SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for knot-resolver-1.3.2-1.fc27.x86_64.rpm :

* Tue Aug 01 2017 Petr Spacek - 1.3.2-1New upstream release:Knot Resolver 1.3.2 (2017-07-28)================================Security--------- fix possible opportunities to use insecure data from cache as keys for validationBugfixes--------- daemon: check existence of config file even if rundir isn\'t specified- policy.FORWARD and STUB: use RTT tracking to choose servers (#125, #208)- dns64: fix CNAME problems (#203) It still won\'t work with policy.STUB.- hints: better interpretation of hosts-like files (#204) also, error out if a bad entry is encountered in the file- dnssec: handle unknown DNSKEY/DS algorithms (#210)- predict: fix the module, broken since 1.2.0 (#154)Improvements------------- embedded LMDB fallback: update 0.9.18 -> 0.9.21
* Wed Jul 26 2017 Fedora Release Engineering - 1.3.1-1.1- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
* Tue Jul 11 2017 Petr Spacek - 1.3.1-2- build experimental command line interface \"kresc\"
* Tue Jul 11 2017 Petr Spacek - 1.3.1-1New upstream release:Knot Resolver 1.3.1 (2017-06-23)================================Bugfixes--------- modules/http: fix finding the static files (bug from 1.3.0)- policy.FORWARD: fix some cases of CNAMEs obstructing search for zone cutsKnot Resolver 1.3.0 (2017-06-13)================================Security--------- Refactor handling of AD flag and security status of resource records. In some cases it was possible for secure domains to get cached as insecure, even for a TLD, leading to disabled validation. It also fixes answering with non-authoritative data about nameservers.Improvements------------- major feature: support for forwarding with validation (#112). The old policy.FORWARD action now does that; the previous non-validating mode is still avaliable as policy.STUB except that also uses caching (#122).- command line: specify ports via AATT but still support # for compatibility- policy: recognize 100.64.0.0/10 as local addresses- layer/iterate:
*do
* retry repeatedly if REFUSED, as we can\'t yet easily retry with other NSs while avoiding retrying with those who REFUSED- modules: allow changing the directory where modules are found, and do not search the default library path anymore.Bugfixes--------- validate: fix insufficient caching for some cases (relatively rare)- avoid putting \"duplicate\" record-sets into the answer (#198)Knot Resolver 1.2.6 (2017-04-24)================================Security--------- dnssec: don\'t set AD flag for NODATA answers if wildcard non-existence is not guaranteed due to opt-out in NSEC3Improvements------------- layer/iterate: don\'t retry repeatedly if REFUSEDBugfixes--------- lib/nsrep: revert some changes to NS reputation tracking that caused severe problems to some users of 1.2.5 (#178 and #179)- dnssec: fix verification of wildcarded non-singleton RRsets- dnssec: allow wildcards located directly under the root- layer/rrcache: avoid putting answer records into queries in some cases
* Thu Apr 06 2017 Petr Spacek - 1.2.5-1- new upstream relase + security: layer/validate: clear AD if closest encloser proof has opt-outed NSEC3 (#169) + security: layer/validate: check if NSEC3 records in wildcard expansion proof has an opt-out + security: dnssec/nsec: missed wildcard no-data answers validation has been implemented + fix: trust anchors: Improve trust anchors storage format (#167) + fix: trust anchors: support non-root TAs, one domain per file + fix: policy.DENY: set AA flag and clear AD flag + fix: lib/resolve: avoid unnecessary DS queries + fix: lib/nsrep: don\'t treat servers with NOIP4 + NOIP6 flags as timeouted + fix: layer/iterate: During packet classification (answer vs. referral) don\'t analyze AUTHORITY section in authoritative answer if ANSWER section contains records that have been requested + enhancement: modules/dnstap: a DNSTAP support module (Contributed by Vicky Shrestha) + enhancement: modules/workarounds: a module adding workarounds for known DNS protocol violators + enhancement: layer/iterate: fix logging of glue addresses + enhancement: kr_bitcmp: allow bits=0 and consequently 0.0.0.0/0 matches in view and renumber modules. + enhancement: modules/padding: Improve default padding of responses (Contributed by Daniel Kahn Gillmor) + enhancement: New kresc client utility (experimental; don\'t rely on the API yet)
