Skip to content

Commit

Permalink
knot: Update to version 3.2.4
Browse files Browse the repository at this point in the history
- Update from version 3.1.7 to 3.2.4
- Update of rootfile
- find-dependencies run and only thing showing as depending on the libs are knot itself.
- Changelog
    Knot DNS 3.2.4 (2022-12-12)
	Improvements:
	 - knotd: significant speed-up of catalog zone update processing
	 - knotd: new runtime check if RRSIG lifetime is lower than RRSIG refresh
	 - knotd: reworked zone re-bootstrap scheduling to be less progressive
	 - mod-synthrecord: module can work with CIDR-style reverse zones #826
	 - python: new libknot wrappers for some dname transformation functions
	 - doc: a few fixes and improvements
	Bugfixes:
	 - knotd: incomplete zone is received when IXFR falls back to AXFR due to
	          connection timeout if primary puts initial SOA only to the first message
	 - knotd: first zone re-bootstrap is planned after 24 hours
	 - knotd: EDNS EXPIRE option is present in outgoing transfer of a catalog zone
	 - knotd: catalog zone can expire upon EDNS EXPIRE processing
	 - knotd: DNSSEC signing doesn't fail if no offline KSK records available
    Knot DNS 3.2.3 (2022-11-20)
	Improvements:
	 - knotd: new per-zone DS push configuration option (see 'zone.ds-push')
	 - libs: upgraded embedded libngtcp2 to 0.11.0
	Bugfixes:
	 - knsupdate: program crashes when sending an update
	 - knotd: server drops more responses over UDP under higher load
	 - knotd: missing EDNS padding in responses over QUIC
	 - knotd: some memory issues when handling unusual QUIC traffic
	 - kxdpgun: broken IPv4 source subnet processing
	 - kdig: incorrect handling of unsent data over QUIC
    Knot DNS 3.2.2 (2022-11-01)
	Features:
	 - knotd,kxdpgun: support for VLAN (802.1Q) traffic in the XDP mode
	 - knotd: added configurable delay upon D-Bus initialization (see 'server.dbus-init-delay')
	 - kdig: support for JSON (RFC 8427) output format (see '+json')
	 - kdig: support for PROXYv2 (see '+proxy') (Gift for Peter van Dijk)
	Improvements:
	 - mod-geoip: module respects the server configuration of answer rotation
	 - libs: upgraded embedded libngtcp2 to 0.10.0
	 - tests: improved robustness of some unit tests
	 - doc: added description of zone bootstrap re-planning
	Bugfixes:
	 - knotd: catalog confusion when a member is added and immediately deleted #818
	 - knotd: defective handling of short messages with PROXYv2 header #816
	 - knotd: inconsistent processing of malformed messages with PROXYv2 header #817
	 - kxdpgun: incorrect XDP mode is logged
	 - packaging: outdated dependency check in RPM packages
    Knot DNS 3.2.1 (2022-09-09)
	Improvements:
	 - libknot: added compatibility with libbpf 1.0 and libxdp
	 - libknot: removed some trailing white space characters from textual RR format
	 - libs: upgraded embedded libngtcp2 to 0.8.1
	Bugfixes:
	 - knotd: some non-DNS packets not passed to OS if XDP mode enabled
	 - knotd: inappropriate log about QUIC port change if QUIC not enabled
	 - knotd/kxdpgun: various memory leaks related to QUIC and TCP
	 - kxdpgun: can crash at high rates in emulated XDP mode
	 - tests: broken XDP-TCP test on 32-bit platforms
	 - kdig: failed to build with enabled QUIC on OpenBSD
	 - systemd: failed to start server due to TemporaryFileSystem setting
	 - packaging: missing knot-dnssecutils package on CentOS 7
    Knot DNS 3.2.0 (2022-08-22)
	Features:
	 - knotd: finalized TCP over XDP implementation
	 - knotd: initial implementation of DNS over QUIC in the XDP mode (see 'xdp.quic')
	 - knotd: new incremental DNSKEY management for multi-signer deployment (see 'policy.dnskey-management')
	 - knotd: support for remote grouping in configuration (see 'groups' section)
	 - knotd: implemented EDNS Expire option (RFC 7314)
	 - knotd: NSEC3 salt is changed with every ZSK rollover if lifetime is set to -1
	 - knotd: support for PROXY v2 protocol over UDP (Thanks to Robert Edmonds) #762
	 - knotd: support for key labels with PKCS #11 keystore (see 'keystore.key-label')
	 - knotd: SVCB/HTTPS treatment according to draft-ietf-dnsop-svcb-https
	 - keymgr: new JSON output format (see '-j' parameter) for listing keys or zones (Thanks to JP Mens)
	 - kxdpgun: support for DNS over QUIC with some testing modes (see '-U' parameter)
	 - kdig: new DNS over QUIC support (see '+quic')
	Improvements:
	 - knotd: reduced memory consumption when processing IXFR, DNSSEC, catalog, or DDNS
	 - knotd: RRSIG refresh values don't have to match in the mode Offline KSK
	 - knotd: better decision whether AXFR fallback is needed upon a refresh error
	 - knotd: NSEC3 resalt event was merged with the DNSSEC event
	 - knotd: server logs when the connection to remote was taken from the pool
	 - knotd: server logs zone expiration time when the zone is loaded
	 - knotd: DS check verifies removal of old DS during algorithm rollover
	 - knotd: DNSSEC-related records can be updated via DDNS
	 - knotd: new 'xdp.udp' configuration option for disabling UDP over XDP
	 - knotd: outgoing NOTIFY is replanned if failed
	 - knotd: configuration checks if zone MIN interval values are lower or equal to MAX ones
	 - knotd: DNSSEC-related zone semantic checks use DNSSEC validation
	 - knotd: new configuration value 'query' for setting ACL action
	 - knotd: new check on near end of imported Offline KSK records
