Skip to content
Snippets Groups Projects

Compare revisions

Changes are shown as if the source revision was being merged into the target revision. Learn more about comparing revisions.

Source

Select target project
No results found

Target

Select target project
  • knot/knot-dns
  • sopak/knot
  • zansorgova/knot
  • dkg/knot-dns
  • julianbrost/knot
  • severo/knot-dns
  • edmonds/knot-dns
  • jfoote/knot-dns
  • jhdac/knot-dns
  • shane/knot-dns
  • matje/knot-dns
  • Archange/knot-dns
  • pspirek/knot-dns
  • mguegan/knot-dns
  • bitfehler/knot-dns
  • UpadhyayAlok/knot-dns
  • quite/knot-dns
  • jruzicka/knot-dns
  • dxld/knot-dns
  • nde1/knot-dns
  • peterthomassen/knot-dns
  • jpmens/knot-dns
22 results
Show changes
Commits on Source (6428)
6,328 additional commits have been omitted to prevent performance issues.
Hide whitespace changes
Inline Side-by-side
Showing
with 4409 additions and 1617 deletions
.dir-locals.el 0 → 100644
View file @ a4da7526
;; emacs local configuration settings for knot source
;; surmised by dkg on 2017-03-25 12:15:55-0500
((c-mode
(indent-tabs-mode . t)
(tab-width . 8)
(c-basic-offset . 8)
(c-file-style . "linux"))
)
.dockerignore 0 → 100644
View file @ a4da7526
.git
.gitignore
View file @ a4da7526
......@@ -7,24 +7,15 @@
*.lo
*.rej
*.pyc
*.pc
.libs/
.deps/
.dirstamp
/tmp
/Knot.creator.user*
/Makefile
/Makefile.in
/src/Makefile
/src/Makefile.in
/src/zscanner/Makefile
/src/zscanner/Makefile.in
/python/Makefile
/python/Makefile.in
/samples/Makefile
/samples/Makefile.in
/samples/knot.sample.conf
/doc/Makefile
/doc/Makefile.in
/Knot.cflags
/Knot.cxxflags
/Doxyfile
/aclocal.m4
/ar-lib
/autoscan.log
......@@ -45,16 +36,19 @@
/src/config.h
/src/config.h.in
/src/stamp-*
/doc/html/
/INSTALL
/m4/libtool.m4
/m4/ltoptions.m4
/m4/ltsugar.m4
/m4/ltversion.m4
/m4/lt~obsolete.m4
/src/dnssec/libdnssec.pc
/src/libknot.pc
/src/libknot/version.h
/test-driver
Makefile
Makefile.in
/src/lib*/version.h
/samples/knot.sample.conf
/src/knot/modules/static_modules.h
# dnstap
/src/contrib/dnstap/Makefile
......@@ -63,35 +57,48 @@
/src/contrib/dnstap/dnstap.pb-c.h
# zscanner
/src/zscanner/libzscanner.pc
/src/zscanner/scanner.c
/src/zscanner/tests/tmp/
/src/zscanner/tests/unittests
/src/zscanner/tests/zscanner-tool
/src/zscanner/version.h
/src/libzscanner/scanner.c
# xdp
/src/libknot/xdp/bpf-kernel.ll
# Binaries
/src/kcatalogprint
/src/kdig
/src/keymgr
/src/khost
/src/kjournalprint
/src/knot1to2
/src/knotc
/src/knotd
/src/knsec3hash
/src/knsupdate
/src/kxdpgun
/src/kzonecheck
/src/rosedb_tool
# Plugin binaries
/src/rosedb_tool
/src/kzonesign
# Generated tarballs
/knot-*.tar.gz
/knot-*.tar.xz
# Packaging output
/pkg
# Code coverage
*.gcda
*.gcno
/coverage.info
/coverage.html
# Vagrant
.vagrant
# eclipse
/.project
/.cproject
/.settings/
# cygwin
*.exe
*.exe.manifest
# clang
.qtc_clangd
.gitlab-ci.yml
View file @ a4da7526
variables:
DEBIAN_FRONTEND: noninteractive
LC_ALL: C.UTF-8
LC_ALL: C
GIT_STRATEGY: fetch
DOCKER_DRIVER: overlay2
GIT_SUBMODULE_STRATEGY: recursive
DISTROTEST_PRIORITY: 6
PKGTEST: 0
stages:
- configure
- image
- build
- test
- deploy
- pkg
- documentation
.debian_stretch: &debian_stretch
image: cznic/debian:stretch-knot-v2
.image: &image
stage: image
before_script:
- docker info
script:
- docker login -u gitlab-ci-token -p $CI_JOB_TOKEN $CI_REGISTRY
- docker build --no-cache -t "$IMAGE_TAG" "scripts/docker/$IMAGE_NAME-$IMAGE_VER"
- docker push "$IMAGE_TAG"
tags:
- dind
only:
variables:
- $SCHEDULE_TYPE == "weekly"
docker:knot-dns:debian:
<<: *image
variables:
IMAGE_NAME: debian
IMAGE_VER: latest
IMAGE_TAG: $CI_REGISTRY_IMAGE/$IMAGE_NAME:$IMAGE_VER
tags:
- dind
- amd64
docker:knot-dns:debian-arm64:
<<: *image
variables:
IMAGE_NAME: debian
IMAGE_VER: latest
IMAGE_TAG: $CI_REGISTRY_IMAGE/$IMAGE_NAME-arm64:$IMAGE_VER
tags:
- dind
- arm64
docker:knot-dns:debian:unstable:
<<: *image
variables:
IMAGE_NAME: debian
IMAGE_VER: unstable
IMAGE_TAG: $CI_REGISTRY_IMAGE/$IMAGE_NAME:$IMAGE_VER
tags:
- dind
- amd64
docker:knot-dns:ubuntu:
<<: *image
variables:
IMAGE_NAME: ubuntu
IMAGE_VER: latest
IMAGE_TAG: $CI_REGISTRY_IMAGE/$IMAGE_NAME:$IMAGE_VER
tags:
- dind
- amd64
docker:knot-dns:rocky:
<<: *image
variables:
IMAGE_NAME: rocky
IMAGE_VER: latest
IMAGE_TAG: $CI_REGISTRY_IMAGE/$IMAGE_NAME:$IMAGE_VER
tags:
- dind
- amd64
docker:knot-dns:fedora:
<<: *image
variables:
IMAGE_NAME: fedora
IMAGE_VER: latest
IMAGE_TAG: $CI_REGISTRY_IMAGE/$IMAGE_NAME:$IMAGE_VER
tags:
- dind
- amd64
.fedora_latest: &fedora_latest
image: "$CI_REGISTRY/knot/knot-dns/fedora:latest"
tags:
- docker
- linux
- amd64
.ubuntu_xenial: &ubuntu_xenial
image: cznic/ubuntu:16.04-knot
except:
- schedules
.rocky_latest: &rocky_latest
image: "$CI_REGISTRY/knot/knot-dns/rocky:latest"
tags:
- docker
- linux
- amd64
except:
- schedules
.debian_stretch_armel: &debian_stretch_armel
image: cznic/armel-debian-knot
.debian_stable: &debian_stable
image: "$CI_REGISTRY/knot/knot-dns/debian:latest"
tags:
- docker
- linux
- arm
- amd64
except:
- schedules
.configure: &configure_job
stage: configure
script:
- autoreconf -fi
- ./configure --disable-fastparser
artifacts:
untracked: true
expire_in: '1 hour'
.debian_stable_arm64: &debian_stable_arm64
image: "$CI_REGISTRY/knot/knot-dns/debian-arm64:latest"
tags:
- docker
- linux
- arm64
except:
- schedules
.debian_unstable: &debian_unstable
image: "$CI_REGISTRY/knot/knot-dns/debian:unstable"
tags:
- docker
- linux
- amd64
except:
- schedules
.ubuntu_latest: &ubuntu_latest
image: "$CI_REGISTRY/knot/knot-dns/ubuntu:latest"
tags:
- docker
- linux
- amd64
except:
- schedules
.build: &build_job
stage: build
script:
- make -k all
- autoreconf -fi
- ./configure --disable-fastparser --enable-quic $EXTRA_CONFIGURE || ( cat config.log && exit 1 )
- make all V=1
artifacts:
untracked: true
expire_in: '1 hour'
except:
- schedules
.test: &test_job
stage: test
before_script:
- find -exec touch -t $(date +%m%d%H%M) {} \;
script:
- make -k check
configure:ubuntu:amd64:
<<: *ubuntu_xenial
<<: *configure_job
- make check V=1
except:
- tags
- docs-*
- schedules
build:ubuntu:amd64:
<<: *ubuntu_xenial
build:fedora:amd64:
<<: *fedora_latest
<<: *build_job
test:fedora:amd64:
<<: *fedora_latest
<<: *test_job
dependencies:
- configure:ubuntu:amd64
except:
- tags
- docs-*
- build:fedora:amd64
build:rocky:amd64:
<<: *rocky_latest
<<: *build_job
test:rocky:amd64:
<<: *rocky_latest
<<: *test_job
dependencies:
- build:rocky:amd64
build:ubuntu:amd64:
<<: *ubuntu_latest
<<: *build_job
test:ubuntu:amd64:
<<: *ubuntu_xenial
<<: *ubuntu_latest
<<: *test_job
dependencies:
- build:ubuntu:amd64
except:
- tags
- docs-*
configure:debian:stretch:amd64:
<<: *debian_stretch
<<: *configure_job
build:debian:stretch:amd64:
<<: *debian_stretch
build:debian:amd64:
variables:
EXTRA_CONFIGURE: --enable-xdp=yes
<<: *debian_stable
<<: *build_job
except: # run on schedules as well, for debian:symbols tests
test:debian:amd64:
<<: *debian_stable
<<: *test_job
dependencies:
- configure:debian:stretch:amd64
- build:debian:amd64
test:debian:stretch:amd64:
<<: *debian_stretch
build:debian:arm64:
<<: *debian_stable_arm64
<<: *build_job
test:debian:arm64:
<<: *debian_stable_arm64
<<: *test_job
dependencies:
- build:debian:stretch:amd64
- build:debian:arm64
configure:debian:stretch:armel:
<<: *debian_stretch_armel
<<: *configure_job
only:
- triggers
build:debian:unstable:amd64:
<<: *debian_unstable
<<: *build_job
test:debian:unstable:amd64:
<<: *debian_unstable
<<: *test_job
dependencies:
- build:debian:unstable:amd64
build:debian:stretch:armel:
<<: *debian_stretch_armel
build:debian:unstable:amd64:asan:
variables:
CC: clang
CFLAGS: "-fsanitize=address -g -O2 -fno-omit-frame-pointer"
LDFLAGS: "-fsanitize=address"
LSAN_OPTIONS: verbosity=1:log_threads=1
allow_failure: true
<<: *debian_unstable
<<: *build_job
test:debian:unstable:amd64:asan:
variables:
CC: clang
CFLAGS: "-fsanitize=address -g -O2"
LDFLAGS: "-fsanitize=address"
LSAN_OPTIONS: verbosity=1:log_threads=1
allow_failure: true
<<: *debian_unstable
<<: *test_job
dependencies:
- configure:debian:stretch:armel
only:
- triggers
- build:debian:unstable:amd64:asan
test:debian:stretch:armel:
<<: *debian_stretch_armel
build:debian:unstable:amd64:ubsan:
variables:
CC: clang
CFLAGS: "-fsanitize=undefined -fno-sanitize=nonnull-attribute -g -O2"
LDFLAGS: "-fsanitize=undefined"
UBSAN_OPTIONS: print_stacktrace=1
allow_failure: true
<<: *debian_unstable
<<: *build_job
test:debian:unstable:amd64:ubsan:
variables:
CC: clang
CFLAGS: "-fsanitize=undefined -fno-sanitize=nonnull-attribute -g -O2"
LDFLAGS: "-fsanitize=undefined"
UBSAN_OPTIONS: print_stacktrace=1
allow_failure: true
<<: *debian_unstable
<<: *test_job
dependencies:
- build:debian:stretch:armel
- build:debian:unstable:amd64:ubsan
build:archive:
<<: *debian_stable
stage: build
script:
- autoreconf -fi
- mkdir _build
- cd _build
- ../configure
- make distcheck V=1 DISTCHECK_CONFIGURE_FLAGS="--disable-static" -j2
- make html singlehtml
only:
- master
- tags
- triggers
- schedules
except: []
artifacts:
paths:
- _build/*.tar.xz
- _build/doc/_build/html
- _build/doc/_build/singlehtml
pages:
stage: documentation
needs:
- build:archive
script:
- mkdir -p public/master
- mv _build/doc/_build/html public/master/html
- mv _build/doc/_build/singlehtml public/master/singlehtml
only:
- master
artifacts:
paths:
- public
build:documentation:
<<: *debian_stretch
stage: build
dependencies:
- configure:debian:stretch:amd64
<<: *debian_stable
stage: documentation
only:
- tags
- triggers
- docs-*
dependencies:
- build:debian:amd64
script:
- make -C doc html singlehtml pdf
- make -C doc html singlehtml pdf epub V=1
artifacts:
paths:
- doc/_build/html/
- doc/_build/singlehtml/
- doc/_build/latex/knot.pdf
- doc/_build/latex/KnotDNS.pdf
- doc/_build/epub/KnotDNS.epub
expire_in: '1 hour'
deploy:documentation:
<<: *debian_stretch
stage: deploy
before_script:
- apt-get update
- apt-get -y install curl
# packaging tests using apkg
.apkg_image: &apkg_image
# apkg images use LC_ALL=C.UTF-8
variables:
LC_ALL: C.UTF-8
.pkg_test: &pkg_test
<<: *apkg_image
stage: pkg
needs:
- pkg:make-archive
only:
- tags
- triggers
- docs-*
variables:
- $PKGTEST == "1"
artifacts:
paths:
- pkg/
expire_in: '1 week'
script:
- "curl --http1.1 --request POST --form token=$WEBSITE_TOKEN --form ref=master --form \"variables[RELEASE_CI_BUILD_REF_NAME]=$CI_BUILD_REF_NAME\" --form \"variables[RELEASE_CI_BUILD_ID]=$CI_BUILD_ID\" https://gitlab.labs.nic.cz/api/v3/projects/5/trigger/builds"
- python3 -m pip install git+https://gitlab.nic.cz/packaging/apkg.git
# make sure the archive from pkg:make-archive is available
- apkg info cache | grep archive/dev
- apkg install --build-dep
- apkg test --test-dep
.pkg_test_deb: &pkg_test_deb
<<: *pkg_test
before_script:
- apt update
pkg:make-archive:
# archive is created once and reused in other pkg jobs
<<: *apkg_image
stage: pkg
needs:
- build:debian:amd64
only:
variables:
- $PKGTEST == "1"
image: $CI_REGISTRY/packaging/apkg/test/debian-12
artifacts:
name: "knot-dns-$CI_BUILD_REF_NAME-doc"
paths:
- doc/_build/html/
- doc/_build/singlehtml/
- doc/_build/latex/knot.pdf
- pkg/
before_script:
- apt update
script:
- python3 -m pip install apkg
- apkg build-dep
- apkg make-archive
pkg:debian-13:
<<: *pkg_test_deb
image: $CI_REGISTRY/packaging/apkg/test/debian-13
pkg:debian-12:
<<: *pkg_test_deb
image: $CI_REGISTRY/packaging/apkg/test/debian-12
pkg:debian-11:
<<: *pkg_test_deb
image: $CI_REGISTRY/packaging/apkg/test/debian-11
pkg:ubuntu-24.04:
<<: *pkg_test_deb
image: $CI_REGISTRY/packaging/apkg/test/ubuntu-24.04
pkg:ubuntu-22.04:
<<: *pkg_test_deb
image: $CI_REGISTRY/packaging/apkg/test/ubuntu-22.04
pkg:ubuntu-20.04:
<<: *pkg_test_deb
image: $CI_REGISTRY/packaging/apkg/test/ubuntu-20.04
pkg:fedora-41:
<<: *pkg_test
image: $CI_REGISTRY/packaging/apkg/test/fedora-41
pkg:fedora-40:
<<: *pkg_test
image: $CI_REGISTRY/packaging/apkg/test/fedora-40
pkg:alma-9:
<<: *pkg_test
image: $CI_REGISTRY/packaging/apkg/test/alma-9
pkg:rocky-8:
<<: *pkg_test
image: $CI_REGISTRY/packaging/apkg/test/rocky-8
pkg:opensuse-15.6:
<<: *pkg_test
image: $CI_REGISTRY/packaging/apkg/test/opensuse-15.6
.gitmodules 0 → 100644
View file @ a4da7526
[submodule "tests-fuzz/fuzz_zscanner.in"]
path = tests-fuzz/fuzz_zscanner.in
url = https://gitlab.nic.cz/knot/fuzzing/fuzz_zscanner.in.git
[submodule "tests-fuzz/fuzz_packet.in"]
path = tests-fuzz/fuzz_packet.in
url = https://gitlab.nic.cz/knot/fuzzing/fuzz_packet.in.git
.ycm_extra_conf.py deleted 100644 → 0
View file @ 35500368
#!/usr/bin/python -Es
# vim: et:ts=4:sw=4:colorcolumn=100
#
# Configuration for You Complete Me (YCM) code-completion engine for Vim.
#
# This file is released into the public domain.
#
import sys
import os
DIR = os.path.dirname(__file__)
FLAGS = [
'-std=gnu99',
'-Wall', '-Wno-unused', '-Werror=implicit', '-Wno-#warnings',
'-DCONFIG_DIR=', '-DRUN_DIR=', '-DSTORAGE_DIR=', '-DPACKAGE_VERSION=',
]
CONFIG_H = 'src/config.h'
INCLUDES = [
('src/dnssec/shared', ['src/dnssec/lib', 'src/dnssec/lib/dnssec']),
('src/dnssec/lib', ['src/dnssec/shared', 'src/dnssec/lib/dnssec']),
('src/dnssec/tests', ['src/dnssec/shared', 'src/dnssec/lib', 'src/dnssec/lib/dnssec', 'libtap']),
('src/utils/keymgr', ['src/dnssec', 'src/dnssec/lib', 'src']),
('src/utils/knsec3hash', ['src/dnssec', 'src/dnssec/lib', 'src']),
('src', ['src/dnssec/lib']),
('tests', ['src', 'src/dnssec/lib', 'libtap']),
]
def relative_path(filename):
return os.path.relpath(filename, DIR)
def absolute_path(filename):
return os.path.normpath(os.path.join(DIR, filename))
def includes_for(filename):
relative = relative_path(filename)
for prefix, includes in INCLUDES:
if relative.startswith(prefix + '/'):
return [prefix] + includes
return []
def include_flag(path):
return "-I%s" % absolute_path(path)
def FlagsForFile(filename):
# input filename is an absolute path
config = ["-include", absolute_path(CONFIG_H)]
includes = [include_flag(f) for f in includes_for(filename)]
return {'flags': FLAGS + config + includes, 'do_cache': True}
if __name__ == '__main__':
print >>sys.stderr, "Not runnable."
sys.exit(1)
AUTHORS deleted 100644 → 0
View file @ 35500368
Ľuboš Slovák
Marek Vavruša
Jan Kadlec
Daniel Salzman
Jan Včelák
Dominik Táborský
Vítězslav Kříž
Ondřej Surý
Ondřej Filip
COPYING
View file @ a4da7526
Valid-License-Identifier: GPL-2.0-or-later
SPDX-URL: https://spdx.org/licenses/GPL-2.0-or-later.html
GNU GENERAL PUBLIC LICENSE
Version 3, 29 June 2007
Version 2, June 1991
Copyright (C) 2007 Free Software Foundation, Inc. <http://fsf.org/>
Copyright (C) 1989, 1991 Free Software Foundation, Inc.,
51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
Everyone is permitted to copy and distribute verbatim copies
of this license document, but changing it is not allowed.
Preamble
The GNU General Public License is a free, copyleft license for
software and other kinds of works.
The licenses for most software and other practical works are designed
to take away your freedom to share and change the works. By contrast,
the GNU General Public License is intended to guarantee your freedom to
share and change all versions of a program--to make sure it remains free
software for all its users. We, the Free Software Foundation, use the
GNU General Public License for most of our software; it applies also to
any other work released this way by its authors. You can apply it to
The licenses for most software are designed to take away your
freedom to share and change it. By contrast, the GNU General Public
License is intended to guarantee your freedom to share and change free
software--to make sure the software is free for all its users. This
General Public License applies to most of the Free Software
Foundation's software and to any other program whose authors commit to
using it. (Some other Free Software Foundation software is covered by
the GNU Lesser General Public License instead.) You can apply it to
your programs, too.
When we speak of free software, we are referring to freedom, not
price. Our General Public Licenses are designed to make sure that you
have the freedom to distribute copies of free software (and charge for
them if you wish), that you receive source code or can get it if you
want it, that you can change the software or use pieces of it in new
free programs, and that you know you can do these things.
this service if you wish), that you receive source code or can get it
if you want it, that you can change the software or use pieces of it
in new free programs; and that you know you can do these things.
To protect your rights, we need to prevent others from denying you
these rights or asking you to surrender the rights. Therefore, you have
certain responsibilities if you distribute copies of the software, or if
you modify it: responsibilities to respect the freedom of others.
To protect your rights, we need to make restrictions that forbid
anyone to deny you these rights or to ask you to surrender the rights.
These restrictions translate to certain responsibilities for you if you
distribute copies of the software, or if you modify it.
For example, if you distribute copies of such a program, whether
gratis or for a fee, you must pass on to the recipients the same
freedoms that you received. You must make sure that they, too, receive
or can get the source code. And you must show them these terms so they
know their rights.
Developers that use the GNU GPL protect your rights with two steps:
(1) assert copyright on the software, and (2) offer you this License
giving you legal permission to copy, distribute and/or modify it.
For the developers' and authors' protection, the GPL clearly explains
that there is no warranty for this free software. For both users' and
authors' sake, the GPL requires that modified versions be marked as
changed, so that their problems will not be attributed erroneously to
authors of previous versions.
Some devices are designed to deny users access to install or run
modified versions of the software inside them, although the manufacturer
can do so. This is fundamentally incompatible with the aim of
protecting users' freedom to change the software. The systematic
pattern of such abuse occurs in the area of products for individuals to
use, which is precisely where it is most unacceptable. Therefore, we
have designed this version of the GPL to prohibit the practice for those
products. If such problems arise substantially in other domains, we
stand ready to extend this provision to those domains in future versions
of the GPL, as needed to protect the freedom of users.
Finally, every program is threatened constantly by software patents.
States should not allow patents to restrict development and use of
software on general-purpose computers, but in those that do, we wish to
avoid the special danger that patents applied to a free program could
make it effectively proprietary. To prevent this, the GPL assures that
patents cannot be used to render the program non-free.
gratis or for a fee, you must give the recipients all the rights that
you have. You must make sure that they, too, receive or can get the
source code. And you must show them these terms so they know their
rights.
We protect your rights with two steps: (1) copyright the software, and
(2) offer you this license which gives you legal permission to copy,
distribute and/or modify the software.
Also, for each author's protection and ours, we want to make certain
that everyone understands that there is no warranty for this free
software. If the software is modified by someone else and passed on, we
want its recipients to know that what they have is not the original, so
that any problems introduced by others will not reflect on the original
authors' reputations.
Finally, any free program is threatened constantly by software
patents. We wish to avoid the danger that redistributors of a free
program will individually obtain patent licenses, in effect making the
program proprietary. To prevent this, we have made it clear that any
patent must be licensed for everyone's free use or not licensed at all.
The precise terms and conditions for copying, distribution and
modification follow.
TERMS AND CONDITIONS
0. Definitions.
"This License" refers to version 3 of the GNU General Public License.
"Copyright" also means copyright-like laws that apply to other kinds of
works, such as semiconductor masks.
"The Program" refers to any copyrightable work licensed under this
License. Each licensee is addressed as "you". "Licensees" and
"recipients" may be individuals or organizations.
To "modify" a work means to copy from or adapt all or part of the work
in a fashion requiring copyright permission, other than the making of an
exact copy. The resulting work is called a "modified version" of the
earlier work or a work "based on" the earlier work.
A "covered work" means either the unmodified Program or a work based
on the Program.
To "propagate" a work means to do anything with it that, without
permission, would make you directly or secondarily liable for
infringement under applicable copyright law, except executing it on a
computer or modifying a private copy. Propagation includes copying,
distribution (with or without modification), making available to the
public, and in some countries other activities as well.
To "convey" a work means any kind of propagation that enables other
parties to make or receive copies. Mere interaction with a user through
a computer network, with no transfer of a copy, is not conveying.
An interactive user interface displays "Appropriate Legal Notices"
to the extent that it includes a convenient and prominently visible
feature that (1) displays an appropriate copyright notice, and (2)
tells the user that there is no warranty for the work (except to the
extent that warranties are provided), that licensees may convey the
work under this License, and how to view a copy of this License. If
the interface presents a list of user commands or options, such as a
menu, a prominent item in the list meets this criterion.
1. Source Code.
The "source code" for a work means the preferred form of the work
for making modifications to it. "Object code" means any non-source
form of a work.
A "Standard Interface" means an interface that either is an official
standard defined by a recognized standards body, or, in the case of
interfaces specified for a particular programming language, one that
is widely used among developers working in that language.
The "System Libraries" of an executable work include anything, other
than the work as a whole, that (a) is included in the normal form of
packaging a Major Component, but which is not part of that Major
Component, and (b) serves only to enable use of the work with that
Major Component, or to implement a Standard Interface for which an
implementation is available to the public in source code form. A
"Major Component", in this context, means a major essential component
(kernel, window system, and so on) of the specific operating system
(if any) on which the executable work runs, or a compiler used to
produce the work, or an object code interpreter used to run it.
The "Corresponding Source" for a work in object code form means all
the source code needed to generate, install, and (for an executable
work) run the object code and to modify the work, including scripts to
control those activities. However, it does not include the work's
System Libraries, or general-purpose tools or generally available free
programs which are used unmodified in performing those activities but
which are not part of the work. For example, Corresponding Source
includes interface definition files associated with source files for
the work, and the source code for shared libraries and dynamically
linked subprograms that the work is specifically designed to require,
such as by intimate data communication or control flow between those
subprograms and other parts of the work.
The Corresponding Source need not include anything that users
can regenerate automatically from other parts of the Corresponding
Source.
The Corresponding Source for a work in source code form is that
same work.
2. Basic Permissions.
All rights granted under this License are granted for the term of
copyright on the Program, and are irrevocable provided the stated
conditions are met. This License explicitly affirms your unlimited
permission to run the unmodified Program. The output from running a
covered work is covered by this License only if the output, given its
content, constitutes a covered work. This License acknowledges your
rights of fair use or other equivalent, as provided by copyright law.
You may make, run and propagate covered works that you do not
convey, without conditions so long as your license otherwise remains
in force. You may convey covered works to others for the sole purpose
of having them make modifications exclusively for you, or provide you
with facilities for running those works, provided that you comply with
the terms of this License in conveying all material for which you do
not control copyright. Those thus making or running the covered works
for you must do so exclusively on your behalf, under your direction
and control, on terms that prohibit them from making any copies of
your copyrighted material outside their relationship with you.
Conveying under any other circumstances is permitted solely under
the conditions stated below. Sublicensing is not allowed; section 10
makes it unnecessary.
3. Protecting Users' Legal Rights From Anti-Circumvention Law.
No covered work shall be deemed part of an effective technological
measure under any applicable law fulfilling obligations under article
11 of the WIPO copyright treaty adopted on 20 December 1996, or
similar laws prohibiting or restricting circumvention of such
measures.
When you convey a covered work, you waive any legal power to forbid
circumvention of technological measures to the extent such circumvention
is effected by exercising rights under this License with respect to
the covered work, and you disclaim any intention to limit operation or
modification of the work as a means of enforcing, against the work's
users, your or third parties' legal rights to forbid circumvention of
technological measures.
4. Conveying Verbatim Copies.
You may convey verbatim copies of the Program's source code as you
receive it, in any medium, provided that you conspicuously and
appropriately publish on each copy an appropriate copyright notice;
keep intact all notices stating that this License and any
non-permissive terms added in accord with section 7 apply to the code;
keep intact all notices of the absence of any warranty; and give all
recipients a copy of this License along with the Program.
You may charge any price or no price for each copy that you convey,
and you may offer support or warranty protection for a fee.
5. Conveying Modified Source Versions.
You may convey a work based on the Program, or the modifications to
produce it from the Program, in the form of source code under the
terms of section 4, provided that you also meet all of these conditions:
a) The work must carry prominent notices stating that you modified
it, and giving a relevant date.
b) The work must carry prominent notices stating that it is
released under this License and any conditions added under section
7. This requirement modifies the requirement in section 4 to
"keep intact all notices".
c) You must license the entire work, as a whole, under this
License to anyone who comes into possession of a copy. This
License will therefore apply, along with any applicable section 7
additional terms, to the whole of the work, and all its parts,
regardless of how they are packaged. This License gives no
permission to license the work in any other way, but it does not
invalidate such permission if you have separately received it.
d) If the work has interactive user interfaces, each must display
Appropriate Legal Notices; however, if the Program has interactive
interfaces that do not display Appropriate Legal Notices, your
work need not make them do so.
A compilation of a covered work with other separate and independent
works, which are not by their nature extensions of the covered work,
and which are not combined with it such as to form a larger program,
in or on a volume of a storage or distribution medium, is called an
"aggregate" if the compilation and its resulting copyright are not
used to limit the access or legal rights of the compilation's users
beyond what the individual works permit. Inclusion of a covered work
in an aggregate does not cause this License to apply to the other
parts of the aggregate.
6. Conveying Non-Source Forms.
You may convey a covered work in object code form under the terms
of sections 4 and 5, provided that you also convey the
machine-readable Corresponding Source under the terms of this License,
in one of these ways:
a) Convey the object code in, or embodied in, a physical product
(including a physical distribution medium), accompanied by the
Corresponding Source fixed on a durable physical medium
customarily used for software interchange.
b) Convey the object code in, or embodied in, a physical product
(including a physical distribution medium), accompanied by a
written offer, valid for at least three years and valid for as
long as you offer spare parts or customer support for that product
model, to give anyone who possesses the object code either (1) a
copy of the Corresponding Source for all the software in the
product that is covered by this License, on a durable physical
medium customarily used for software interchange, for a price no
more than your reasonable cost of physically performing this
conveying of source, or (2) access to copy the
Corresponding Source from a network server at no charge.
c) Convey individual copies of the object code with a copy of the
written offer to provide the Corresponding Source. This
alternative is allowed only occasionally and noncommercially, and
only if you received the object code with such an offer, in accord
with subsection 6b.
d) Convey the object code by offering access from a designated
place (gratis or for a charge), and offer equivalent access to the
Corresponding Source in the same way through the same place at no
further charge. You need not require recipients to copy the
Corresponding Source along with the object code. If the place to
copy the object code is a network server, the Corresponding Source
may be on a different server (operated by you or a third party)
that supports equivalent copying facilities, provided you maintain
clear directions next to the object code saying where to find the
Corresponding Source. Regardless of what server hosts the
Corresponding Source, you remain obligated to ensure that it is
available for as long as needed to satisfy these requirements.
e) Convey the object code using peer-to-peer transmission, provided
you inform other peers where the object code and Corresponding
Source of the work are being offered to the general public at no
charge under subsection 6d.
