| Index | index by Group | index by Distribution | index by Vendor | index by creation date | index by Name | Mirrors | Help | Search |
| Name: libknot15 | Distribution: openSUSE Leap 16.0 |
| Version: 3.4.0 | Vendor: openSUSE |
| Release: lp160.1.2 | Build date: Mon Sep 2 19:15:38 2024 |
| Group: System/Libraries | Build host: reproducible |
| Size: 272289 | Source RPM: knot-3.4.0-lp160.1.2.src.rpm |
| Packager: https://bugs.opensuse.org | |
| Url: https://www.knot-dns.cz/ | |
| Summary: Knot DNS support library | |
Knot DNS is a DNS server. It implements only the authoritative domain name service. It uses a multi-threaded and mostly lock-free implementation and can operate non-stop during zone addition or removal. This package contains the essential core library for Knot services.
GPL-3.0-or-later
* Mon Sep 02 2024 Michal Hrusecky <[email protected]>
- update to version 3.4.0, see
https://www.knot-dns.cz/2024-09-02-version-340.html
* Tue Aug 27 2024 Michal Hrusecky <[email protected]>
- update to version 3.3.9, see
https://www.knot-dns.cz/2024-08-26-version-339.html
* Wed Jul 24 2024 Michal Hrusecky <[email protected]>
- split knot-utils with kdig and friends
* Tue Jul 23 2024 Michal Hrusecky <[email protected]>
- update to version 3.3.8, see
https://www.knot-dns.cz/2024-07-22-version-338.html
* Mon Jul 01 2024 Michal Hrusecky <[email protected]>
- use distribution library on Tumbleweed for DoQ support
* Mon Jul 01 2024 Michal Hrusecky <[email protected]>
- enable DoH support (add dependency on libnghttp2) bsc#1225969
- enable DoQ support using embedded library (libngtcp2)
* Tue Jun 25 2024 Michal Hrusecky <[email protected]>
- update to version 3.3.7, see
https://www.knot-dns.cz/2024-06-25-version-337.html
* Thu Jun 13 2024 Michal Hrusecky <[email protected]>
- update to version 3.3.6, see
https://www.knot-dns.cz/2024-06-12-version-336.html
* Wed Mar 06 2024 Michal Hrusecky <[email protected]>
- update to version 3.3.5, see
https://www.knot-dns.cz/2024-03-06-version-335.html
* Wed Jan 24 2024 Michal Hrusecky <[email protected]>
- update to version 3.3.4, see
https://www.knot-dns.cz/2024-01-24-version-334.html
* Wed Dec 13 2023 Michal Hrusecky <[email protected]>
- update to version 3.3.3, see
https://www.knot-dns.cz/2023-12-13-version-333.html
* Thu Nov 16 2023 Dominique Leuenberger <[email protected]>
- BuildRequire pkgconfig(libsystemd) instead of systemd-devel:
allow OBS to shortcut through systemd-mini.
* Mon Oct 23 2023 Michal Hrusecky <[email protected]>
- update to version 3.3.2, see
https://www.knot-dns.cz/2023-10-20-version-332.html
* Mon Sep 11 2023 Michal Hrusecky <[email protected]>
- update to version 3.3.1, see:
https://www.knot-dns.cz/2023-09-11-version-331.html
* Tue Aug 29 2023 Michal Hrusecky <[email protected]>
- drop protobuf-c dependency and rely on libprotobuf-c-devel to provide protoc-gen-c
* Mon Aug 28 2023 Michal Hrusecky <[email protected]>
- update to version 3.3.0, see:
https://www.knot-dns.cz/2023-08-28-version-330.html
* Thu Jul 27 2023 Michal Hrusecky <[email protected]>
- update to version 3.2.9, see:
https://www.knot-dns.cz/2023-07-27-version-329.html
* Mon Jun 26 2023 Michal Hrusecky <[email protected]>
- update to version 3.2.8, see:
https://www.knot-dns.cz/2023-06-26-version-328.html
* Wed Jun 07 2023 Michal Hrusecky <[email protected]>
- update to version 3.2.7, see:
https://www.knot-dns.cz/2023-06-06-version-327.html
* Tue Apr 04 2023 Michal Hrusecky <[email protected]>
- update to version 3.2.6, see:
https://www.knot-dns.cz/2023-04-04-version-326.html
* Thu Feb 02 2023 Michal Hrusecky <[email protected]>
- update to version 3.2.5, see:
https://www.knot-dns.cz/2023-02-02-version-325.html
* Mon Dec 12 2022 Michal Hrusecky <[email protected]>
- update to version 3.2.4, see:
https://www.knot-dns.cz/2022-12-12-version-324.html
* Sun Nov 20 2022 Michal Hrusecky <[email protected]>
- update to version 3.2.3, see:
https://www.knot-dns.cz/2022-11-20-version-323.html
* Tue Nov 01 2022 Michal Hrusecky <[email protected]>
- update to version 3.2.2, see:
https://www.knot-dns.cz/2022-11-01-version-322.html
* Thu Sep 22 2022 Michal Hrusecky <[email protected]>
- update to version 3.2.1, see:
https://www.knot-dns.cz/2022-09-09-version-321.html
* Tue Aug 30 2022 Michal Hrusecky <[email protected]>
- add keyring to spec file as source to suppress factory-auto error
* Tue Aug 23 2022 Michal Hrusecky <[email protected]>
- use upstream service file that requires less privileges
- add keyring to actually verify the signature
* Tue Aug 23 2022 Michal Hrusecky <[email protected]>
- update to version 3.2.0, see:
https://www.knot-dns.cz/2022-08-22-version-320.html
* Thu Apr 28 2022 Michal Hrusecky <[email protected]>
- update to version 3.1.8, see:
https://www.knot-dns.cz/2022-04-28-version-318.html
* Wed Mar 30 2022 Michal Hrusecky <[email protected]>
- update to version 3.1.7, see:
https://www.knot-dns.cz/2022-03-30-version-317.html
* Tue Feb 08 2022 Michal Hrusecky <[email protected]>
- update to version 3.1.6, see:
https://www.knot-dns.cz/2022-02-08-version-316.html
* Mon Dec 20 2021 Michal Hrusecky <[email protected]>