	 - knotd/knotc: implemented zone catalog purge, including orphaned member zones
	 - knotc: interactive mode supports catalog zone completion, value completion, and more
	 - knotc: new default brief and colorized output from zone status
	 - knotc: unified empty values in zone status output
	 - keymgr: DNSKEY TTL is taken from KSR in the Offline KSK mode
	 - kjournalprint: path to journal DB is automatically taken from the configuration,
	                  which can be specified using '-c', '-C' (or '-D')
	 - kcatalogprint: path to catalog DB is automatically taken from the configuration,
	                  which can be specified using '-c', '-C' (or '-D')
	 - kzonesign: added automatic configuration file detection and '-C' parameter
	              for configuration DB specificaion
	 - kzonesign: all CPU threads are used for DNSSEC validation
	 - libknot: dname pointer cannot point to another dname pointer when encoding RRsets #765
	 - libknot: QNAME case is preserved in knot_pkt_t 'wire' field (Thanks to Robert Edmonds) #780
	 - libknot: reduced memory consumption of the XDP mode
	 - libknot: XDP filter supports up to 256 NIC queues
	 - kxdpgun: new options for specifying source and remote MAC addresses
	 - utils: extended logging of LMDB-related errors
	 - utils: improved error outputs
	 - kdig: query has AD bit set by default
	 - doc: various improvements
	Bugfixes:
	 - knotd: zone changeset is stored to journal even if disabled
	 - knotd: journal not applied to zone file if zone file changed during reload
	 - knotd: possible out-of-order processing or postponed zone events to far future
	 - knotd: incorrect TTL is used if updated RRSet is empty over control interface
	 - knotd/libs: serial arithmetics not used for RRSIG expiration processing
	 - knsupdate: incorrect RRTYPE in the question section
	Compatibility:
	 - knotd: default value for 'zone.journal-max-depth' was lowered to 20
	 - knotd: default value for 'policy.nsec3-iterations' was lowered to 0
	 - knotd: default value for 'policy.rrsig-refresh' is propagation delay + zone maximum TTL
	 - knotd: server fails to load configuration if 'policy.rrsig-refresh' is too low
	 - knotd: configuration option 'server.listen-xdp' has no effect
	 - knotd: new configuration check on deprecated DNSSEC algorithm
	 - knotc: new '-e' parameter for full zone status output
	 - keymgr: new '-e' parameter for full key list output
	 - keymgr: brief key listing mode is enabled by default
	 - keymgr: renamed parameter '-d' to '-D'
	 - knsupdate: default TTL is set to 3600
	 - knsupdate: default zone is empty
	 - kjournalprint: renamed parameter '-c' to '-H'
	 - python/libknot: removed compatibility with Python 2
	Packaging:
	 - systemd: removed knot.tmpfile
	 - systemd: added some hardening options
	 - distro: Debian 9 and Ubuntu 16.04 no longer supported
	 - distro: packages for CentOS 7 are built in a separate COPR repository
	 - kzonecheck/kzonesign/knsec3hash: moved to new package knot-dnssecutils
    Knot DNS 3.1.9 (2022-08-10)
	Improvements:
	 - knotd: new configuration checks on unsupported catalog settings
	 - knotd: semantic check issues have notice log level in the soft mode
	 - keymgr: command generate-ksr automatically sets 'from' parameter to last
	           offline KSK records' timestamp if it's not specified
	 - keymgr: command show-offline starts from the first offline KSK record set
	           if 'from' parameter isn't specified
	 - kcatalogprint: new parameters for filtering catalog or member zone
	 - mod-probe: default rate limit was increased to 100000
	 - libknot: default control timeout was increased to 30 seconds
	 - python/libknot: various exceptions are raised from class KnotCtl
	 - doc: some improvements
	Bugfixes:
	 - knotd: incomplete outgoing IXFR is responded if journal history is inconsistent
	 - knotd: manually triggered zone flush is suppressed if disabled zone synchronization
	 - knotd: failed to configure XDP listen interface without port specification
	 - knotd: de-cataloged member zone's file isn't deleted #805
	 - knotd: member zone leaks memory when reloading catalog during dynamic configuration change
	 - knotd: server can crash when reloading modules with DNSSEC signing (Thanks to iqinlongfei)
	 - knotd: server crashes during shutdown if PKCS #11 keystore is used
	 - keymgr: command del-all-old isn't applied to all keys in the removed state
	 - kxdpgun: user specified network interface isn't used
	 - libs: fixed compilation on illumos derivatives (Thanks to Nick Ewins)
    Knot DNS 3.1.8 (2022-04-28)
	Features:
	 - knotd: optional automatic ACL for XFR and NOTIFY (see 'remote.automatic-acl')
	 - knotd: new soft zone semantic check mode for allowing defective zone loading
	 - knotc: added zone transfer freeze state to the zone status output
	Improvements:
	 - knotd: added configuration check for serial policy of generated catalogs
	Bugfixes:
	 - knotd/libknot: the server can crash when validating a malformed TSIG record
	 - knotd: outgoing zone transfer freeze not preserved during server reload
	 - knotd: catalog UPDATE not processed if previous UPDATE processing not finished #790
	 - knotd: zone refresh not started if planned during server reload
	 - knotd: generated catalogs can be queried over UDP
	 - knotd/utils: failed to open LMDB database if too many stale slots occupy the lock table

Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
  • Loading branch information
Adolf Belka authored and pmu-ipf committed Jan 9, 2023
1 parent e0684cd commit 3816b8b
Show file tree
Hide file tree
Showing 2 changed files with 7 additions and 7 deletions.
8 changes: 4 additions & 4 deletions config/rootfiles/common/knot
Original file line number Diff line number Diff line change
Expand Up @@ -4,12 +4,12 @@ usr/bin/kdig
#usr/lib/libdnssec.la
#usr/lib/libdnssec.lai
#usr/lib/libdnssec.so
usr/lib/libdnssec.so.8
usr/lib/libdnssec.so.8.0.0
usr/lib/libdnssec.so.9
usr/lib/libdnssec.so.9.0.0
#usr/lib/libknot.la
#usr/lib/libknot.lai
#usr/lib/libknot.so
usr/lib/libknot.so.12
usr/lib/libknot.so.12.0.0
usr/lib/libknot.so.13
usr/lib/libknot.so.13.0.0
#usr/lib/libknotus.a
#usr/lib/libknotus.la
6 changes: 3 additions & 3 deletions lfs/knot
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
###############################################################################
# #
# IPFire.org - A linux based firewall #
# Copyright (C) 2007-2022 IPFire Team <info@ipfire.org> #
# Copyright (C) 2007-2023 IPFire Team <info@ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
Expand All @@ -24,7 +24,7 @@

include Config

VER = 3.1.7
VER = 3.2.4

THISAPP = knot-$(VER)
DL_FILE = $(THISAPP).tar.xz
Expand All @@ -40,7 +40,7 @@ objects = $(DL_FILE)

$(DL_FILE) = $(DL_FROM)/$(DL_FILE)

$(DL_FILE)_BLAKE2 = d0e5c999c1b4bca89b86ad956dd91643f795fcba94757e34c44e3e6b925030c332da9cb0bfd72d6ae0f32b3016a8c50d821cfcc513268682dd6b5715714d9047
$(DL_FILE)_BLAKE2 = 1d5fec057898d8cbe73f37cd85aa9d56c7db0215e0fe8ba697f3ee4c38d7554780804b8859d062a824b18f823d6cff1546bd7ce54438ee54c555d068c5f19da1

install : $(TARGET)

Expand Down

0 comments on commit 3816b8b

Please sign in to comment.