A separable portion of the object code, whose source code is excluded
from the Corresponding Source as a System Library, need not be
included in conveying the object code work.
A "User Product" is either (1) a "consumer product", which means any
tangible personal property which is normally used for personal, family,
or household purposes, or (2) anything designed or sold for incorporation
into a dwelling. In determining whether a product is a consumer product,
doubtful cases shall be resolved in favor of coverage. For a particular
product received by a particular user, "normally used" refers to a
typical or common use of that class of product, regardless of the status
of the particular user or of the way in which the particular user
actually uses, or expects or is expected to use, the product. A product
is a consumer product regardless of whether the product has substantial
commercial, industrial or non-consumer uses, unless such uses represent
the only significant mode of use of the product.
"Installation Information" for a User Product means any methods,
procedures, authorization keys, or other information required to install
and execute modified versions of a covered work in that User Product from
a modified version of its Corresponding Source. The information must
suffice to ensure that the continued functioning of the modified object
code is in no case prevented or interfered with solely because
modification has been made.
If you convey an object code work under this section in, or with, or
specifically for use in, a User Product, and the conveying occurs as
part of a transaction in which the right of possession and use of the
User Product is transferred to the recipient in perpetuity or for a
fixed term (regardless of how the transaction is characterized), the
Corresponding Source conveyed under this section must be accompanied
by the Installation Information. But this requirement does not apply
if neither you nor any third party retains the ability to install
modified object code on the User Product (for example, the work has
been installed in ROM).
The requirement to provide Installation Information does not include a
requirement to continue to provide support service, warranty, or updates
for a work that has been modified or installed by the recipient, or for
the User Product in which it has been modified or installed. Access to a
network may be denied when the modification itself materially and
adversely affects the operation of the network or violates the rules and
protocols for communication across the network.
Corresponding Source conveyed, and Installation Information provided,
in accord with this section must be in a format that is publicly
documented (and with an implementation available to the public in
source code form), and must require no special password or key for
unpacking, reading or copying.
7. Additional Terms.
"Additional permissions" are terms that supplement the terms of this
License by making exceptions from one or more of its conditions.
Additional permissions that are applicable to the entire Program shall
be treated as though they were included in this License, to the extent
that they are valid under applicable law. If additional permissions
apply only to part of the Program, that part may be used separately
under those permissions, but the entire Program remains governed by
this License without regard to the additional permissions.
When you convey a copy of a covered work, you may at your option
remove any additional permissions from that copy, or from any part of
it. (Additional permissions may be written to require their own
removal in certain cases when you modify the work.) You may place
additional permissions on material, added by you to a covered work,
for which you have or can give appropriate copyright permission.
Notwithstanding any other provision of this License, for material you
add to a covered work, you may (if authorized by the copyright holders of
that material) supplement the terms of this License with terms:
a) Disclaiming warranty or limiting liability differently from the
terms of sections 15 and 16 of this License; or
b) Requiring preservation of specified reasonable legal notices or
author attributions in that material or in the Appropriate Legal
Notices displayed by works containing it; or
c) Prohibiting misrepresentation of the origin of that material, or
requiring that modified versions of such material be marked in
reasonable ways as different from the original version; or
d) Limiting the use for publicity purposes of names of licensors or
authors of the material; or
e) Declining to grant rights under trademark law for use of some
trade names, trademarks, or service marks; or
f) Requiring indemnification of licensors and authors of that
material by anyone who conveys the material (or modified versions of
it) with contractual assumptions of liability to the recipient, for
any liability that these contractual assumptions directly impose on
those licensors and authors.
All other non-permissive additional terms are considered "further
restrictions" within the meaning of section 10. If the Program as you
received it, or any part of it, contains a notice stating that it is
governed by this License along with a term that is a further
restriction, you may remove that term. If a license document contains
a further restriction but permits relicensing or conveying under this
License, you may add to a covered work material governed by the terms
of that license document, provided that the further restriction does
not survive such relicensing or conveying.
If you add terms to a covered work in accord with this section, you
must place, in the relevant source files, a statement of the
additional terms that apply to those files, or a notice indicating
where to find the applicable terms.
Additional terms, permissive or non-permissive, may be stated in the
form of a separately written license, or stated as exceptions;
the above requirements apply either way.
8. Termination.
You may not propagate or modify a covered work except as expressly
provided under this License. Any attempt otherwise to propagate or
modify it is void, and will automatically terminate your rights under
this License (including any patent licenses granted under the third
paragraph of section 11).
However, if you cease all violation of this License, then your
license from a particular copyright holder is reinstated (a)
provisionally, unless and until the copyright holder explicitly and
finally terminates your license, and (b) permanently, if the copyright
holder fails to notify you of the violation by some reasonable means
prior to 60 days after the cessation.
Moreover, your license from a particular copyright holder is
reinstated permanently if the copyright holder notifies you of the
violation by some reasonable means, this is the first time you have
received notice of violation of this License (for any work) from that
copyright holder, and you cure the violation prior to 30 days after
your receipt of the notice.
Termination of your rights under this section does not terminate the
licenses of parties who have received copies or rights from you under
this License. If your rights have been terminated and not permanently
reinstated, you do not qualify to receive new licenses for the same
material under section 10.
9. Acceptance Not Required for Having Copies.
You are not required to accept this License in order to receive or
run a copy of the Program. Ancillary propagation of a covered work
occurring solely as a consequence of using peer-to-peer transmission
to receive a copy likewise does not require acceptance. However,
nothing other than this License grants you permission to propagate or
modify any covered work. These actions infringe copyright if you do
not accept this License. Therefore, by modifying or propagating a
covered work, you indicate your acceptance of this License to do so.
10. Automatic Licensing of Downstream Recipients.
Each time you convey a covered work, the recipient automatically
receives a license from the original licensors, to run, modify and
propagate that work, subject to this License. You are not responsible
for enforcing compliance by third parties with this License.
An "entity transaction" is a transaction transferring control of an
organization, or substantially all assets of one, or subdividing an
organization, or merging organizations. If propagation of a covered
work results from an entity transaction, each party to that
transaction who receives a copy of the work also receives whatever
licenses to the work the party's predecessor in interest had or could
give under the previous paragraph, plus a right to possession of the
Corresponding Source of the work from the predecessor in interest, if
the predecessor has it or can get it with reasonable efforts.
You may not impose any further restrictions on the exercise of the
rights granted or affirmed under this License. For example, you may
not impose a license fee, royalty, or other charge for exercise of
rights granted under this License, and you may not initiate litigation
(including a cross-claim or counterclaim in a lawsuit) alleging that
any patent claim is infringed by making, using, selling, offering for
sale, or importing the Program or any portion of it.
11. Patents.
A "contributor" is a copyright holder who authorizes use under this
License of the Program or a work on which the Program is based. The
work thus licensed is called the contributor's "contributor version".
A contributor's "essential patent claims" are all patent claims
owned or controlled by the contributor, whether already acquired or
hereafter acquired, that would be infringed by some manner, permitted
by this License, of making, using, or selling its contributor version,
but do not include claims that would be infringed only as a
consequence of further modification of the contributor version. For
purposes of this definition, "control" includes the right to grant
patent sublicenses in a manner consistent with the requirements of
GNU GENERAL PUBLIC LICENSE
TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
0. This License applies to any program or other work which contains
a notice placed by the copyright holder saying it may be distributed
under the terms of this General Public License. The "Program", below,
refers to any such program or work, and a "work based on the Program"
means either the Program or any derivative work under copyright law:
that is to say, a work containing the Program or a portion of it,
either verbatim or with modifications and/or translated into another
language. (Hereinafter, translation is included without limitation in
the term "modification".) Each licensee is addressed as "you".
Activities other than copying, distribution and modification are not
covered by this License; they are outside its scope. The act of
running the Program is not restricted, and the output from the Program
is covered only if its contents constitute a work based on the
Program (independent of having been made by running the Program).
Whether that is true depends on what the Program does.
1. You may copy and distribute verbatim copies of the Program's
source code as you receive it, in any medium, provided that you
conspicuously and appropriately publish on each copy an appropriate
copyright notice and disclaimer of warranty; keep intact all the
notices that refer to this License and to the absence of any warranty;
and give any other recipients of the Program a copy of this License
along with the Program.
You may charge a fee for the physical act of transferring a copy, and
you may at your option offer warranty protection in exchange for a fee.
2. You may modify your copy or copies of the Program or any portion
of it, thus forming a work based on the Program, and copy and
distribute such modifications or work under the terms of Section 1
above, provided that you also meet all of these conditions:
a) You must cause the modified files to carry prominent notices
stating that you changed the files and the date of any change.
b) You must cause any work that you distribute or publish, that in
whole or in part contains or is derived from the Program or any
part thereof, to be licensed as a whole at no charge to all third
parties under the terms of this License.
c) If the modified program normally reads commands interactively
when run, you must cause it, when started running for such
interactive use in the most ordinary way, to print or display an
announcement including an appropriate copyright notice and a
notice that there is no warranty (or else, saying that you provide
a warranty) and that users may redistribute the program under
these conditions, and telling the user how to view a copy of this
License. (Exception: if the Program itself is interactive but
does not normally print such an announcement, your work based on
the Program is not required to print an announcement.)
These requirements apply to the modified work as a whole. If
identifiable sections of that work are not derived from the Program,
and can be reasonably considered independent and separate works in
themselves, then this License, and its terms, do not apply to those
sections when you distribute them as separate works. But when you
distribute the same sections as part of a whole which is a work based
on the Program, the distribution of the whole must be on the terms of
this License, whose permissions for other licensees extend to the
entire whole, and thus to each and every part regardless of who wrote it.
Thus, it is not the intent of this section to claim rights or contest
your rights to work written entirely by you; rather, the intent is to
exercise the right to control the distribution of derivative or
collective works based on the Program.
In addition, mere aggregation of another work not based on the Program
with the Program (or with a work based on the Program) on a volume of
a storage or distribution medium does not bring the other work under
the scope of this License.
3. You may copy and distribute the Program (or a work based on it,
under Section 2) in object code or executable form under the terms of
Sections 1 and 2 above provided that you also do one of the following:
a) Accompany it with the complete corresponding machine-readable
source code, which must be distributed under the terms of Sections
1 and 2 above on a medium customarily used for software interchange; or,
b) Accompany it with a written offer, valid for at least three
years, to give any third party, for a charge no more than your
cost of physically performing source distribution, a complete
machine-readable copy of the corresponding source code, to be
distributed under the terms of Sections 1 and 2 above on a medium
customarily used for software interchange; or,
c) Accompany it with the information you received as to the offer
to distribute corresponding source code. (This alternative is
allowed only for noncommercial distribution and only if you
received the program in object code or executable form with such
an offer, in accord with Subsection b above.)
The source code for a work means the preferred form of the work for
making modifications to it. For an executable work, complete source
code means all the source code for all modules it contains, plus any
associated interface definition files, plus the scripts used to
control compilation and installation of the executable. However, as a
special exception, the source code distributed need not include
anything that is normally distributed (in either source or binary
form) with the major components (compiler, kernel, and so on) of the
operating system on which the executable runs, unless that component
itself accompanies the executable.
If distribution of executable or object code is made by offering
access to copy from a designated place, then offering equivalent
access to copy the source code from the same place counts as
distribution of the source code, even though third parties are not
compelled to copy the source along with the object code.
4. You may not copy, modify, sublicense, or distribute the Program
except as expressly provided under this License. Any attempt
otherwise to copy, modify, sublicense or distribute the Program is
void, and will automatically terminate your rights under this License.
However, parties who have received copies, or rights, from you under
this License will not have their licenses terminated so long as such
parties remain in full compliance.
5. You are not required to accept this License, since you have not
signed it. However, nothing else grants you permission to modify or
distribute the Program or its derivative works. These actions are
prohibited by law if you do not accept this License. Therefore, by
modifying or distributing the Program (or any work based on the
Program), you indicate your acceptance of this License to do so, and
all its terms and conditions for copying, distributing or modifying
the Program or works based on it.
6. Each time you redistribute the Program (or any work based on the
Program), the recipient automatically receives a license from the
original licensor to copy, distribute or modify the Program subject to
these terms and conditions. You may not impose any further
restrictions on the recipients' exercise of the rights granted herein.
You are not responsible for enforcing compliance by third parties to
this License.
Each contributor grants you a non-exclusive, worldwide, royalty-free
patent license under the contributor's essential patent claims, to
make, use, sell, offer for sale, import and otherwise run, modify and
propagate the contents of its contributor version.
In the following three paragraphs, a "patent license" is any express
agreement or commitment, however denominated, not to enforce a patent
(such as an express permission to practice a patent or covenant not to
sue for patent infringement). To "grant" such a patent license to a
party means to make such an agreement or commitment not to enforce a
patent against the party.
If you convey a covered work, knowingly relying on a patent license,
and the Corresponding Source of the work is not available for anyone
to copy, free of charge and under the terms of this License, through a
publicly available network server or other readily accessible means,
then you must either (1) cause the Corresponding Source to be so
available, or (2) arrange to deprive yourself of the benefit of the
patent license for this particular work, or (3) arrange, in a manner
consistent with the requirements of this License, to extend the patent
license to downstream recipients. "Knowingly relying" means you have
actual knowledge that, but for the patent license, your conveying the
covered work in a country, or your recipient's use of the covered work
in a country, would infringe one or more identifiable patents in that
country that you have reason to believe are valid.
If, pursuant to or in connection with a single transaction or
arrangement, you convey, or propagate by procuring conveyance of, a
covered work, and grant a patent license to some of the parties
receiving the covered work authorizing them to use, propagate, modify
or convey a specific copy of the covered work, then the patent license
you grant is automatically extended to all recipients of the covered
work and works based on it.
A patent license is "discriminatory" if it does not include within
the scope of its coverage, prohibits the exercise of, or is
conditioned on the non-exercise of one or more of the rights that are
specifically granted under this License. You may not convey a covered
work if you are a party to an arrangement with a third party that is
in the business of distributing software, under which you make payment
to the third party based on the extent of your activity of conveying
the work, and under which the third party grants, to any of the
parties who would receive the covered work from you, a discriminatory
patent license (a) in connection with copies of the covered work
conveyed by you (or copies made from those copies), or (b) primarily
for and in connection with specific products or compilations that
contain the covered work, unless you entered into that arrangement,
or that patent license was granted, prior to 28 March 2007.
Nothing in this License shall be construed as excluding or limiting
any implied license or other defenses to infringement that may
otherwise be available to you under applicable patent law.
12. No Surrender of Others' Freedom.
If conditions are imposed on you (whether by court order, agreement or
7. If, as a consequence of a court judgment or allegation of patent
infringement or for any other reason (not limited to patent issues),
conditions are imposed on you (whether by court order, agreement or
otherwise) that contradict the conditions of this License, they do not
excuse you from the conditions of this License. If you cannot convey a
covered work so as to satisfy simultaneously your obligations under this
License and any other pertinent obligations, then as a consequence you may
not convey it at all. For example, if you agree to terms that obligate you
to collect a royalty for further conveying from those to whom you convey
the Program, the only way you could satisfy both those terms and this
License would be to refrain entirely from conveying the Program.
13. Use with the GNU Affero General Public License.
Notwithstanding any other provision of this License, you have
permission to link or combine any covered work with a work licensed
under version 3 of the GNU Affero General Public License into a single
combined work, and to convey the resulting work. The terms of this
License will continue to apply to the part which is the covered work,
but the special requirements of the GNU Affero General Public License,
section 13, concerning interaction through a network will apply to the
combination as such.
14. Revised Versions of this License.
The Free Software Foundation may publish revised and/or new versions of
the GNU General Public License from time to time. Such new versions will
excuse you from the conditions of this License. If you cannot
distribute so as to satisfy simultaneously your obligations under this
License and any other pertinent obligations, then as a consequence you
may not distribute the Program at all. For example, if a patent
license would not permit royalty-free redistribution of the Program by
all those who receive copies directly or indirectly through you, then
the only way you could satisfy both it and this License would be to
refrain entirely from distribution of the Program.
If any portion of this section is held invalid or unenforceable under
any particular circumstance, the balance of the section is intended to
apply and the section as a whole is intended to apply in other
circumstances.
It is not the purpose of this section to induce you to infringe any
patents or other property right claims or to contest validity of any
such claims; this section has the sole purpose of protecting the
integrity of the free software distribution system, which is
implemented by public license practices. Many people have made
generous contributions to the wide range of software distributed
through that system in reliance on consistent application of that
system; it is up to the author/donor to decide if he or she is willing
to distribute software through any other system and a licensee cannot
impose that choice.
This section is intended to make thoroughly clear what is believed to
be a consequence of the rest of this License.
8. If the distribution and/or use of the Program is restricted in
certain countries either by patents or by copyrighted interfaces, the
original copyright holder who places the Program under this License
may add an explicit geographical distribution limitation excluding
those countries, so that distribution is permitted only in or among
countries not thus excluded. In such case, this License incorporates
the limitation as if written in the body of this License.
9. The Free Software Foundation may publish revised and/or new versions
of the General Public License from time to time. Such new versions will
be similar in spirit to the present version, but may differ in detail to
address new problems or concerns.
Each version is given a distinguishing version number. If the
Program specifies that a certain numbered version of the GNU General
Public License "or any later version" applies to it, you have the
option of following the terms and conditions either of that numbered
version or of any later version published by the Free Software
Foundation. If the Program does not specify a version number of the
GNU General Public License, you may choose any version ever published
by the Free Software Foundation.
If the Program specifies that a proxy can decide which future
versions of the GNU General Public License can be used, that proxy's
public statement of acceptance of a version permanently authorizes you
to choose that version for the Program.
Later license versions may give you additional or different
permissions. However, no additional obligations are imposed on any
author or copyright holder as a result of your choosing to follow a
later version.
15. Disclaimer of Warranty.
THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY
APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT
HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY
OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO,
THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM
IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF
ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
16. Limitation of Liability.
IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS
THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY
GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE
USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF
DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD
PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS),
EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF
SUCH DAMAGES.
17. Interpretation of Sections 15 and 16.
If the disclaimer of warranty and limitation of liability provided
above cannot be given local legal effect according to their terms,
reviewing courts shall apply local law that most closely approximates
an absolute waiver of all civil liability in connection with the
Program, unless a warranty or assumption of liability accompanies a
copy of the Program in return for a fee.
Each version is given a distinguishing version number. If the Program
specifies a version number of this License which applies to it and "any
later version", you have the option of following the terms and conditions
either of that version or of any later version published by the Free
Software Foundation. If the Program does not specify a version number of
this License, you may choose any version ever published by the Free Software
Foundation.
10. If you wish to incorporate parts of the Program into other free
programs whose distribution conditions are different, write to the author
to ask for permission. For software which is copyrighted by the Free
Software Foundation, write to the Free Software Foundation; we sometimes
make exceptions for this. Our decision will be guided by the two goals
of preserving the free status of all derivatives of our free software and
of promoting the sharing and reuse of software generally.
NO WARRANTY
11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN
OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS
TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE
PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
REPAIR OR CORRECTION.
12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
POSSIBILITY OF SUCH DAMAGES.
END OF TERMS AND CONDITIONS
......@@ -628,15 +290,15 @@ free software which everyone can redistribute and change under these terms.
To do so, attach the following notices to the program. It is safest
to attach them to the start of each source file to most effectively
state the exclusion of warranty; and each file should have at least
convey the exclusion of warranty; and each file should have at least
the "copyright" line and a pointer to where the full notice is found.
<one line to give the program's name and a brief idea of what it does.>
Copyright (C) <year> <name of author>
This program is free software: you can redistribute it and/or modify
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
......@@ -644,44 +306,37 @@ the "copyright" line and a pointer to where the full notice is found.
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
You should have received a copy of the GNU General Public License along
with this program; if not, write to the Free Software Foundation, Inc.,
51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
Also add information on how to contact you by electronic and paper mail.
If the program does terminal interaction, make it output a short
notice like this when it starts in an interactive mode:
If the program is interactive, make it output a short notice like this
when it starts in an interactive mode:
<program> Copyright (C) <year> <name of author>
This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
Gnomovision version 69, Copyright (C) year name of author
Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
This is free software, and you are welcome to redistribute it
under certain conditions; type `show c' for details.
The hypothetical commands `show w' and `show c' should show the appropriate
parts of the General Public License. Of course, your program's commands
might be different; for a GUI interface, you would use an "about box".
You should also get your employer (if you work as a programmer) or school,
if any, to sign a "copyright disclaimer" for the program, if necessary.
For more information on this, and how to apply and follow the GNU GPL, see
<http://www.gnu.org/licenses/>.
The GNU General Public License does not permit incorporating your program
into proprietary programs. If your program is a subroutine library, you
may consider it more useful to permit linking proprietary applications with
the library. If this is what you want to do, use the GNU Lesser General
Public License instead of this License. But first, please read
<http://www.gnu.org/philosophy/why-not-lgpl.html>.
In addition, as a special exception, the copyright holders give
permission to link the code of portions of this program with the
OpenSSL library under certain conditions as described in each
individual source file, and distribute linked combinations including
the two.
You must obey the GNU General Public License in all respects for all
of the code used other than OpenSSL. If you modify file(s) with this
exception, you may extend this exception to your version of the
file(s), but you are not obligated to do so. If you do not wish to do
so, delete this exception statement from your version. If you delete
this exception statement from all source files in the program, then
also delete it here.
parts of the General Public License. Of course, the commands you use may
be called something other than `show w' and `show c'; they could even be
mouse-clicks or menu items--whatever suits your program.
You should also get your employer (if you work as a programmer) or your
school, if any, to sign a "copyright disclaimer" for the program, if
necessary. Here is a sample; alter the names:
Yoyodyne, Inc., hereby disclaims all copyright interest in the program
`Gnomovision' (which makes passes at compilers) written by James Hacker.
<signature of Ty Coon>, 1 April 1989
Ty Coon, President of Vice
This General Public License does not permit incorporating your program into
proprietary programs. If your program is a subroutine library, you may
consider it more useful to permit linking proprietary applications with the
library. If this is what you want to do, use the GNU Lesser General
Public License instead of this License.
Dockerfile 0 → 100644
View file @ a4da7526
## Intermediate stage ##
FROM debian:bookworm-slim AS builder
# Environment
ENV BUILD_PKGS \
autoconf \
automake \
gcc \
libbpf-dev \
libedit-dev \
libfstrm-dev \
libgnutls28-dev \
libidn2-dev \
liblmdb-dev \
libmaxminddb-dev \
libmnl-dev \
libnghttp2-dev \
libngtcp2-crypto-gnutls-dev \
libngtcp2-dev \
libprotobuf-c-dev \
libsystemd-dev \
libtool \
liburcu-dev \
libxdp-dev \
make \
pkg-config \
protobuf-c-compiler
# Install dependencies
RUN apt-get update && \
apt-get install -yqq ${BUILD_PKGS}
# Build the project
COPY . /knot-src
WORKDIR /knot-src
ARG FASTPARSER=disable
RUN autoreconf -if && \
CFLAGS="-g -O2 -DNDEBUG -D_FORTIFY_SOURCE=3 -fstack-protector-strong" \
./configure --prefix=/ \
--with-rundir=/rundir \
--with-storage=/storage \
--with-configdir=/config \
--with-module-dnstap=yes \
--${FASTPARSER}-fastparser \
--enable-quic \
--enable-dnstap \
--disable-static \
--disable-documentation && \
make -j$(grep -c ^processor /proc/cpuinfo)
# Run unittests if requested and install the project
ARG CHECK=disable
RUN if [ "$CHECK" = "enable" ]; then make -j$(grep -c ^processor /proc/cpuinfo) check; fi && \
make install DESTDIR=/tmp/knot-install
## Final stage ##
FROM debian:bookworm-slim
LABEL maintainer="Knot DNS <knot-dns@labs.nic.cz>"
# Environment
ENV RUNTIME_PKGS \
dbus \
libbpf1 \
libedit2 \
libfstrm0 \
libgnutls30 \
libidn2-0 \
liblmdb0 \
libmaxminddb0 \
libmnl0 \
libnghttp2-14 \
libngtcp2-crypto-gnutls2 \
libngtcp2-9 \
libprotobuf-c1 \
liburcu8 \
libxdp1
# Install dependencies and create knot user and group
ARG UID=53
RUN apt-get update && \
apt-get install -yqq ${RUNTIME_PKGS} adduser && \
rm -rf /var/lib/apt/lists/* && \
ldconfig && \
adduser --quiet --system --group --no-create-home --home /storage --uid=${UID} knot && \
install -o knot -g knot -d /config /rundir /storage
# Copy artifacts
# `COPY --from=builder /tmp/knot-install/ /` doesn't work with DOCKER_BUILDKIT=1 under buildx
COPY --from=builder /tmp/knot-install/bin/ /bin/
COPY --from=builder /tmp/knot-install/config/ /config/
COPY --from=builder /tmp/knot-install/include/ /include/
COPY --from=builder /tmp/knot-install/lib/ /lib/
COPY --from=builder /tmp/knot-install/sbin/ /sbin/
# Prepare configurations for optional D-Bus signaling
COPY --from=builder /knot-src/distro/common/system-local.conf /etc/dbus-1/
COPY --from=builder /knot-src/distro/common/cz.nic.knotd.conf /usr/share/dbus-1/system.d/
RUN mkdir -p /run/dbus
# Expose port
EXPOSE 53/UDP
EXPOSE 53/TCP
EXPOSE 853/UDP
EXPOSE 853/TCP
# Prepare shared directories
VOLUME /config
VOLUME /rundir
VOLUME /storage
Doxy.page.h deleted 100644 → 0
View file @ 35500368
/*!
\defgroup server Server control module.
\defgroup threading Threading API.
\defgroup network Socket API.
\defgroup config Server configuration.
\defgroup query_processing DNS query processing.
\defgroup utils Utilities, constants and macros.
\defgroup debugging Server debugging API.
\defgroup logging Server logging API.
\defgroup statistics Statistics module (optional).
\defgroup libknot libknot - library of DNS-related functions
\defgroup hashing Hash table and functions.
\defgroup common_lib Common library.
\defgroup alloc Memory allocation.
\defgroup tests Unit tests.
\defgroup zoneparser Zone compiler utility
\defgroup ctl Control utility
\defgroup zone-load-dump Zone loading and dumping
\defgroup xfr Zone transfers
\defgroup zone_scanner Zone scanner (core)
\defgroup zone_scanner_test Zone scanner testing environment
\defgroup knot_utils DNS utilities like host, dig and nsupdate
\mainpage Knot API documentation.
Knot is an open-source, high-performace, purely authoritative DNS server.
<h2>Features</h2>
Knot DNS supports the following DNS features:
- TCP/UDP protocols
- AXFR - master, slave
- IXFR - master (primary master experimental), slave
- TSIG
- EDNS0
- DNSSEC, including NSEC3
- NSID
- Unknown RR types
Server features:
- Adding/removing zones on-the-fly
- Reconfiguring server instance on-the-fly
- IPv4 / IPv6 support
- Semantic checks of zones
<h2>Compiling and running the server</h2>
See the User manual - links to current version are provided in the
<a href="https://git.nic.cz/redmine/projects/knot-dns/wiki">Knot DNS Wiki</a>.