- drop conditions for openSUSE 13 and older
- knot.conf is owned by knot as is it's parent directory
* Mon Dec 20 2021 Michal Hrusecky <[email protected]>
- update to version 3.1.5, see:
https://www.knot-dns.cz/2021-12-20-version-315.html
* Thu Nov 04 2021 Michal Hrusecky <[email protected]>
- update to version 3.1.4, see:
https://www.knot-dns.cz/2021-11-04-version-314.html
* Tue Oct 19 2021 Michal Hrusecky <[email protected]>
- update to version 3.1.3, see:
https://www.knot-dns.cz/2021-10-18-version-313.html
* Fri Sep 17 2021 Michal Hrusecky <[email protected]>
- migrate to user creation via sysuser-tools
- run spec-cleaner on spec file
- update to version 3.1.2, see:
https://www.knot-dns.cz/2021-09-08-version-312.html
* Thu Aug 12 2021 Michal Hrusecky <[email protected]>
- update to version 3.1.1, see:
https://www.knot-dns.cz/2021-08-10-version-311.html
* Wed Aug 04 2021 Michal Hrusecky <[email protected]>
- update to version 3.1.0, see:
https://www.knot-dns.cz/2021-08-02-version-310.html
* Thu Jul 01 2021 Michal Hrusecky <[email protected]>
- update to version 3.0.7, see:
https://www.knot-dns.cz/2021-06-16-version-307.html
* Fri May 14 2021 Michal Hrusecky <[email protected]>
- make sure we have getent and groupadd/useradd in pre
* added dependency on shadow and glibc
* might be related to bnc#1186023
* Wed May 12 2021 Michal Hrusecky <[email protected]>
- update to version 3.0.6, see:
https://www.knot-dns.cz/2021-05-12-version-306.html
* Tue May 11 2021 Michal Hrusecky <[email protected]>
- Make /etc/knot directory owned by knot - fix reload action
* Sat Mar 27 2021 Jan Engelhardt <[email protected]>
- Update descriptions, remove unsubstantiated claims.
* Thu Mar 25 2021 Michal Hrusecky <[email protected]>
- update to version 3.0.5, see:
https://www.knot-dns.cz/2021-03-25-version-305.html
- Update description based on homepage
* Mon Feb 01 2021 Jan Engelhardt <[email protected]>
- Trim marketing wording from description.
- Drop old rpm constructs.
* Mon Jan 25 2021 Michal Hrusecky <[email protected]>
- version update to 3.0.4, see:
https://www.knot-dns.cz/2021-01-20-version-304.html
* Mon Jan 04 2021 Michal Hrusecky <[email protected]>
- add incompatibility warning about 1.6.X version when updateing
- rename back to knot
* Mon Dec 28 2020 [email protected]
- version update to 3.0.3
* Mon Nov 30 2020 Michal Hrusecky <[email protected]>
- version update to 2.9.7, see:
https://www.knot-dns.cz/2020-08-31-version-296.html
https://www.knot-dns.cz/2020-10-09-version-297.html
- obsolete only pre-2.0 version
* Tue Jul 21 2020 Marcus Rueckert <[email protected]>
- remove rosedb conditional as lmdb is required in general now
* Tue Jul 21 2020 Marcus Rueckert <[email protected]>
- replace conflicts with Provides/Obsoletes
* Wed Jun 24 2020 Michal Hrusecky <[email protected]>
- fix dependency: python-Sphinx -> python3-Sphinx
* Wed Jun 24 2020 Michal Hrusecky <[email protected]>
- use upstream example config file with correct syntax
* Wed Jun 24 2020 Michal Hrusecky <[email protected]>
- version update to 2.9.5
- Bugfixes
- Old ZSK can be withdrawn too early during a ZSK rollover if maximum zone
TTL is computed automatically
- Server responds SERVFAIL to ANY queries on empty non-terminal nodes
- Improvements
- Also module onlinesign returns minimized responses to ANY queries
- Linking against libcap-ng can be disabled via a configure option
* Tue May 19 2020 Michal Hrusecky <[email protected]>
- version update to 2.9.4
see NEWS
* Fri Dec 20 2019 [email protected]
- version update to 2.9.2
see NEWS
* Wed Jan 23 2019 Marcus Rueckert <[email protected]>
- update to 2.7.6
- Improvements
- Zone status also shows when the zone load is scheduled
- Server workers status also shows background workers
utilization
- Default control timeout for knotc was increased to 10 seconds
- Pkg-config files contain auxiliary variable with library
filename
- Bugfixes
- Configuration commit or server reload can drop some pending
zone events
- Nonempty zone journal is created even though it's disabled
[#635]
- Zone is completely re-signed during empty dynamic update
processing
- Server can crash when storing a big zone difference to the
journal
- Failed to link on FreeBSD 12 with Clang
* Mon Jan 07 2019 Marcus Rueckert <[email protected]>
- update to 2.7.5
- Features:
- Keymgr supports NSEC3 salt handling
- Improvements:
- Zone history in journal is dropped apon AXFR-like zone update
- Libdnssec is no longer linked against libm #628
- Libdnssec is explicitly linked against libpthread if PKCS #11
enabled #629
- Better support for libknot packaging in Python
- Manually generated KSK is 'ready' by default
- Kdig supports '+timeout' as an alias for '+time'
- Kdig supports '+nocomments' option
- Kdig no longer prints empty lines between retries
- Kdig returns failure if operations not successfully resolved
[#632]
- Fixed repeating of the 'KSK submission, waiting for
confirmation' log
- Various improvements in documentation, Dockerfile, and tests
- Bugfixes:
- Knotc fails to unset huge configuration section
- Kjournalprint sometimes fails to display zone journal content
