Knot Resolver 1.2.3 (2017-02-23)

Bugfixes

• Disable storing GLUE records into the cache even in the (non-default) QUERY_PERMISSIVE mode
• iterate: skip answer RRs that don't match the query
• layer/iterate: some additional processing for referrals
• lib/resolve: zonecut fetching error was fixed

Knot Resolver 1.2.2 (2017-02-10)

Bugfixes:

• Fix -k argument processing to avoid out-of-bounds memory accesses
• lib/resolve: fix zonecut fetching for explicit DS queries
• hints: more NULL checks
• Fix TA bootstrapping for multiple TAs in the IANA XML file

Testing:

• Update tests to run tests with and without QNAME minimization

Knot Resolver 1.2.1 (2017-02-01)

Security:

• Under certain conditions, a cached negative answer from a CD query would be reused to construct response for non-CD queries, resulting in Insecure status instead of Bogus. Only 1.2.0 release was affected.

Documentation

• Update the typo in the documentation: The query trace policy is named policy.QTRACE (and not policy.TRACE)

Bugfixes:

• lua: make the map command check its arguments

Knot DNS 2.4.1 (2017-02-10)

Bugfixes:

• Transfer of a huge rrset goes into an infinite loop
• Huge response over TCP contains useless TC bit instead of SERVFAIL
• Failed to build utilities with disabled daemon
• Memory leaks during keys removal
• Rough TSIG packet reservation causes early truncation
• Minor out-of-bounds string termination write in rrset dump
• Server crash during stop if failed to open timers DB
• Poor minimum UDP-max-size configuration check
• Failed to receive one-record-per-message IXFR-style AXFR
• Kdig timeouts when receiving RCODE != NOERROR on subsequent transfer message

Improvements:

• Speed-up of rdata addition into a huge rrset
• Introduce check of minumum timeout for next refresh
• Dnsproxy module can forward all queries without local resolving

Latest upstream release. Includes bugfixes for DNSSEC key management.

Latest upstream versions with bunch of impotant bugfixes.