Alternatively you can generate the manual from the sources in Info format:
\code
$ make doc
\endcode
or in PDF:
\code
$ make pdf
\endcode
<h2>Server modules</h2>
- \ref server
- \ref threading
- \ref network
- \ref config
- \ref query_processing
- \ref utils
- \ref debugging
- \ref logging
- \ref statistics
<h2>DNS library</h2>
- \ref libknot
- \ref hashing
- \ref xfr
<h2>Zone processing</h2>
- \ref zoneparser
- \ref zone-load-dump
- \ref zone_scanner
- \ref zone_scanner_test
<h2>Common library</h2>
- \ref common_lib
- \ref alloc
<h2>Other modules</h2>
- \ref tests
- \ref ctl
*/
Doxyfile Doxyfile.in
View file @ a4da7526
# Doxyfile 1.8.6
# Doxyfile 1.9.1
# This file describes the settings to be used by the documentation system
# doxygen (www.doxygen.org) for a project.
......@@ -17,11 +17,11 @@
# Project related configuration options
#---------------------------------------------------------------------------
# This tag specifies the encoding used for all characters in the config file
# that follow. The default is UTF-8 which is also the encoding used for all text
# before the first occurrence of this tag. Doxygen uses libiconv (or the iconv
# built into libc) for the transcoding. See http://www.gnu.org/software/libiconv
# for the list of possible encodings.
# This tag specifies the encoding used for all characters in the configuration
# file that follow. The default is UTF-8 which is also the encoding used for all
# text before the first occurrence of this tag. Doxygen uses libiconv (or the
# iconv built into libc) for the transcoding. See
# https://www.gnu.org/software/libiconv/ for the list of possible encodings.
# The default value is: UTF-8.
DOXYFILE_ENCODING = UTF-8
......@@ -32,25 +32,26 @@ DOXYFILE_ENCODING = UTF-8
# title of most generated pages and in a few other places.
# The default value is: My Project.
PROJECT_NAME = Knot
PROJECT_NAME = "Knot DNS"
# The PROJECT_NUMBER tag can be used to enter a project or revision number. This
# could be handy for archiving the generated documentation or if some version
# control system is used.
PROJECT_NUMBER = 2.3.0
PROJECT_NUMBER = @VERSION@
# Using the PROJECT_BRIEF tag one can provide an optional one line description
# for a project that appears at the top of each page and should give viewer a
# quick idea about the purpose of the project. Keep the description short.
PROJECT_BRIEF =
# With the PROJECT_LOGO tag one can specify an logo or icon that is included in
# the documentation. The maximum height of the logo should not exceed 55 pixels
# and the maximum width should not exceed 200 pixels. Doxygen will copy the logo
# to the output directory.
# With the PROJECT_LOGO tag one can specify a logo or an icon that is included
# in the documentation. The maximum height of the logo should not exceed 55
# pixels and the maximum width should not exceed 200 pixels. Doxygen will copy
# the logo to the output directory.
PROJECT_LOGO = doc/logo.png
# PROJECT_LOGO = doc/logo.svg
# The OUTPUT_DIRECTORY tag is used to specify the (relative or absolute) path
# into which the generated documentation will be written. If a relative path is
......@@ -59,7 +60,7 @@ PROJECT_LOGO = doc/logo.png
OUTPUT_DIRECTORY = doc
# If the CREATE_SUBDIRS tag is set to YES, then doxygen will create 4096 sub-
# If the CREATE_SUBDIRS tag is set to YES then doxygen will create 4096 sub-
# directories (in 2 levels) under the output directory of each output format and
# will distribute the generated files over these directories. Enabling this
# option can be useful when feeding doxygen a huge amount of source files, where
......@@ -69,6 +70,14 @@ OUTPUT_DIRECTORY = doc
CREATE_SUBDIRS = NO
# If the ALLOW_UNICODE_NAMES tag is set to YES, doxygen will allow non-ASCII
# characters to appear in the names of generated files. If set to NO, non-ASCII
# characters will be escaped, for example _xE3_x81_x84 will be used for Unicode
# U+3044.
# The default value is: NO.
ALLOW_UNICODE_NAMES = NO
# The OUTPUT_LANGUAGE tag is used to specify the language in which all
# documentation generated by doxygen is written. Doxygen will use this
# information to generate all constant output in the proper language.
......@@ -84,14 +93,22 @@ CREATE_SUBDIRS = NO
OUTPUT_LANGUAGE = English
# If the BRIEF_MEMBER_DESC tag is set to YES doxygen will include brief member
# The OUTPUT_TEXT_DIRECTION tag is used to specify the direction in which all
# documentation generated by doxygen is written. Doxygen will use this
# information to generate all generated output in the proper direction.
# Possible values are: None, LTR, RTL and Context.
# The default value is: None.
OUTPUT_TEXT_DIRECTION = None
# If the BRIEF_MEMBER_DESC tag is set to YES, doxygen will include brief member
# descriptions after the members that are listed in the file and class
# documentation (similar to Javadoc). Set to NO to disable this.
# The default value is: YES.
BRIEF_MEMBER_DESC = YES
# If the REPEAT_BRIEF tag is set to YES doxygen will prepend the brief
# If the REPEAT_BRIEF tag is set to YES, doxygen will prepend the brief
# description of a member or function before the detailed description
#
# Note: If both HIDE_UNDOC_MEMBERS and BRIEF_MEMBER_DESC are set to NO, the
......@@ -136,7 +153,7 @@ ALWAYS_DETAILED_SEC = YES
INLINE_INHERITED_MEMB = NO
# If the FULL_PATH_NAMES tag is set to YES doxygen will prepend the full path
# If the FULL_PATH_NAMES tag is set to YES, doxygen will prepend the full path
# before files name in the file list and in the header files. If set to NO the
# shortest path that makes the file name unique will be used
# The default value is: YES.
......@@ -180,6 +197,16 @@ SHORT_NAMES = NO
JAVADOC_AUTOBRIEF = NO
# If the JAVADOC_BANNER tag is set to YES then doxygen will interpret a line
# such as
# /***************
# as being the beginning of a Javadoc-style comment "banner". If set to NO, the
# Javadoc-style will behave just like regular comments and it will not be
# interpreted by doxygen.
# The default value is: NO.
JAVADOC_BANNER = NO
# If the QT_AUTOBRIEF tag is set to YES then doxygen will interpret the first
# line (until the first dot) of a Qt-style comment as the brief description. If
# set to NO, the Qt-style will behave just like regular Qt-style comments (thus
......@@ -200,15 +227,23 @@ QT_AUTOBRIEF = NO
MULTILINE_CPP_IS_BRIEF = NO
# By default Python docstrings are displayed as preformatted text and doxygen's
# special commands cannot be used. By setting PYTHON_DOCSTRING to NO the
# doxygen's special commands can be used and the contents of the docstring
# documentation blocks is shown as doxygen documentation.
# The default value is: YES.
PYTHON_DOCSTRING = YES
# If the INHERIT_DOCS tag is set to YES then an undocumented member inherits the
# documentation from any documented member that it re-implements.
# The default value is: YES.
INHERIT_DOCS = YES
# If the SEPARATE_MEMBER_PAGES tag is set to YES, then doxygen will produce a
# new page for each member. If set to NO, the documentation of a member will be
# part of the file/class/namespace that contains it.
# If the SEPARATE_MEMBER_PAGES tag is set to YES then doxygen will produce a new
# page for each member. If set to NO, the documentation of a member will be part
# of the file/class/namespace that contains it.
# The default value is: NO.
SEPARATE_MEMBER_PAGES = NO
......@@ -227,16 +262,15 @@ TAB_SIZE = 8
# will allow you to put the command \sideeffect (or @sideeffect) in the
# documentation, which will result in a user-defined paragraph with heading
# "Side Effects:". You can put \n's in the value part of an alias to insert
# newlines.
# newlines (in the resulting output). You can put ^^ in the value part of an
# alias to insert a newline as if a physical newline was in the original file.
# When you need a literal { or } or , in the value part of an alias you have to
# escape them by means of a backslash (\), this can lead to conflicts with the
# commands \{ and \} for these it is advised to use the version @{ and @} or use
# a double escape (\\{ and \\})
ALIASES =
# This tag can be used to specify a number of word-keyword mappings (TCL only).
# A mapping has the form "name=value". For example adding "class=itcl::class"
# will allow you to use the command class in the itcl::class meaning.
TCL_SUBST =
# Set the OPTIMIZE_OUTPUT_FOR_C tag to YES if your project consists of C sources
# only. Doxygen will then generate output that is more tailored for C. For
# instance, some of the names that are used will be different. The list of all
......@@ -265,25 +299,40 @@ OPTIMIZE_FOR_FORTRAN = NO
OPTIMIZE_OUTPUT_VHDL = NO
# Set the OPTIMIZE_OUTPUT_SLICE tag to YES if your project consists of Slice
# sources only. Doxygen will then generate output that is more tailored for that
# language. For instance, namespaces will be presented as modules, types will be
# separated into more groups, etc.
# The default value is: NO.
OPTIMIZE_OUTPUT_SLICE = NO
# Doxygen selects the parser to use depending on the extension of the files it
# parses. With this tag you can assign which parser to use for a given
# extension. Doxygen has a built-in mapping, but you can override or extend it
# using this tag. The format is ext=language, where ext is a file extension, and
# language is one of the parsers supported by doxygen: IDL, Java, Javascript,
# C#, C, C++, D, PHP, Objective-C, Python, Fortran, VHDL. For instance to make
# doxygen treat .inc files as Fortran files (default is PHP), and .f files as C
# (default is Fortran), use: inc=Fortran f=C.
# language is one of the parsers supported by doxygen: IDL, Java, JavaScript,
# Csharp (C#), C, C++, D, PHP, md (Markdown), Objective-C, Python, Slice, VHDL,
# Fortran (fixed format Fortran: FortranFixed, free formatted Fortran:
# FortranFree, unknown formatted Fortran: Fortran. In the later case the parser
# tries to guess whether the code is fixed or free formatted code, this is the
# default for Fortran type files). For instance to make doxygen treat .inc files
# as Fortran files (default is PHP), and .f files as C (default is Fortran),
# use: inc=Fortran f=C.
#
# Note For files without extension you can use no_extension as a placeholder.
# Note: For files without extension you can use no_extension as a placeholder.
#
# Note that for custom extensions you also need to set FILE_PATTERNS otherwise
# the files are not read by doxygen.
# the files are not read by doxygen. When specifying no_extension you should add
# * to the FILE_PATTERNS.
#
# Note see also the list of default file extension mappings.
EXTENSION_MAPPING =
# If the MARKDOWN_SUPPORT tag is enabled then doxygen pre-processes all comments
# according to the Markdown format, which allows for more readable
# documentation. See http://daringfireball.net/projects/markdown/ for details.
# documentation. See https://daringfireball.net/projects/markdown/ for details.
# The output of markdown processing is further processed by doxygen, so you can
# mix doxygen, HTML, and XML commands with Markdown formatting. Disable only in
# case of backward compatibilities issues.
......@@ -291,10 +340,19 @@ EXTENSION_MAPPING =
MARKDOWN_SUPPORT = YES
# When the TOC_INCLUDE_HEADINGS tag is set to a non-zero value, all headings up
# to that level are automatically included in the table of contents, even if
# they do not have an id attribute.
# Note: This feature currently applies only to Markdown headings.
# Minimum value: 0, maximum value: 99, default value: 5.
# This tag requires that the tag MARKDOWN_SUPPORT is set to YES.
TOC_INCLUDE_HEADINGS = 5
# When enabled doxygen tries to link words that correspond to documented
# classes, or namespaces to their corresponding documentation. Such a link can
# be prevented in individual cases by by putting a % sign in front of the word
# or globally by setting AUTOLINK_SUPPORT to NO.
# be prevented in individual cases by putting a % sign in front of the word or
# globally by setting AUTOLINK_SUPPORT to NO.
# The default value is: YES.
AUTOLINK_SUPPORT = YES
......@@ -316,7 +374,7 @@ BUILTIN_STL_SUPPORT = NO
CPP_CLI_SUPPORT = NO
# Set the SIP_SUPPORT tag to YES if your project consists of sip (see:
# http://www.riverbankcomputing.co.uk/software/sip/intro) sources only. Doxygen
# https://www.riverbankcomputing.com/software/sip/intro) sources only. Doxygen
# will parse them like normal C++ but will assume all classes use public instead
# of private inheritance when no explicit protection keyword is present.
# The default value is: NO.
......@@ -334,13 +392,20 @@ SIP_SUPPORT = NO
IDL_PROPERTY_SUPPORT = YES
# If member grouping is used in the documentation and the DISTRIBUTE_GROUP_DOC
# tag is set to YES, then doxygen will reuse the documentation of the first
# tag is set to YES then doxygen will reuse the documentation of the first
# member in the group (if any) for the other members of the group. By default
# all members of a group must be documented explicitly.
# The default value is: NO.
DISTRIBUTE_GROUP_DOC = NO
# If one adds a struct or class to a group and this option is enabled, then also
# any nested class or struct is added to the same group. By default this option
# is disabled and one has to add nested compounds explicitly via \ingroup.
# The default value is: NO.
GROUP_NESTED_COMPOUNDS = NO
# Set the SUBGROUPING tag to YES to allow class member groups of the same type
# (for instance a group of public functions) to be put as a subgroup of that
# type (e.g. under the Public Functions section). Set it to NO to prevent
......@@ -369,7 +434,7 @@ INLINE_GROUPED_CLASSES = NO
# Man pages) or section (for LaTeX and RTF).
# The default value is: NO.
INLINE_SIMPLE_STRUCTS = NO
INLINE_SIMPLE_STRUCTS = YES
# When TYPEDEF_HIDES_STRUCT tag is enabled, a typedef of a struct, union, or
# enum is documented as struct, union, or enum with the name of the typedef. So
......@@ -395,11 +460,24 @@ TYPEDEF_HIDES_STRUCT = YES
LOOKUP_CACHE_SIZE = 0
# The NUM_PROC_THREADS specifies the number threads doxygen is allowed to use
# during processing. When set to 0 doxygen will based this on the number of
# cores available in the system. You can set it explicitly to a value larger
# than 0 to get more control over the balance between CPU load and processing
# speed. At this moment only the input processing can be done using multiple
# threads. Since this is still an experimental feature the default is set to 1,
# which efficively disables parallel processing. Please report any issues you
# encounter. Generating dot graphs in parallel is controlled by the
# DOT_NUM_THREADS setting.
# Minimum value: 0, maximum value: 32, default value: 1.
NUM_PROC_THREADS = 1
#---------------------------------------------------------------------------
# Build related configuration options
#---------------------------------------------------------------------------
# If the EXTRACT_ALL tag is set to YES doxygen will assume all entities in
# If the EXTRACT_ALL tag is set to YES, doxygen will assume all entities in
# documentation are documented, even if no documentation was available. Private
# class members and static file members will be hidden unless the
# EXTRACT_PRIVATE respectively EXTRACT_STATIC tags are set to YES.
......@@ -409,35 +487,41 @@ LOOKUP_CACHE_SIZE = 0
EXTRACT_ALL = YES
# If the EXTRACT_PRIVATE tag is set to YES all private members of a class will
# If the EXTRACT_PRIVATE tag is set to YES, all private members of a class will
# be included in the documentation.
# The default value is: NO.
EXTRACT_PRIVATE = NO
# If the EXTRACT_PACKAGE tag is set to YES all members with package or internal
# If the EXTRACT_PRIV_VIRTUAL tag is set to YES, documented private virtual
# methods of a class will be included in the documentation.
# The default value is: NO.
EXTRACT_PRIV_VIRTUAL = NO
# If the EXTRACT_PACKAGE tag is set to YES, all members with package or internal
# scope will be included in the documentation.
# The default value is: NO.
EXTRACT_PACKAGE = NO
# If the EXTRACT_STATIC tag is set to YES all static members of a file will be
# If the EXTRACT_STATIC tag is set to YES, all static members of a file will be
# included in the documentation.
# The default value is: NO.
EXTRACT_STATIC = NO
EXTRACT_STATIC = YES
# If the EXTRACT_LOCAL_CLASSES tag is set to YES classes (and structs) defined
# locally in source files will be included in the documentation. If set to NO
# If the EXTRACT_LOCAL_CLASSES tag is set to YES, classes (and structs) defined
# locally in source files will be included in the documentation. If set to NO,
# only classes defined in header files are included. Does not have any effect
# for Java sources.
# The default value is: YES.
EXTRACT_LOCAL_CLASSES = YES
# This flag is only useful for Objective-C code. When set to YES local methods,
# This flag is only useful for Objective-C code. If set to YES, local methods,
# which are defined in the implementation section but not in the interface are
# included in the documentation. If set to NO only methods in the interface are
# included in the documentation. If set to NO, only methods in the interface are
# included.
# The default value is: NO.
......@@ -452,6 +536,13 @@ EXTRACT_LOCAL_METHODS = NO
EXTRACT_ANON_NSPACES = NO
# If this flag is set to YES, the name of an unnamed parameter in a declaration
# will be determined by the corresponding definition. By default unnamed
# parameters remain unnamed in the output.
# The default value is: YES.
RESOLVE_UNNAMED_PARAMS = YES
# If the HIDE_UNDOC_MEMBERS tag is set to YES, doxygen will hide all
# undocumented members inside documented classes or files. If set to NO these
# members will be included in the various overviews, but no documentation
......@@ -462,21 +553,21 @@ HIDE_UNDOC_MEMBERS = NO
# If the HIDE_UNDOC_CLASSES tag is set to YES, doxygen will hide all
# undocumented classes that are normally visible in the class hierarchy. If set
# to NO these classes will be included in the various overviews. This option has
# no effect if EXTRACT_ALL is enabled.
# to NO, these classes will be included in the various overviews. This option
# has no effect if EXTRACT_ALL is enabled.
# The default value is: NO.
HIDE_UNDOC_CLASSES = NO
# If the HIDE_FRIEND_COMPOUNDS tag is set to YES, doxygen will hide all friend
# (class|struct|union) declarations. If set to NO these declarations will be
# included in the documentation.
# declarations. If set to NO, these declarations will be included in the
# documentation.
# The default value is: NO.
HIDE_FRIEND_COMPOUNDS = NO
# If the HIDE_IN_BODY_DOCS tag is set to YES, doxygen will hide any
# documentation blocks found inside the body of a function. If set to NO these
# documentation blocks found inside the body of a function. If set to NO, these
# blocks will be appended to the function's detailed documentation block.
# The default value is: NO.
......@@ -489,22 +580,36 @@ HIDE_IN_BODY_DOCS = NO
INTERNAL_DOCS = NO
# If the CASE_SENSE_NAMES tag is set to NO then doxygen will only generate file
# names in lower-case letters. If set to YES upper-case letters are also
# allowed. This is useful if you have classes or files whose names only differ
# in case and if your file system supports case sensitive file names. Windows
# and Mac users are advised to set this option to NO.
# With the correct setting of option CASE_SENSE_NAMES doxygen will better be
# able to match the capabilities of the underlying filesystem. In case the
# filesystem is case sensitive (i.e. it supports files in the same directory
# whose names only differ in casing), the option must be set to YES to properly
# deal with such files in case they appear in the input. For filesystems that
# are not case sensitive the option should be be set to NO to properly deal with
# output files written for symbols that only differ in casing, such as for two
# classes, one named CLASS and the other named Class, and to also support
# references to files without having to specify the exact matching casing. On
# Windows (including Cygwin) and MacOS, users should typically set this option
# to NO, whereas on Linux or other Unix flavors it should typically be set to
# YES.
# The default value is: system dependent.
CASE_SENSE_NAMES = NO
# If the HIDE_SCOPE_NAMES tag is set to NO then doxygen will show members with
# their full class and namespace scopes in the documentation. If set to YES the
# their full class and namespace scopes in the documentation. If set to YES, the
# scope will be hidden.
# The default value is: NO.
HIDE_SCOPE_NAMES = YES
# If the HIDE_COMPOUND_REFERENCE tag is set to NO (default) then doxygen will
# append additional text to a page's title, such as Class Reference. If set to
# YES the compound reference will be hidden.
# The default value is: NO.
HIDE_COMPOUND_REFERENCE= NO
# If the SHOW_INCLUDE_FILES tag is set to YES then doxygen will put a list of
# the files that are included by a file in the documentation of that file.
# The default value is: YES.
......@@ -516,7 +621,7 @@ SHOW_INCLUDE_FILES = YES
# which file to include in order to use the member.
# The default value is: NO.
SHOW_GROUPED_MEMB_INC = NO
SHOW_GROUPED_MEMB_INC = YES
# If the FORCE_LOCAL_INCLUDES tag is set to YES then doxygen will list include
# files with double quotes in the documentation rather than with sharp brackets.
......@@ -532,14 +637,14 @@ INLINE_INFO = YES
# If the SORT_MEMBER_DOCS tag is set to YES then doxygen will sort the
# (detailed) documentation of file and class members alphabetically by member
# name. If set to NO the members will appear in declaration order.
# name. If set to NO, the members will appear in declaration order.
# The default value is: YES.
SORT_MEMBER_DOCS = YES
# If the SORT_BRIEF_DOCS tag is set to YES then doxygen will sort the brief
# descriptions of file, namespace and class members alphabetically by member
# name. If set to NO the members will appear in declaration order. Note that
# name. If set to NO, the members will appear in declaration order. Note that
# this will also influence the order of the classes in the class list.
# The default value is: NO.
......@@ -584,27 +689,25 @@ SORT_BY_SCOPE_NAME = NO
STRICT_PROTO_MATCHING = NO
# The GENERATE_TODOLIST tag can be used to enable ( YES) or disable ( NO) the
# todo list. This list is created by putting \todo commands in the
# documentation.
# The GENERATE_TODOLIST tag can be used to enable (YES) or disable (NO) the todo
# list. This list is created by putting \todo commands in the documentation.
# The default value is: YES.
GENERATE_TODOLIST = YES
GENERATE_TODOLIST = NO
# The GENERATE_TESTLIST tag can be used to enable ( YES) or disable ( NO) the
# test list. This list is created by putting \test commands in the
# documentation.
# The GENERATE_TESTLIST tag can be used to enable (YES) or disable (NO) the test
# list. This list is created by putting \test commands in the documentation.
# The default value is: YES.
GENERATE_TESTLIST = YES
GENERATE_TESTLIST = NO
# The GENERATE_BUGLIST tag can be used to enable ( YES) or disable ( NO) the bug
# The GENERATE_BUGLIST tag can be used to enable (YES) or disable (NO) the bug
# list. This list is created by putting \bug commands in the documentation.
# The default value is: YES.
GENERATE_BUGLIST = YES
# The GENERATE_DEPRECATEDLIST tag can be used to enable ( YES) or disable ( NO)
# The GENERATE_DEPRECATEDLIST tag can be used to enable (YES) or disable (NO)
# the deprecated list. This list is created by putting \deprecated commands in
# the documentation.
# The default value is: YES.
......@@ -629,8 +732,8 @@ ENABLED_SECTIONS =
MAX_INITIALIZER_LINES = 50
# Set the SHOW_USED_FILES tag to NO to disable the list of files generated at
# the bottom of the documentation of classes and structs. If set to YES the list
# will mention the files that were used to generate the documentation.
# the bottom of the documentation of classes and structs. If set to YES, the
# list will mention the files that were used to generate the documentation.
# The default value is: YES.
SHOW_USED_FILES = YES
......@@ -670,16 +773,15 @@ FILE_VERSION_FILTER =
# DoxygenLayout.xml, doxygen will parse it automatically even if the LAYOUT_FILE
# tag is left empty.
LAYOUT_FILE =
LAYOUT_FILE = doc/doxygen/DoxygenLayout.xml
# The CITE_BIB_FILES tag can be used to specify one or more bib files containing
# the reference definitions. This must be a list of .bib files. The .bib
# extension is automatically appended if omitted. This requires the bibtex tool
# to be installed. See also http://en.wikipedia.org/wiki/BibTeX for more info.
# to be installed. See also https://en.wikipedia.org/wiki/BibTeX for more info.
# For LaTeX the style of the bibliography can be controlled using
# LATEX_BIB_STYLE. To use this feature you need bibtex and perl available in the
# search path. Do not use file names with spaces, bibtex cannot handle them. See
# also \cite for info how to create references.
# search path. See also \cite for info how to create references.
CITE_BIB_FILES =
......@@ -695,7 +797,7 @@ CITE_BIB_FILES =
QUIET = NO
# The WARNINGS tag can be used to turn on/off the warning messages that are
# generated to standard error ( stderr) by doxygen. If WARNINGS is set to YES
# generated to standard error (stderr) by doxygen. If WARNINGS is set to YES
# this implies that the warnings are on.
#
# Tip: Turn warnings on while writing the documentation.
......@@ -703,7 +805,7 @@ QUIET = NO
WARNINGS = YES
# If the WARN_IF_UNDOCUMENTED tag is set to YES, then doxygen will generate
# If the WARN_IF_UNDOCUMENTED tag is set to YES then doxygen will generate
# warnings for undocumented members. If EXTRACT_ALL is set to YES then this flag
# will automatically be disabled.
# The default value is: YES.
......@@ -720,12 +822,22 @@ WARN_IF_DOC_ERROR = YES
# This WARN_NO_PARAMDOC option can be enabled to get warnings for functions that
# are documented, but have no documentation for their parameters or return
# value. If set to NO doxygen will only warn about wrong or incomplete parameter
# documentation, but not about the absence of documentation.
# value. If set to NO, doxygen will only warn about wrong or incomplete
# parameter documentation, but not about the absence of documentation. If
# EXTRACT_ALL is set to YES then this flag will automatically be disabled.
# The default value is: NO.
WARN_NO_PARAMDOC = NO
# If the WARN_AS_ERROR tag is set to YES then doxygen will immediately stop when
# a warning is encountered. If the WARN_AS_ERROR tag is set to FAIL_ON_WARNINGS
# then doxygen will continue running as if WARN_AS_ERROR tag is set to NO, but
# at the end of the doxygen process doxygen will return with a non-zero status.
# Possible values are: NO, YES and FAIL_ON_WARNINGS.
# The default value is: NO.
WARN_AS_ERROR = NO
# The WARN_FORMAT tag determines the format of the warning messages that doxygen
# can produce. The string should contain the $file, $line, and $text tags, which
# will be replaced by the file and line number from which the warning originated
......@@ -740,7 +852,7 @@ WARN_FORMAT = "$file:$line: $text"