- Improper timing of ZSK removal during ZSK rollover
- Missing UTC time zone indication in the 'iso' keymgr list
output
- A race condition in the online signing module
* Mon Dec 31 2018 Petr Gajdos <[email protected]>
- update to 2.7.4
Features:
- --------
- Added SNI configuration for TLS in kdig (Thanks to Alexander Schultz)
Improvements:
- ------------
- Added warning log when DNSSEC events not successfully scheduled
- New semantic check on timer values in keymgr
- DS query no longer asks other addresses if got a negative answer
- Reintroduced 'rollover' configuration option for CDS/CDNSKEY publication
- Extended logging for zone loading
- Various documentation improvements
Bugfixes:
- --------
- Failed to import module configuration #613
- Improper Cflags value in libknot.pc if built with embedded LMDB #615
- IXFR doesn't fall back to AXFR if malformed reply
- DNSSEC events not correctly scheduled for empty zone updates
- During algorithm rollover old keys get removed before DS TTL expires #617
- Maximum zone's RRSIG TTL not considered during algorithm rollover #620
* Sun Nov 04 2018 Marcus Rueckert <[email protected]>
- seems we no longer need jansson
* Sun Nov 04 2018 Marcus Rueckert <[email protected]>
- limit geoip support to opensuse
* Sat Nov 03 2018 Marcus Rueckert <[email protected]>
- update to 2.7.3
- Features:
- New queryacl module for query access control
- Configurable answer rrset rotation #612
- Configurable NSEC bitmap in online signing
- Improvements:
- Better error logging for KASP DB operations #601
- Some documentation improvements
- Bugfixes:
- Keymgr "list" output doesn't show key size for ECDSA algorithms #602
- Failed to link statically with embedded LMDB
- Configuration commit causes zone reload for all zones
- The statistics module overlooks TSIG record in a request
- Improper processing of an AXFR-style-IXFR response consisting of one-record messages
- Race condition in online signing during key rollover #600
- Server can crash if geoip module is enabled in the geo mode
- changes from 2.7.2
- Improvements:
- Keymgr list command displays also key size
- Kjournalprint displays total occupied size in the debug mode
- Server doesn't stop if failed to load a shared module from the module directory
- Libraries libcap-ng, pthread, and dl are linked selectively if needed
- Bugfixes:
- Sometimes incorrect result from dnssec_nsec_bitmap_contains (libdnssec)
- Server can crash when loading zone file difference and zone-in-journal is set
- Incorrect treatment of specific queries in the module RRL
- Failed to link module Cookies as a shared library
- changes from 2.7.1
- Improvements:
- Added zone wire size information to zone loading log message
- Added debug log message for each unsuccessful remote address operation
- Various improvements for packaging
- Bugfixes:
- Incompatible handling of RRSIG TTL value when creating a DNS message
- Incorrect RRSIG TTL value in zone differences and knotc zone operation outputs
- Default configure prefix is ignored
- changes from 2.7.0
- Features:
- New DNS Cookies module and related '+cookie' kdig option
- New module for response tailoring according to client's subnet or geographic location
- General EDNS Client Subnet support in the server
- OSS-Fuzz integration (Thanks to Jonathan Foote)
- New '+ednsopt' kdig option (Thanks to Jan Včelák)
- Online Signing support for automatic key rollover
- Non-normal file (e.g. pipe) loading support in zscanner #542
- Automatic SOA serial incrementation if non-empty zone difference
- New zone file load option for ignoring zone file's SOA serial
- New build-time option for alternative malloc specification
- Structured logging for DNSSEC key submission event
- Empty QNAME support in kdig
- Improvements:
- Various library and server optimizations
- Reduced memory consumption of outgoing IXFR processing
- Linux capabilities use overhaul #546 (Thanks to Robert Edmonds)
- Online Signing properly signs delegations and CNAME records
- CDS/CDNSKEY rrset is signed with KSK instead of ZSK
- DNSSEC-related records are ignored when loading zone difference with signing enabled
- Minimum allowed RSA key length was increased to 1024
- Bugfixes:
- Possible uninitialized address buffer use in zscanner
- Possible index overflow during multiline record parsing in zscanner
- kdig +tls sometimes consumes 100 % CPU #561
- Single-Type Signing doesn't work with single ZSK key #566
- Zone not flushed after re-signing during zone load #594
- Server crashes when committing empty zone transaction
- Incoming IXFR with on-slave signing sometimes leads to memory corruption #595
- Compatibility:
- Removed obsolete RRL configuration
- Removed obsolete module names 'mod-online-sign' and 'mod-synth-record'
- Removed obsolete 'ixfr-from-differences' configuration option
- Removed old journal migration
- Removed module rosedb
- changes from 2.6.9
- Improvements:
- Added zone wire size to zone loading log message
- Added debug log message for each unsuccessful remote address operation
- Bugfixes:
- Zone not flushed after re-signing during zone load #594
- Server crashes when committing empty zone transaction
