NEWS

---------
 - Progressive interval for bootstrap retry
 - Transfers randomly cancelled
 - Disabling RRL on reload
 - Secondary groups not initialized when dropping privileges
 - Responding to DS queries for names at or below delegation points
 - Removed deprecated 'knotc -w' option
 - Slave ignores out-of-zone records in zone
 - Support for obsolete types in zone transfers
 - Slave zone file names fixes
 - Long transfers being randomly dropped
 - AXFR/IXFR subsystem performance improvements
 - Rescheduling of AXFR in some cases
 - RRSIGs not in the same section for DS records
 - Log messages leaking to syslog
 - 'knotc restart' option removed due to several limitations
 - IXFR with an arbitrary number of diffs
 - Processing of knotc TSIG keyfile
 - Atomic PID file writing, removed deprecated 'knotc start'
 - Performance regression when RRSIGs came before covered RRs in AXFR
 - Label compression related bug
 - Proper resolution of some CNAME chains
 - Unstable response rate in rare cases
 - Several log messages
 - Fixed creating of PID file when dropping privileges

Knot DNS 1.2.0 (2013-03-29)
===========================

Features:
---------
 - knotc 'zonestatus' command
 - Response rate limiting (see documentation)
 - Dynamic updates, including forwarding (limited on signed zones)
 - Updated remote control utility
 - Configurable TCP timeouts
 - LOC RR support

Bugfixes:
---------
 - Memory leaks
 - Check for broken recvmmsg() implementation
 - Changing logfile ownership before dropping privileges
 - knotc respects 'control' section from configuration
 - RRL: resolved bucket collisions
 - RRL: updated bucket mapping to conform RRL technical memo
 - Fixed OpenBSD build
 - Responses to ANY should contain RRSIGs
 - Fixed processing of some non-standard dnames.
 - Correct checking of label length bounds in some cases.
 - More compliant rcodes in case of DDNS/TSIG failures.
 - Correct processing of malformed DDNS prereq section.

Knot DNS 1.1.3 (2012-12-19)
===========================

Bugfixes:
---------
 - Updated manpage.
 - Fixed answering DS queries (RRSIGs not together with DS, AA bit
    missing).
 - Fixed setting ARCOUNT in some error responses with EDNS enabled.
 - Fixed crash when compiling zone zone with NSEC3PARAM but no NSEC3
    and semantic checks enabled.

Knot DNS 1.1.2 (2012-11-21)
===========================

Bugfixes:
---------
 - Fixed debug message.
 - Fixed crash on reload when config contained duplicate zones.
 - Fixed scheduling of transfers.

Knot DNS 1.1.1 (2012-10-31)
===========================

Features:
---------
 - Improved compression of packets. Out-of-zone dnames present in
    RDATA were not compressed.
 - Slave zones are now automatically refreshed after startup.
 - Proper response to IXFR/UDP query (returns SOA in Authority
   section).

Bugfixes:
---------
 - Fixed assertion failing when asking directly for a wildcard name.
 - Crash after IXFR in certain cases when adding RRSIG in an IXFR.
 - Fixed behaviour when incoming IXFR removes a zone cut. Previously
    occluded names now become properly visible. Previously lead to a
    crash when the server was asked for the previously occluded name.
 - Fixed handling of zero-length strings in text zone dump. Caused the
    compilation to fail.
 - Fixed TSIG algorithm name comparison - the names should be in
    canonical form.
 - Fixed handling unknown RR types with type less than 251.

Knot DNS 1.1.0 (2012-08-31)
===========================

Features:
---------
 - Signing SOA with TSIG queries when checking zone version with
   master.
 - Optionally disable ANY queries for authoritative answers.
 - Dropping identical records in zone and incoming transfers.
 - Support for '/' in zone names.
 - Generating journal from reloaded zone (EXPERIMENTAL).
 - Outgoing-only interfaces in configuration file.
 - Following DNAME if the synthesized name is in the same zone.

Bugfixes:
---------
 - Syncing journal to zone was not updating the compiled zone
   database.
 - Fixed ixfr-from-differences journal generation in case of IPSECKEY
    and APL records.
 - Fixed possible leak on server shutdown with a pending transfer.
 - Crash when zone contained RRSIG signing a CNAME, but did not
    contain the CNAME.
 - Malformed packets parsing.
 - Failed IXFR caused memory leaks.
 - Failed IXFR might have resulted in inconsistent zone structures.
 - Fixed answering to +dnssec queries when NSEC3 chain is corrupted.
 - Fixed answering when transitioning from NSEC3 to NSEC.
 - Fixed answering when zone contains multiple NSEC3 chains.
 - Handling RRSets with different TTLs - TTL from the first RR is
   used.
 - Synchronization of zone reload and zone transfers.
 - Fixed build on NetBSD 5 and FreeBSD.
 - Fixed binding to both IPv4 and IPv6 at the same time on special
    interfaces.
 - Fixed access rights of created files.
 - Semantic checks corrupted RDATA domain names which are covered by
    wildcard in the same zone.

Improvements:
-------------
 - Improved user manual.
 - Better checks of corrupted zone database.
 - IXFR-in optimized.
 - Many zones loading optimized.
 - More detailed log messages (mostly transfer-related).
 - Copying Question section to error responses.
 - Using zone name from config file as default origin in zone file.
 - Additional records are now added to response also from
    wildcard-covered names.

