section.

v1.2.0-rc1 - Jan 4, 2013
------------------

Features:
        * Dynamic updates, including forwarding (limited on signed zones)
        * Updated remote control utility
        * Configurable TCP timeouts
        * LOC RR support

v1.1.3 - Dec 19, 2012
---------------------

Bugfixes:
        * Updated manpage.

v1.1.3-rc1 - Dec 6, 2012
------------------------

Bugfixes:
	* Fixed answering DS queries (RRSIGs not together with DS, AA bit
          missing).
	* Fixed setting ARCOUNT in some error responses with EDNS enabled.
	* Fixed crash when compiling zone zone with NSEC3PARAM but no NSEC3
	  and semantic checks enabled.


v1.1.2 - Nov 21, 2012
---------------------

Bugfixes:
	* Fixed debug message.


v1.1.2-rc1 - Nov 14, 2012
-------------------------

Bugfixes:
	* Fixed crash on reload when config contained duplicate zones.
	* Fixed scheduling of transfers.


v1.1.1 - Oct 31, 2012
---------------------

Bugfixes:
        * Fixed assertion failing when asking directly for a wildcard name.


v1.1.1-rc1 - Oct 23, 2012
-------------------------

Bugfixes:
        * Crash after IXFR in certain cases when adding RRSIG in an IXFR.
        * Fixed behaviour when incoming IXFR removes a zone cut. Previously
          occluded names now become properly visible. Previously lead to a
          crash when the server was asked for the previously occluded name.
        * Fixed handling of zero-length strings in text zone dump. Caused the
          compilation to fail.
        * Fixed TSIG algorithm name comparison - the names should be in
          canonical form.
        * Fixed handling unknown RR types with type less than 251.

Features:
        * Improved compression of packets. Out-of-zone dnames present in RDATA
          were not compressed.
        * Slave zones are now automatically refreshed after startup.
        * Proper response to IXFR/UDP query (returns SOA in Authority section).


v1.1.0 - Aug 31, 2012
---------------------

Bugfixes:
	* Syncing journal to zone was not updating the compiled zone database.

Other improvements:
	* Better checks of corrupted zone database.


v1.1.0-rc2 - Aug 23, 2012
-------------------------

New features:
	* Signing SOA with TSIG queries when checking zone version with master.

Bugfixes:
	* Fixed ixfr-from-differences journal generation in case of IPSECKEY
          and APL records.
	* Fixed possible leak on server shutdown with a pending transfer.

Other improvements:
	* Improved user manual.


v1.1.0-rc1 - Aug 17, 2012
-------------------------

New features:
        * Optionally disable ANY queries for authoritative answers.
        * Dropping identical records in zone and incoming transfers.
        * Support for '/' in zone names.
        * Generating journal from reloaded zone (EXPERIMENTAL).
        * Outgoing-only interfaces in configuration file.
        * Following DNAME if the synthetized name is in the same zone.

Bugfixes:
        * Crash when zone contained RRSIG signing a CNAME, but did not
          contain the CNAME.
        * Malformed packets parsing.
        * Failed IXFR caused memory leaks.
        * Failed IXFR might have resulted in inconsistent zone structures.
        * Fixed answering to +dnssec queries when NSEC3 chain is corrupted.
        * Fixed answering when transitioning from NSEC3 to NSEC.
        * Fixed answering when zone contains multiple NSEC3 chains.
        * Handling RRSets with different TTLs - TTL from the first RR is used.
        * Synchronization of zone reload and zone transfers.
        * Fixed build on NetBSD 5 and FreeBSD.
        * Fixed binding to both IPv4 and IPv6 at the same time on special
          interfaces.
        * Fixed access rights of created files.
        * Semantic checks corrupted RDATA domain names which are covered by
          wildcard in the same zone.

Other improvements:
        * IXFR-in optimized.
        * Many zones loading optimized.
        * More detailed log messages (mostly transfer-related).
        * Copying Question section to error responses.
        * Using zone name from config file as default origin in zone file.
        * Additional records are now added to response also from
          wildcard-covered names.

v1.0.6 - Jun 13, 2012
---------------------

Bugfixes
        * Fixed potential problems with RCU synchronization.
        * Adding NSEC/NSEC3 for all wildcard CNAMEs in the response.


v1.0.5 - May 17, 2012
---------------------

Bugfixes:
        * Fixed bug with creating journal files.


v1.0.4 - May 16, 2012
---------------------

New features:
        * Parallel loading of zones to the server.
        * RFC3339-complaint format of log time.
        * Support for TLSA (RR type 52).
        * knotc checkzone (as a dry-run of zone compile).
        * knotc refresh for forcing Knot to update all zones from master
          servers.
        * Reopening log files upon start (used to truncate them).