- Incoming IXFR with on-slave signing sometimes leads to memory corruption #595
- packaging changes:
- enabled geoip module: new BR: pkgconfig(libmaxminddb)
- enabled cookies module
- enabled queryacl module
* Sat Jul 14 2018 [email protected]
- update to 2.6.8
- Features:
- New 'import-pkcs11' command in keymgr
- Improvements:
- Unixtime serial policy mimics Bind – increment if lower #593
- Bugfixes:
- Creeping memory consuption upon server reload #584
- Kdig incorrectly detects QNAME if 'notify' is a prefix
- Server crashes when zone sign fails #587
- CSK->KZSK rollover retires CSK early #588
- Server crashes when zone expires during outgoing
multi-message transfer
- Kjournalprint doesn't convert zone name argument to
lower-case
- Cannot switch to a previously used ksk-shared dnssec policy
[#589]
- update to 2.6.7
- Features:
- Added 'dateserial' (YYYYMMDDnn) serial policy configuration
(Thanks to Wolfgang Jung)
- Improvements:
- Trailing data indication from the packet parser (libknot)
- Better configuration check for a problematical option
combination
- Bugfixes:
- Incomplete configuration option item name check
- Possible buffer overflow in 'knot_dname_to_str' (libknot)
- Module dnsproxy doesn't preserve letter case of QNAME
- Module dnsproxy duplicates OPT and TSIG in the non-fallback
mode
* Wed May 02 2018 [email protected]
- Update to 2.6.6
- Features:
- New EDNS option counters in the statistics module
- New '+orphan' filter for the 'zone-purge' operation
- Improvements:
- Reduced memory consuption of disabled statistics metrics
- Some spelling fixes (Thanks to Daniel Kahn Gillmor)
- Server no longer fails to start if MODULE_DIR doesn't exist
- Configuration include doesn't fail if empty wildcard match
- Added a configuration check for a problematical option combination
- Bugfixes:
- NSEC3 chain not re-created when SOA minimum TTL changed
- Failed to start server if no template is configured
- Possibly incorrect SOA serial upon changed zone reload with DNSSEC signing
- Inaccurate outgoing zone transfer size in the log message
- Invalid dname compression if empty question section
- Missing EDNS in EMALF responses
* Mon Apr 02 2018 [email protected]
- update to 2.6.5
- Features:
- New 'zone-notify' command in knotc
- Kdig uses '@server' as a hostname for TLS authenticaion if
'+tls-ca' is set
- Improvements:
- Better heap memory trimming for zone operations
- Added proper polling for TLS operations in kdig
- Configuration export uses stdout as a default output
- Simplified detection of atomic operations
- Added '--disable-modules' configure option
- Small documentation updates
- Bugfixes:
- Zone retransfer doesn't work well if more masters configured
- Kdig can leak or double free memory in corner cases
- Inconsistent error outputs from dynamic configuration
operations
* Thu Jan 11 2018 [email protected]
- update to 2.6.4
see /usr/share/doc/packages/knot2/NEWS
* Sun Aug 06 2017 [email protected]
- fix tmpfiles scriptlet
* Sun Aug 06 2017 [email protected]
- package /var/lib/knot
- run tmpfiles scriptlet during install
* Sun Aug 06 2017 [email protected]
- update to 2.5.3
see /usr/share/doc/packages/knot2/NEWS
- use libidn2 on TW and 42.3
- following modules stay static:
- dnsproxy
- onlinesign
- moved modules to shared building:
- dnstap
- noudp
- rosedb
- rrl
- stats
- synthrecord
- whoami
* Mon Feb 13 2017 [email protected]
- update to 2.4.1
see /usr/share/doc/packages/knot2/NEWS
* Tue May 24 2016 [email protected]
- update to 2.2.1
- Bugfixes:
- Fix separate logging of server and zone events
- Fix concurrent zone file flushing with many zones
- Fix possible server crash with empty hostname on OpenWRT
- Fix control timeout parsing in knotc
- Fix "Environment maxreaders limit reached" error in knotc
- Don't apply journal changes on modified zone file
- Remove broken LTO option from configure script
- Enable multiple zone names completion in interactive knotc
- Set the TC flag in a response if a glue doesn't fit the
response
- Disallow server reload when there is an active configuration
transaction
- Improvements:
- Distinguish unavailable zones from zones with zero serial in
log messages
- Log warning and error messages to standard error output in
all utilities
- Document tested PKCS #11 devices
- Extended Python configuration interface
* Tue May 10 2016 [email protected]
- update to 2.2.0
- Bugfixes:
- Fix build dependencies on FreeBSD
- Fix query/response message type setting in dnstap module
- Fix remote address retrieval from dnstap capture in kdig
- Fix global modules execution for queries hitting existing
zones
- Fix execution of semantic checks after an IXFR transfer
- Fix PKCS#11 support detection at build time
- Fix kdig failure when the first AXFR message contains just
the SOA record
- Exclude non-authoritative types from NSEC/NSEC3 bitmap at a
delegation
- Mark PKCS#11 generated keys as sensitive (required by Luna
SA)
- Fix error when removing the only zone from the server
- Don't abort knotc transaction when some check fails
- Features:
- URI and CAA resource record types support
- RRL client address based white list
