Software Update: Knot Resolver 3.2.1

Knot Resolver is an open source dns recursor written in C and LuaJIT. When you perform a dns lookup, a recursor initially starts asking the lookup query to a dns root server. This can then redirect to other servers, from where it can redirect to other servers and so on, until finally a server is reached that knows the answer or knows that the look-up is not possible. The latter can be the case if the name does not exist or the servers do not respond. For example, Knot Resolver is used by cloudflare for their 1.1.1.1 dns service. The developers of CZ NIC have released version 3.2.1 with the following changes:

Knot Resolver 3.2.1 released

Bug fixes

• trust_anchors: respect validity time range during TA bootstrap (!748)
• fix TLS rehandshake handling (!739)
• make TLS_FORWARD compatible with GnuTLS 3.3 (!741)
• special thanks to Grigorii Demidov for his long-term work on Knot Resolver!

Improvements

• improve handling of timeouted outgoing TCP connections (!734)
• trust_anchors: check syntax of public keys in DNSKEY RRs (!748)
• validator: clarify message about bogus non-authoritative data (!735)
• dnssec validation failures contain more verbose reasoning (!735)
• new function trust_anchors.summary() describes state of DNSSEC TAs (!737), and logs new state of trust anchors after start up and automatic changes
• trust anchors: refuse revoked DNSKEY even if specified explicitly, and downgrade missing the SEP bit to a warning