# messages should be written. If left blank the output is written to standard
# error (stderr).
WARN_LOGFILE =
WARN_LOGFILE = doc/html/doxygen.warn
#---------------------------------------------------------------------------
# Configuration options related to the input files
......@@ -749,37 +861,43 @@ WARN_LOGFILE =
# The INPUT tag is used to specify the files and/or directories that contain
# documented source files. You may enter file names like myfile.cpp or
# directories like /usr/src/myproject. Separate the files or directories with
# spaces.
# spaces. See also FILE_PATTERNS and EXTENSION_MAPPING
# Note: If this tag is empty the current directory is searched.
INPUT = src/dnstap \
src/knot \
INPUT = doc/doxygen/Doxy.page.h \
src/libdnssec \
src/libknot \
src/utils \
src/zscanner \
src/dnssec \
Doxy.page.h
src/libzscanner \
src/knot/include
# This tag can be used to specify the character encoding of the source files
# that doxygen parses. Internally doxygen uses the UTF-8 encoding. Doxygen uses
# libiconv (or the iconv built into libc) for the transcoding. See the libiconv
# documentation (see: http://www.gnu.org/software/libiconv) for the list of
# possible encodings.
# documentation (see:
# https://www.gnu.org/software/libiconv/) for the list of possible encodings.
# The default value is: UTF-8.
INPUT_ENCODING = UTF-8
# If the value of the INPUT tag contains directories, you can use the
# FILE_PATTERNS tag to specify one or more wildcard patterns (like *.cpp and
# *.h) to filter out the source-files in the directories. If left blank the
# following patterns are tested:*.c, *.cc, *.cxx, *.cpp, *.c++, *.java, *.ii,
# *.ixx, *.ipp, *.i++, *.inl, *.idl, *.ddl, *.odl, *.h, *.hh, *.hxx, *.hpp,
# *.h++, *.cs, *.d, *.php, *.php4, *.php5, *.phtml, *.inc, *.m, *.markdown,
# *.md, *.mm, *.dox, *.py, *.f90, *.f, *.for, *.tcl, *.vhd, *.vhdl, *.ucf,
# *.qsf, *.as and *.js.
# *.h) to filter out the source-files in the directories.
#
# Note that for custom extensions or not directly supported extensions you also
# need to set EXTENSION_MAPPING for the extension otherwise the files are not
# read by doxygen.
#
# Note the list of default checked file patterns might differ from the list of
# default file extension mappings.
#
# If left blank the following patterns are tested:*.c, *.cc, *.cxx, *.cpp,
# *.c++, *.java, *.ii, *.ixx, *.ipp, *.i++, *.inl, *.idl, *.ddl, *.odl, *.h,
# *.hh, *.hxx, *.hpp, *.h++, *.cs, *.d, *.php, *.php4, *.php5, *.phtml, *.inc,
# *.m, *.markdown, *.md, *.mm, *.dox (to be provided as doxygen C comment),
# *.py, *.pyw, *.f90, *.f95, *.f03, *.f08, *.f18, *.f, *.for, *.vhd, *.vhdl,
# *.ucf, *.qsf and *.ice.
FILE_PATTERNS = *.c \
*.h
FILE_PATTERNS = *.h
# The RECURSIVE tag can be used to specify whether or not subdirectories should
# be searched for input files as well.
......@@ -794,7 +912,7 @@ RECURSIVE = YES
# Note that relative paths are relative to the directory from which doxygen is
# run.
EXCLUDE = /contrib/lmdb
EXCLUDE =
# The EXCLUDE_SYMLINKS tag can be used to select whether or not files or
# directories that are symbolic links (a Unix file system feature) are excluded
......@@ -863,6 +981,10 @@ IMAGE_PATH =
# Note that the filter must not add or remove lines; it is applied before the
# code is scanned, but not when the output code is generated. If lines are added
# or removed, the anchors will not be placed correctly.
#
# Note that for custom extensions or not directly supported extensions you also
# need to set EXTENSION_MAPPING for the extension otherwise the files are not
# properly processed by doxygen.
INPUT_FILTER =
......@@ -872,11 +994,15 @@ INPUT_FILTER =
# (like *.cpp=my_cpp_filter). See INPUT_FILTER for further information on how
# filters are used. If the FILTER_PATTERNS tag is empty or if none of the
# patterns match the file name, INPUT_FILTER is applied.
#
# Note that for custom extensions or not directly supported extensions you also
# need to set EXTENSION_MAPPING for the extension otherwise the files are not
# properly processed by doxygen.
FILTER_PATTERNS =
# If the FILTER_SOURCE_FILES tag is set to YES, the input filter (if set using
# INPUT_FILTER ) will also be used to filter the input files that are used for
# INPUT_FILTER) will also be used to filter the input files that are used for
# producing the source files to browse (i.e. when SOURCE_BROWSER is set to YES).
# The default value is: NO.
......@@ -924,7 +1050,7 @@ INLINE_SOURCES = NO
STRIP_CODE_COMMENTS = YES
# If the REFERENCED_BY_RELATION tag is set to YES then for each documented
# function all documented functions referencing it will be listed.
# entity all documented functions referencing it will be listed.
# The default value is: NO.
REFERENCED_BY_RELATION = NO
......@@ -936,7 +1062,7 @@ REFERENCED_BY_RELATION = NO
REFERENCES_RELATION = NO
# If the REFERENCES_LINK_SOURCE tag is set to YES and SOURCE_BROWSER tag is set
# to YES, then the hyperlinks from functions in REFERENCES_RELATION and
# to YES then the hyperlinks from functions in REFERENCES_RELATION and
# REFERENCED_BY_RELATION lists will link to the source code. Otherwise they will
# link to the documentation.
# The default value is: YES.
......@@ -956,12 +1082,12 @@ SOURCE_TOOLTIPS = YES
# If the USE_HTAGS tag is set to YES then the references to source code will
# point to the HTML generated by the htags(1) tool instead of doxygen built-in
# source browser. The htags tool is part of GNU's global source tagging system
# (see http://www.gnu.org/software/global/global.html). You will need version
# (see https://www.gnu.org/software/global/global.html). You will need version
# 4.8.6 or higher.
#
# To use it do the following:
# - Install the latest version of global
# - Enable SOURCE_BROWSER and USE_HTAGS in the config file
# - Enable SOURCE_BROWSER and USE_HTAGS in the configuration file
# - Make sure the INPUT points to the root of the source tree
# - Run doxygen as normal
#
......@@ -983,6 +1109,44 @@ USE_HTAGS = NO
VERBATIM_HEADERS = YES
# If the CLANG_ASSISTED_PARSING tag is set to YES then doxygen will use the
# clang parser (see:
# http://clang.llvm.org/) for more accurate parsing at the cost of reduced
# performance. This can be particularly helpful with template rich C++ code for
# which doxygen's built-in parser lacks the necessary type information.
# Note: The availability of this option depends on whether or not doxygen was
# generated with the -Duse_libclang=ON option for CMake.
# The default value is: NO.
CLANG_ASSISTED_PARSING = NO
# If clang assisted parsing is enabled and the CLANG_ADD_INC_PATHS tag is set to
# YES then doxygen will add the directory of each input to the include path.
# The default value is: YES.
CLANG_ADD_INC_PATHS = YES
# If clang assisted parsing is enabled you can provide the compiler with command
# line options that you would normally use when invoking the compiler. Note that
# the include paths will already be set by doxygen for the files and directories
# specified with INPUT and INCLUDE_PATH.
# This tag requires that the tag CLANG_ASSISTED_PARSING is set to YES.
CLANG_OPTIONS =
# If clang assisted parsing is enabled you can provide the clang parser with the
# path to the directory containing a file called compile_commands.json. This
# file is the compilation database (see:
# http://clang.llvm.org/docs/HowToSetupToolingForLLVM.html) containing the
# options used when the source files were built. This is equivalent to
# specifying the -p option to a clang tool, such as clang-check. These options
# will then be passed to the parser. Any options specified with CLANG_OPTIONS
# will be added as well.
# Note: The availability of this option depends on whether or not doxygen was
# generated with the -Duse_libclang=ON option for CMake.
CLANG_DATABASE_PATH =
#---------------------------------------------------------------------------
# Configuration options related to the alphabetical class index
#---------------------------------------------------------------------------
......@@ -994,13 +1158,6 @@ VERBATIM_HEADERS = YES
ALPHABETICAL_INDEX = YES
# The COLS_IN_ALPHA_INDEX tag can be used to specify the number of columns in
# which the alphabetical index list will be split.
# Minimum value: 1, maximum value: 20, default value: 5.
# This tag requires that the tag ALPHABETICAL_INDEX is set to YES.
COLS_IN_ALPHA_INDEX = 5
# In case all classes in a project start with a common prefix, all classes will
# be put under the same header in the alphabetical index. The IGNORE_PREFIX tag
# can be used to specify a prefix (or a list of prefixes) that should be ignored
......@@ -1013,7 +1170,7 @@ IGNORE_PREFIX =
# Configuration options related to the HTML output
#---------------------------------------------------------------------------
# If the GENERATE_HTML tag is set to YES doxygen will generate HTML output
# If the GENERATE_HTML tag is set to YES, doxygen will generate HTML output
# The default value is: YES.
GENERATE_HTML = YES
......@@ -1024,7 +1181,7 @@ GENERATE_HTML = YES
# The default directory is: html.
# This tag requires that the tag GENERATE_HTML is set to YES.
HTML_OUTPUT = html
HTML_OUTPUT = api
# The HTML_FILE_EXTENSION tag can be used to specify the file extension for each
# generated HTML page (for example: .htm, .php, .asp).
......@@ -1075,13 +1232,15 @@ HTML_FOOTER =
HTML_STYLESHEET =
# The HTML_EXTRA_STYLESHEET tag can be used to specify an additional user-
# defined cascading style sheet that is included after the standard style sheets
# The HTML_EXTRA_STYLESHEET tag can be used to specify additional user-defined
# cascading style sheets that are included after the standard style sheets
# created by doxygen. Using this option one can overrule certain style aspects.
# This is preferred over using HTML_STYLESHEET since it does not replace the
# standard style sheet and is therefor more robust against future updates.
# Doxygen will copy the style sheet file to the output directory. For an example
# see the documentation.
# standard style sheet and is therefore more robust against future updates.
# Doxygen will copy the style sheet files to the output directory.
# Note: The order of the extra style sheet files is of importance (e.g. the last
# style sheet in the list overrules the setting of the previous ones in the
# list). For an example see the documentation.
# This tag requires that the tag GENERATE_HTML is set to YES.
HTML_EXTRA_STYLESHEET =
......@@ -1097,9 +1256,9 @@ HTML_EXTRA_STYLESHEET =
HTML_EXTRA_FILES =
# The HTML_COLORSTYLE_HUE tag controls the color of the HTML output. Doxygen
# will adjust the colors in the stylesheet and background images according to
# will adjust the colors in the style sheet and background images according to
# this color. Hue is specified as an angle on a colorwheel, see
# http://en.wikipedia.org/wiki/Hue for more information. For instance the value
# https://en.wikipedia.org/wiki/Hue for more information. For instance the value
# 0 represents red, 60 is yellow, 120 is green, 180 is cyan, 240 is blue, 300
# purple, and 360 is red again.
# Minimum value: 0, maximum value: 359, default value: 220.
......@@ -1128,19 +1287,31 @@ HTML_COLORSTYLE_GAMMA = 80
# If the HTML_TIMESTAMP tag is set to YES then the footer of each generated HTML
# page will contain the date and time when the page was generated. Setting this
# to NO can help when comparing the output of multiple runs.
# The default value is: YES.
# to YES can help to show when doxygen was last run and thus if the
# documentation is up to date.
# The default value is: NO.
# This tag requires that the tag GENERATE_HTML is set to YES.
HTML_TIMESTAMP = YES
# If the HTML_DYNAMIC_MENUS tag is set to YES then the generated HTML
# documentation will contain a main index with vertical navigation menus that
# are dynamically created via JavaScript. If disabled, the navigation index will
# consists of multiple levels of tabs that are statically embedded in every HTML
# page. Disable this option to support browsers that do not have JavaScript,
# like the Qt help browser.
# The default value is: YES.
# This tag requires that the tag GENERATE_HTML is set to YES.
HTML_DYNAMIC_MENUS = YES
# If the HTML_DYNAMIC_SECTIONS tag is set to YES then the generated HTML
# documentation will contain sections that can be hidden and shown after the
# page has loaded.
# The default value is: NO.
# This tag requires that the tag GENERATE_HTML is set to YES.
HTML_DYNAMIC_SECTIONS = NO
HTML_DYNAMIC_SECTIONS = YES
# With HTML_INDEX_NUM_ENTRIES one can control the preferred number of entries
# shown in the various tree structured indices initially; the user can expand
......@@ -1157,13 +1328,14 @@ HTML_INDEX_NUM_ENTRIES = 100
# If the GENERATE_DOCSET tag is set to YES, additional index files will be
# generated that can be used as input for Apple's Xcode 3 integrated development
# environment (see: http://developer.apple.com/tools/xcode/), introduced with
# OSX 10.5 (Leopard). To create a documentation set, doxygen will generate a
# Makefile in the HTML output directory. Running make will produce the docset in
# that directory and running make install will install the docset in
# environment (see:
# https://developer.apple.com/xcode/), introduced with OSX 10.5 (Leopard). To
# create a documentation set, doxygen will generate a Makefile in the HTML
# output directory. Running make will produce the docset in that directory and
# running make install will install the docset in
# ~/Library/Developer/Shared/Documentation/DocSets so that Xcode will find it at
# startup. See http://developer.apple.com/tools/creatingdocsetswithdoxygen.html
# for more information.
# startup. See https://developer.apple.com/library/archive/featuredarticles/Doxy
# genXcode/_index.html for more information.
# The default value is: NO.
# This tag requires that the tag GENERATE_HTML is set to YES.
......@@ -1202,8 +1374,8 @@ DOCSET_PUBLISHER_NAME = Publisher
# If the GENERATE_HTMLHELP tag is set to YES then doxygen generates three
# additional HTML index files: index.hhp, index.hhc, and index.hhk. The
# index.hhp is a project file that can be read by Microsoft's HTML Help Workshop
# (see: http://www.microsoft.com/en-us/download/details.aspx?id=21138) on
# Windows.
# (see:
# https://www.microsoft.com/en-us/download/details.aspx?id=21138) on Windows.
#
# The HTML Help Workshop contains a compiler that can convert all HTML output
# generated by doxygen into a single compiled HTML file (.chm). Compiled HTML
......@@ -1225,28 +1397,29 @@ GENERATE_HTMLHELP = NO
CHM_FILE =
# The HHC_LOCATION tag can be used to specify the location (absolute path
# including file name) of the HTML help compiler ( hhc.exe). If non-empty
# including file name) of the HTML help compiler (hhc.exe). If non-empty,
# doxygen will try to run the HTML help compiler on the generated index.hhp.
# The file has to be specified with full path.
# This tag requires that the tag GENERATE_HTMLHELP is set to YES.
HHC_LOCATION =
# The GENERATE_CHI flag controls if a separate .chi index file is generated (
# YES) or that it should be included in the master .chm file ( NO).
# The GENERATE_CHI flag controls if a separate .chi index file is generated
# (YES) or that it should be included in the main .chm file (NO).
# The default value is: NO.
# This tag requires that the tag GENERATE_HTMLHELP is set to YES.
GENERATE_CHI = NO
# The CHM_INDEX_ENCODING is used to encode HtmlHelp index ( hhk), content ( hhc)
# The CHM_INDEX_ENCODING is used to encode HtmlHelp index (hhk), content (hhc)
# and project file content.
# This tag requires that the tag GENERATE_HTMLHELP is set to YES.
CHM_INDEX_ENCODING =
# The BINARY_TOC flag controls whether a binary table of contents is generated (
# YES) or a normal table of contents ( NO) in the .chm file.
# The BINARY_TOC flag controls whether a binary table of contents is generated
# (YES) or a normal table of contents (NO) in the .chm file. Furthermore it
# enables the Previous and Next buttons.
# The default value is: NO.
# This tag requires that the tag GENERATE_HTMLHELP is set to YES.
......@@ -1277,7 +1450,8 @@ QCH_FILE =
# The QHP_NAMESPACE tag specifies the namespace to use when generating Qt Help
# Project output. For more information please see Qt Help Project / Namespace
# (see: http://qt-project.org/doc/qt-4.8/qthelpproject.html#namespace).
# (see:
# https://doc.qt.io/archives/qt-4.8/qthelpproject.html#namespace).
# The default value is: org.doxygen.Project.
# This tag requires that the tag GENERATE_QHP is set to YES.
......@@ -1285,8 +1459,8 @@ QHP_NAMESPACE = org.doxygen.Project
# The QHP_VIRTUAL_FOLDER tag specifies the namespace to use when generating Qt
# Help Project output. For more information please see Qt Help Project / Virtual
# Folders (see: http://qt-project.org/doc/qt-4.8/qthelpproject.html#virtual-
# folders).
# Folders (see:
# https://doc.qt.io/archives/qt-4.8/qthelpproject.html#virtual-folders).
# The default value is: doc.
# This tag requires that the tag GENERATE_QHP is set to YES.
......@@ -1294,30 +1468,30 @@ QHP_VIRTUAL_FOLDER = doc
# If the QHP_CUST_FILTER_NAME tag is set, it specifies the name of a custom
# filter to add. For more information please see Qt Help Project / Custom
# Filters (see: http://qt-project.org/doc/qt-4.8/qthelpproject.html#custom-
# filters).
# Filters (see:
# https://doc.qt.io/archives/qt-4.8/qthelpproject.html#custom-filters).
# This tag requires that the tag GENERATE_QHP is set to YES.
QHP_CUST_FILTER_NAME =
# The QHP_CUST_FILTER_ATTRS tag specifies the list of the attributes of the
# custom filter to add. For more information please see Qt Help Project / Custom
# Filters (see: http://qt-project.org/doc/qt-4.8/qthelpproject.html#custom-
# filters).
# Filters (see:
# https://doc.qt.io/archives/qt-4.8/qthelpproject.html#custom-filters).
# This tag requires that the tag GENERATE_QHP is set to YES.
QHP_CUST_FILTER_ATTRS =
# The QHP_SECT_FILTER_ATTRS tag specifies the list of the attributes this
# project's filter section matches. Qt Help Project / Filter Attributes (see:
# http://qt-project.org/doc/qt-4.8/qthelpproject.html#filter-attributes).
# https://doc.qt.io/archives/qt-4.8/qthelpproject.html#filter-attributes).
# This tag requires that the tag GENERATE_QHP is set to YES.
QHP_SECT_FILTER_ATTRS =
# The QHG_LOCATION tag can be used to specify the location of Qt's
# qhelpgenerator. If non-empty doxygen will try to run qhelpgenerator on the
# generated .qhp file.
# The QHG_LOCATION tag can be used to specify the location (absolute path
# including file name) of Qt's qhelpgenerator. If non-empty doxygen will try to
# run qhelpgenerator on the generated .qhp file.
# This tag requires that the tag GENERATE_QHP is set to YES.
QHG_LOCATION =
......@@ -1351,7 +1525,7 @@ ECLIPSE_DOC_ID = org.doxygen.Project
# The default value is: NO.
# This tag requires that the tag GENERATE_HTML is set to YES.
DISABLE_INDEX = NO
DISABLE_INDEX = YES
# The GENERATE_TREEVIEW tag is used to specify whether a tree-like index
# structure should be generated to display hierarchical information. If the tag
......@@ -1359,7 +1533,7 @@ DISABLE_INDEX = NO
# index structure (just like the one that is generated for HTML Help). For this
# to work a browser that supports JavaScript, DHTML, CSS and frames is required
# (i.e. any modern browser). Windows users are probably better off using the
# HTML help feature. Via custom stylesheets (see HTML_EXTRA_STYLESHEET) one can
# HTML help feature. Via custom style sheets (see HTML_EXTRA_STYLESHEET) one can
# further fine-tune the look of the index. As an example, the default style
# sheet generated by doxygen has an example that shows how to put an image at
# the root of the tree instead of the PROJECT_NAME. Since the tree basically has
......@@ -1368,7 +1542,7 @@ DISABLE_INDEX = NO
# The default value is: NO.
# This tag requires that the tag GENERATE_HTML is set to YES.
GENERATE_TREEVIEW = NO
GENERATE_TREEVIEW = YES
# The ENUM_VALUES_PER_LINE tag can be used to set the number of enum values that
# doxygen will group on one line in the generated HTML documentation.
......@@ -1387,13 +1561,24 @@ ENUM_VALUES_PER_LINE = 4
TREEVIEW_WIDTH = 250
# When the EXT_LINKS_IN_WINDOW option is set to YES doxygen will open links to
# If the EXT_LINKS_IN_WINDOW option is set to YES, doxygen will open links to
# external symbols imported via tag files in a separate window.
# The default value is: NO.
# This tag requires that the tag GENERATE_HTML is set to YES.
EXT_LINKS_IN_WINDOW = NO
# If the HTML_FORMULA_FORMAT option is set to svg, doxygen will use the pdf2svg
# tool (see https://github.com/dawbarton/pdf2svg) or inkscape (see
# https://inkscape.org) to generate formulas as SVG images instead of PNGs for
# the HTML output. These images will generally look nicer at scaled resolutions.
# Possible values are: png (the default) and svg (looks nicer but requires the
# pdf2svg or inkscape tool).
# The default value is: png.
# This tag requires that the tag GENERATE_HTML is set to YES.
HTML_FORMULA_FORMAT = png
# Use this tag to change the font size of LaTeX formulas included as images in
# the HTML documentation. When you change the font size after a successful
# doxygen run you need to manually remove any form_*.png images from the HTML
......@@ -1403,7 +1588,7 @@ EXT_LINKS_IN_WINDOW = NO
FORMULA_FONTSIZE = 10
# Use the FORMULA_TRANPARENT tag to determine whether or not the images
# Use the FORMULA_TRANSPARENT tag to determine whether or not the images
# generated for formulas are transparent PNGs. Transparent PNGs are not
# supported properly for IE 6.0, but are supported on all modern browsers.
#
......@@ -1414,9 +1599,15 @@ FORMULA_FONTSIZE = 10
FORMULA_TRANSPARENT = YES
# The FORMULA_MACROFILE can contain LaTeX \newcommand and \renewcommand commands
# to create new LaTeX commands to be used in formulas as building blocks. See
# the section "Including formulas" for details.
FORMULA_MACROFILE =
# Enable the USE_MATHJAX option to render LaTeX formulas using MathJax (see
# http://www.mathjax.org) which uses client side Javascript for the rendering
# instead of using prerendered bitmaps. Use this if you do not have LaTeX
# https://www.mathjax.org) which uses client side JavaScript for the rendering
# instead of using pre-rendered bitmaps. Use this if you do not have LaTeX
# installed or if you want to formulas look prettier in the HTML output. When
# enabled you may also need to install MathJax separately and configure the path
# to it using the MATHJAX_RELPATH option.
......@@ -1427,7 +1618,7 @@ USE_MATHJAX = NO
# When MathJax is enabled you can set the default output format to be used for
# the MathJax output. See the MathJax site (see:
# http://docs.mathjax.org/en/latest/output.html) for more details.
# http://docs.mathjax.org/en/v2.7-latest/output.html) for more details.
# Possible values are: HTML-CSS (which is slower, but has the best
# compatibility), NativeMML (i.e. MathML) and SVG.
# The default value is: HTML-CSS.
......@@ -1442,8 +1633,8 @@ MATHJAX_FORMAT = HTML-CSS
# MATHJAX_RELPATH should be ../mathjax. The default value points to the MathJax
# Content Delivery Network so you can quickly see the result without installing
# MathJax. However, it is strongly recommended to install a local copy of
# MathJax from http://www.mathjax.org before deployment.
# The default value is: http://cdn.mathjax.org/mathjax/latest.
# MathJax from https://www.mathjax.org before deployment.
# The default value is: https://cdn.jsdelivr.net/npm/mathjax@2.
# This tag requires that the tag USE_MATHJAX is set to YES.
MATHJAX_RELPATH = http://cdn.mathjax.org/mathjax/latest
......@@ -1457,7 +1648,8 @@ MATHJAX_EXTENSIONS =
# The MATHJAX_CODEFILE tag can be used to specify a file with javascript pieces
# of code that will be used on startup of the MathJax code. See the MathJax site
# (see: http://docs.mathjax.org/en/latest/output.html) for more details. For an
# (see:
# http://docs.mathjax.org/en/v2.7-latest/output.html) for more details. For an
# example see the documentation.
# This tag requires that the tag USE_MATHJAX is set to YES.
......@@ -1485,12 +1677,12 @@ MATHJAX_CODEFILE =
SEARCHENGINE = YES
# When the SERVER_BASED_SEARCH tag is enabled the search engine will be
# implemented using a web server instead of a web client using Javascript. There
# are two flavours of web server based searching depending on the
# EXTERNAL_SEARCH setting. When disabled, doxygen will generate a PHP script for
# searching and an index file used by the script. When EXTERNAL_SEARCH is
# enabled the indexing and searching needs to be provided by external tools. See
# the section "External Indexing and Searching" for details.
# implemented using a web server instead of a web client using JavaScript. There
# are two flavors of web server based searching depending on the EXTERNAL_SEARCH
# setting. When disabled, doxygen will generate a PHP script for searching and
# an index file used by the script. When EXTERNAL_SEARCH is enabled the indexing
# and searching needs to be provided by external tools. See the section
# "External Indexing and Searching" for details.
# The default value is: NO.
# This tag requires that the tag SEARCHENGINE is set to YES.
......@@ -1502,9 +1694,10 @@ SERVER_BASED_SEARCH = NO
# external search engine pointed to by the SEARCHENGINE_URL option to obtain the
# search results.
#
# Doxygen ships with an example indexer ( doxyindexer) and search engine
# Doxygen ships with an example indexer (doxyindexer) and search engine
# (doxysearch.cgi) which are based on the open source search engine library
# Xapian (see: http://xapian.org/).
# Xapian (see:
# https://xapian.org/).
#
# See the section "External Indexing and Searching" for details.
# The default value is: NO.
......@@ -1515,10 +1708,11 @@ EXTERNAL_SEARCH = NO
# The SEARCHENGINE_URL should point to a search engine hosted by a web server
# which will return the search results when EXTERNAL_SEARCH is enabled.
#
# Doxygen ships with an example indexer ( doxyindexer) and search engine
# Doxygen ships with an example indexer (doxyindexer) and search engine
# (doxysearch.cgi) which are based on the open source search engine library
# Xapian (see: http://xapian.org/). See the section "External Indexing and
# Searching" for details.
# Xapian (see:
# https://xapian.org/). See the section "External Indexing and Searching" for
# details.
# This tag requires that the tag SEARCHENGINE is set to YES.
SEARCHENGINE_URL =
......@@ -1553,7 +1747,7 @@ EXTRA_SEARCH_MAPPINGS =
# Configuration options related to the LaTeX output
#---------------------------------------------------------------------------
# If the GENERATE_LATEX tag is set to YES doxygen will generate LaTeX output.
# If the GENERATE_LATEX tag is set to YES, doxygen will generate LaTeX output.
# The default value is: YES.
GENERATE_LATEX = NO
......@@ -1569,22 +1763,36 @@ LATEX_OUTPUT = latex
# The LATEX_CMD_NAME tag can be used to specify the LaTeX command name to be
# invoked.
#
# Note that when enabling USE_PDFLATEX this option is only used for generating
# bitmaps for formulas in the HTML output, but not in the Makefile that is
# written to the output directory.
# The default file is: latex.
# Note that when not enabling USE_PDFLATEX the default is latex when enabling
# USE_PDFLATEX the default is pdflatex and when in the later case latex is
# chosen this is overwritten by pdflatex. For specific output languages the
# default can have been set differently, this depends on the implementation of
# the output language.
# This tag requires that the tag GENERATE_LATEX is set to YES.
LATEX_CMD_NAME = latex
# The MAKEINDEX_CMD_NAME tag can be used to specify the command name to generate
# index for LaTeX.
# Note: This tag is used in the Makefile / make.bat.
# See also: LATEX_MAKEINDEX_CMD for the part in the generated output file
# (.tex).
# The default file is: makeindex.
# This tag requires that the tag GENERATE_LATEX is set to YES.
MAKEINDEX_CMD_NAME = makeindex
# If the COMPACT_LATEX tag is set to YES doxygen generates more compact LaTeX
# The LATEX_MAKEINDEX_CMD tag can be used to specify the command name to
# generate index for LaTeX. In case there is no backslash (\) as first character
# it will be automatically added in the LaTeX code.
# Note: This tag is used in the generated output file (.tex).
# See also: MAKEINDEX_CMD_NAME for the part in the Makefile / make.bat.
# The default value is: makeindex.
# This tag requires that the tag GENERATE_LATEX is set to YES.
LATEX_MAKEINDEX_CMD = makeindex