- knotc interactive mode
- Improvements:
- Consistent IXFR error messages
- Various fixes for better compatibility with PKCS#11 devices
- Various keymgr user interface improvements
- Better zone event scheduler performance with many zones
- New server control interface
- kdig uses local resolver if resolv.conf is empty
- new BR libedit-devel for the interactive mode
* Thu Feb 11 2016 [email protected]
- update to 2.1.1
- Bugfixes:
- DNSSEC: Allow import of duplicate private key into the KASP
- DNSSEC: Avoid duplicate NSEC for Wildcard No Data answer
- Fix server crash when an incomming transfer is in progress
and reload is issued
- Fix socket polling when configured with many interfaces and
threads
- Fix compilation against Nettle 3.2
- Improvements:
- Select correct source address for UDP messages recieved on
ANY address
- Extend documentation of knotc commands
- drop knot-2.1.0_pkcs11_check.patch
* Wed Jan 27 2016 [email protected]
- enable libcap-ng
* Wed Jan 27 2016 [email protected]
- fix configure check for pkcs11 support:
adds knot-2.1.0_pkcs11_check.patch
* Wed Jan 27 2016 [email protected]
- fix soversions
* Wed Jan 27 2016 [email protected]
- update to 2.1.0
- Features:
- Per-thread UDP socket binding using SO_REUSEPORT on Linux
- Support for dynamic configuration database
- DNSSEC: Support for cryptographic tokens via PKCS #11
interface
- DNSSEC: Experimental support for online signing
- Improvements:
- Support for zone file name patterns
- Configurable location of zone timer database
- Non-blocking network operations and better timeout handling
- Caching of Critical configuration values for better
performance
- Logging of ACL failures
- RRL: Add rate-limit-slip zero support to drop all responses
- RRL: Document behavior for different rate-limit-slip options
- kdig: Warning instead of error on TSIG validation failure
- Cleanup of support libraries interfaces (libknot,
libzscanner, libdnssec)
- Remove possibly insecure server control over a network socket
- Remove implementation limit for the number of network
interfaces
- Bugfixes:
- synth-record module: Fix application of default configuration
options
- TSIG: Allow compressed TSIG name when forwarding DDNS updates
- Schedule zone bootstrap after slave zone fails to load from
disk
- avoid activating the intree copy of lmdb
* Tue Nov 24 2015 [email protected]
- update to 2.0.2
- Out-of-bound read in packet parser for malformed NAPTR records
(LibFuzzer)
* Wed Oct 14 2015 [email protected]
- split out shared libraries, knot-resolver uses some of them and
atm we are forced to install the whole knot2 package.
* Thu Sep 03 2015 [email protected]
- lmdb seems no longer optional
* Thu Sep 03 2015 [email protected]
- create a new branch for knot 2.x starting with 2.0.1
- Bugfixes:
- Do not reload expired zones on 'knotc reload' and server
startup
- Fix rare race-condition in event scheduling causing delayed
event execution
- Fix skipping of non-authoritative nodes in NSEC proofs
- Fix TC flag setting in RRL slipped answers
- Disable domain name compression for root label
- Log via journald only when running under systemd
- Fix CNAME following when quering for NSEC RR type
- Fix refreshing of DNSSEC signatures for zone keys
- Fix binding an unavailable IPv6 address on Linux
(IP_FREEBIND)
- Fix infinite loop in knotc zonestatus and memstats
- Fix memory leak in configuration on server shutdown
- Fix broken dnsproxy module
- Fix DNSSEC KASP timestamps parsing in strict POSIX
environment
- fix multi value parsing on big-endian
- Adapt to Nettle 3 API break causing base64 decoding failures
on big-endian
- Features:
- Add 'keymgr zone key ds' to show key's DS record
- Add 'keymgr tsig generate' to generate TSIG keys
- Add query module scoping to process either all queries or
zone queries only
- Add support for file name globbing in config file includes
- Add 'request-edns-option' config option to add custom EDNS0
option into server initiated queries
- Improvements:
- Send minimal responses (remove NS from Authority section for
NOERROR)
- Update persistent timers only on shutdown for better
performance
- Allow change of RR TTL over DDNS
- Documentation fixes, updates, and improvements in formatting
- Install yparser and zscanner header files
- Improve lookup of libsystemd build dependencies
- Fix compilation warnings in endian conversion functions on
OpenBSD
- changes in knot 2.0.0
- Bugfixes:
- Fix lost NOTIFY message if received during zone transfer
- Disable fast zone parser when compiled in Clang (workaround
for Clang bug)
- kdig: Record correct dnstap SocketProtocol when retrying
over TCP
- kdig: Hide TSIG section with +noall
- Do not set AA flag for AXFR/IXFR queries
- Features:
- DNSSEC: separate library, switch to GnuTLS, new utilities
- DNSSEC: basic KASP support (generate initial keys, ZSK
rollover)
- Configuration: New text format in YAML, binary store in LMDB
- Zone parser: Split long TXT/SPF strings into multiple
strings
- kdig: Add generic dump style option (+generic)
- Try all master servers in multi-master environment
- Improved remotes and ACLs (multiple addresses, multiple
