Software Update: Knot Resolver 5.4.4

Knot Resolver is an open source DNS recursive resolver written in C and LuaJIT. When you perform a dns lookup, a recursive resolver initially starts by asking the lookup query to a dns root server. This can then redirect to other servers, from where it can redirect to other servers and so on, until finally a server is reached that knows the answer or knows that the look-up is not possible. The latter can be the case if the name does not exist or the servers do not respond. The developers of CZ NIC have released version 5.4.4 fresh in the new year with the following changes:

Knot Resolver 5.4.4

Bug fixes

• fix bad zone cut update in certain cases (eg AWS; !1237)

Knot Resolver 5.4.3

Improvements

• lua: add kres.parse_rdata() to parse RDATA from string to wire format (!1233)
• lua: add policy.domains() for exact domain name matching (!1228)

Bug fixes

• policy.rpz: fix origin detection in files without $ORIGIN (!1215)
• lua: log() works again; broken in 5.4.2 (!1223)
• policy: correctly include EDNS0 previously omitted by some actions (!1230)
• edns_keepalive: module is now properly loaded (!1229, thanks Josh Soref!)

Knot Resolver 5.4.2

Improvements

• dns64 module: also map the reverse (PTR) subtree (#478, !1201)
• dns64 module: allow disabling based on client address (#368, !1201)
• dns64 module: allow configuring AAAA subnets not allowed in answer (!1201)
• nameserver selection algorithm: improve IPv6 avoidance if broken (!1207)

Bug fixes

• lua: log() output is visible with default log level again (!1208)
• build: fix when knot-dns headers are on non-standard location (!1210)

Knot Resolver 5.4.1

Improvements

• docker: base image on Debian 11 (!1203)

Bug fixes

• fix build without doh2 support after 5.4.0 (!1197)
• fix policy.DEBUG* logging and -V/–version after 5.4.0 (!1199)
• doh2: ensure memory from unsent streams is freed (!1202)

Knot Resolver 5.4.0

Improvements

• fine grained logging and syslog support (!1181)
• expose HTTP headers for processing DoH requests (!1165)
• improve assertion mechanism for debugging (!1146)
• support apkg tool for packaging workflow (!1178)
• support Knot DNS 3.1 (!1192, !1194)

Bug fixes

• trust_anchors.set_insecure: improve precision (#673, !1177)
• plug memory leaks related to TCP (!1182)
• policy.FLAGS: fix not applying properly in edge cases (!1179)
• fix a crash with older libuv inside timer processing (!1195)

Incompatible changes

• see upgrading guide:
• legacy DoH implementation configuration in net.listen() was renamed from kind=”doh” to kind=”doh_legacy” (!1180)