* Thu Mar 09 2017 Petr Spacek - 1.2.4-1- new upstream release + security: Knot Resolver 1.2.0 and higher could return AD flag for insecure answer if the daemon received answer with invalid RRSIG several times in a row. + fix: layer/iterate: some improvements in cname chain unrolling + fix: layer/validate: fix duplicate records in AUTHORITY section in case + fix: of WC expansion proof + fix: lua: do
*not
* truncate cache size to unsigned + fix: forwarding mode: correctly forward +cd flag + fix: fix a potential memory leak + fix: don\'t treat answers that contain DS non-existance proof as insecure + fix: don\'t store NSEC3 and their signatures in the cache + fix: layer/iterate: when processing delegations, check if qname is at or below new authority + enhancement: modules/policy: allow QTRACE policy to be chained with other policies + enhancement: hints.add_hosts(path): a new property + enhancement: module: document the API and simplify the code + enhancement: policy.MIRROR: support IPv6 link-local addresses + enhancement: policy.FORWARD: support IPv6 link-local addresses + enhancement: add net.outgoing_{v4,v6} to allow specifying address to use for connections
* Mon Feb 27 2017 Petr Spacek - 1.2.3-1- new upstream release + security: a cached negative answer from a CD query would be reused to construct response for non-CD queries, resulting in Insecure status instead of Bogus. + fix: lua: make the map command check its arguments + fix: -k argument processing to avoid out-of-bounds memory accesses + fix: lib/resolve: fix zonecut fetching for explicit DS queries + fix: hints: more NULL checks + fix: TA bootstrapping for multiple TAs in the IANA XML file + fix: Disable storing GLUE records into the cache even in the + fix: (non-default) QUERY_PERMISSIVE mode + fix: iterate: skip answer RRs that don\'t match the query + fix: layer/iterate: some additional processing for referrals + fix: lib/resolve: zonecut fetching error was fixed
* Fri Feb 10 2017 Fedora Release Engineering - 1.2.0-2.1- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
* Fri Jan 27 2017 Petr Spacek - 1.2.0-2- rebuild against knot-2.4.0
* Fri Jan 27 2017 Petr Spacek - 1.2.0- new upstream release: + fix: reworked DNSSEC Validation, that fixes several know problems with less standard DNS configurations + fix: the resolver was setting AD flag when running in a forwarding mode + fix: correctly return RCODE=NOTIMPL on meta-queries and non IN class queries + fix: crash in hints module when hints file was empty + fix: non-lowercase hints + features: optional EDNS(0) Padding support for DNS over TLS + features: support for debugging DNSSEC with CD bit + features: DNS over TLS is now able to create ephemeral certs on the runtime (Thanks Daniel Kahn Gilmore for contributing to DNS over TLS implementation in Knot Resolver.) + features: configurable minimum and maximum TTL (default 6 days) + features: configurable pseudo-random reordering of RR sets + features: new module \'version\' that can call home and report new versions and security vulnerabilities to the log file
* Mon Jan 23 2017 Petr Spacek - 1.2.0-rc1- Update to latest upstream version- Fix packaging bug: depend on proper Lua library versions- Allow automatic trust anchor management to work
* Sat Nov 19 2016 Peter Robinson 1.1.1-3- Add ExclusiveArch for architectures with LuaJIT
* Mon Aug 29 2016 Igor Gnatenko - 1.1.1-2- Rebuild for LuaJIT 2.1.0
* Wed Aug 24 2016 Jan Vcelak - 1.1.1-1- new upstream release: + fix name server fallback in case some of the servers are unreachable
* Fri Aug 12 2016 Jan Vcelak - 1.1.0-1- new upstream release: + RFC7873 DNS Cookies + RFC7858 DNS over TLS + Metrics exported in Prometheus + DNS firewall module + Explicit CNAME target fetching in strict mode + Query minimisation improvements + Improved integration with systemd
* Tue May 31 2016 Jan Vcelak - 1.0.0-1- final release
* Thu May 05 2016 Jan Vcelak - 1.0.0-0.3.4f463d7- update to latest git version- re-enable unit-test
* Sat Apr 09 2016 Jan Vcelak - 1.0.0-0.2.79a8440- update to latest git version- fix package review issues
* Tue Feb 02 2016 Jan Vcelak - 1.0.0-0.1.beta3- initial package
  
ICM