keys)
- Basic support for zone file patterns (%s to substitute zone
name)
- Disable zone file synchronization by setting 'zonefile_sync'
to '-1'
- knsupdate: Add input prompt in interactive mode and 'quit'
command
- knsupdate: Allow TSIG algorithm specification in interactive
prompt
- Improvements:
- Zone dump: Do not write class for SOA record (unified with
other RR types)
- Zone dump: Do not write master server address into the zone
file
- Documentation: Manual pages are included in HTML and PDF
- drop patches which are included upstream:
0001-loosen-openssl-dependency.patch
0002-make-configure.ac-compatible-with-old-tools.patch
- also drop all buildrequires just needed for autoreconf
- new buildrequires:
pkgconfig(gnutls) >= 3
pkgconfig(nettle)
pkgconfig(jansson)
- create devel subpackage
- enable rosedb and bash completion
* Wed Apr 29 2015 [email protected]
- local state dir should be just /var
* Thu Apr 09 2015 [email protected]
- enable dnstap support for factory and newer:
- new BR: protobuf-c and libfstrm-devel
- prepared lto support but not enabled yet, still need to find out
which distros support it
* Thu Apr 09 2015 [email protected]
- update to 1.6.3
- Performance drop for NSEC-signed zones
- Proper handling of TCP short-writes
- Out-of-bound read in zone parser for long domain names in
origin (AFL fuzzer)
- Out-of-bound read in packet parser for TSIG RR without RDATA
(AFL fuzzer)
- Out-of-bound read in packet parser for malformed NAPTR RR (AFL
fuzzer)
- CDS and CDNSKEY support in zone parser
- Add defaults for TCP config options into documentation
- Detailed error message if zone reload fails
- refreshed patches to apply cleanly again:
0002-make-configure.ac-compatible-with-old-tools.patch
* Tue Mar 10 2015 [email protected]
- update to 1.6.2
- Limiting number of parallel TCP clients (max-tcp-clients config
option)
- Ignore refresh and transfer events on non-slave zones
- Compilation with Dnstap support on FreeBSD
- Possible file descriptor leak when terminating inactive TCP
clients
- refreshed patches to apply cleanly again:
0002-make-configure.ac-compatible-with-old-tools.patch
- moved autoreconf -fi to %build so it wont be tried in quilt setup
or similar tools
- move up the %if case for systemd in for the preun scriptlet to
avoid warning about empty scripts on non systemd distributions.
- used xz tarball: new buildrequires xz
* Thu Jan 08 2015 [email protected]
- Add deps on the docu packages to regen documentation
- Enable systemd integration fully
- Add dep on libidn
- Cleanup with spec-cleaner
* Wed Dec 31 2014 [email protected]
- Only require lmdb-devel on (Open)SUSE 13.2 and higher
* Wed Dec 31 2014 [email protected]
- Updated to 1.6.1
Bugfixes:
- Journal file would sometimes outgrow its set limit
- Fixed incompatibility with OpenSSL 0.9.8
- Proper handling when machine hostname cannot be retreived
Features:
- Support for DNSSEC Single Type Signing Scheme
- Compile with lmdb-devel to add support for persistent timers
* Tue Nov 18 2014 [email protected]
- Updated to 1.6.0
Bugfixes:
- Fix zone expiration when AXFR/IXFR is being refused by master
- Fix forced zone refresh on slave (knotc refresh -f)
- Persistent timers database opening after privileges has been dropped
- DNSSEC: RFC compliant processing of letter case in RDATA domain names
- EDNS: Return minimal error response for queries with unsupported version
- EDNS: Fix interpretation of Extended RCODE
Improvements:
- Maximal size of persistent timers database increased from 10 MB to 100 MB
- Added logging of persistent timers database errors
Features:
- Persistent timers for slave zones (expire, refresh, and flush)
* Mon Sep 15 2014 [email protected]
- Updated to 1.5.3
Bugfixes:
- Some specific incoming IXFRs were causing server to crash
- Rare sychronization error during reload caused read-after-free
- Response synthetization module did not work properly with DNSSEC-enabled zones
- When Knot sent AXFR when IXFR was requested, message ID and opcode were wrong
- Knot failed to send large messages to remote control (present since 1.5.1)
- Some RR parsing corner cases were not handled properly
- AXFR-style IXFR was refused and had to be retransfered
- Hash character (#) was not properly escaped when storing text zone file
- DNSSEC: DNAMEs in RDATA were not lowercased before signing
- EDNS: OPT RR were not put into responsing for some errors
- TSIG: DDNS responses were not signed with TSIG
- DDNS: Prerequisite checks failed for some inputs
- knsupdate: Zone origin was not used for deletions
Features:
- Basic support for logging using systemd journal
- DDNS: Ability to process updates in bulk
Improvements:
- Unified logging messages structure
- DNSSEC: More strict controls for signing keys
- Refreshed patches on top of 1.5.3 release:
* 0001-loosen-openssl-dependency.patch
* 0002-make-configure.ac-compatible-with-old-tools.patch
* Fri Jul 11 2014 [email protected]
- Squash 0002-remove-AM_SILENT_RULES.patch and 0003-no-dist-xz.patch
into 0002-make-configure.ac-compatible-with-old-tools.patch that
removes configure.ac options incompatible with SLES_11_SP[23].