# If the COMPACT_LATEX tag is set to YES, doxygen generates more compact LaTeX
# documents. This may be useful for small projects and may help to save some
# trees in general.
# The default value is: NO.
......@@ -1599,12 +1807,15 @@ COMPACT_LATEX = NO
# The default value is: a4.
# This tag requires that the tag GENERATE_LATEX is set to YES.
PAPER_TYPE = a4wide
PAPER_TYPE = a4
# The EXTRA_PACKAGES tag can be used to specify one or more LaTeX package names
# that should be included in the LaTeX output. To get the times font for
# instance you can specify
# EXTRA_PACKAGES=times
# that should be included in the LaTeX output. The package can be specified just
# by its name or with the correct syntax as to be used with the LaTeX
# \usepackage command. To get the times font for instance you can specify :
# EXTRA_PACKAGES=times or EXTRA_PACKAGES={times}
# To use the option intlimits with the amsmath package you can specify:
# EXTRA_PACKAGES=[intlimits]{amsmath}
# If left blank no extra packages will be included.
# This tag requires that the tag GENERATE_LATEX is set to YES.
......@@ -1618,23 +1829,36 @@ EXTRA_PACKAGES =
#
# Note: Only use a user-defined header if you know what you are doing! The
# following commands have a special meaning inside the header: $title,
# $datetime, $date, $doxygenversion, $projectname, $projectnumber. Doxygen will
# replace them by respectively the title of the page, the current date and time,
# only the current date, the version number of doxygen, the project name (see
# PROJECT_NAME), or the project number (see PROJECT_NUMBER).
# $datetime, $date, $doxygenversion, $projectname, $projectnumber,
# $projectbrief, $projectlogo. Doxygen will replace $title with the empty
# string, for the replacement values of the other commands the user is referred
# to HTML_HEADER.
# This tag requires that the tag GENERATE_LATEX is set to YES.
LATEX_HEADER =
# The LATEX_FOOTER tag can be used to specify a personal LaTeX footer for the
# generated LaTeX document. The footer should contain everything after the last
# chapter. If it is left blank doxygen will generate a standard footer.
# chapter. If it is left blank doxygen will generate a standard footer. See
# LATEX_HEADER for more information on how to generate a default footer and what
# special commands can be used inside the footer.
#
# Note: Only use a user-defined footer if you know what you are doing!
# This tag requires that the tag GENERATE_LATEX is set to YES.
LATEX_FOOTER =
# The LATEX_EXTRA_STYLESHEET tag can be used to specify additional user-defined
# LaTeX style sheets that are included after the standard style sheets created
# by doxygen. Using this option one can overrule certain style aspects. Doxygen
# will copy the style sheet files to the output directory.
# Note: The order of the extra style sheet files is of importance (e.g. the last
# style sheet in the list overrules the setting of the previous ones in the
# list).
# This tag requires that the tag GENERATE_LATEX is set to YES.
LATEX_EXTRA_STYLESHEET =
# The LATEX_EXTRA_FILES tag can be used to specify one or more extra images or
# other source files which should be copied to the LATEX_OUTPUT output
# directory. Note that the files will be copied as-is; there are no commands or
......@@ -1652,9 +1876,11 @@ LATEX_EXTRA_FILES =
PDF_HYPERLINKS = YES
# If the LATEX_PDFLATEX tag is set to YES, doxygen will use pdflatex to generate
# the PDF file directly from the LaTeX files. Set this option to YES to get a
# higher quality PDF documentation.
# If the USE_PDFLATEX tag is set to YES, doxygen will use the engine as
# specified with LATEX_CMD_NAME to generate the PDF file directly from the LaTeX
# files. Set this option to YES, to get a higher quality PDF documentation.
#
# See also section LATEX_CMD_NAME for selecting the engine.
# The default value is: YES.
# This tag requires that the tag GENERATE_LATEX is set to YES.
......@@ -1688,17 +1914,33 @@ LATEX_SOURCE_CODE = NO
# The LATEX_BIB_STYLE tag can be used to specify the style to use for the
# bibliography, e.g. plainnat, or ieeetr. See
# http://en.wikipedia.org/wiki/BibTeX and \cite for more info.
# https://en.wikipedia.org/wiki/BibTeX and \cite for more info.
# The default value is: plain.
# This tag requires that the tag GENERATE_LATEX is set to YES.
LATEX_BIB_STYLE = plain
# If the LATEX_TIMESTAMP tag is set to YES then the footer of each generated
# page will contain the date and time when the page was generated. Setting this
# to NO can help when comparing the output of multiple runs.
# The default value is: NO.
# This tag requires that the tag GENERATE_LATEX is set to YES.
LATEX_TIMESTAMP = NO
# The LATEX_EMOJI_DIRECTORY tag is used to specify the (relative or absolute)
# path from which the emoji images will be read. If a relative path is entered,
# it will be relative to the LATEX_OUTPUT directory. If left blank the
# LATEX_OUTPUT directory will be used.
# This tag requires that the tag GENERATE_LATEX is set to YES.
LATEX_EMOJI_DIRECTORY =
#---------------------------------------------------------------------------
# Configuration options related to the RTF output
#---------------------------------------------------------------------------
# If the GENERATE_RTF tag is set to YES doxygen will generate RTF output. The
# If the GENERATE_RTF tag is set to YES, doxygen will generate RTF output. The
# RTF output is optimized for Word 97 and may not look too pretty with other RTF
# readers/editors.
# The default value is: NO.
......@@ -1713,7 +1955,7 @@ GENERATE_RTF = NO
RTF_OUTPUT = rtf
# If the COMPACT_RTF tag is set to YES doxygen generates more compact RTF
# If the COMPACT_RTF tag is set to YES, doxygen generates more compact RTF
# documents. This may be useful for small projects and may help to save some
# trees in general.
# The default value is: NO.
......@@ -1733,9 +1975,9 @@ COMPACT_RTF = NO
RTF_HYPERLINKS = NO
# Load stylesheet definitions from file. Syntax is similar to doxygen's config
# file, i.e. a series of assignments. You only have to provide replacements,
# missing definitions are set to their default value.
# Load stylesheet definitions from file. Syntax is similar to doxygen's
# configuration file, i.e. a series of assignments. You only have to provide
# replacements, missing definitions are set to their default value.
#
# See also section "Doxygen usage" for information on how to generate the
# default style sheet that doxygen normally uses.
......@@ -1744,17 +1986,27 @@ RTF_HYPERLINKS = NO
RTF_STYLESHEET_FILE =
# Set optional variables used in the generation of an RTF document. Syntax is
# similar to doxygen's config file. A template extensions file can be generated
# using doxygen -e rtf extensionFile.
# similar to doxygen's configuration file. A template extensions file can be
# generated using doxygen -e rtf extensionFile.
# This tag requires that the tag GENERATE_RTF is set to YES.
RTF_EXTENSIONS_FILE =
# If the RTF_SOURCE_CODE tag is set to YES then doxygen will include source code
# with syntax highlighting in the RTF output.
#
# Note that which sources are shown also depends on other settings such as
# SOURCE_BROWSER.
# The default value is: NO.
# This tag requires that the tag GENERATE_RTF is set to YES.
RTF_SOURCE_CODE = NO
#---------------------------------------------------------------------------
# Configuration options related to the man page output
#---------------------------------------------------------------------------
# If the GENERATE_MAN tag is set to YES doxygen will generate man pages for
# If the GENERATE_MAN tag is set to YES, doxygen will generate man pages for
# classes and files.
# The default value is: NO.
......@@ -1778,6 +2030,13 @@ MAN_OUTPUT = man
MAN_EXTENSION = .3
# The MAN_SUBDIR tag determines the name of the directory created within
# MAN_OUTPUT in which the man pages are placed. If defaults to man followed by
# MAN_EXTENSION with the initial . removed.
# This tag requires that the tag GENERATE_MAN is set to YES.
MAN_SUBDIR =
# If the MAN_LINKS tag is set to YES and doxygen generates man output, then it
# will generate one additional man file for each entity documented in the real
# man page(s). These additional files only source the real man page, but without
......@@ -1791,7 +2050,7 @@ MAN_LINKS = NO
# Configuration options related to the XML output
#---------------------------------------------------------------------------
# If the GENERATE_XML tag is set to YES doxygen will generate an XML file that
# If the GENERATE_XML tag is set to YES, doxygen will generate an XML file that
# captures the structure of the code including all documentation.
# The default value is: NO.
......@@ -1805,19 +2064,7 @@ GENERATE_XML = NO
XML_OUTPUT = xml
# The XML_SCHEMA tag can be used to specify a XML schema, which can be used by a
# validating XML parser to check the syntax of the XML files.
# This tag requires that the tag GENERATE_XML is set to YES.
XML_SCHEMA =
# The XML_DTD tag can be used to specify a XML DTD, which can be used by a
# validating XML parser to check the syntax of the XML files.
# This tag requires that the tag GENERATE_XML is set to YES.
XML_DTD =
# If the XML_PROGRAMLISTING tag is set to YES doxygen will dump the program
# If the XML_PROGRAMLISTING tag is set to YES, doxygen will dump the program
# listings (including syntax highlighting and cross-referencing information) to
# the XML output. Note that enabling this will significantly increase the size
# of the XML output.
......@@ -1826,11 +2073,18 @@ XML_DTD =
XML_PROGRAMLISTING = YES
# If the XML_NS_MEMB_FILE_SCOPE tag is set to YES, doxygen will include
# namespace members in file scope as well, matching the HTML output.
# The default value is: NO.
# This tag requires that the tag GENERATE_XML is set to YES.
XML_NS_MEMB_FILE_SCOPE = NO
#---------------------------------------------------------------------------
# Configuration options related to the DOCBOOK output
#---------------------------------------------------------------------------
# If the GENERATE_DOCBOOK tag is set to YES doxygen will generate Docbook files
# If the GENERATE_DOCBOOK tag is set to YES, doxygen will generate Docbook files
# that can be used to generate PDF.
# The default value is: NO.
......@@ -1844,14 +2098,23 @@ GENERATE_DOCBOOK = NO
DOCBOOK_OUTPUT = docbook
# If the DOCBOOK_PROGRAMLISTING tag is set to YES, doxygen will include the
# program listings (including syntax highlighting and cross-referencing
# information) to the DOCBOOK output. Note that enabling this will significantly
# increase the size of the DOCBOOK output.
# The default value is: NO.
# This tag requires that the tag GENERATE_DOCBOOK is set to YES.
DOCBOOK_PROGRAMLISTING = NO
#---------------------------------------------------------------------------
# Configuration options for the AutoGen Definitions output
#---------------------------------------------------------------------------
# If the GENERATE_AUTOGEN_DEF tag is set to YES doxygen will generate an AutoGen
# Definitions (see http://autogen.sf.net) file that captures the structure of
# the code including all documentation. Note that this feature is still
# experimental and incomplete at the moment.
# If the GENERATE_AUTOGEN_DEF tag is set to YES, doxygen will generate an
# AutoGen Definitions (see http://autogen.sourceforge.net/) file that captures
# the structure of the code including all documentation. Note that this feature
# is still experimental and incomplete at the moment.
# The default value is: NO.
GENERATE_AUTOGEN_DEF = NO
......@@ -1860,7 +2123,7 @@ GENERATE_AUTOGEN_DEF = NO
# Configuration options related to the Perl module output
#---------------------------------------------------------------------------
# If the GENERATE_PERLMOD tag is set to YES doxygen will generate a Perl module
# If the GENERATE_PERLMOD tag is set to YES, doxygen will generate a Perl module
# file that captures the structure of the code including all documentation.
#
# Note that this feature is still experimental and incomplete at the moment.
......@@ -1868,7 +2131,7 @@ GENERATE_AUTOGEN_DEF = NO
GENERATE_PERLMOD = NO
# If the PERLMOD_LATEX tag is set to YES doxygen will generate the necessary
# If the PERLMOD_LATEX tag is set to YES, doxygen will generate the necessary
# Makefile rules, Perl scripts and LaTeX code to be able to generate PDF and DVI
# output from the Perl module output.
# The default value is: NO.
......@@ -1876,9 +2139,9 @@ GENERATE_PERLMOD = NO
PERLMOD_LATEX = NO
# If the PERLMOD_PRETTY tag is set to YES the Perl module output will be nicely
# If the PERLMOD_PRETTY tag is set to YES, the Perl module output will be nicely
# formatted so it can be parsed by a human reader. This is useful if you want to
# understand what is going on. On the other hand, if this tag is set to NO the
# understand what is going on. On the other hand, if this tag is set to NO, the
# size of the Perl module output will be much smaller and Perl will parse it
# just the same.
# The default value is: YES.
......@@ -1898,14 +2161,14 @@ PERLMOD_MAKEVAR_PREFIX =
# Configuration options related to the preprocessor
#---------------------------------------------------------------------------
# If the ENABLE_PREPROCESSING tag is set to YES doxygen will evaluate all
# If the ENABLE_PREPROCESSING tag is set to YES, doxygen will evaluate all
# C-preprocessor directives found in the sources and include files.
# The default value is: YES.
ENABLE_PREPROCESSING = YES
# If the MACRO_EXPANSION tag is set to YES doxygen will expand all macro names
# in the source code. If set to NO only conditional compilation will be
# If the MACRO_EXPANSION tag is set to YES, doxygen will expand all macro names
# in the source code. If set to NO, only conditional compilation will be
# performed. Macro expansion can be done in a controlled way by setting
# EXPAND_ONLY_PREDEF to YES.
# The default value is: NO.
......@@ -1921,7 +2184,7 @@ MACRO_EXPANSION = NO
EXPAND_ONLY_PREDEF = NO
# If the SEARCH_INCLUDES tag is set to YES the includes files in the
# If the SEARCH_INCLUDES tag is set to YES, the include files in the
# INCLUDE_PATH will be searched if a #include is found.
# The default value is: YES.
# This tag requires that the tag ENABLE_PREPROCESSING is set to YES.
......@@ -1963,14 +2226,14 @@ PREDEFINED =
EXPAND_AS_DEFINED =
# If the SKIP_FUNCTION_MACROS tag is set to YES then doxygen's preprocessor will
# remove all references to function-like macros that are alone on a line, have an
# all uppercase name, and do not end with a semicolon. Such function macros are
# typically used for boiler-plate code, and will confuse the parser if not
# remove all references to function-like macros that are alone on a line, have
# an all uppercase name, and do not end with a semicolon. Such function macros
# are typically used for boiler-plate code, and will confuse the parser if not
# removed.
# The default value is: YES.
# This tag requires that the tag ENABLE_PREPROCESSING is set to YES.
SKIP_FUNCTION_MACROS = YES
SKIP_FUNCTION_MACROS = NO
#---------------------------------------------------------------------------
# Configuration options related to external references
......@@ -1985,7 +2248,7 @@ SKIP_FUNCTION_MACROS = YES
# where loc1 and loc2 can be relative or absolute paths or URLs. See the
# section "Linking to external documentation" for more information about the use
# of tag files.
# Note: Each tag file must have an unique name (where the name does NOT include
# Note: Each tag file must have a unique name (where the name does NOT include
# the path). If a tag file is not located in the directory in which doxygen is
# run, you must also specify the path to the tagfile here.
......@@ -1997,37 +2260,32 @@ TAGFILES =
GENERATE_TAGFILE =
# If the ALLEXTERNALS tag is set to YES all external class will be listed in the
# class index. If set to NO only the inherited external classes will be listed.
# If the ALLEXTERNALS tag is set to YES, all external class will be listed in
# the class index. If set to NO, only the inherited external classes will be
# listed.
# The default value is: NO.
ALLEXTERNALS = NO
# If the EXTERNAL_GROUPS tag is set to YES all external groups will be listed in
# the modules index. If set to NO, only the current project's groups will be
# If the EXTERNAL_GROUPS tag is set to YES, all external groups will be listed
# in the modules index. If set to NO, only the current project's groups will be
# listed.
# The default value is: YES.
EXTERNAL_GROUPS = YES
# If the EXTERNAL_PAGES tag is set to YES all external pages will be listed in
# If the EXTERNAL_PAGES tag is set to YES, all external pages will be listed in
# the related pages index. If set to NO, only the current project's pages will
# be listed.
# The default value is: YES.
EXTERNAL_PAGES = YES
# The PERL_PATH should be the absolute path and name of the perl script
# interpreter (i.e. the result of 'which perl').
# The default file (with absolute path) is: /usr/bin/perl.
PERL_PATH = /usr/bin/perl
#---------------------------------------------------------------------------
# Configuration options related to the dot tool
#---------------------------------------------------------------------------
# If the CLASS_DIAGRAMS tag is set to YES doxygen will generate a class diagram
# If the CLASS_DIAGRAMS tag is set to YES, doxygen will generate a class diagram
# (in HTML and LaTeX) for classes with base or super classes. Setting the tag to
# NO turns the diagrams off. Note that this option also works with HAVE_DOT
# disabled, but it is recommended to install and use dot, since it yields more
......@@ -2036,15 +2294,6 @@ PERL_PATH = /usr/bin/perl
CLASS_DIAGRAMS = YES
# You can define message sequence charts within doxygen comments using the \msc
# command. Doxygen will then run the mscgen tool (see:
# http://www.mcternan.me.uk/mscgen/)) to produce the chart and insert it in the
# documentation. The MSCGEN_PATH tag allows you to specify the directory where
# the mscgen tool resides. If left empty the tool is assumed to be found in the
# default search path.
MSCGEN_PATH =
# You can include diagrams made with dia in doxygen documentation. Doxygen will
# then run dia to produce the diagram and insert it in the documentation. The
# DIA_PATH tag allows you to specify the directory where the dia binary resides.
......@@ -2052,7 +2301,7 @@ MSCGEN_PATH =
DIA_PATH =
# If set to YES, the inheritance and collaboration graphs will hide inheritance
# If set to YES the inheritance and collaboration graphs will hide inheritance
# and usage relations if the target is undocumented or is not a class.
# The default value is: YES.
......@@ -2063,7 +2312,7 @@ HIDE_UNDOC_RELATIONS = YES
# http://www.graphviz.org/), a graph visualization toolkit from AT&T and Lucent
# Bell Labs. The other options in this section have no effect if this option is
# set to NO
# The default value is: NO.
# The default value is: YES.
HAVE_DOT = NO
......@@ -2077,7 +2326,7 @@ HAVE_DOT = NO
DOT_NUM_THREADS = 0
# When you want a differently looking font n the dot files that doxygen
# When you want a differently looking font in the dot files that doxygen
# generates you can specify the font name using DOT_FONTNAME. You need to make
# sure dot is able to find the font, which can be done by putting it in a
# standard location or by setting the DOTFONTPATH environment variable or by
......@@ -2125,7 +2374,7 @@ COLLABORATION_GRAPH = YES
GROUP_GRAPHS = YES
# If the UML_LOOK tag is set to YES doxygen will generate inheritance and
# If the UML_LOOK tag is set to YES, doxygen will generate inheritance and
# collaboration diagrams in a style similar to the OMG's Unified Modeling
# Language.
# The default value is: NO.
......@@ -2142,10 +2391,32 @@ UML_LOOK = NO
# but if the number exceeds 15, the total amount of fields shown is limited to
# 10.
# Minimum value: 0, maximum value: 100, default value: 10.
# This tag requires that the tag HAVE_DOT is set to YES.
# This tag requires that the tag UML_LOOK is set to YES.
UML_LIMIT_NUM_FIELDS = 10
# If the DOT_UML_DETAILS tag is set to NO, doxygen will show attributes and
# methods without types and arguments in the UML graphs. If the DOT_UML_DETAILS
# tag is set to YES, doxygen will add type and arguments for attributes and
# methods in the UML graphs. If the DOT_UML_DETAILS tag is set to NONE, doxygen
# will not generate fields with class member information in the UML graphs. The
# class diagrams will look similar to the default class diagrams but using UML
# notation for the relationships.
# Possible values are: NO, YES and NONE.
# The default value is: NO.
# This tag requires that the tag UML_LOOK is set to YES.
DOT_UML_DETAILS = NO
# The DOT_WRAP_THRESHOLD tag can be used to set the maximum number of characters
# to display on a single line. If the actual line length exceeds this threshold
# significantly it will wrapped across multiple lines. Some heuristics are apply
# to avoid ugly line breaks.
# Minimum value: 0, maximum value: 1000, default value: 17.
# This tag requires that the tag HAVE_DOT is set to YES.
DOT_WRAP_THRESHOLD = 17
# If the TEMPLATE_RELATIONS tag is set to YES then the inheritance and
# collaboration graphs will show the relations between templates and their
# instances.
......@@ -2177,7 +2448,8 @@ INCLUDED_BY_GRAPH = YES
#
# Note that enabling this option will significantly increase the time of a run.
# So in most cases it will be better to enable call graphs for selected
# functions only using the \callgraph command.
# functions only using the \callgraph command. Disabling a call graph can be
# accomplished by means of the command \hidecallgraph.
# The default value is: NO.
# This tag requires that the tag HAVE_DOT is set to YES.
......@@ -2188,7 +2460,8 @@ CALL_GRAPH = NO
#
# Note that enabling this option will significantly increase the time of a run.
# So in most cases it will be better to enable caller graphs for selected
# functions only using the \callergraph command.
# functions only using the \callergraph command. Disabling a caller graph can be
# accomplished by means of the command \hidecallergraph.
# The default value is: NO.
# This tag requires that the tag HAVE_DOT is set to YES.
......@@ -2211,11 +2484,17 @@ GRAPHICAL_HIERARCHY = YES
DIRECTORY_GRAPH = YES
# The DOT_IMAGE_FORMAT tag can be used to set the image format of the images
# generated by dot.
# generated by dot. For an explanation of the image formats see the section
# output formats in the documentation of the dot tool (Graphviz (see:
# http://www.graphviz.org/)).
# Note: If you choose svg you need to set HTML_FILE_EXTENSION to xhtml in order
# to make the SVG files visible in IE 9+ (other browsers do not have this
# requirement).
# Possible values are: png, jpg, gif and svg.
# Possible values are: png, png:cairo, png:cairo:cairo, png:cairo:gd, png:gd,
# png:gd:gd, jpg, jpg:cairo, jpg:cairo:gd, jpg:gd, jpg:gd:gd, gif, gif:cairo,
# gif:cairo:gd, gif:gd, gif:gd:gd, svg, png:gd, png:gd:gd, png:cairo,
# png:cairo:gd, png:cairo:cairo, png:cairo:gdiplus, png:gdiplus and
# png:gdiplus:gdiplus.
# The default value is: png.
# This tag requires that the tag HAVE_DOT is set to YES.
......@@ -2258,6 +2537,24 @@ MSCFILE_DIRS =
DIAFILE_DIRS =
# When using plantuml, the PLANTUML_JAR_PATH tag should be used to specify the
# path where java can find the plantuml.jar file. If left blank, it is assumed
# PlantUML is not used or called during a preprocessing step. Doxygen will
# generate a warning when it encounters a \startuml command in this case and
# will not generate output for the diagram.
PLANTUML_JAR_PATH =
# When using plantuml, the PLANTUML_CFG_FILE tag can be used to specify a
# configuration file for plantuml.
PLANTUML_CFG_FILE =
# When using plantuml, the specified paths are searched for files specified by
# the !include statement in a plantuml block.
PLANTUML_INCLUDE_PATH =
# The DOT_GRAPH_MAX_NODES tag can be used to set the maximum number of nodes
# that will be shown in the graph. If the number of nodes in a graph becomes
# larger than this value, doxygen will truncate the graph, which is visualized
......@@ -2294,7 +2591,7 @@ MAX_DOT_GRAPH_DEPTH = 0
DOT_TRANSPARENT = NO
# Set the DOT_MULTI_TARGETS tag to YES allow dot to generate multiple output
# Set the DOT_MULTI_TARGETS tag to YES to allow dot to generate multiple output
# files in one run (i.e. multiple -o and -T options on the command line). This
# makes dot run faster, but since only newer versions of dot (>1.8.10) support
# this, this feature is disabled by default.
......@@ -2311,9 +2608,11 @@ DOT_MULTI_TARGETS = NO
GENERATE_LEGEND = YES
# If the DOT_CLEANUP tag is set to YES doxygen will remove the intermediate dot
# If the DOT_CLEANUP tag is set to YES, doxygen will remove the intermediate
# files that are used to generate the various graphs.
#
# Note: This setting is not only used for dot files but also for msc and
# plantuml temporary files.
# The default value is: YES.
# This tag requires that the tag HAVE_DOT is set to YES.
DOT_CLEANUP = YES
Knot.config deleted 100644 → 0
View file @ 35500368
Knot.config 0 → 120000
View file @ a4da7526
./src/config.h
\ No newline at end of file
Knot.files
View file @ a4da7526
libtap/runtests.c
libtap/tap/basic.c
libtap/tap/basic.h
libtap/tap/files.c
libtap/tap/files.h
libtap/tap/float.c
libtap/tap/float.h
libtap/tap/macros.h
src/contrib/asan.h
src/contrib/atomic.h
src/contrib/base32hex.c
src/contrib/base32hex.h
src/contrib/base64.c
src/contrib/base64.h
src/contrib/base64url.c
src/contrib/base64url.h
src/contrib/color.h
src/contrib/conn_pool.c
src/contrib/conn_pool.h
src/contrib/ctype.h
src/contrib/dnstap/convert.c
src/contrib/dnstap/convert.h
src/contrib/dnstap/dnstap.c
......@@ -21,187 +20,161 @@ src/contrib/dnstap/reader.c
src/contrib/dnstap/reader.h
src/contrib/dnstap/writer.c
src/contrib/dnstap/writer.h
src/contrib/dynarray.h
src/contrib/endian.h
src/contrib/files.c
src/contrib/files.h
src/contrib/fnv/fnv.h
src/contrib/fnv/hash_64a.c
src/contrib/fnv/longlong.h
src/contrib/getline.c
src/contrib/getline.h
src/contrib/hhash.c
src/contrib/hhash.h
src/contrib/lmdb/lmdb.h
src/contrib/lmdb/mdb.c
src/contrib/lmdb/midl.c
src/contrib/lmdb/midl.h
src/contrib/json.c
src/contrib/json.h
src/contrib/libngtcp2/ngtcp2/crypto/gnutls.c
src/contrib/libngtcp2/ngtcp2/crypto/shared.c
src/contrib/libngtcp2/ngtcp2/crypto/shared.h
src/contrib/libngtcp2/ngtcp2/lib/ngtcp2_acktr.c
src/contrib/libngtcp2/ngtcp2/lib/ngtcp2_acktr.h
src/contrib/libngtcp2/ngtcp2/lib/ngtcp2_addr.c
src/contrib/libngtcp2/ngtcp2/lib/ngtcp2_dcidtr.c
src/contrib/libngtcp2/ngtcp2/lib/ngtcp2_dcidtr.h
src/contrib/libngtcp2/ngtcp2/lib/ngtcp2_addr.h
src/contrib/libngtcp2/ngtcp2/lib/ngtcp2_balloc.c
src/contrib/libngtcp2/ngtcp2/lib/ngtcp2_balloc.h
src/contrib/libngtcp2/ngtcp2/lib/ngtcp2_bbr.c
src/contrib/libngtcp2/ngtcp2/lib/ngtcp2_bbr.h
src/contrib/libngtcp2/ngtcp2/lib/ngtcp2_buf.c
src/contrib/libngtcp2/ngtcp2/lib/ngtcp2_buf.h
src/contrib/libngtcp2/ngtcp2/lib/ngtcp2_cc.c
src/contrib/libngtcp2/ngtcp2/lib/ngtcp2_cc.h
src/contrib/libngtcp2/ngtcp2/lib/ngtcp2_cid.c
src/contrib/libngtcp2/ngtcp2/lib/ngtcp2_cid.h
src/contrib/libngtcp2/ngtcp2/lib/ngtcp2_conn.c
src/contrib/libngtcp2/ngtcp2/lib/ngtcp2_conn.h
src/contrib/libngtcp2/ngtcp2/lib/ngtcp2_conn_stat.h
src/contrib/libngtcp2/ngtcp2/lib/ngtcp2_conv.c
src/contrib/libngtcp2/ngtcp2/lib/ngtcp2_conv.h
src/contrib/libngtcp2/ngtcp2/lib/ngtcp2_crypto.c
src/contrib/libngtcp2/ngtcp2/lib/ngtcp2_crypto.h
src/contrib/libngtcp2/ngtcp2/lib/ngtcp2_err.c
src/contrib/libngtcp2/ngtcp2/lib/ngtcp2_err.h
src/contrib/libngtcp2/ngtcp2/lib/ngtcp2_frame_chain.c
src/contrib/libngtcp2/ngtcp2/lib/ngtcp2_frame_chain.h
src/contrib/libngtcp2/ngtcp2/lib/ngtcp2_gaptr.c
src/contrib/libngtcp2/ngtcp2/lib/ngtcp2_gaptr.h
src/contrib/libngtcp2/ngtcp2/lib/ngtcp2_idtr.c
src/contrib/libngtcp2/ngtcp2/lib/ngtcp2_idtr.h
src/contrib/libngtcp2/ngtcp2/lib/ngtcp2_ksl.c
src/contrib/libngtcp2/ngtcp2/lib/ngtcp2_ksl.h
src/contrib/libngtcp2/ngtcp2/lib/ngtcp2_log.c
src/contrib/libngtcp2/ngtcp2/lib/ngtcp2_log.h
src/contrib/libngtcp2/ngtcp2/lib/ngtcp2_macro.h
src/contrib/libngtcp2/ngtcp2/lib/ngtcp2_map.c
src/contrib/libngtcp2/ngtcp2/lib/ngtcp2_map.h
src/contrib/libngtcp2/ngtcp2/lib/ngtcp2_mem.c
src/contrib/libngtcp2/ngtcp2/lib/ngtcp2_mem.h
src/contrib/libngtcp2/ngtcp2/lib/ngtcp2_net.h
src/contrib/libngtcp2/ngtcp2/lib/ngtcp2_objalloc.c
src/contrib/libngtcp2/ngtcp2/lib/ngtcp2_objalloc.h
src/contrib/libngtcp2/ngtcp2/lib/ngtcp2_opl.c
