Software Update: Knot Resolver 5.2.0

Knot Resolver is an open source DNS recursor written in C and LuaJIT. When you perform a dns lookup, a recursor initially starts asking the lookup query to a dns root server. This can then redirect to other servers, from where it can redirect to other servers and so on, until finally a server is reached that knows the answer or knows that the look-up is not possible. The latter can be the case if the name does not exist or the servers do not respond. cloudflare uses Knot Resolver for example for its dns service. The developers of CZ NIC have previously released version 5.2.0 with the following changes:


  • doh2: add native C module for DNS-over-HTTPS (#600, !997)
  • xdp: add server-side XDP support for higher UDP performance (#533, !1083)
  • lower default EDNS buffer size to 1232 bytes (#538, #300, !920); see
  • net: split the EDNS buffer size into upstream and downstream (!1026)
  • lua-http doh: answer to /dns-query endpoint as well as /doh (!1069)
  • improve resiliency against UDP fragmentation attacks (disable PMTUD) (!1061)
  • ta_update: warn if there are differences between statically configured keys and upstream (#251, !1051)
  • human readable output in interactive mode was improved
  • doc: generate info page (!1079)
  • packaging: improve sysusers and tmpfiles support (!1080)

Bug fixes

  • avoid an assert() error in stash_rrset() (!1072)
  • fix emergency cache locking bug introduced in 5.1.3 (!1078)
  • migrate map() command to control sockets; fix systemd integration (!1000)
  • fix crash when sending back errors over control socket (!1000)
  • fix SERVFAIL while processing forwarded CNAME to a sibling zone (#614, !1070)

Incompatible changes

  • see upgrading guide:
  • minor changes in module API
  • control socket API commands have to be terminated by n
  • graphite: default prefix now contains instance identifier (!1000)
  • build: meson >= 0.49 is required (!1082)

Version number 5.2.0
Release status Final
Website CZ NIC
License type Conditions (GNU/BSD/etc.)