Tags give the ability to mark specific points in history as being important
  • v2.6.6 protected   Knot DNS 2.6.6

    Knot DNS 2.6.6 (2018-04-11)

    Features:

    • New EDNS option counters in the statistics module
    • New '+orphan' filter for the 'zone-purge' operation

    Improvements:

    • Reduced memory consuption of disabled statistics metrics
    • Some spelling fixes (Thanks to Daniel Kahn Gillmor)
    • Server no longer fails to start if MODULE_DIR doesn't exist
    • Configuration include doesn't fail if empty wildcard match
    • Added a configuration check for a problematical option combination

    Bugfixes:

    • NSEC3 chain not re-created when SOA minimum TTL changed
    • Failed to start server if no template is configured
    • Possibly incorrect SOA serial upon changed zone reload with DNSSEC signing
    • Inaccurate outgoing zone transfer size in the log message
    • Invalid dname compression if empty question section
    • Missing EDNS in EMALF responses

    Downloads:

  • v2.6.5 protected   Knot DNS 2.6.5

    Knot DNS 2.6.5 (2018-02-12)

    Features:

    • New 'zone-notify' command in knotc
    • Kdig uses '@server' as a hostname for TLS authenticaion if '+tls-ca' is set

    Improvements:

    • Better heap memory trimming for zone operations
    • Added proper polling for TLS operations in kdig
    • Configuration export uses stdout as a default output
    • Simplified detection of atomic operations
    • Added '--disable-modules' configure option
    • Small documentation updates

    Bugfixes:

    • Zone retransfer doesn't work well if more masters configured
    • Kdig can leak or double free memory in corner cases
    • Inconsistent error outputs from dynamic configuration operations
    • Failed to generate documentation on OpenBSD

    Downloads:

  • v2.6.4 protected   Knot DNS 2.6.4

    Knot DNS 2.6.4 (2018-01-02)

    Features:

    • Module synthrecord allows multiple 'network' specification
    • New CSK handling support in keymgr

    Improvements:

    • Allowed configuration for infinite zsk lifetime
    • Increased performance and security of the module synthrecord
    • Signing changeset is stored into journal even if 'zonefile-load' is whole

    Bugfixes:

    • Unintentional zone re-sign during reload if empty NSEC3 salt
    • Inconsistent zone names in journald structured logs
    • Malformed outgoing transfer for big zone with TSIG
    • Some minor DNSSEC-related issues

    Downloads:

  • v2.5.7 protected   Knot DNS 2.5.7

    Knot DNS 2.5.7 (2018-01-02)

    Bugfixes:

    • Unintentional zone re-sign during reload if empty NSEC3 salt
    • Inconsistent zone names in journald structured logs
    • Malformed outgoing transfer for big zone with TSIG
    • Unexpected reply for DS query with an owner below a delegation point
    • Old dependencies in the pkg-config file

    Downloads:

  • v2.6.3 protected   Knot DNS 2.6.3

    Knot DNS 2.6.3 (2017-11-24)

    Bugfixes:

    • Wrong detection of signing scheme rollover

    Downloads:

  • v2.6.2 protected   Knot DNS 2.6.2

    Knot DNS 2.6.2 (2017-11-23)

    Features:

    • CSK algorithm rollover and (KSK, ZSK) <-> CSK rollover support

    Improvements:

    • Allowed explicit configuration for infinite ksk lifetime
    • Proper error messages instead of unclear error codes in server log
    • Better support for old compilers

    Bugfixes:

    • Unexpected reply for DS query with an owner below a delegation point
    • Old dependencies in the pkg-config file

    Downloads:

  • v2.6.1 protected   Knot DNS 2.6.1

    Knot DNS 2.6.1 (2017-11-02)

    Features:

    • NSEC3 Opt-Out support in the DNSSEC signing
    • New CDS/CDNSKEY publish configuration option

    Improvements:

    • Simplified DNSSEC log message with DNSKEY details
    • +tls-hostname in kdig implies +tls-ca if neither +tls-ca nor +tls-pin is given
    • New documentation sections for DNSSEC key rollovers and shared keys
    • Keymgr no longer prints useless algorithm number for generated key
    • Kdig prints unknown RCODE in a numeric format
    • Better support for LLVM libFuzzer

    Bugfixes:

    • Faulty DNAME semantic check if present in the zone apex and NSEC3 is used
    • Immediate zone flush not scheduled during the zone load event
    • Server crashes upon dynamic zone addition if a query module is loaded
    • Kdig fails to connect over TLS due to SNI is set to server IP address
    • Possible out-of-bounds memory access at the end of the input
    • TCP Fast Open enabled by default in kdig breaks TLS connection