src/contrib/libngtcp2/ngtcp2/lib/ngtcp2_opl.h
src/contrib/libngtcp2/ngtcp2/lib/ngtcp2_path.c
src/contrib/libngtcp2/ngtcp2/lib/ngtcp2_path.h
src/contrib/libngtcp2/ngtcp2/lib/ngtcp2_pkt.c
src/contrib/libngtcp2/ngtcp2/lib/ngtcp2_pkt.h
src/contrib/libngtcp2/ngtcp2/lib/ngtcp2_pktns_id.h
src/contrib/libngtcp2/ngtcp2/lib/ngtcp2_pmtud.c
src/contrib/libngtcp2/ngtcp2/lib/ngtcp2_pmtud.h
src/contrib/libngtcp2/ngtcp2/lib/ngtcp2_ppe.c
src/contrib/libngtcp2/ngtcp2/lib/ngtcp2_ppe.h
src/contrib/libngtcp2/ngtcp2/lib/ngtcp2_pq.c
src/contrib/libngtcp2/ngtcp2/lib/ngtcp2_pq.h
src/contrib/libngtcp2/ngtcp2/lib/ngtcp2_pv.c
src/contrib/libngtcp2/ngtcp2/lib/ngtcp2_pv.h
src/contrib/libngtcp2/ngtcp2/lib/ngtcp2_qlog.c
src/contrib/libngtcp2/ngtcp2/lib/ngtcp2_qlog.h
src/contrib/libngtcp2/ngtcp2/lib/ngtcp2_range.c
src/contrib/libngtcp2/ngtcp2/lib/ngtcp2_range.h
src/contrib/libngtcp2/ngtcp2/lib/ngtcp2_rcvry.h
src/contrib/libngtcp2/ngtcp2/lib/ngtcp2_ringbuf.c
src/contrib/libngtcp2/ngtcp2/lib/ngtcp2_ringbuf.h
src/contrib/libngtcp2/ngtcp2/lib/ngtcp2_rob.c
src/contrib/libngtcp2/ngtcp2/lib/ngtcp2_rob.h
src/contrib/libngtcp2/ngtcp2/lib/ngtcp2_rst.c
src/contrib/libngtcp2/ngtcp2/lib/ngtcp2_rst.h
src/contrib/libngtcp2/ngtcp2/lib/ngtcp2_rtb.c
src/contrib/libngtcp2/ngtcp2/lib/ngtcp2_rtb.h
src/contrib/libngtcp2/ngtcp2/lib/ngtcp2_settings.c
src/contrib/libngtcp2/ngtcp2/lib/ngtcp2_settings.h
src/contrib/libngtcp2/ngtcp2/lib/ngtcp2_str.c
src/contrib/libngtcp2/ngtcp2/lib/ngtcp2_str.h
src/contrib/libngtcp2/ngtcp2/lib/ngtcp2_strm.c
src/contrib/libngtcp2/ngtcp2/lib/ngtcp2_strm.h
src/contrib/libngtcp2/ngtcp2/lib/ngtcp2_transport_params.c
src/contrib/libngtcp2/ngtcp2/lib/ngtcp2_transport_params.h
src/contrib/libngtcp2/ngtcp2/lib/ngtcp2_tstamp.h
src/contrib/libngtcp2/ngtcp2/lib/ngtcp2_unreachable.c
src/contrib/libngtcp2/ngtcp2/lib/ngtcp2_unreachable.h
src/contrib/libngtcp2/ngtcp2/lib/ngtcp2_vec.c
src/contrib/libngtcp2/ngtcp2/lib/ngtcp2_vec.h
src/contrib/libngtcp2/ngtcp2/lib/ngtcp2_version.c
src/contrib/libngtcp2/ngtcp2/lib/ngtcp2_window_filter.c
src/contrib/libngtcp2/ngtcp2/lib/ngtcp2_window_filter.h
src/contrib/libngtcp2/ngtcp2/ngtcp2.h
src/contrib/libngtcp2/ngtcp2/ngtcp2_crypto.h
src/contrib/libngtcp2/ngtcp2/ngtcp2_crypto_gnutls.h
src/contrib/libngtcp2/ngtcp2/version.h
src/contrib/macros.h
src/contrib/mempattern.c
src/contrib/mempattern.h
src/contrib/murmurhash3/murmurhash3.c
src/contrib/murmurhash3/murmurhash3.h
src/contrib/musl/inet_ntop.c
src/contrib/musl/inet_ntop.h
src/contrib/net.c
src/contrib/net.h
src/contrib/openbsd/siphash.c
src/contrib/openbsd/siphash.h
src/contrib/openbsd/strlcat.c
src/contrib/openbsd/strlcat.h
src/contrib/openbsd/strlcpy.c
src/contrib/openbsd/strlcpy.h
src/contrib/print.c
src/contrib/print.h
src/contrib/os.h
src/contrib/proxyv2/proxyv2.c
src/contrib/proxyv2/proxyv2.h
src/contrib/qp-trie/trie.c
src/contrib/qp-trie/trie.h
src/contrib/semaphore.c
src/contrib/semaphore.h
src/contrib/sockaddr.c
src/contrib/sockaddr.h
src/contrib/spinlock.h
src/contrib/string.c
src/contrib/string.h
src/contrib/strtonum.h
src/contrib/threads.c
src/contrib/threads.h
src/contrib/time.c
src/contrib/time.h
src/contrib/toeplitz.h
src/contrib/tolower.h
src/contrib/trim.h
src/contrib/ucw/array-sort.h
src/contrib/ucw/binsearch.h
src/contrib/ucw/heap.c
src/contrib/ucw/heap.h
src/contrib/ucw/lists.c
src/contrib/ucw/lists.h
src/contrib/ucw/mempool.c
src/contrib/ucw/mempool.h
src/contrib/wire.h
src/contrib/url-parser/url_parser.c
src/contrib/url-parser/url_parser.h
src/contrib/vpool/vpool.c
src/contrib/vpool/vpool.h
src/contrib/wire_ctx.h
src/dnssec/contrib/gnutls_error.c
src/dnssec/lib/binary.c
src/dnssec/lib/crypto.c
src/dnssec/lib/dnssec/binary.h
src/dnssec/lib/dnssec/crypto.h
src/dnssec/lib/dnssec/dnssec.h
src/dnssec/lib/dnssec/error.h
src/dnssec/lib/dnssec/event.h
src/dnssec/lib/dnssec/kasp.h
src/dnssec/lib/dnssec/key.h
src/dnssec/lib/dnssec/keyid.h
src/dnssec/lib/dnssec/keystate.h
src/dnssec/lib/dnssec/keystore.h
src/dnssec/lib/dnssec/keytag.h
src/dnssec/lib/dnssec/keyusage.h
src/dnssec/lib/dnssec/list.h
src/dnssec/lib/dnssec/nsec.h
src/dnssec/lib/dnssec/random.h
src/dnssec/lib/dnssec/sign.h
src/dnssec/lib/dnssec/tsig.h
src/dnssec/lib/error.c
src/dnssec/lib/event/action.h
src/dnssec/lib/event/action/initial_key.c
src/dnssec/lib/event/action/nsec3_resalt.c
src/dnssec/lib/event/action/zsk_rollover.c
src/dnssec/lib/event/event.c
src/dnssec/lib/event/keystate.c
src/dnssec/lib/event/utils.c
src/dnssec/lib/event/utils.h
src/dnssec/lib/kasp/dir/dir.c
src/dnssec/lib/kasp/dir/escape.c
src/dnssec/lib/kasp/dir/escape.h
src/dnssec/lib/kasp/dir/file.c
src/dnssec/lib/kasp/dir/file.h
src/dnssec/lib/kasp/dir/json.c
src/dnssec/lib/kasp/dir/json.h
src/dnssec/lib/kasp/dir/keystore.c
src/dnssec/lib/kasp/dir/keystore.h
src/dnssec/lib/kasp/dir/policy.c
src/dnssec/lib/kasp/dir/policy.h
src/dnssec/lib/kasp/dir/zone.c
src/dnssec/lib/kasp/dir/zone.h
src/dnssec/lib/kasp/internal.h
src/dnssec/lib/kasp/kasp.c
src/dnssec/lib/kasp/keystore.c
src/dnssec/lib/kasp/keystore_open.c
src/dnssec/lib/kasp/policy.c
src/dnssec/lib/kasp/zone.c
src/dnssec/lib/kasp/zone.h
src/dnssec/lib/key/algorithm.c
src/dnssec/lib/key/algorithm.h
src/dnssec/lib/key/convert.c
src/dnssec/lib/key/convert.h
src/dnssec/lib/key/dnskey.c
src/dnssec/lib/key/dnskey.h
src/dnssec/lib/key/ds.c
src/dnssec/lib/key/internal.h
src/dnssec/lib/key/key.c
src/dnssec/lib/key/keytag.c
src/dnssec/lib/key/privkey.c
src/dnssec/lib/key/privkey.h
src/dnssec/lib/key/simple.c
src/dnssec/lib/keyid.c
src/dnssec/lib/keystore/internal.h
src/dnssec/lib/keystore/keystore.c
src/dnssec/lib/keystore/pkcs11.c
src/dnssec/lib/keystore/pkcs8.c
src/dnssec/lib/keystore/pkcs8_dir.c
src/dnssec/lib/keyusage/keyusage.c
src/dnssec/lib/list/list.c
src/dnssec/lib/list/ucw_clists.h
src/dnssec/lib/nsec/bitmap.c
src/dnssec/lib/nsec/hash.c
src/dnssec/lib/nsec/nsec.c
src/dnssec/lib/p11/p11.c
src/dnssec/lib/p11/p11.h
src/dnssec/lib/random.c
src/dnssec/lib/sign/der.c
src/dnssec/lib/sign/der.h
src/dnssec/lib/sign/sign.c
src/dnssec/lib/tsig.c
src/dnssec/shared/base32hex.c
src/dnssec/shared/base32hex.h
src/dnssec/shared/bignum.c
src/dnssec/shared/bignum.h
src/dnssec/shared/dname.c
src/dnssec/shared/dname.h
src/dnssec/shared/fs.c
src/dnssec/shared/fs.h
src/dnssec/shared/hex.c
src/dnssec/shared/hex.h
src/dnssec/shared/keyid_gnutls.c
src/dnssec/shared/keyid_gnutls.h
src/dnssec/shared/path.c
src/dnssec/shared/path.h
src/dnssec/shared/pem.c
src/dnssec/shared/pem.h
src/dnssec/shared/print.h
src/dnssec/shared/shared.h
src/dnssec/shared/timestamp.c
src/dnssec/shared/timestamp.h
src/dnssec/shared/wire.h
src/dnssec/tests/binary.c
src/dnssec/tests/crypto.c
src/dnssec/tests/event_keystate.c
src/dnssec/tests/event_nsec3_resalt.c
src/dnssec/tests/kasp_dir_escape.c
src/dnssec/tests/kasp_dir_file.c
src/dnssec/tests/kasp_policy.c
src/dnssec/tests/kasp_store.c
src/dnssec/tests/key.c
src/dnssec/tests/key_algorithm.c
src/dnssec/tests/key_ds.c
src/dnssec/tests/keyid.c
src/dnssec/tests/keystore_pkcs11.c
src/dnssec/tests/keystore_pkcs8.c
src/dnssec/tests/keystore_pkcs8_dir.c
src/dnssec/tests/keytag.c
src/dnssec/tests/keyusage.c
src/dnssec/tests/list.c
src/dnssec/tests/nsec_bitmap.c
src/dnssec/tests/nsec_hash.c
src/dnssec/tests/random.c
src/dnssec/tests/sample_keys.h
src/dnssec/tests/shared_base32hex.c
src/dnssec/tests/shared_bignum.c
src/dnssec/tests/shared_dname.c
src/dnssec/tests/shared_timestamp.c
src/dnssec/tests/shared_wire.c
src/dnssec/tests/sign.c
src/dnssec/tests/sign_der.c
src/dnssec/tests/tsig.c
src/knot/catalog/catalog_db.c
src/knot/catalog/catalog_db.h
src/knot/catalog/catalog_update.c
src/knot/catalog/catalog_update.h
src/knot/catalog/generate.c
src/knot/catalog/generate.h
src/knot/catalog/interpret.c
src/knot/catalog/interpret.h
src/knot/common/dbus.c
src/knot/common/dbus.h
src/knot/common/evsched.c
src/knot/common/evsched.h
src/knot/common/fdset.c
......@@ -210,10 +183,12 @@ src/knot/common/log.c
src/knot/common/log.h
src/knot/common/process.c
src/knot/common/process.h
src/knot/common/ref.c
src/knot/common/ref.h
src/knot/common/stats.c
src/knot/common/stats.h
src/knot/common/systemd.c
src/knot/common/systemd.h
src/knot/common/unreachable.c
src/knot/common/unreachable.h
src/knot/conf/base.c
src/knot/conf/base.h
src/knot/conf/conf.c
......@@ -224,8 +199,10 @@ src/knot/conf/confio.c
src/knot/conf/confio.h
src/knot/conf/migration.c
src/knot/conf/migration.h
src/knot/conf/scheme.c
src/knot/conf/scheme.h
src/knot/conf/module.c
src/knot/conf/module.h
src/knot/conf/schema.c
src/knot/conf/schema.h
src/knot/conf/tools.c
src/knot/conf/tools.h
src/knot/ctl/commands.c
......@@ -234,6 +211,21 @@ src/knot/ctl/process.c
src/knot/ctl/process.h
src/knot/dnssec/context.c
src/knot/dnssec/context.h
src/knot/dnssec/ds_query.c
src/knot/dnssec/ds_query.h
src/knot/dnssec/kasp/kasp_db.c
src/knot/dnssec/kasp/kasp_db.h
src/knot/dnssec/kasp/kasp_zone.c
src/knot/dnssec/kasp/kasp_zone.h
src/knot/dnssec/kasp/keystate.c
src/knot/dnssec/kasp/keystate.h
src/knot/dnssec/kasp/keystore.c
src/knot/dnssec/kasp/keystore.h
src/knot/dnssec/kasp/policy.h
src/knot/dnssec/key-events.c
src/knot/dnssec/key-events.h
src/knot/dnssec/key_records.c
src/knot/dnssec/key_records.h
src/knot/dnssec/nsec-chain.c
src/knot/dnssec/nsec-chain.h
src/knot/dnssec/nsec3-chain.c
......@@ -253,46 +245,57 @@ src/knot/dnssec/zone-sign.h
src/knot/events/events.c
src/knot/events/events.h
src/knot/events/handlers.h
src/knot/events/handlers/backup.c
src/knot/events/handlers/dnskey_sync.c
src/knot/events/handlers/dnssec.c
src/knot/events/handlers/ds_check.c
src/knot/events/handlers/ds_push.c
src/knot/events/handlers/expire.c
src/knot/events/handlers/flush.c
src/knot/events/handlers/freeze_thaw.c
src/knot/events/handlers/load.c
src/knot/events/handlers/notify.c
src/knot/events/handlers/refresh.c
src/knot/events/handlers/update.c
src/knot/events/log.c
src/knot/events/log.h
src/knot/events/handlers/validate.c
src/knot/events/replan.c
src/knot/events/replan.h
src/knot/journal/journal.c
src/knot/journal/journal.h
src/knot/journal/old_journal.c
src/knot/journal/old_journal.h
src/knot/include/module.h
src/knot/journal/journal_basic.c
src/knot/journal/journal_basic.h
src/knot/journal/journal_metadata.c
src/knot/journal/journal_metadata.h
src/knot/journal/journal_read.c
src/knot/journal/journal_read.h
src/knot/journal/journal_write.c
src/knot/journal/journal_write.h
src/knot/journal/knot_lmdb.c
src/knot/journal/knot_lmdb.h
src/knot/journal/serialization.c
src/knot/journal/serialization.h
src/knot/modules/authsignal/authsignal.c
src/knot/modules/cookies/cookies.c
src/knot/modules/dnsproxy/dnsproxy.c
src/knot/modules/dnsproxy/dnsproxy.h
src/knot/modules/dnstap/dnstap.c
src/knot/modules/dnstap/dnstap.h
src/knot/modules/geoip/geodb.c
src/knot/modules/geoip/geodb.h
src/knot/modules/geoip/geoip.c
src/knot/modules/noudp/noudp.c
src/knot/modules/noudp/noudp.h
src/knot/modules/online_sign/nsec_next.c
src/knot/modules/online_sign/nsec_next.h
src/knot/modules/online_sign/online_sign.c
src/knot/modules/online_sign/online_sign.h
src/knot/modules/rosedb/rosedb.c
src/knot/modules/rosedb/rosedb.h
src/knot/modules/rosedb/rosedb_tool.c
src/knot/modules/onlinesign/nsec_next.c
src/knot/modules/onlinesign/nsec_next.h
src/knot/modules/onlinesign/onlinesign.c
src/knot/modules/probe/probe.c
src/knot/modules/queryacl/queryacl.c
src/knot/modules/rrl/functions.c
src/knot/modules/rrl/functions.h
src/knot/modules/rrl/kru-avx2.c
src/knot/modules/rrl/kru-generic.c
src/knot/modules/rrl/kru.h
src/knot/modules/rrl/kru.inc.c
src/knot/modules/rrl/rrl.c
src/knot/modules/rrl/rrl.h
src/knot/modules/stats/stats.c
src/knot/modules/stats/stats.h
src/knot/modules/synth_record/synth_record.c
src/knot/modules/synth_record/synth_record.h
src/knot/modules/synthrecord/synthrecord.c
src/knot/modules/whoami/whoami.c
src/knot/modules/whoami/whoami.h
src/knot/nameserver/axfr.c
src/knot/nameserver/axfr.h
src/knot/nameserver/chaos.c
......@@ -318,20 +321,31 @@ src/knot/nameserver/xfr.c
src/knot/nameserver/xfr.h
src/knot/query/capture.c
src/knot/query/capture.h
src/knot/query/layer.c
src/knot/query/layer.h
src/knot/query/query.c
src/knot/query/query.h
src/knot/query/quic-requestor.c
src/knot/query/quic-requestor.h
src/knot/query/requestor.c
src/knot/query/requestor.h
src/knot/query/tls-requestor.c
src/knot/query/tls-requestor.h
src/knot/server/dthreads.c
src/knot/server/dthreads.h
src/knot/server/handler.c
src/knot/server/handler.h
src/knot/server/proxyv2.c
src/knot/server/proxyv2.h
src/knot/server/quic-handler.c
src/knot/server/quic-handler.h
src/knot/server/server.c
src/knot/server/server.h
src/knot/server/tcp-handler.c
src/knot/server/tcp-handler.h
src/knot/server/udp-handler.c
src/knot/server/udp-handler.h
src/knot/server/xdp-handler.c
src/knot/server/xdp-handler.h
src/knot/updates/acl.c
src/knot/updates/acl.h
src/knot/updates/apply.c
......@@ -346,14 +360,30 @@ src/knot/worker/pool.c
src/knot/worker/pool.h
src/knot/worker/queue.c
src/knot/worker/queue.h
src/knot/zone/adds_tree.c
src/knot/zone/adds_tree.h
src/knot/zone/adjust.c
src/knot/zone/adjust.h
src/knot/zone/backup.c
src/knot/zone/backup.h
src/knot/zone/backup_dir.c
src/knot/zone/backup_dir.h
src/knot/zone/contents.c
src/knot/zone/contents.h
src/knot/zone/digest.c
src/knot/zone/digest.h
src/knot/zone/measure.c
src/knot/zone/measure.h
src/knot/zone/node.c
src/knot/zone/node.h
src/knot/zone/reverse.c
src/knot/zone/reverse.h
src/knot/zone/semantic-check.c
src/knot/zone/semantic-check.h
src/knot/zone/serial.c
src/knot/zone/serial.h
src/knot/zone/skip.c
src/knot/zone/skip.h
src/knot/zone/timers.c
src/knot/zone/timers.h
src/knot/zone/zone-diff.c
......@@ -372,20 +402,70 @@ src/knot/zone/zonedb.c
src/knot/zone/zonedb.h
src/knot/zone/zonefile.c
src/knot/zone/zonefile.h
src/libdnssec/binary.c
src/libdnssec/binary.h
src/libdnssec/crypto.c
src/libdnssec/crypto.h
src/libdnssec/digest.c
src/libdnssec/digest.h
src/libdnssec/dnssec.h
src/libdnssec/error.c
src/libdnssec/error.h
src/libdnssec/key.h
src/libdnssec/key/algorithm.c
src/libdnssec/key/algorithm.h
src/libdnssec/key/convert.c
src/libdnssec/key/convert.h
src/libdnssec/key/dnskey.c
src/libdnssec/key/dnskey.h
src/libdnssec/key/ds.c
src/libdnssec/key/internal.h
src/libdnssec/key/key.c
src/libdnssec/key/keytag.c
src/libdnssec/key/privkey.c
src/libdnssec/key/privkey.h
src/libdnssec/key/simple.c
src/libdnssec/keyid.c
src/libdnssec/keyid.h
src/libdnssec/keystore.h
src/libdnssec/keystore/internal.h
src/libdnssec/keystore/keystore.c
src/libdnssec/keystore/pkcs11.c
src/libdnssec/keystore/pkcs8.c
src/libdnssec/keytag.h
src/libdnssec/nsec.h
src/libdnssec/nsec/bitmap.c
src/libdnssec/nsec/hash.c
src/libdnssec/nsec/nsec.c
src/libdnssec/p11/p11.c
src/libdnssec/p11/p11.h
src/libdnssec/pem.c
src/libdnssec/pem.h
src/libdnssec/random.c
src/libdnssec/random.h
src/libdnssec/sample_keys.h
src/libdnssec/shared/bignum.c
src/libdnssec/shared/bignum.h
src/libdnssec/shared/binary_wire.h
src/libdnssec/shared/dname.c
src/libdnssec/shared/dname.h
src/libdnssec/shared/keyid_gnutls.c
src/libdnssec/shared/keyid_gnutls.h
src/libdnssec/shared/shared.h
src/libdnssec/sign.h
src/libdnssec/sign/der.c
src/libdnssec/sign/der.h
src/libdnssec/sign/sign.c
src/libdnssec/tsig.c
src/libdnssec/tsig.h
src/libknot/attribute.h
src/libknot/binary.c
src/libknot/binary.h
src/libknot/codes.c
src/libknot/codes.h
src/libknot/consts.h
src/libknot/control/control.c
src/libknot/control/control.h
src/libknot/cookies/alg-fnv64.c
src/libknot/cookies/alg-fnv64.h
src/libknot/cookies/client.c
src/libknot/cookies/client.h
src/libknot/cookies/server.c
src/libknot/cookies/server.h
src/libknot/cookies.c
src/libknot/cookies.h
src/libknot/db/db.h
src/libknot/db/db_lmdb.c
src/libknot/db/db_lmdb.h
......@@ -395,21 +475,32 @@ src/libknot/descriptor.c
src/libknot/descriptor.h
src/libknot/dname.c
src/libknot/dname.h
src/libknot/dynarray.h
src/libknot/endian.h
src/libknot/errcode.h
src/libknot/error.c
src/libknot/error.h
src/libknot/libknot.h
src/libknot/lookup.h
src/libknot/mm_ctx.h
src/libknot/packet/compr.c
src/libknot/packet/compr.h
src/libknot/packet/pkt.c
src/libknot/packet/pkt.h
src/libknot/packet/rrset-wire.c
src/libknot/packet/rrset-wire.h
src/libknot/packet/wire.c
src/libknot/packet/wire.h
src/libknot/rdata.c
src/libknot/probe/data.c
src/libknot/probe/data.h
src/libknot/probe/probe.c
src/libknot/probe/probe.h
src/libknot/quic/quic.c
src/libknot/quic/quic.h
src/libknot/quic/quic_conn.c
src/libknot/quic/quic_conn.h
src/libknot/quic/tls.c
src/libknot/quic/tls.h
src/libknot/quic/tls_common.c
src/libknot/quic/tls_common.h
src/libknot/rdata.h
src/libknot/rdataset.c
src/libknot/rdataset.h
......@@ -417,51 +508,68 @@ src/libknot/rrset-dump.c
src/libknot/rrset-dump.h
src/libknot/rrset.c
src/libknot/rrset.h
src/libknot/rrtype/aaaa.c
src/libknot/rrtype/aaaa.h
src/libknot/rrtype/dnskey.c
src/libknot/rrtype/dnskey.h
src/libknot/rrtype/ds.c
src/libknot/rrtype/ds.h
src/libknot/rrtype/naptr.c
src/libknot/rrtype/naptr.h
src/libknot/rrtype/nsec.h
src/libknot/rrtype/nsec3.c
src/libknot/rrtype/nsec3.h
src/libknot/rrtype/nsec3param.c
src/libknot/rrtype/nsec3param.h
src/libknot/rrtype/opt-cookie.c
src/libknot/rrtype/opt-cookie.h
src/libknot/rrtype/opt.c
src/libknot/rrtype/opt.h
src/libknot/rrtype/rdname.h
src/libknot/rrtype/rrsig.c
src/libknot/rrtype/rrsig.h
src/libknot/rrtype/soa.c
src/libknot/rrtype/soa.h
src/libknot/rrtype/svcb.h
src/libknot/rrtype/tsig.c
src/libknot/rrtype/tsig.h
src/libknot/rrtype/txt.h
src/libknot/rrtype/zonemd.h
src/libknot/tsig-op.c
src/libknot/tsig-op.h
src/libknot/tsig.c
src/libknot/tsig.h
src/libknot/wire.h
src/libknot/xdp.h
src/libknot/xdp/bpf-consts.h
src/libknot/xdp/bpf-kernel-obj.c
src/libknot/xdp/bpf-kernel-obj.h
src/libknot/xdp/bpf-kernel.c
src/libknot/xdp/bpf-user.c
src/libknot/xdp/bpf-user.h
src/libknot/xdp/eth.c
src/libknot/xdp/eth.h
src/libknot/xdp/msg.h
src/libknot/xdp/msg_init.h
src/libknot/xdp/protocols.h
src/libknot/xdp/tcp.c
src/libknot/xdp/tcp.h
src/libknot/xdp/tcp_iobuf.c
src/libknot/xdp/tcp_iobuf.h
src/libknot/xdp/xdp.c
src/libknot/xdp/xdp.h
src/libknot/yparser/yparser.c
src/libknot/yparser/yparser.h
src/libknot/yparser/ypbody.c
src/libknot/yparser/ypbody.rl
src/libknot/yparser/ypformat.c
src/libknot/yparser/ypformat.h
src/libknot/yparser/ypscheme.c
src/libknot/yparser/ypscheme.h
src/libknot/yparser/ypschema.c
src/libknot/yparser/ypschema.h
src/libknot/yparser/yptrafo.c
src/libknot/yparser/yptrafo.h
src/utils/common/cert.c
src/utils/common/cert.h
src/libzscanner/error.c
src/libzscanner/error.h
src/libzscanner/functions.c
src/libzscanner/functions.h
src/libzscanner/scanner.h
src/libzscanner/scanner.rl
src/libzscanner/scanner_body.rl
src/utils/common/exec.c
src/utils/common/exec.h
src/utils/common/hex.c
src/utils/common/hex.h
src/utils/common/https.c
src/utils/common/https.h
src/utils/common/lookup.c
src/utils/common/lookup.h
src/utils/common/msg.c
......@@ -470,54 +578,41 @@ src/utils/common/netio.c
src/utils/common/netio.h
src/utils/common/params.c
src/utils/common/params.h
src/utils/common/quic.c
src/utils/common/quic.h
src/utils/common/resolv.c
src/utils/common/resolv.h
src/utils/common/sign.c
src/utils/common/sign.h
src/utils/common/signal.c
src/utils/common/signal.h
src/utils/common/tls.c
src/utils/common/tls.h
src/utils/common/token.c
src/utils/common/token.h
src/utils/common/util_conf.c
src/utils/common/util_conf.h
src/utils/kcatalogprint/main.c
src/utils/kdig/kdig_exec.c
src/utils/kdig/kdig_exec.h
src/utils/kdig/kdig_main.c
src/utils/kdig/kdig_params.c
src/utils/kdig/kdig_params.h
src/utils/keymgr/cmdparse/command.c
src/utils/keymgr/cmdparse/command.h
src/utils/keymgr/cmdparse/match.h
src/utils/keymgr/cmdparse/parameter.c
src/utils/keymgr/cmdparse/parameter.h
src/utils/keymgr/cmdparse/value.c
src/utils/keymgr/cmdparse/value.h
src/utils/keymgr/keymgr.c
src/utils/keymgr/legacy/key.c
src/utils/keymgr/legacy/key.h
src/utils/keymgr/legacy/privkey.c
src/utils/keymgr/legacy/privkey.h
src/utils/keymgr/legacy/pubkey.c
src/utils/keymgr/legacy/pubkey.h
src/utils/keymgr/options.c
src/utils/keymgr/options.h
src/utils/keymgr/bind_privkey.c
src/utils/keymgr/bind_privkey.h
src/utils/keymgr/functions.c
src/utils/keymgr/functions.h
src/utils/keymgr/keystore.c
src/utils/keymgr/keystore.h
src/utils/keymgr/main.c
src/utils/keymgr/offline_ksk.c
src/utils/keymgr/offline_ksk.h
src/utils/khost/khost_main.c
src/utils/khost/khost_params.c
src/utils/khost/khost_params.h
src/utils/kjournalprint/main.c
src/utils/knot1to2/cf-lex.c
src/utils/knot1to2/cf-lex.l
src/utils/knot1to2/cf-parse.tab.c
src/utils/knot1to2/cf-parse.tab.h
src/utils/knot1to2/cf-parse.y
src/utils/knot1to2/extra.c
src/utils/knot1to2/extra.h
src/utils/knot1to2/includes.c
src/utils/knot1to2/includes.h
src/utils/knot1to2/main.c
src/utils/knot1to2/scheme.h
src/utils/knotc/commands.c
src/utils/knotc/commands.h
src/utils/knotc/estimator.c
src/utils/knotc/estimator.h
src/utils/knotc/interactive.c
src/utils/knotc/interactive.h
src/utils/knotc/main.c
......@@ -527,89 +622,127 @@ src/utils/knotd/main.c
src/utils/knsec3hash/knsec3hash.c
src/utils/knsupdate/knsupdate_exec.c
src/utils/knsupdate/knsupdate_exec.h
src/utils/knsupdate/knsupdate_interactive.c
src/utils/knsupdate/knsupdate_interactive.h
src/utils/knsupdate/knsupdate_main.c
src/utils/knsupdate/knsupdate_params.c
src/utils/knsupdate/knsupdate_params.h
src/utils/kxdpgun/ip_route.c
src/utils/kxdpgun/ip_route.h
src/utils/kxdpgun/load_queries.c
src/utils/kxdpgun/load_queries.h
src/utils/kxdpgun/main.c
src/utils/kxdpgun/main.h
src/utils/kxdpgun/stats.c
src/utils/kxdpgun/stats.h
src/utils/kzonecheck/main.c
src/utils/kzonecheck/zone_check.c
src/utils/kzonecheck/zone_check.h
src/zscanner/error.c
src/zscanner/error.h
src/zscanner/functions.c
src/zscanner/functions.h
src/zscanner/scanner.h
src/zscanner/scanner.rl
src/zscanner/scanner_body.rl
src/zscanner/tests/processing.c
src/zscanner/tests/processing.h
src/zscanner/tests/tests.c
src/zscanner/tests/tests.h
src/zscanner/tests/zscanner-tool.c
tests-fuzz/afl-loop.h
tests-fuzz/packet.c
tests-fuzz/packet_libfuzzer.c
tests-fuzz/wrap/server.c
tests-fuzz/wrap/tcp-handler.c
tests-fuzz/wrap/udp-handler.c
src/utils/kzonesign/main.c
tests-fuzz/fuzz_dname_from_str.c
tests-fuzz/fuzz_dname_to_str.c
tests-fuzz/fuzz_packet.c
tests-fuzz/fuzz_zscanner.c
tests-fuzz/knotd_wrap/afl-loop.h
tests-fuzz/knotd_wrap/server.c
tests-fuzz/knotd_wrap/tcp-handler.c
tests-fuzz/knotd_wrap/udp-handler.c
tests-fuzz/main.c
tests/contrib/test_atomic.c
tests/contrib/test_base32hex.c
tests/contrib/test_base64.c
tests/contrib/test_dynarray.c
tests/contrib/test_endian.c
tests/contrib/test_base64url.c
tests/contrib/test_heap.c
tests/contrib/test_hhash.c
tests/contrib/test_inet_ntop.c
tests/contrib/test_net.c
tests/contrib/test_net_shortwrite.c
tests/contrib/test_qp-cow.c
tests/contrib/test_qp-trie.c
tests/contrib/test_siphash.c
tests/contrib/test_sockaddr.c
tests/contrib/test_spinlock.c
tests/contrib/test_string.c
tests/contrib/test_strtonum.c
tests/contrib/test_time.c
tests/contrib/test_wire.c
tests/contrib/test_toeplitz.c
tests/contrib/test_wire_ctx.c
tests/knot/test_acl.c
tests/knot/test_changeset.c
tests/knot/test_conf.c
tests/knot/test_conf.h
tests/knot/test_conf_tools.c
tests/knot/test_confdb.c
tests/knot/test_confio.c
tests/knot/test_digest.c
tests/knot/test_dthreads.c
tests/knot/test_fdset.c
tests/knot/test_journal.c
tests/knot/test_kasp_db.c
tests/knot/test_node.c
tests/knot/test_process_query.c
tests/knot/test_query_module.c
tests/knot/test_requestor.c
tests/knot/test_server.c
tests/knot/test_server.h
tests/knot/test_unreachable.c
tests/knot/test_worker_pool.c
tests/knot/test_worker_queue.c
tests/knot/test_zone-tree.c
tests/knot/test_zone-update.c
tests/knot/test_zone_events.c
tests/knot/test_zone_serial.c
tests/knot/test_zone_timers.c
tests/knot/test_zonedb.c
tests/libdnssec/test_binary.c
tests/libdnssec/test_crypto.c
tests/libdnssec/test_key.c
tests/libdnssec/test_key_algorithm.c
tests/libdnssec/test_key_ds.c
tests/libdnssec/test_keyid.c
tests/libdnssec/test_keystore_pkcs11.c
tests/libdnssec/test_keystore_pkcs8.c
tests/libdnssec/test_keytag.c
tests/libdnssec/test_nsec_bitmap.c
tests/libdnssec/test_nsec_hash.c
tests/libdnssec/test_random.c
tests/libdnssec/test_shared_bignum.c
tests/libdnssec/test_shared_dname.c
tests/libdnssec/test_sign.c
tests/libdnssec/test_sign_der.c
tests/libdnssec/test_tsig.c
tests/libknot/test_control.c
tests/libknot/test_cookies-client.c
tests/libknot/test_cookies-opt.c
tests/libknot/test_cookies-server.c
tests/libknot/test_cookies.c
tests/libknot/test_db.c
tests/libknot/test_descriptor.c
tests/libknot/test_dname.c
tests/libknot/test_dynarray.c
tests/libknot/test_edns.c
tests/libknot/test_edns_ecs.c
tests/libknot/test_endian.c
tests/libknot/test_lookup.c
tests/libknot/test_pkt.c
tests/libknot/test_probe.c
tests/libknot/test_rdata.c
tests/libknot/test_rdataset.c
tests/libknot/test_rrset-wire.c
tests/libknot/test_rrset.c
tests/libknot/test_tsig.c
tests/libknot/test_wire.c
tests/libknot/test_xdp_tcp.c
tests/libknot/test_yparser.c
tests/libknot/test_ypscheme.c
tests/libknot/test_ypschema.c
tests/libknot/test_yptrafo.c
tests/modules/test_online_sign.c
tests/libzscanner/processing.c
tests/libzscanner/processing.h
tests/libzscanner/zscanner-tool.c
tests/modules/test_onlinesign.c
tests/modules/test_rrl.c
tests/test_acl.c
tests/test_changeset.c
tests/test_conf.c
tests/test_conf.h
tests/test_conf_tools.c
tests/test_confdb.c
tests/test_confio.c
tests/test_dthreads.c
tests/test_fdset.c
tests/test_journal.c
tests/test_node.c
tests/test_process_query.c
tests/test_query_module.c
tests/test_requestor.c
tests/test_server.c
tests/test_server.h
tests/test_worker_pool.c
tests/test_worker_queue.c
tests/test_zone-tree.c
tests/test_zone-update.c
tests/test_zone_events.c
tests/test_zone_serial.c
tests/test_zone_timers.c
tests/test_zonedb.c
tests/utils/test_cert.c
tests/tap/basic.c
tests/tap/basic.h
tests/tap/files.c
tests/tap/files.h
tests/tap/float.c
tests/tap/float.h
tests/tap/macros.h
tests/tap/runtests.c
tests/utils/test_lookup.c
Knot.includes
View file @ a4da7526
libtap
src
src/contrib
src/dnssec
src/dnssec/lib
src/dnssec/lib/dnssec
src/dnssec/shared
src/zscanner
src/contrib/dnstap
src/contrib/libngtcp2
src/contrib/libngtcp2/ngtcp2
src/contrib/libngtcp2/ngtcp2/crypto
src/contrib/libngtcp2/ngtcp2/lib
src/contrib/licenses
src/contrib/openbsd
src/contrib/proxyv2
src/contrib/qp-trie
src/contrib/ucw
src/contrib/url-parser
src/contrib/vpool
src/knot
src/knot/catalog
src/knot/common
src/knot/conf
src/knot/ctl
src/knot/dnssec
src/knot/dnssec/kasp
src/knot/events
src/knot/events/handlers
src/knot/include
src/knot/journal
src/knot/modules
src/knot/modules/cookies
src/knot/modules/dnsproxy
src/knot/modules/dnstap
src/knot/modules/geoip
src/knot/modules/noudp
src/knot/modules/onlinesign
src/knot/modules/probe
src/knot/modules/queryacl
src/knot/modules/rrl
src/knot/modules/stats
src/knot/modules/synthrecord
src/knot/modules/whoami
src/knot/nameserver
src/knot/query
src/knot/server
src/knot/updates
src/knot/worker
src/knot/zone
src/libdnssec
src/libdnssec/key
src/libdnssec/keystore
src/libdnssec/nsec
src/libdnssec/p11
src/libdnssec/shared
src/libdnssec/sign
src/libknot
src/libknot/control
src/libknot/db
src/libknot/packet
src/libknot/probe
src/libknot/rrtype
src/libknot/xdp
src/libknot/yparser
src/libzscanner
src/utils
src/utils/common
src/utils/kcatalogprint
src/utils/kdig
src/utils/keymgr
src/utils/khost
src/utils/kjournalprint
src/utils/knotc
src/utils/knotd
src/utils/knsec3hash
src/utils/knsupdate
src/utils/knsupdate/tests
src/utils/kxdpgun
src/utils/kzonecheck
src/utils/kzonesign
tests
tests/contrib
tests-fuzz
tests-fuzz/wrap
tests-fuzz/check
tests-fuzz/knotd_wrap
tests/knot
tests/knot/semantic_check_data
tests/libdnssec
tests/libknot
tests/libzscanner
tests/libzscanner/data
tests/libzscanner/data/includes
tests/modules
tests/tap
tests/utils
Makefile.am
View file @ a4da7526
ACLOCAL_AMFLAGS = -I m4
SUBDIRS = libtap src tests tests-fuzz python samples doc
SUBDIRS = src tests tests-fuzz python samples distro doc
.PHONY: singlehtml install-singlehtml
singlehtml install-singlehtml:
EXTRA_DIST = README.md
.PHONY: singlehtml epub install-singlehtml install-epub
singlehtml install-singlehtml epub install-epub:
$(MAKE) -C doc $@
.PHONY: check-compile
check-compile:
$(MAKE) $(AM_MAKEFLAGS) -C libtap $@
$(MAKE) $(AM_MAKEFLAGS) -C src $@
$(MAKE) $(AM_MAKEFLAGS) -C tests $@
$(MAKE) $(AM_MAKEFLAGS) -C tests-fuzz $@
......@@ -18,11 +18,10 @@ CODE_COVERAGE_INFO = coverage.info
CODE_COVERAGE_HTML = coverage.html
CODE_COVERAGE_DIRS = \
src/contrib \
src/dnssec/lib \
src/dnssec/shared \
src/knot \
src/libdnssec \
src/libknot \
src/zscanner
src/libzscanner
code_coverage_quiet = --quiet
......