- added patches:
* 0002-make-configure.ac-compatible-with-old-tools.patch
- removed patches:
* 0002-remove-AM_SILENT_RULES.patch
* 0003-no-dist-xz.patch
* Thu Jul 10 2014 [email protected]
- Updated to 1.5.0
Features:
* DDNS forwarding reimplemented
* edns-client-subnet support in kdig
* Optional asynchronous startup (config "asynchronous-start")
* Pluggable query processing modules
* Synthetic IPv4/IPv6 reverse/forward records (optional module)
* dnstap support in both utilities & server (optional module)
* NOTIFY message support and new TSIG section in kdig
* Multi-master support
Improvements:
* Transfer sizes logged in bytes if needed
* Logging outgoing NOTIFY messages
* Logging unauthorized incoming NOTIFYs
* Preempt task queue for faster reload
* Lazy zone file write after zone transfer (governed by "zonefile-sync")
* Query processing and core functionality overhaul
* Performance and reduced memory footprint
* Faster zone events scheduling
* RFC compliant queries/responses in some corner cases
* Log messages
* New documentation (Sphinx)
Bugfixes:
* Zone flush planning after bootstrap
* Incorrect incoming AXFR message sizes
* DDNS signing changes were freed too soon, posibility of stale data
* knotc remote control key handling
* Close zone transfer after SERVFAIL response
* Incremental to full zone transfer fallback, wrong log message
* Zone events corner cases, reload replanning
* Tue Jun 24 2014 [email protected]
- updated to 1.4.7:
* Fixed DDNS corner cases
* Fixed zone EXPIRE timer
* Fixed semantic checks false positives
* Fixed sending malformed IXFR with automatic DNSSEC
* Fixed NAPTR record serialization
* Mon May 12 2014 [email protected]
- Fixed the missing 1.4.5 tarball
* Tue Apr 15 2014 [email protected]
- updated to 1.4.5
Bugfixes:
* Fix possible weakness in TSIG signature checking
* Fri Mar 28 2014 [email protected]
- updated to 1.4.4
Features:
* Server is logging remote control commands
* 'knotc reload' doesn't refresh unchanged zones
* 'knotc -f refresh' forces zone retransfer
Bugfixes:
* Missing notifications after DDNS/automatic resign
* Zone is rebootstrapped if the zone file is unreadable
* Progressive bootstrap retry backoff
* Zone file parser allows asterisk as part of the label
* Journal maximum entry size fixes
* Sign DNSKEYs in non-apex nodes as regular RR sets
* Tue Feb 18 2014 [email protected]
- Enable recvmmsg support in the build to increase performance
- Update upstream config directory to /etc/knot (instead of /etc/knot/knot)
- Replace tar.xz with tar.gz to allow backporting to older releases
- Disable silent rules to have more verbose builds
- Add support to compile with OpenSSL << 1.0.0
- added patches:
* 0001-loosen-openssl-dependency.patch
* Tue Feb 18 2014 [email protected]
- update to 1.4.3:
* Failure when expanding wildcard leading to apex and having DNSKEY records
* Failure for query to wildcard without wildcard expansion
* Bad cleanup when loading a faulty entry from a journal
* Zone file $ORIGIN and configuration comparison is case-insensitive
* Config "include" statement supports directory and includes all files within
* Mon Jan 27 2014 [email protected]
- update to 1.4.2:
* AXFR/IXFR compatibility issues with tinydns/axfrdns
* Journal file is created only when needed
* Zone-related log messages are logged into correct category
* DNSSEC: Refresh signatures earlier (3 days before their expiration
with the default signature lifetime)
* Fixed RCU synchronization causing deadlock on 'knotc signzone'
* RRSIG not fitting in the additional records doesn't cause truncation
* Tue Jan 14 2014 [email protected]
- update to 1.4.1:
* Empty APL record support
* 'zonestatus' when using immediate zone syncing
* Immediate zone syncing after reload
* Race condition writing time values to zone file
* Hard require OpenSSL >= 1.0.0
- removed patches:
* 0001-Add-support-for-OpenSSL-threads-in-OpenSSL-1.0.0.patch
* 0001-Check-the-OpenSSL-version-when-checking-for-GOST-alg.patch
* Wed Jan 08 2014 [email protected]
- Add support to compile with OpenSSL << 1.0.0
- added patches:
* 0001-Add-support-for-OpenSSL-threads-in-OpenSSL-1.0.0.patch
* 0001-Check-the-OpenSSL-version-when-checking-for-GOST-alg.patch
* Wed Jan 08 2014 [email protected]
- update to 1.4.0:
* Experimental automatic DNSSEC signing
* Fastest ragel parser enabled by default
* Reduced memory usage
* Zone SOA SERIAL policies (INCREMENT, UNIXTIME) for DDNS and
automatic DNSSEC signing
* IDN support in Knot utilities (kdig, knsupdate, ...)