    Downloads:

  • v2.5.6 protected   Knot DNS 2.5.6

    Knot DNS 2.5.6 (2017-11-02)

    Improvements:

    • Keymgr no longer prints useless algorithm number for generated key

    Bugfixes:

    • Faulty DNAME semantic check if present in the zone apex and NSEC3 is used
    • Immediate zone flush not scheduled during the zone load event
    • Server crashes upon dynamic zone addition if a query module is loaded
    • Kdig fails to connect over TLS due to SNI is set to server IP address

    Downloads:

  • v2.6.0 protected   Knot DNS 2.6.0

    Knot DNS 2.6.0 (2017-09-29)

    Features:

    • On-slave (inline) signing support
    • Automatic DNSSEC key algorithm rollover
    • Ed25519 algorithm support in DNSSEC (requires GnuTLS 3.6.0)
    • New 'journal-content' and 'zonefile-load' configuration options
    • keymgr tries to run as user/group set in the configuration
    • Public-only DNSSEC key import into KASP DB via keymgr
    • NSEC3 resalt and parent DS query events are persistent in timer DB
    • New processing state for a response suppression within a query module
    • Enabled server side TCP Fast Open if supported
    • TCP Fast Open support in kdig

    Improvements:

    • Better record owner compression if related to the previous rdata dname
    • NSEC(3) chain is no longer recomputed whole on every update
    • Remove inconsistent and unnecessary quoting in log files
    • Avoiding of overlapping key rollovers at a time
    • More DNSSSEC-related semantic checks
    • Extended timestamp format in keymgr

    Bugfixes:

    • Incorrect journal free space computation causing inefficient space handling
    • Interface-automatic broken on Linux in the presence of asymmetric routing

    Downloads:

  • v2.5.5 protected   Knot DNS 2.5.5

    Knot DNS 2.5.5 (2017-09-29)

    Improvements:

    • Constant time memory comparison in the TSIG processing
    • Proper use of the ctype functions
    • Generated RRSIG records have inception time 90 minutes in the past

    Bugfixes:

    • Incorrect online signature for NSEC in the case of a CNAME record
    • Incorrect timestamps in dnstap records
    • EDNS Subnet Client validation rejects valid payloads
    • Module configuration semantic checks are not executed
    • Kzonecheck segfaults with unusual inputs

    Downloads:

  • v2.5.4 protected   Knot DNS 2.5.4

    Knot DNS 2.5.4 (2017-08-31)

    Improvements:

    • New minimum and maximum refresh interval config options (Thanks to Manabu Sonoda)
    • New warning when unforced flush with disabled zone file synchronization
    • New 'dnskey' keymgr command
    • Linking with libatomic on architectures that require it (Thanks to Pierre-Olivier Mercier)
    • Removed 'OK' from listing keymgr command outputs
    • Extended journal and keymgr documentation and logging

    Bugfixes:

    • Incorrect handling of specific corner-cases with zone-in-journal
    • The 'share' keymgr command doesn't work
    • Server crashes if configured with query-size and reply-size statistics options
    • Malformed big integer configuration values on some 32-bit platforms
    • Keymgr uses local time when parsing date inputs
    • Memory leak in kdig upon IXFR query

    Downloads:

  • v2.5.3 protected   Knot DNS 2.5.3

    Knot DNS 2.5.3 (2017-07-14)

    Features:

    • CSK rollover support for Single-Type Signing Scheme

    Improvements:

    • Allowed binding to non-local adresses for TCP (Thanks to Julian Brost!)
    • New documentation section for manual DNSSEC key algorithm rollover
    • Initial KSK also generated in the submission state
    • The 'ds' keymgr command with no parameter uses all KSK keys
    • New debug mode in kjournalprint
    • Updated keymgr documentation

    Bugfixes:

    • Sometimes missing RRSIG by KSK in submission state.
    • Minor DNSSEC-related issues

    Downloads:

  • v2.4.5 protected   Knot DNS 2.4.5
  • v2.5.2 protected   Knot DNS 2.5.2
  • v2.5.1 protected   Knot DNS 2.5.1
  • v2.5.0 protected   Knot DNS 2.5.0
  • v2.4.4 protected   Knot DNS 2.4.4
  • v2.4.3 protected   Knot DNS 2.4.3
  • v2.4.2 protected   Knot DNS 2.4.2
  • v2.4.1 protected   v2.4.1
    6435b0fd · 2.4.1 release ·