NEWS
View file @ a4da7526
Knot DNS 2.5.0-dev (2017-xx-xx)
===============================
Knot DNS 3.4.0 (2024-09-02)
===========================
Features:
---------
- knotd: full DNS over TLS (DoT, RFC 7858) implementation (see 'DNS over TLS')
- knotd: bidirectional XFR over TLS (XoT) support with opportunistic, strict,
and mutual authentication profiles
- knotd: support for DDNS over QUIC and TLS
- knotd: DNSSEC validation requires the remaining RRSIG validity is longer than 'rrsig-refresh'
- knotd: new event for automatic DNSSEC revalidation
- knotd: if enabled DNSSEC signing, EDNS expire is adjusted to the earliest RRSIG expiration
- knotd: added support for libdbus as an alternative to systemd dbus
(see '--enable-dbus=libdbus' configure parameter)
- knotd: new XDP-related configuration options
(see 'xdp.ring-size', 'xdp.busypoll-budget', and 'xdp.busypoll-timeout')
- knotc: new command for explicit triggering DNSSEC validation (see 'zone-validate' command)
- keymgr: SKR verification requires end of DNSKEY RRSIG validity covers next DNSKEY snapshot
- kdig: +nocrypto applies also to CERT, DS, SSHFP, DHCID, TLSA, ZONEMD, and TSIG
- knsupdate: added support for DDNS over QUIC and TLS (see '-Q' and '-S' parameters)
- kxdpgun: support for reading a binary input file (see '-B' parameter)
- kxdpgun: support for output in JSON (see '-j' parameter)
- kxdpgun: support for periodical output (see '-S' parameter)
- mod-rrl: module offers limiting of non-UDP protocols based on consumed time
(see 'mod-rrl.time-rate-limit' and 'mod-rrl.time-instant-limit')
- utils: -VV option for listing compile time configuration summary
Improvements:
-------------
- knotd: up to eight DDNS queries can be queued per zone when frozen
- knotd: the number of created/validated RRSIGs is logged
- knotd: overhaul of atomic operations usage
- knotd: unified DNAME semantic errors with the CNAME ones
(see 'Handling CNAME and DNAME-related updates')
- knotd: better DDNS pre-check to prevent dropping a bulk of updates
- knotd: extended SOA presence semantic checks
- knotd: disallowed concurrent control zone and config transactions to avoid deadlock
- knotd: disallowed opening zone transaction when blocking command is running to avoid deadlock
- knotd: new XDP statistic counters
- knotd: remote zone serial is logged upon received incoming transfer
- knotd: zone backup stores and zone restore checks the CPU architecture compatibility
- knotd: time configuration options support 'w', 'M', and 'y' units
- knotd: some control commands can be processed asynchronously
- knotc: zone backup overwrites already existing backupdir in the force mode
- kdig: EDNS is enabled by default
- kdig: the default EDNS payload size was lowered to 1232
- mod-rrl: completely reimplemented UDP rate limiting using an efficient
query-counting mechanism on several address prefix lengths
- mod-rrl: module no longer requires explicit configuration
- libknot: various XDP improvements and new configuration parameters
- docker: increased -D_FORTIFY_SOURCE to 3
Bugfixes:
---------
- knotd: deadlock during zone-ksk-submitted processing of a frozen zone
- kxdpgun: race condition in SIGUSR1 signal processing
- doc: parallel build is unreliable #928
Compatibility:
--------------
- configure: increase minimal GnuTLS version to 3.6.10
- configure: removed deprecated libidn 1 support
- configure: removed liburcu search fallback
- configure: required GCC or LLVM Clang compiler with C11 support
- knotd: removed already ignored obsolete configuration options
- keymgr: removed legacy parameter '--brief'
- kjournalprint: removed legacy parameter '--no-color'
- kjournalprint: removed legacy database specification without '--dir'
- kcatalogprint: removed legacy database specification without '--dir'
- packaging: CentOS 7, Debian 10, and Ubuntu 18.04 no longer supported
- doc: removed info pages
Knot DNS 3.3.9 (2024-08-26)
===========================
Improvements:
-------------
- libknot: added EDE code 30
- libknot: improved performance of knot_rrset_to_wire_extra()
- libs: upgraded embedded libngtcp2 to 1.7.0
- doc: various fixes and updates
Bugfixes:
---------
- keymgr: pregenerate clears future timestamps of old keys and creates new keys
- mod-dnsproxy: defective TSIG processing
- mod-dnsproxy: TCP not detected in the XDP mode
- kxdpgun: unsuccessful interface initialization leaks memory
- packaging: libknot not installed with python3-libknot
Knot DNS 3.3.8 (2024-07-22)
===========================
Features:
---------
- libzscanner,libknot: added support for 'dohpath' and 'ohttp' SVCB parameters
- libzscanner,libknot: added support for WALLET rrtype
- keymgr: new commands for keystore testing (see 'keystore-test' and 'keystore-bench')
- knotd: new configuration option for setting default TTL (see 'zone.default-ttl')
Improvements:
-------------
- libknot: added error codes to better describe some failures
Bugfixes:
---------
- knotd: DNSSEC signing doesn't remove NSEC records for non-authoritative nodes
- knotd: DNSSEC signing not scheduled on secondary if nothing to be reloaded
- libknot: TCP over XDP doesn't ignore SYN+ACK packets on the server side
Knot DNS 3.3.7 (2024-06-25)
===========================
Improvements:
-------------
- libs: upgraded embedded libngtcp2 to 1.6.0
Bugfixes:
---------
- knotd: insufficient metadata check can cause journal corruption
- knotd: missing zone timers initialization upon purge
- knotd: missing RCU lock in zone flush and refresh
- knotd: defective assert in zone refresh
Knot DNS 3.3.6 (2024-06-12)
===========================
Features:
---------
- knotd: configurable control socket backlog size (see 'control.backlog')
- knotd: optional configuration of congruency of generated keytags (see 'policy.keytag-modulo')
- knotc: support for exporting configuration schema in JSON (see 'conf-export') #912
- mod-dnstap: configuration of sink allows TCP address specification
Improvements:
-------------
- knotd: last-signed serial is stored to KASP even if not a secondary zone
- knotd: allowed catalog role member in a catalog template configuration
- knotd: some references in a zone configuration can be set empty to override a template
- knotd: allowed zone backup during a zone transaction
- knotd: add remote TSIG key name to outgoing event logs
- knotc: zone backup with '+keysonly' silently uses all defaults as 'off'
- kxdpgun: host name can be used for target specification
- libs: upgraded embedded libngtcp2 to 1.5.0
- doc: various fixes and updates
Bugfixes:
---------
- knotd: reset TCP connection not removed from a connection pool
- knotd: server wrongly tries to remove removed ZONEMD
- knotd: failed to parse empty list from a textual configuration
- knotd: blocking zone signing in combination with an open transaction causes a deadlock
- knotd: missing RCU lock when sending NOTIFY
- kdig: QNAME letter case isn't preserved if IDN is enabled
- kdig: failed to parse empty QNAME (do not fill question section)
- kxdpgun: floating point exception on SIGUSR1 #927
- libknot: incorrect handling of regular QUIC tokens in incoming initials
- python: failed to set an empty configuration value
Knot DNS 3.3.5 (2024-03-06)
===========================
Features:
---------
- knotd: new module mod-authsignal for automatic authenticated DNSSEC
bootstrapping records synthesis (Thanks to Peter Thomassen)
- kzonecheck: new optional ZONEMD verification (see option '-z')
Improvements:
-------------
- knotd: new DNSSEC key rollover log informs about next planned key action
- knotd, kzonecheck: added limit on non-matching keys with a duplicate keytag
- knot-exporter: added counter-type variant for each metric (Thanks to Marcel Koch)
- libs: upgraded embedded libngtcp2 to 1.3.0
- doc: various fixes and updates
Bugfixes:
---------
- knotd, kzonecheck: failed to validate RRSIG if there are more keys with the same keytag
- knotd, kzonecheck: failed to validate zone with more CSK keys
- libknot: insufficient check for malformed TCP header options over XDP
- libzscanner: incorrect alpn processing #923
Knot DNS 3.3.4 (2024-01-24)
===========================
Features:
---------
- knotd: new configuration item for clearing configuration sections (see 'clear')
- knotc: configuration import can preserve database contents (see '+nopurge' flag)
- kxdpgun: new parameter for setting UDP payload size in EDNS (see '--edns-size') #915
Improvements:
-------------
- knotd: extended configuration check for 'zonefile-load' and 'journal-content'
- knotd: lowered check limit for additional NSEC3 iterations to 0
- knotd: lowered severity level of an informational backup log
- knotd: better log message when flushing the journal
- knotd: zone restore checks if requested contents are in the provided backup
- knotc: '+quic' is default for zone backup, '+noquic' is default for zone restore
- kdig: better processing of timeouts and reduced sent datagrams over QUIC
- kdig: no retries are attempted over QUIC
- keymgr: improved compatibility with bind9-generated keys
- libs: some improvements in XDP buffer allocation
- libs: upgraded embedded libngtcp2 to 1.2.0
- doc: various fixes and updates
Bugfixes:
---------
- knotd: failed to build on macOS #909
- knotd: 'nsec3-salt-lifetime: -1' doesn't work if 'ixfr-from-axfr' is enabled
- knotd: unnecessarily updated RRSIGs if 'ixfr-from-axfr' and signing are enabled
- knotc: zone check complains about missing zone file #913
- kdig: failed to try another target address over QUIC
- libknot: infinite loop in knot_rrset_to_wire_extra() #916
Knot DNS 3.3.3 (2023-12-13)
===========================
Features:
---------
- knotd: new 'pattern' mode of ACL update owner matching (see 'acl.update-owner-match')
- knotc: new '+keysonly' filter for zone backup/restore
Improvements:
-------------
- knotd: zone purging waits for finished zone expiration for better reliability
- knotd: remote configuration considers more 'via' with the same address family
- knotd: refresh doesn't fall back from IXFR to AXFR upon a network error
- knotd: increased default for 'policy.rrsig-refresh' by (0.1 * 'rrsig-lifetime')
- knotd: new control flag 'u' for unix time output format from zone status
- knotd: extended check for inconsistent acl settings
- knotd/libknot: simplified TCP/QUIC sweep logging
- mod-dnsproxy: all configured remote addresses are used for fallback operation
- mod-dnsproxy: module responds locally if forwarding fails instead of SERVFAIL
- libs: upgraded embedded libngtcp2 to 1.1.0
- doc: various fixes and extensions
Bugfixes:
---------
- knotd: zone backup fails due to improper backup context deinitialization #891
- knotd: failed to sign the zone if maximum zone's TTL is too high
- knotd: malformed TCP header if used with QUIC in the generic XDP mode
- knotd: server can crash when processing new TCP connections over XDP
- knotd: incorrect initialization of TCP limits
- knotd: orphaned PEM file not deleted when key generation fails
- knotd/libknot: connection timeouts over QUIC due to incomplete retransfer handling #894
- kdig: crashed when querying DNS over TLS if TLS handshake times out #896
- kzonecheck: failed to check DS with SHA-1 or GOST if not supported by local policy
- libdnssec: failed to compile with GnuTLS if PKCS #11 support is disabled
Knot DNS 3.3.2 (2023-10-20)
===========================
Features:
---------
- knotd: support for IXFR from AXFR computation (see 'zone.ixfr-from-axfr')
- knotd: support benevolent IXFR (see 'zone.ixfr-benevolent')
- knot-exporter: new configuration option '--no-zone-serial' #880
Improvements:
-------------
- libs: upgraded embedded libngtcp2 to 1.0.0
- knotd: added logging of new SOA serial when signing is finished
- knotd: unified some XDP-related logging
- keymgr: improved error message if a key file is not accessible
- keymgr: added offline RRSIGs validation at the end of their validity intervals
- kdig: upgraded EDNS presentation format to draft version -02
- kdig: simplified QUIC connection without extra PING frames
- kzonecheck: removed requirement that DS is at delegation point
- doc: various fixes and improvements
Bugfixes:
---------
- knotd: logged incorrect new SOA serial if 'zonefile-load: difference' is set #875
- knotd: more signing threads with a PKCS #11 keystore has no effect #876
- knotd: DNAME record returned with query domain name instead of actual name #873
- knotd: failed to import configuration file if mod-geoip is in use #881
- knotd: failed to sign RRSet that fits to 64k only if compressed
- knotd: broken zone update context upon failed operation over control interface
- keymgr: offline RRSIGs not refreshed if 'rrsig-refresh' is not set
- knsupdate: incorrect processing of @ in the delete operation #879
- knot-exporter: failed to parse knotd PIDs on FreeBSD
Packaging:
----------
- docker: added support for (inter-container) D-Bus signaling
Knot DNS 3.3.1 (2023-09-11)
===========================
Improvements:
-------------
- knotd: multiple catalog groups per member are tolerated, but only one is used
- modules: added const qualifier to various function parameters #877 (Thanks to Robert Edmonds)
- libs: upgraded embedded libngtcp2 to 0.19.1
Bugfixes:
---------
- knotd: TCP over XDP fails to respond
- knotd: server can crash when adjusting a wildcard glue
- knotd: failed to forward DDNS if 'zone.master' points to 'remotes'
- knotd: broken YAML statistics if more modules are configured #874
- knotd: DDNS forwarding isn't RFC 8945 compliant
Knot DNS 3.3.0 (2023-08-28)
===========================
Features:
---------
- knotd: full DNS over QUIC (DoQ, RFC 9250) implementation, also without XDP
- knotd: bidirectional XFR over QUIC (XoQ) support with opportunistic, strict,
and mutual authentication profiles
- knotd: automatic reverse PTR records pre-generation (see 'zone.reverse-generate')
- knotd: new per zone statistic counters 'zone.size' and 'zone.max-ttl'
- knotd: new primary server pinning (see 'zone.master-pin-tolerance')
- knotd: new SOA serial modulo policy (see 'zone.serial-modulo')
- knotd: new multi-signer operation mode (see 'policy.dnskey-sync' and 'DNSSEC multi-signer')
- kdig: support for EDNS presentation format, also in JSON mode (see '+optpresent')
- kxdpgun: new TCP/QUIC debug mode 'R' for connection reuse
- kxdpgun: new XDP mode parameter '--mode' (Thanks to Jan Včelák)
- kxdpgun: new parameter '--qlog' for qlog destination specification
- kzonecheck: new '--print' parameter for dumping the zone on stdout
Improvements:
-------------
- knotd: secondary can be configured not to forward DDNS (see 'zone.ddns-master')
- knotd: extended support for UNIX socket configuration (remote, acl)
- knotd: stats no longer dump empty or zero counters
- knotd: new 'keys-updated' D-Bus event
- knotd: added transport protocol information to outgoing event and nameserver logs
- knotd: server cleans up stale LMDB readers when opening a RW transaction
- knotd,kzonecheck: semantic check allows DS only at delegation point
- knotc: new zone backup filters '+quic' and '+noquic' for QUIC key backup
- mod-dnstap: DNS over QUIC traffic is marked as QUIC
- kxdpgun: QUIC connections are closed by default
- libs: upgraded embedded libngtcp2 to 0.18.0
- kdig: QUIC, TLS, or HTTPS protocol is printed in the final statistics
- doc: new sections 'DNS over QUIC' and 'DNSSEC multi-signer'
- doc: various improvements
Bugfixes:
---------
- knotd: server can crash if a shared module is loaded and dynamic configuration used
- knotd: inaccurate transfer size is logged if EDNS EXPIRE, PADDING, or TSIG is present
- knotd: subsequent addition and removal to catalog zone isn't handled properly
- knotc: configuration import fails if an explicit shared module is configured
- utils: database transactions not properly closed when terminated prematurely
- kdig: double-free on some malformed responses over QUIC #869
- kdig: some TLS parameters override QUIC parameters
- libs: NULL record with empty RDATA isn't allowed
- tests: dthreads destructor test sometimes fails
Compatibility:
--------------
- knotd: responses to forwarded DDNS requests are signed with local TSIG key
- knotd: NOTIFY-initiated refresh tries all configured addresses of the remote
- knotd: configuration option 'xdp.quic-log' was replaced with 'log.quic'
- libs: removed embedded libbpf, an external one is necessary for XDP
- libs: DNS over QUIC implementation only supports 'doq' ALPN
- ctl: removed 'Version: ' prefix from 'status version' output
- modules: reduced parameters of 'knotd_qdata_local_addr()'
Packaging:
----------
- knot-exporter: Prometheus exporter imported from GitHub
- knot-exporter: packages for Debian, Ubuntu, and PyPI
- debian,ubuntu: new self-hosted repository (see https://pkg.labs.nic.cz/doc/)
- docker: upgraded to Debian bookworm-slim
Knot DNS 3.2.13 (2024-06-25)
============================
Bugfixes:
---------
- knotd: insufficient metadata check can cause journal corruption
- knotd: failed to build on macOS #909
- knotd: early NSEC3 salt replanning if 'nsec3-salt-lifetime: -1'
- knotc: zone check complains about missing zone file #913
- kdig: failed to parse empty QNAME (do not fill question section)
- python: failed to set an empty configuration value
- libzscanner: incorrect alpn processing #923
- libknot: insufficient check for malformed TCP header options over XDP
- libknot: infinite loop in knot_rrset_to_wire_extra() #916
Knot DNS 3.2.12 (2023-12-19)
============================
Improvements:
-------------
- knotd: zone purging waits for finished zone expiration for better reliability
- doc: various fixes and extensions
Bugfixes:
---------
- knotd: zone backup fails due to improper backup context deinitialization #891
- knotd: failed to sign the zone if maximum zone's TTL is too high
- knotd: malformed TCP header if used with QUIC in the generic XDP mode
- knotd: incorrect initialization of TCP limits
- knotd: orphaned PEM file not deleted when key generation fails
- knotd: server can crash when processing new TCP connections over XDP
- kdig: crashed when querying DNS over TLS if TLS handshake times out #896
- kzonecheck: failed to check DS with SHA-1 or GOST if not supported by local policy
Knot DNS 3.2.11 (2023-10-30)
============================
Improvements:
-------------
- keymgr: improved error message if a key file is not accessible
- keymgr: added offline RRSIGs validation at the end of their validity intervals
- doc: fixed some typos
Bugfixes:
---------
- knotd: DNAME record returned with query domain name instead of actual name #873
- knotd: failed to import configuration file if mod-geoip is in use #881
- knotd: failed to sign RRSet that fits to 64k only if compressed
- keymgr: offline RRSIGs not refreshed if 'rrsig-refresh' is not set
- knsupdate: incorrect processing of @ in the delete operation #879
Knot DNS 3.2.10 (2023-09-11)
============================
Improvements:
-------------
- knotd: multiple catalog groups per member are tolerated, but only one is used
- knotd: server cleans up stale LMDB readers when opening a RW transaction
Bugfixes:
---------
- knotd: server can crash when adjusting a wildcard glue
- knotd: failed to forward DDNS if 'zone.master' points to 'remotes'
- knotd: subsequent addition and removal to catalog zone isn't handled properly
- knotd: server can crash if a shared module is loaded and dynamic configuration used
- knotc: configuration import fails if an explicit shared module is configured
- kdig: double-free on some malformed responses over QUIC #869
- kdig: some TLS parameters override QUIC parameters
- libs: NULL record with empty RDATA isn't allowed
Knot DNS 3.2.9 (2023-07-27)
===========================
Improvements:
-------------
- keymgr: 'import-pkcs11' not allowed if no PKCS #11 keystore backend is configured
- keymgr: more verbose key import errors
- doc: extended migration notes
- doc: various improvements
Bugfixes:
---------
- knotd: server may crash when storing changeset of a big zone migrating to/from NSEC3
- knotd: zone refresh loop when all masters are outdated and timers cleared
- knotd: failed to active D-Bus notifications if not started as systemd service
- kjournalprint: database transaction not properly closed when terminated prematurely
Knot DNS 3.2.8 (2023-06-26)
===========================
Improvements:
-------------
- kdig: malformed messages are parsed and printed using a best-effort approach
- python: new dname from wire initialization
Bugfixes:
---------
- knotd: missing outgoing NOTIFY upon refresh if one of more primaries is up-to-date
- knotd: journal loop detection can prevent zone from loading
- knotd: cryptic error message when journal is full #842
- knotd: failed to query catalog zone over UDP
- configure: libngtcp2 check wrongly requires version 0.13.0 instead of 0.13.1
Knot DNS 3.2.7 (2023-06-06)
===========================
Features:
---------
- knotd: new configuration option for preserving incoming IXFR changeset history
(see 'zone.ixfr-by-one')
Improvements:
-------------
- knotd: journal ensures the stored changeset's SOA serials are strictly increasing
- knotd: more effective handling of zero KNOT_ZONE_LOAD_TIMEOUT_SEC environment value
- knotd, kdig: incoming transfer fails if a message has the TC bit set
- knotd, kjournalprint: store or print the timestamp of changeset creation
- kxdpgun: load only necessary number of queries (Thanks to Petr Špaček)
- kxdpgun: print ratio of sent vs. requested queries (Thanks to Petr Špaček)
- kxdpgun: print percentages as floats (Thanks to Petr Špaček)
- kjournalprint: ability to print a changeset loop
- kjournalprint: added changset serials information to '-z -d' output
- packaging: RHEL9 requires libxdp like fedora since RHEL 9.2 #844
- doc: various improvements
Bugfixes:
---------
- knotd: journal loading can get stuck in a multi-changeset loop
- knotd: missing RCU lock when reading zone through the control interface
- knotd: server start D-Bus signaling doesn't work well if the zone file is
missing, catalog zones are used, or in the async-start mode
- knotd: test suite fails on 32bit architectures on musl 1.2 and newer #843
- knotd: failed to process zero-length messages over QUIC
- libs: compilation with embedded ngtcp2 fails if there is another ngtcp2 in the path
Knot DNS 3.2.6 (2023-04-04)
===========================
Improvements:
-------------
- libs: upgraded embedded libngtcp2 to 0.13.1
- libs: added support for building on Cygwin and MSYS (Thanks to Christopher Ng)
- mod-dnstap: improved precision of stored time values
- kdig: added option for EDNS EXPIRE (see '+expire') #836
- kdig: extended description of SOA timers in the multiline mode
- kdig: reduced latency of TLS communication
- libknot: added EDE codes 28 and 29
- doc: various improvements
Bugfixes:
---------
- knotd: generated catalog zone not updated upon server reload #834
- knotd: failed to check shared module configuration
- knotd: missing RCU registration of the statistics thread (Thanks to Qin Longfei)
- knotd: server logs failed to send QUIC packets in the XDP mode
- libs: inconsistent transformation of IPv4-Compatible IPv6 Addresses
- utils: failed to load configuration if dnstap module is enabled #831
- libknot: missing include string.h
Knot DNS 3.2.5 (2023-02-02)
===========================
Features:
---------
- knotd: new configuration option for enforcing IXFR fallback (see 'zone.provide-ixfr')
Improvements:
-------------
- knotd: changed UNIX socket file mode to 0222 for answering and 0220 for control
- mod-probe: new support for communication over a UNIX socket
- kdig: new support for communication over a UNIX socket
- libs: upgraded embedded libngtcp2 to 0.13.0
- doc: various improvements
Bugfixes:
---------
- knotd: failed to get catalog member configuration if catalog template is in a template
- knotd: failed to respond over a UNIX socket with EDNS
- knotd: unexpected zone update upon restart or zone reload if ZONEMD generation is enabled
- knotd: redundant zone flush of unchanged zone if zone file load is 'difference-no-serial'
- knotd/kxdpgun: failed to receive messages over XDP with drivers tap or ena
- knotc: zone check doesn't report missing zone file #829
- kxdpgun: program crashes when remote closes QUIC connection instead of resumption
- mod-geoip: configuration check leaks memory in the geodb mode
- utils: unwanted color reset sequences in non-color output
Knot DNS 3.2.4 (2022-12-12)
===========================
Improvements:
-------------
- knotd: significant speed-up of catalog zone update processing
- knotd: new runtime check if RRSIG lifetime is lower than RRSIG refresh
- knotd: reworked zone re-bootstrap scheduling to be less progressive
- mod-synthrecord: module can work with CIDR-style reverse zones #826
- python: new libknot wrappers for some dname transformation functions
- doc: a few fixes and improvements
Bugfixes:
---------
- knotd: incomplete zone is received when IXFR falls back to AXFR due to
connection timeout if primary puts initial SOA only to the first message
- knotd: first zone re-bootstrap is planned after 24 hours
- knotd: EDNS EXPIRE option is present in outgoing transfer of a catalog zone
- knotd: catalog zone can expire upon EDNS EXPIRE processing
- knotd: DNSSEC signing doesn't fail if no offline KSK records available
Knot DNS 3.2.3 (2022-11-20)
===========================
Improvements:
-------------
- knotd: new per-zone DS push configuration option (see 'zone.ds-push')
- libs: upgraded embedded libngtcp2 to 0.11.0
Bugfixes:
---------
- knsupdate: program crashes when sending an update
- knotd: server drops more responses over UDP under higher load
- knotd: missing EDNS padding in responses over QUIC
- knotd: some memory issues when handling unusual QUIC traffic
- kxdpgun: broken IPv4 source subnet processing
- kdig: incorrect handling of unsent data over QUIC
Knot DNS 3.2.2 (2022-11-01)
===========================
Features:
---------
- knotd,kxdpgun: support for VLAN (802.1Q) traffic in the XDP mode
- knotd: added configurable delay upon D-Bus initialization (see 'server.dbus-init-delay')
- kdig: support for JSON (RFC 8427) output format (see '+json')
- kdig: support for PROXYv2 (see '+proxy') (Gift for Peter van Dijk)
Improvements:
-------------
- mod-geoip: module respects the server configuration of answer rotation
- libs: upgraded embedded libngtcp2 to 0.10.0
- tests: improved robustness of some unit tests
- doc: added description of zone bootstrap re-planning
Bugfixes:
---------
- knotd: catalog confusion when a member is added and immediately deleted #818
- knotd: defective handling of short messages with PROXYv2 header #816
- knotd: inconsistent processing of malformed messages with PROXYv2 header #817
- kxdpgun: incorrect XDP mode is logged
- packaging: outdated dependency check in RPM packages
Knot DNS 3.2.1 (2022-09-09)
===========================
Improvements:
-------------
- libknot: added compatibility with libbpf 1.0 and libxdp
- libknot: removed some trailing white space characters from textual RR format
- libs: upgraded embedded libngtcp2 to 0.8.1
Bugfixes:
---------
- knotd: some non-DNS packets not passed to OS if XDP mode enabled
- knotd: inappropriate log about QUIC port change if QUIC not enabled
- knotd/kxdpgun: various memory leaks related to QUIC and TCP
- kxdpgun: can crash at high rates in emulated XDP mode
- tests: broken XDP-TCP test on 32-bit platforms
- kdig: failed to build with enabled QUIC on OpenBSD
- systemd: failed to start server due to TemporaryFileSystem setting
- packaging: missing knot-dnssecutils package on CentOS 7
Knot DNS 3.2.0 (2022-08-22)
===========================
Features:
---------
- knotd: finalized TCP over XDP implementation
- knotd: initial implementation of DNS over QUIC in the XDP mode (see 'xdp.quic')
- knotd: new incremental DNSKEY management for multi-signer deployment (see 'policy.dnskey-management')
- knotd: support for remote grouping in configuration (see 'groups' section)
- knotd: implemented EDNS Expire option (RFC 7314)
- knotd: NSEC3 salt is changed with every ZSK rollover if lifetime is set to -1
- knotd: support for PROXY v2 protocol over UDP (Thanks to Robert Edmonds) #762
- knotd: support for key labels with PKCS #11 keystore (see 'keystore.key-label')
- knotd: SVCB/HTTPS treatment according to draft-ietf-dnsop-svcb-https
- keymgr: new JSON output format (see '-j' parameter) for listing keys or zones (Thanks to JP Mens)
- kxdpgun: support for DNS over QUIC with some testing modes (see '-U' parameter)
- kdig: new DNS over QUIC support (see '+quic')
Improvements:
-------------
- knotd: reduced memory consumption when processing IXFR, DNSSEC, catalog, or DDNS
- knotd: RRSIG refresh values don't have to match in the mode Offline KSK
- knotd: better decision whether AXFR fallback is needed upon a refresh error
- knotd: NSEC3 resalt event was merged with the DNSSEC event
- knotd: server logs when the connection to remote was taken from the pool
- knotd: server logs zone expiration time when the zone is loaded
- knotd: DS check verifies removal of old DS during algorithm rollover
- knotd: DNSSEC-related records can be updated via DDNS
- knotd: new 'xdp.udp' configuration option for disabling UDP over XDP
- knotd: outgoing NOTIFY is replanned if failed
- knotd: configuration checks if zone MIN interval values are lower or equal to MAX ones
- knotd: DNSSEC-related zone semantic checks use DNSSEC validation
- knotd: new configuration value 'query' for setting ACL action
- knotd: new check on near end of imported Offline KSK records
- knotd/knotc: implemented zone catalog purge, including orphaned member zones
- knotc: interactive mode supports catalog zone completion, value completion, and more
- knotc: new default brief and colorized output from zone status
- knotc: unified empty values in zone status output
- keymgr: DNSKEY TTL is taken from KSR in the Offline KSK mode
- kjournalprint: path to journal DB is automatically taken from the configuration,
which can be specified using '-c', '-C' (or '-D')
- kcatalogprint: path to catalog DB is automatically taken from the configuration,
which can be specified using '-c', '-C' (or '-D')
- kzonesign: added automatic configuration file detection and '-C' parameter
for configuration DB specificaion
- kzonesign: all CPU threads are used for DNSSEC validation
- libknot: dname pointer cannot point to another dname pointer when encoding RRsets #765
- libknot: QNAME case is preserved in knot_pkt_t 'wire' field (Thanks to Robert Edmonds) #780
- libknot: reduced memory consumption of the XDP mode
- libknot: XDP filter supports up to 256 NIC queues
- kxdpgun: new options for specifying source and remote MAC addresses
- utils: extended logging of LMDB-related errors
- utils: improved error outputs
- kdig: query has AD bit set by default
- doc: various improvements
Bugfixes:
---------
- knotd: zone changeset is stored to journal even if disabled
- knotd: journal not applied to zone file if zone file changed during reload
- knotd: possible out-of-order processing or postponed zone events to far future
- knotd: incorrect TTL is used if updated RRSet is empty over control interface
- knotd/libs: serial arithmetics not used for RRSIG expiration processing
- knsupdate: incorrect RRTYPE in the question section
Compatibility:
--------------
- knotd: default value for 'zone.journal-max-depth' was lowered to 20
- knotd: default value for 'policy.nsec3-iterations' was lowered to 0
- knotd: default value for 'policy.rrsig-refresh' is propagation delay + zone maximum TTL
- knotd: server fails to load configuration if 'policy.rrsig-refresh' is too low
- knotd: configuration option 'server.listen-xdp' has no effect
- knotd: new configuration check on deprecated DNSSEC algorithm
- knotc: new '-e' parameter for full zone status output
- keymgr: new '-e' parameter for full key list output
- keymgr: brief key listing mode is enabled by default
- keymgr: renamed parameter '-d' to '-D'
- knsupdate: default TTL is set to 3600
- knsupdate: default zone is empty
- kjournalprint: renamed parameter '-c' to '-H'
- python/libknot: removed compatibility with Python 2
Packaging:
----------
- systemd: removed knot.tmpfile
- systemd: added some hardening options
- distro: Debian 9 and Ubuntu 16.04 no longer supported
- distro: packages for CentOS 7 are built in a separate COPR repository
- kzonecheck/kzonesign/knsec3hash: moved to new package knot-dnssecutils
Knot DNS 3.1.9 (2022-08-10)
===========================
Improvements:
-------------
- knotd: new configuration checks on unsupported catalog settings
- knotd: semantic check issues have notice log level in the soft mode