Bugfixes:
        * Copying OPCODE and RD bit from query to NOTIMPL responses.
        * Corrected response to CNAME queries if the canonical name was also
          an alias (was adding the whole CNAME chain to the response).
        * Fixed crash when NS or MX points to an alias.
        * Fixed problem with early closing of filedescriptors (lead to crash
          when compiling and loading or bootstrapping and restarting the server
          with a lot of zones).

Other improvements:
        * Significantly sped up IXFR-in and reduced its memory requirements.


v1.0.3 - Apr 17, 2012
---------------------

Bugfixes:
        * Corrected handling of EDNS0 when TCP is used (was applying the UDP size limit).
        * Fixed slow compilation of zones.
        * Fixed potential crash with many concurrent transfers.
        * Fixed missing include for FreeBSD.


v1.0.2 - Apr 13, 2012
---------------------

New features:
        * Configuration checker (invoked via knotc).
        * Specifying source interface for transfers and NOTIFY requests directly.

Bugfixes:
        * Fixed leak when querying non-existing name and zone SOA TTL > minimal.
        * Fixed some minor bugs in tansfers.

Other improvements:
        * Improved log messages (added date and time, better specification of XFR remote).
        * Improved saving incoming IXFR to journal (memory optimized).
        * Now using system scheduler (better for Linux).
        * Decreased thread stack size.


v1.0.1 - Mar 9, 2012
--------------------

New features:
        * Implemented jitter to REFRESH/RETRY timers.
        * Implemented magic bytes for journal.
        * Improved error messages.

Bugfixes:
        * Problem with creating IXFR journal for bootstrapped zone.
        * Race condition in processing NOTIFY/SOA queries.
        * Leak when reloading zone with NSEC3.
        * Processing of APL RR.
        * TSIG improper assignment of algorithm type.


v1.0.0 - Feb 29, 2012
---------------------

New features:
        * Support for subnets in ACL.
        * Debug messages enabling in configure.
        * Optimized memory consuption of zone structures.

Bugfixes:
        * Memory errors and leaks.
        * Fixed improper handling of failed IXFR/IN.
        * Several other minor bugfixes.


v1.0-rc1 - Feb 14, 2012
-----------------------

New features:
        * NSID support (RFC5001).
        * Root zone support.
        * Automatic zone compiling on server start.
        * Setting user to run Knot under in config file.
        * Dropping privileges after binding to port 53.
	        + Support for Linux capabilities(7).
        * Setting source address of outgoing transfers in config file.
        * Custom PID file.
        * CNAME loop detection.
        * Timeout on TCP connections.
        * Basic defense against DoS attacks.

Bugfixes:
        * Fixed IXFR processing.
        * Patched URCU so that it compiles on architectures without TLS in compiler (NetBSD, OpenBSD).
        * Fixed response to DS query at parent zone.
        * A lot of other bugfixes.


v0.9.1 - Jan 20, 2012
---------------------

New features:
	* RRSet rotation

Bugfixes:
	* Fixed build on BSD.
	* Fixes in parsing and dumping of zone
	  - types IPSECKEY, WKS, DLV, APL, NSAP

Other changes:
	* Replaced pseudo-random number generator by one with MIT/BSD license.


v0.9 - Jan 13, 2012
-------------------

New features:
        * TSIG support in both client and server.
        * Use of sendmmsg() on Linux 3.0+ (improves performance).

Bugfixes:
        * Knot was not accepting AXFR-style IXFR with first SOA in a separate
          packet (i.e. from Power DNS).
        * Wrong SOA TTL in negative answers.
        * Wrong max packet size for outgoing transfers (was causing the
          packets to be malformed).
        * Wrong handling of WKS record in zone compiler.
        * Problems with zone bootstrapping.


v0.8.1 - Dec 1, 2011
--------------------

Bugfixes:
	* Handling SPF record.
	* Wrong text dump of unknown records.


v0.8.0 - Beta Release - Nov 3, 2011
-----------------------------------

Features:
        * AXFR-in/-out
        * IXFR-in/-out
        * EDNS0
        * DNSSEC
        * NSEC3
        * IPv6
        * Runtime reconfiguration

Known issues:
        * Missing support for TSIG
        * Root zone support
        * NSID support
        * Other DNS classes than IN
        * RRSet rotation not implmented
        * Dynamic update support
        * IXFR code might be flaky sometimes
        * IXFR may be slow when too much (10 000+) RRSets are transfered at once

Platforms (tested on):
	* Linux (2.6.x and newer), FreeBSD 8.2, Mac OS X 10.6, 10.7