* DNSSEC: support for GOST algorithm
* Support for DNSSEC key pre-publication
* Mon Dec 16 2013 [email protected]
- update to 1.3.4:
* Bugfixes:
Crash in particular additionals processing
Race condition in event cancelation
Journal corruption after failed transactions
* Tue Nov 26 2013 [email protected]
- update to 1.3.3:
* New features:
Reduced memory usage
Improved performance
Experimental automatic DNSSEC signing
Refactored zone loading
Improved journal locking
* Bugfixes:
Fixed some race conditions
Various fixes in client utilities
* Mon Sep 09 2013 [email protected]
- update to 1.3.1
* Faster zone parser
* Full support for EUI and ILNP resource records
* Lower memory footprint for large zones
* No compilation of zones
* Improved scheduling of zone transfers
* Logging of serials and timing information for zone transfers
* see NEWS or https://www.knot-dns.cz/ for details
* Wed Apr 03 2013 [email protected]
- Update to 1.2.0 final
Bugfixes:
* Memory leaks
* Fri Mar 22 2013 [email protected]
- Update to 1.2.0-rc4
New features:
* knotc 'zonestatus' command
Bugfixes:
* Changing logfile ownership before dropping privileges
* knotc respects 'control' section from configuration
* RRL: resolved bucket collisions
* RRL: updated bucket mapping to conform RRL technical memo
* Tue Mar 12 2013 [email protected]
- Update to 1.2.0-rc3
New features:
* Dynamic updates, including forwarding (limited on signed zones)
* Updated remote control utility
* Configurable TCP timeouts
* LOC RR support
* Response rate limiting (see documentation)
Bugfixes:
* Fixed processing of some non-standard dnames.
* Correct checking of label length bounds in some cases.
* More compliant rcodes in case of DDNS/TSIG failures.
* Correct processing of malformed DDNS prereq section.
* Fixed OpenBSD build
* Responses to ANY should contain RRSIGs
* Sat Nov 24 2012 [email protected]
- Documentation only needs makeinfo, thus require it instead of texinfo
where it's available as separate package.
* Thu Nov 22 2012 [email protected]
- update to 1.1.2:
Bugfixes:
* Fixed crash on reload when config contained duplicate zones.
* Fixed scheduling of transfers.
* Fixed debug message.
- merge some changes from fedora spec file
- remove unittest files, they don't belong in binary packages
- depend on texinfo package to build the documentation
* Tue Nov 20 2012 [email protected]
- update to 1.1.1:
New features:
* Optionally disable ANY queries for authoritative answers.
* Dropping identical records in zone and incoming transfers.
* Support for '/' in zone names.
* Generating journal from reloaded zone (EXPERIMENTAL).
* Outgoing-only interfaces in configuration file.
* Following DNAME if the synthetized name is in the same zone.
* Signing SOA with TSIG queries when checking zone version with master.
* Improved compression of packets. Out-of-zone dnames present in RDATA
were not compressed.
* Slave zones are now automatically refreshed after startup.
* Proper response to IXFR/UDP query (returns SOA in Authority section).
Bugfixes:
* Crash when zone contained RRSIG signing a CNAME, but did not
contain the CNAME.
* Malformed packets parsing.
* Failed IXFR caused memory leaks.
* Failed IXFR might have resulted in inconsistent zone structures.
* Fixed answering to +dnssec queries when NSEC3 chain is corrupted.
* Fixed answering when transitioning from NSEC3 to NSEC.
* Fixed answering when zone contains multiple NSEC3 chains.
* Handling RRSets with different TTLs - TTL from the first RR is used.
* Synchronization of zone reload and zone transfers.
* Fixed build on NetBSD 5 and FreeBSD.
* Fixed binding to both IPv4 and IPv6 at the same time on special
interfaces.
* Fixed access rights of created files.
* Semantic checks corrupted RDATA domain names which are covered by
wildcard in the same zone.
* Fixed ixfr-from-differences journal generation in case of IPSECKEY
and APL records.
* Fixed possible leak on server shutdown with a pending transfer.
* Syncing journal to zone was not updating the compiled zone database.
* Crash after IXFR in certain cases when adding RRSIG in an IXFR.
* Fixed behaviour when incoming IXFR removes a zone cut. Previously
occluded names now become properly visible. Previously lead to a
crash when the server was asked for the previously occluded name.
* Fixed handling of zero-length strings in text zone dump. Caused the
compilation to fail.
* Fixed TSIG algorithm name comparison - the names should be in
canonical form.
* Fixed handling unknown RR types with type less than 251.
Other improvements:
* IXFR-in optimized.
* Many zones loading optimized.
* More detailed log messages (mostly transfer-related).
* Copying Question section to error responses.
* Using zone name from config file as default origin in zone file.
* Additional records are now added to response also from
wildcard-covered names.
* Improved user manual.
* Better checks of corrupted zone database.
* Tue Aug 28 2012 [email protected]
- fix build for older distributions (dont user %{make_install}
macro)
* Mon Jul 02 2012 [email protected]
- initial version 1.0.6
/usr/lib64/libknot.so.15 /usr/lib64/libknot.so.15.0.0
Generated by rpm2html 1.8.1
Fabrice Bellet, Fri Dec 20 23:45:39 2024