Knot DNS 1.0.6 (2012-06-13)
===========================

Bugfixes:
---------
 - Fixed potential problems with RCU synchronization.
 - Adding NSEC/NSEC3 for all wildcard CNAMEs in the response.

Knot DNS 1.0.5 (2012-05-17)
===========================

Bugfixes:
---------
 - Fixed bug with creating journal files.

Knot DNS 1.0.4 (2012-05-16)
===========================

Features:
---------
 - Parallel loading of zones to the server.
 - RFC3339-complaint format of log time.
 - Support for TLSA (RR type 52).
 - knotc checkzone (as a dry-run of zone compile).
 - knotc refresh for forcing Knot to update all zones from master
    servers.
 - Reopening log files upon start (used to truncate them).

Improvements:
-------------
 - Significantly sped up IXFR-in and reduced its memory requirements.

Bugfixes:
---------
 - Copying OPCODE and RD bit from query to NOTIMPL responses.
 - Corrected response to CNAME queries if the canonical name was also
    an alias (was adding the whole CNAME chain to the response).
 - Fixed crash when NS or MX points to an alias.
 - Fixed problem with early closing of filedescriptors (lead to crash
    when compiling and loading or bootstrapping and restarting the
    server with a lot of zones).

Knot DNS 1.0.3 (2012-04-17)
===========================

Bugfixes:
---------
 - Corrected handling of EDNS0 when TCP is used (was applying the UDP
   size limit).
 - Fixed slow compilation of zones.
 - Fixed potential crash with many concurrent transfers.
 - Fixed missing include for FreeBSD.

Knot DNS 1.0.2 (2012-04-13)
===========================

Features:
---------
 - Configuration checker (invoked via knotc).
 - Specifying source interface for transfers and NOTIFY requests
   directly.

Bugfixes:
---------
 - Fixed leak when querying non-existing name and zone SOA TTL >
   minimal.
 - Fixed some minor bugs in transfers.

Improvements:
-------------
 - Improved log messages (added date and time, better specification of
   XFR remote).
 - Improved saving incoming IXFR to journal (memory optimized).
 - Now using system scheduler (better for Linux).
 - Decreased thread stack size.

Knot DNS 1.0.1 (2012-05-09)
===========================

Features:
---------
 - Implemented jitter to REFRESH/RETRY timers.
 - Implemented magic bytes for journal.
 - Improved error messages.

Bugfixes:
---------
 - Problem with creating IXFR journal for bootstrapped zone.
 - Race condition in processing NOTIFY/SOA queries.
 - Leak when reloading zone with NSEC3.
 - Processing of APL RR.
 - TSIG improper assignment of algorithm type.

Knot DNS 1.0.0 (2012-02-29)
===========================

Features:
---------
 - Support for subnets in ACL.
 - Debug messages enabling in configure.
 - Optimized memory consumption of zone structures.
 - NSID support (RFC5001).
 - Root zone support.
 - Automatic zone compiling on server start.
 - Setting user to run Knot under in config file.
 - Dropping privileges after binding to port 53.
    + Support for Linux capabilities(7).
 - Setting source address of outgoing transfers in config file.
 - Custom PID file.
 - CNAME loop detection.
 - Timeout on TCP connections.
 - Basic defense against DoS attacks.

Bugfixes:
---------
 - Memory errors and leaks.
 - Fixed improper handling of failed IXFR/IN.
 - Several other minor bugfixes.
 - Fixed IXFR processing.
 - Patched URCU so that it compiles on architectures without TLS in
   compiler (NetBSD, OpenBSD).
 - Fixed response to DS query at parent zone.
 - A lot of other bugfixes.

Knot DNS 0.9.1 (2012-01-20)
===========================

Features:
---------
 - RRSet rotation

Improvements:
-------------
 - Replaced pseudo-random number generator by one with MIT/BSD
   license.

Bugfixes:
---------
 - Fixed build on BSD.
 - Fixes in parsing and dumping of zone RR types IPSECKEY, WKS, DLV,
    APL, NSAP

Knot DNS 0.9.0 (2012-01-13)
===========================

Features:
---------
 - TSIG support in both client and server.
 - Use of sendmmsg() on Linux 3.0+ (improves performance).

Bugfixes:
---------
 - Knot was not accepting AXFR-style IXFR with first SOA in a separate
    packet (i.e. from Power DNS).
 - Wrong SOA TTL in negative answers.
 - Wrong max packet size for outgoing transfers (was causing the
    packets to be malformed).
 - Wrong handling of WKS record in zone compiler.
 - Problems with zone bootstrapping.

Knot DNS 0.8.1 (2011-12-01)
===========================

Bugfixes:
---------
 - Handling SPF record.
 - Wrong text dump of unknown records.

Knot DNS 0.8.0 (2011-11-03)
===========================

Features:
---------
 - First Public Release
 - AXFR-in/-out
 - IXFR-in/-out
 - EDNS0
 - DNSSEC
 - NSEC3
 - IPv6
 - Runtime reconfiguration

Known issues:
-------------
 - Missing support for TSIG
 - Root zone support
 - NSID support
 - Other DNS classes than IN
 - RRSet rotation not implemented
 - Dynamic update support
 - IXFR code might be flaky sometimes
 - IXFR may be slow when too much (10 000+) RRSets are transferred at
   once