- keymgr: command generate-ksr automatically sets 'from' parameter to last
offline KSK records' timestamp if it's not specified
- keymgr: command show-offline starts from the first offline KSK record set
if 'from' parameter isn't specified
- kcatalogprint: new parameters for filtering catalog or member zone
- mod-probe: default rate limit was increased to 100000
- libknot: default control timeout was increased to 30 seconds
- python/libknot: various exceptions are raised from class KnotCtl
- doc: some improvements
Bugfixes:
---------
- knotd: incomplete outgoing IXFR is responded if journal history is inconsistent
- knotd: manually triggered zone flush is suppressed if disabled zone synchronization
- knotd: failed to configure XDP listen interface without port specification
- knotd: de-cataloged member zone's file isn't deleted #805
- knotd: member zone leaks memory when reloading catalog during dynamic configuration change
- knotd: server can crash when reloading modules with DNSSEC signing (Thanks to iqinlongfei)
- knotd: server crashes during shutdown if PKCS #11 keystore is used
- keymgr: command del-all-old isn't applied to all keys in the removed state
- kxdpgun: user specified network interface isn't used
- libs: fixed compilation on illumos derivatives (Thanks to Nick Ewins)
Knot DNS 3.1.8 (2022-04-28)
===========================
Features:
---------
- knotd: optional automatic ACL for XFR and NOTIFY (see 'remote.automatic-acl')
- knotd: new soft zone semantic check mode for allowing defective zone loading
- knotc: added zone transfer freeze state to the zone status output
Improvements:
-------------
- knotd: added configuration check for serial policy of generated catalogs
Bugfixes:
---------
- knotd/libknot: the server can crash when validating a malformed TSIG record
- knotd: outgoing zone transfer freeze not preserved during server reload
- knotd: catalog UPDATE not processed if previous UPDATE processing not finished #790
- knotd: zone refresh not started if planned during server reload
- knotd: generated catalogs can be queried over UDP
- knotd/utils: failed to open LMDB database if too many stale slots occupy the lock table
Knot DNS 3.1.7 (2022-03-30)
===========================
Features:
---------
- knotd: new configuration items for restricting minimum and maximum zone expire
and retry intervals (see 'zone.expire-min-interval', 'zone.expire-max-interval',
'zone.retry-min-interval', 'zone.retry-max-interval') #785
- knotc: added catalog information to zone status
Improvements:
-------------
- knotd: better warning message if SOA serial comparison failed when loading from zone file
- knotc: zone status shows all zone events when frozen
- keymgr: better error message is returned when importing SKR with insufficient permissions
- kdig: transfer status is also printed if failed
Bugfixes:
---------
- knotd: incomplete implementation of the Offline KSK mode in the IXFR and DDNS processing
- knotd: catalog zone accepts duplicate members via UPDATE #786
- knotd: server crashes if catalog database contains orphaned member zones
- knotd: old journal is scraped when restoring just the zone file
- knotd: some planned zone events can be lost during server reload
- knotd: frozen zone gets thawed during server reload
- knsupdate: missing section names in the show output
- knsupdate: inappropriate log message if called from a script
Knot DNS 3.1.6 (2022-02-08)
===========================
Features:
---------
- knotd: optional D-Bus notifications for significant server and zone events
(see 'server.dbus-event')
- knotd: new submission configuration option for delayed KSK post-activation
(see 'submission.parent-delay')
- knotc: new commands for outgoing XFR freeze (see 'zone-xfr-freeze' and 'zone-xfr-thaw')
- kzonesign: added multithreaded DNSSEC validation mode (see '--verify')
Improvements:
-------------
- kdig: trailing data in reply packet is accepted with a warning
- kdig: XFR responses are checked if SOA owners match
- knotd: failed remote operations are logged as info instead of debug
- knsec3hash: added alternative and more natural parameter semantics
- knsupdate: interactive mode is newly based on library Editline
- Dockerfile: added UID argument to facilitate the use of unprivileged container #783
- doc: various fixes and improvements
Bugfixes:
---------
- libknot: inaccurate KNOT_DNAME_TXT_MAXLEN constant value #781
- knotd: propagation delay not considered before DS push
- knotd: excessive refresh retry delay when a few early attemps fail
- knotd: duplicate KSK submission log message during a KSK rollover
- kdig: dname letter case not preserved in XFR and Dnstap outputs
- mod-cookies: missing server cookie in responses over TCP
Knot DNS 3.1.5 (2021-12-20)
===========================
Features:
---------
- knotd: optional outgoing TCP connection pool for faster communication with remotes
(see 'server.remote-pool-limit' and 'server.remote-pool-timeout')
- knotd: optional unreachable remote tracking to avoid zone events clogging
(see 'server.remote-retry-delay')
- knotd: new ZONEMD generation mode for the record removal from the zone apex #760
(see 'zone.zonemd-generate: remove')
- mod-dnsproxy: new source address match option (see 'mod-dnsproxy.address')
- scripts/probe_dump: simple mod-probe client
Improvements:
-------------
- knotd: DS push sets DS TTL equal to DNSKEY TTL
- knotd: extended zone purge error logging
- knotd: zone file parsing error message was extended by the file name
- knotd: improved debug log message when TCP timeout is reached
- knotd: new configuration check for using the default number of NSEC3 iterations
- knotd: new configuration check for insufficient RRSIG refresh time
- mod-geoip: configuration check newly verifies the module configuration file #778
- kdig: option +notimeout or +timeout=0 is interpreted as infinity
- kdig: option +noretry is interpreted as zero retries
- python/probe: more detailed default output format
- doc: many spelling fixes (Thanks to Josh Soref)
- doc: various fixes and improvements
Bugfixes:
---------
- knotd: imperfect TCP connection closing in the XDP mode
- knotd: TCP reset packets are wrongly checked for ackno in the XDP mode
- knotd: only first zone name is logged for multi-zone control operations #776
- knotd: minor memory leak when full zone update fails to write to journal
- knotc: configuration check doesn't check a configuration database
- mod-dnstap: incorrect QNAME case restore in some corner cases (Thanks to Robert Edmonds) #777
Knot DNS 3.1.4 (2021-11-04)
===========================
Features:
---------
- mod-dnstap: added 'responses-with-queries' configuration option (Thanks to Robert Edmonds) #764
Improvements:
-------------
- knotd: DNSSEC keys are logged in sorted order by timestamp
- mod-cookies: added statistics counter for dropped queries due to the slip limit
- mod-dnstap: restored the original query QNAME case #773 (Thanks to Robert Edmonds)
- configure: improved compatibility of some scripts on macOS and BSDs
- doc: updates on DNSSEC signing
Bugfixes:
---------
- knotd: server can crash when receiving queries with NSID EDNS flag #774 (Thanks to Romain Labolle)
- knotd: server crashes on reload when no interfaces configured #770
- knotd: ZONEMD without DNSSEC not handled correctly
- knotd: generated catalog zone not updated on config reload #772
- knotd: zone catalog not verified before its interpretation
- knotd: ds-push fails to update the parent zone if a CNAME exists for a non-terminal node
Knot DNS 3.1.3 (2021-10-18)
===========================
Improvements:
-------------
- knotd: added simple error logging to orphaned zone purge
- knotd: allow manual public-only keys for unused algorithm
- kdig: send ALPN when using DoT or XoT #769
- doc: various fixes and improvements #767
Bugfixes:
---------
- knotd: catalog backup doesn't preserve version of the catalog implementation
- knotd: NOTIFY is scheduled even when DNSSEC signing is up-to-date
- knotd: server can crash when zone difference is inconsistent upon cold start
- knotd: zone not bootstrapped when zone file load failed due to an error
- knotd: broken AXFR with knot as slave and dnsmasq as master (Thanks to Daniel Gröber)
- knotd: journal not able to free up space when zone-in-journal present and zonefile written
- mod-stats: missing protocol counters for TCP over XDP
- kzonesign: input zone name not lower-cased
Knot DNS 3.1.2 (2021-09-08)
===========================
Features:
---------
- knotd: new policy configuration for postponing complete deletion of previous keys
- keymgr: new optional pretty mode (-b) of listing keys
- kdig: added support for TCP keepopen #503
Improvements:
-------------
- knotd: configuration item values can contain UTF-8 characters
- knotd: added configuration check for database storage writability
- knotd: better error reporting if zone is empty
- knotd: smaller journal database chunks in order to mitigate LMDB fragmentation
- knotd/kxdpgun: CAP_SYS_RESOURCE capability no longer needed for XDP on Linux >= 5.11
Bugfixes:
---------
- knotd: incomplete NSEC3 proof in response to opt-outed empty non-terminal
- knotd: wrong SOA serial handling when enabling signing on already existing secondary zone
- knotd: defective ZONEMD verification error reporting when loading zone #759
- knotd: server can crash when reloading catalog zone #761
- knotd: DNSSEC validation doesn't work when only NSEC3 chain changes
- knotd: DNSSEC validation doesn't check if empty non-terminal over non-opt-outed
delegation isn't opt-outed too
- knotd: ZONEMD generation doesn't cause flushing zone to disk #758
- knotd: incorrect evaluation of ACL deny rule in combination with TSIG
- knotd: failed DS-check is replaned even if no key is ready
- kdig: abort when query times out #763
- libzscanner: missing output overflow check in the SVCB parsing
Compatibility:
--------------
- keymgr: parameter -d is marked deprecated in favor of new parameter -D
- kjournalprint: parameter -n is marked deprecated in favor of new parameter -x
Knot DNS 3.1.1 (2021-08-10)
===========================
Improvements:
-------------
- keymgr: import-bind sets publish and active timers to now if missing timers #747
- mod-rrl: added QNAME, which triggered an action, to log messages #757
- systemd: added environment variable for setting maximum configuration DB size
Bugfixes:
---------
- knotd: adding RRSIGs to a signed zone can lead to redundant RRSIGs for some NSEC(3)s
- knotd: code not compiled correctly for ARM on Fedora >= 33
- knotd: server can crash when opening catalog DB on startup
- knotd: incorrect catalog update counts in logs
- knotd: journal discontinuity and zone-in-journal result in incorrectly calculated journal occupation
- kdig: +noall does not filter out AUTHORITY comment #749
- tests: journal unit test not passing if memory page size is different from 4096
Reverts:
--------
- libzscanner: reverted "omitted TTL value is correctly set to the last explicitly stated value (RFC 1035)" #751
Knot DNS 3.1.0 (2021-08-02)
===========================
Features:
---------
- knotd: automatic zone catalog generation based on actual configuration
- knotd: zone catalog supports configuration groups
- knotd: support for ZONEMD validation and generation
- knotd: basic support for TCP over XDP processing
- knotd: configuration option for enabling IP route check in the XDP mode
- knotd: support for epoll (Linux) and kqueue (*BSD, macOS) socket polling
- knotd: extended EDNS error (EDE) is added to the response if appropriate
- knotd: DNSSEC operation with extra ready public-only KSK is newly allowed
- knotd: new zone backup/restore filters for more variable component specification
- knotd: adaptive systemd service start timeout and new zone loading status #733
- knotd: configuration option for enabling TCP Fast Open on outbound communication
- knotd: when the server starts, zone NOTIFY is send only if not sent already
- knotc: zone reload with the force flag triggers reload of the zone and its modules
- libs: support for parsing and dumping SVCB and HTTPS resource records
- kdig: support for TCP Fast Open along with DoT/DoH #549
- kxdpgun: basic support for DNS over TCP processing
- kxdpgun: current traffic statistics can be printed using a USR1 signal
- python: new libknot/probe API wrapper
Improvements:
-------------
- knotd: PID file is created even in the foreground mode
- knotd: more robust and enhanced zone data backup and restore operations
- knotd: maximum length of an XFR message is limited to 16 KiB for better compression
- knotd: maximum CNAME/DNAME chain depth per reply was decreased from 20 to 5
- knotd: improved performance of processing domain names with many short labels
- knotd: adaptive limit on the number of LMDB readers to avoid problems with many workers
- knotd: TTL of generated NSEC(3) records is set to min(SOA TTL, SOA minimum)
- knotd: TTL of generated NSEC3PARAM is equal to TTL of NSEC3 records
- knotd: maximum TCP segment size is restricted to 1220 octets on Linux #468
- knotc: various improvements in error reporting
- knotc: default control timeout is infinity in the blocking mode
- dnssec: dnskey generator tries to return a key with a unique keytag
- kxdpgun: RLIMIT_MEMLOCK is increased only if not high enough
- kxdpgun: RTNETLINK is used for getting network information instead of the ip command
Bugfixes:
---------
- knotd: DNAME not applied more than once to resolve the query #714
- knotd: root zone not correctly purged from the journal
- kzonecheck: incorrect check for opt-outed empty non-terminal nodes
- libzscanner: wrong error line number
- libzscanner: broken multiline rdata processing if an error occurs
- mod-geoip: NXDOMAIN is responded instead of NODATA #745
- make: build fails with undefined references if building using slibtool #722
Packaging:
----------
- knotd: systemd service reload uses 'kill -HUP' instead of 'knotc reload'
- kxdpgun: new library dependency libmnl
- mod-dnstap: new package separate from the knot package
- mod-geoip: new package separate from the knot package
Compatibility:
--------------
- configure: option '--enable-xdp=yes' means use an external libbpf if available
or use the embedded one
- libzscanner: omitted TTL value is correctly set to the last explicitly stated value (RFC 1035)
- knotc: zone restore from an old backup (3.0.x) requires forced operation
- knotd: configuration option 'server.listen-xdp' is replaced with 'xdp.listen'
- knotd: zone file loading with automatic SOA serial incrementation newly
requires having full zone in the journal
- knotd: obsolete configuration options 'zone.disable-any', 'server.tcp-handshake-timeout'
are silently ignored
- knotd: obsolete configuration options 'zone.max-zone-size', 'zone.max-journal-depth',
'zone.max-journal-usage', 'zone.max-refresh-interval', 'zone.min-refresh-interval'
'server.max-ipv4-udp-payload', 'server.max-ipv6-udp-payload', 'server.max-udp-payload',
'server.tcp-reply-timeout', 'server.max-tcp-clients' are ignored
- knotd: obsolete default template options 'template.journal-db',
'template.kasp-db', 'template.timer-db', 'template.max-journal-db-size',
'template.journal-db-mode', 'template.max-timer-db-size',
'template.max-kasp-db-size' are ignored
Knot DNS 3.0.11 (2022-04-28)
============================
Improvements:
-------------
- doc: various fixes and improvements
Bugfixes:
---------
- knotd/libknot: the server can crash when validating a malformed TSIG record
- knotd: public-only key makes DNSSEC signing fail
- knotd: frozen zone gets thawed during server reload
- knotd: zone refresh not started if planned during server reload
- knotd: some planned zone events can be lost during server reload
- knotd: propagation delay not considered before DS push
- knotd: duplicate KSK submission log message during a KSK rollover
- mod-cookies: missing server cookie in responses over TCP
- knsupdate: missing section names in the show output
Knot DNS 3.0.10 (2021-11-04)
============================
Improvements:
-------------
- doc: various fixes and improvements
Bugfixes:
---------
- knotd: server can crash when receiving queries with NSID EDNS flag #774 (Thanks to Romain Labolle)
- knotd: ds-push fails to update the parent zone if a CNAME exists for a non-terminal node
- knotd: server crashes on reload when no interfaces configured #770
- knotd: journal not able to free up space when zone-in-journal present and zonefile written
- knotd: broken AXFR with knot as slave and dnsmasq as master (Thanks to Daniel Gröber)
- knotd: server can crash when zone difference is inconsistent upon cold start
- mod-stats: missing protocol counters for TCP over XDP
- kzonesign: input zone name not lower-cased
Knot DNS 3.0.9 (2021-09-09)
===========================
Improvements:
-------------
- keymgr: import-bind sets publish and active timers to now if missing timers #747
Bugfixes:
---------
- knotd: incomplete NSEC3 proof in response to opt-outed empty non-terminal
- knotd: journal discontinuity and zone-in-journal result in incorrectly calculated journal occupation
- knotd: incorrect evaluation of ACL deny rule in combination with TSIG
- knotd: failed DS-check is replanned even if no key is ready
- knotd: root zone not correctly purged from the journal
- kdig: +noall does not filter out AUTHORITY comment #749
Knot DNS 3.0.8 (2021-07-16)
===========================
Features:
---------
- knotc: new command for loading DNSSEC keys without dropping all RRSIGs when re-signing
- knotd: new policy configuration option for disabling some DNSSEC safety features #741
- mod-geoip: new dnssec and policy configuration options
Bugfixes:
---------
- knotd: early KSK removal during a KSK rollover if automatic KSK submission check
is enabled and DNSKEY TTL is lower than the corresponding DS TTL
- knotd: failed to generate a new DNSKEY if previously generated shared key not available
- knotd: periodical error logging when a PKCS #11 keystore failed to initialize #742
- knotd: zone commit doesn't check for missing SOA record
Knot DNS 3.0.7 (2021-06-16)
===========================
Features:
---------
- knotd: new configuration policy option for CDS digest algorithm setting #738
- keymgr: new command for primary SOA serial manipulation in on-secondary signing mode
Improvements:
-------------
- knotd: improved algorithm rollover to shorten the last step of old RRSIG publication
Bugfixes:
---------
- knotd: zone is flushed upon server start, despite DNSSEC signing is up-to-date
- knotd: wildcard nonexistence is proved on empty-non-terminal query
- knotd: redundant wildcard proof for non-authoritative data in a reply
- knotd: missing wildcard proofs in a wildcard-cname loop reply
- knotd: incorrectly synthesized CNAME owner from a wildcard record #715
- knotd: zone-in-journal changeset ignores journal-max-usage limit #736
- knotd: incorrect processing of zone-in-journal changeset with SOA serial 0
- knotd: broken initialization of processing workers if SO_REUSEPORT(_LB) not available
- kjournalprint: reported journal usage is incorrect #736
- keymgr: cannot parse algorithm name ed448 #739
- keymgr: default key size not set properly
- kdig: failed to process huge DoH responses
- libknot/probe: some corner-case bugs
Knot DNS 3.0.6 (2021-05-12)
===========================
Features:
---------
- mod-probe: new module for simple traffic logging (Python API not yet included)
Improvements:
-------------
- keymgr: new mode for listing zones with at least one key stored
- keymgr: the pregenerate command accepts optional timestamp-from parameter
- kzonecheck: accept '-' as substitution for standard input #727
- knotd: print an error when unable to change owner of a logging file
- knotd: new warning log if no interface is configured
- knotd: new signing policy check for NSEC3 iterations higher than 20
- knotd: don't allow backup to/restore from the DB storage directory
- Various code (mostly zone backup/restore), tests, and documentation improvements
Bugfixes:
---------
- knotd: secondary fails to load zone file if HTTPS or SVCB record is present #725
- knotd: (KSK roll-over) new KSK is not signing DNSKEY long enough before DS submission
- knotd: (KSK roll-over) old KSK uselessly published after roll-over finished
- knotd: malformed address in TCP-related logs when listening on a UNIX socket
- knotd: server responds FORMERR instead of BADTIME if TSIG signed time is zero #730
- modules: incorrect local and remote addresses in the XDP mode
- modules: failed to read configuration from a section without identifiers
- mod-synthrecord: queries on synthesized empty-non-terminals not answered with NODATA
- keymgr: confusing error if del-all-old command fails
Knot DNS 3.0.5 (2021-03-25)
===========================
Improvements:
-------------
- kdig: added support for TCP Fast Open on FreeBSD
- keymgr: the SEP flag can be changed on already generated keys
- Some documentation improvements
Bugfixes:
---------
- knotd: journal contents can be considered malformed after changeset merge
- knotd: broken detection of TCP Fast Open availability
- knotd: zone restore can stuck in an infinite loop if zone configuration changed
- knotd: failed zone backup makes control socket unavailable
- knotd: zone not stored to journal after reload if difference-no-serial is enabled
- knotd: old key is being used after an algorithm rollover with a shared policy #721
- keymgr: keytag not recomputed upon key flag change
- kdig: TCP not used if +fastopen is set
- mod-dnstap: the local address is empty
- kzonecheck: missing letter lower-casing of the origin parameter
- XDP mode wrongly detected on NetBSD
- Failed to build knotd_stdio fuzzing utility
Knot DNS 3.0.4 (2021-01-20)
===========================
Improvements:
-------------
- Sockets to CPUs binding is no longer enabled by default but can be enabled
via new configuration option 'server.socket-affinity'
- Some documentation improvements
Bugfixes:
---------
- DNS queries without EDNS to the root zone apex are dropped in the XDP mode
- Deterministic ECDSA signing leaks memory
- Zone not stored to journal if zonefile-load isn't ZONEFILE_LOAD_WHOLE
- Server crashes if the catalog zone isn't configured for registered member zones
- Server crashes when loading conflicting catalog member zones
- CNAME and DNAME records below delegation are not ignored #713
- Not all udp/tcp workers are used if the number of NIC queues is lower than
the number of udp/tcp workers
- Failed to load statistics and geoip modules if built as shared
Knot DNS 3.0.3 (2020-12-15)
===========================
Features:
---------
- Kjournalprint can display changesets starting from specific SOA serial
Improvements:
-------------
- New configuration check on ambiguous 'storage' specification #706
- New configuration check on problematic 'zonefile-load' with 'journal-contents' combination
- Server logs positive ACL check in debug severity level (Thanks to Andreas Schrägle)
- More verbose logging of failed zone backup
- Extended documentation for catalog zones
Bugfixes:
---------
- On-slave signing produces broken NSEC(3) chain if glue node becomes (un-)orphaned #705
- Server responds CNAME query with NXDOMAIN for CNAME synthesized from DNAME
- Kdig crashes if source address and dnstap logging are specified together #702
- Knotc fails to display error returned from zone freeze or zone thaw
- Dynamically reconfigured zone isn't loaded upon configuration commit
- Keymgr is unable to import BIND-style private key if it contains empty lines
- Zone backup fails to backup keys if any of them is public-only
- Failed to build with XDP support on Debian testing
Knot DNS 3.0.2 (2020-11-11)
===========================
Features:
---------
- kdig prints Extended DNS Error (Gift for Marek Vavruša)
- kxdpgun allows source IP address/subnet specification
Improvements:
-------------
- Server doesn't start if any of listen addresses fails to bind
- knotc no longer stores empty and adjacent identical commands to interactive history
- Depth of interactive history of knotc was increased to 1000 commands
- keymgr prints error messages to stderr instead of stdout
- keymgr checks for proper offline-ksk configuration before processing KSR or SKR
- keymgr imports Revoked timer from BIND keys
- Additional XDP support detection in server
- Lots of spelling and grammar fixes in documentation (Thanks to Paul Dee)
- Some documentation improvements
Bugfixes:
---------
- If more masters configured, zone retransfer triggers AXFR from all masters
- Server can fail to bind address during restart due to missing SO_REUSEADDR
- KSK imported from BIND doesn't roll over automatically
- libdnssec respects local GnuTLS policy — affects DNSSEC operations and Knot Resolver
- kdig can stuck in infinite loop when solving BADCOOKIE responses
- Zone names received over control interface are not lower-cased
- Zone attributes not secured with multi-threaded changes
- kzonecheck ignores forced dnssec checks if zone not signed
- kzonecheck fails on case-sensitivity of owner names in NSEC records #699
- kdig fails to establish TLS connection #700
- Server responds NOTIMPL to queries with QDCOUNT 0 and known OPCODE
Knot DNS 3.0.1 (2020-10-10)
===========================
Features:
---------
- New command in keymgr for validation of RRSIGs in SKR
- Keymgr validates RRSIGs in SKR during import
- New option in kzonecheck to skip DNSSEC-related checks
Improvements:
-------------
- Module noudp has new configuration option for UDP truncation rate
- Better detection of reproducible signing availability
- Kxdpgun allows setting of network interface
- Default control timeout in knotc was increased to 60 seconds
- DNSSEC validation searches for invalid redundant RRSIGs
- Configuration source detection no longer considers empty confdb directory as active configuration
- Zone backup preserves original zone file if zone file synchronization is disabled
Bugfixes:
---------
- NSEC3 re-salt can cause server crash due to possible zone inconsistencies
- Zone reload logs 'invalid parameter' if zone file not changed
- Outgoing multi-message transfer can contain invalid compression pointers under specific conditions
- Improper handling of file descriptors in libdnssec
- Server crashes if no policy is configured with DNSSEC validation
- Server crashes if DNSSEC validation is enabled for unsigned zone
- Failed to build with libnghttp2 (Thanks to Robert Edmonds)
- Various bugs in zone data backup/restore
Knot DNS 3.0.0 (2020-09-09)
===========================
Features:
---------
- High-performance networking mode using XDP sockets (requires Linux 4.18+)
- Support for Catalog zones including kcatalogprint utility
- New DNSSEC validation mode
- New kzonesign utility — an interface for manual DNSSEC signing
- New kxdpgun utility — high-performance DNS over UDP traffic generator for Linux
- DoH support in kdig using GnuTLS and libnghttp2
- New KSK revoked state (RFC 5011) in manual DNSSEC key management mode
- Deterministic signing with ECDSA algorithms (requires GnuTLS 3.6.10+)
- Module synthrecord supports reverse pointer shortening
- Safe persistent zone data backup and restore
Improvements:
-------------
- Processing depth of CNAME and DNAME chains is limited to 20
- Non-FQDN is allowed as 'update-owner-name' configuration option value
- Kdig prints detailed algorithm identifier for PRIVATEDNS and PRIVATEOID
in multiline mode #334
- Queries with QTYPE ANY or RRSIG are always responded with at most one random RRSet
- The statistics module has negligible performance overhead on modern CPUs
- If multithreaded zone signing is enabled, some additional zone maintenance
steps are newly parallelized
- ACL can be configured by reference to a remote
- Better CPU cache locality for higher query processing performance
- Logging to non-syslog streams contains timestamps with the timezone
- Keeping initial DNSKEY TTL and zone maximum TTL in KASP database to ensure
proper rollover timing in case of TTL changes during the rollover
- Responding FORMERR to queries with more OPT or TSIG records
Bugfixes:
---------
- Module onlinesign responds NXDOMAIN instead of NOERROR (NODATA) if DNSSEC not requested
- Outgoing multi-message transfer can contain invalid compression pointers under specific conditions
Knot DNS 2.9.9 (2021-04-01)
===========================
Improvements:
-------------
- keymgr: the SEP flag can be changed on already generated keys
- Some documentation improvements
Bugfixes:
---------
- knotd: journal contents can be considered malformed after changeset merge
- knotd: old key is being used after an algorithm rollover with a shared policy #721
- keymgr: keytag not recomputed upon key flag change
- kzonecheck: missing letter lower-casing of the origin parameter
Knot DNS 2.9.8 (2020-12-15)
===========================
Bugfixes:
---------
- On-slave signing produces broken NSEC(3) chain if glue node becomes (un-)orphaned #705
- If more masters configured, zone retransfer triggers AXFR from all masters
- KSK imported from BIND doesn't roll over automatically
- kzonecheck fails on case-sensitivity of owner names in NSEC records #699
- Server responds NOTIMPL to queries with QDCOUNT 0 and known OPCODE
- Kdig crashes if source address and dnstap logging are specified together #702
- Keymgr is unable to import BIND-style private key if it contains empty lines
- Knotc fails to display error returned from zone freeze or zone thaw
Knot DNS 2.9.7 (2020-10-09)
===========================
Bugfixes:
---------
- NSEC3 re-salt can cause server crash due to possible zone inconsistencies
- Zone reload logs 'invalid parameter' if zone file not changed
- Outgoing multi-message transfer can contain invalid compression pointers under specific conditions
- Improper handling of file descriptors in libdnssec
Improvements:
-------------
- Module noudp has new configuration option for UDP truncation rate
Knot DNS 2.9.6 (2020-08-31)
===========================
Features:
---------
- New kdig option '+[no]opttext' to print unknown EDNS options as text if possible (Thanks to Robert Edmonds)
Improvements:
-------------
- Better error message if no key is ready for submission
- Improved logging when master is not usable
- Improved control logging of zone-flush errors if output directory is specified
- More precise system error messages when a zone transfer fails
- Some documentation improvements (especially Offline KSK)
Bugfixes:
---------
- In the case of many zones, control operations over all zones take lots of memory
- Misleading error message on keymgr import-bind #683
- DS push is triggered upon every zone change even though CDS wasn't changed
- Kzonecheck performance penalty with passive keys #688
- CSK->KSK+ZSK scheme rollover can end too early
Knot DNS 2.9.5 (2020-05-25)
===========================
Bugfixes:
---------
- Old ZSK can be withdrawn too early during a ZSK rollover if maximum zone TTL
is computed automatically
- Server responds SERVFAIL to ANY queries on empty non-terminal nodes
Improvements:
-------------
- Also module onlinesign returns minimized responses to ANY queries
- Linking against libcap-ng can be disabled via a configure option
Knot DNS 2.9.4 (2020-05-05)
===========================
Improvements:
-------------
- ANY query over UDP is always answered with one RRSet + possible RRSIG instead
of truncated reply
- Server tries to resolve CNAME record generated by geoip module (Thanks to Conrad Hoffmann)
- Earlier OCSP validity check in kdig certificate verification (Thanks to Alexander Schultz)
- Module onlinesign allows KSK + ZSK mode
- Server control listen backlog limit was increased to 5
- Zone signing event is always re-scheduled even after a signing error
- Extended error checks and tiny enhancements in kjournalprint
- kdig logs a more detailed error message when failed to acquire a remote address
- Some documentation improvements
Bugfixes:
---------
- Server can crash when zone update fails due to exceeded zone size limit
- keymgr 'share' command doesn't work
- Shared KSK doesn't work with an initial key
- Self-created RRSIGs are still cryptographically verified in some unnecessary cases
- Changed NSEC3PARAM not correctly detected during zone update
- NSEC(3) chain not fixed if affected by zone update
- knotc orphan purge doesn't work on journal
- Online signing configured along with DNSSEC signing can cause MDB_BAD_RSLOT
error during server reload
- Zone journal access can stuck if mismanaged zone serial
- Concurrently added and removed same records in a DDNS message are not properly handled
- Zone check logs error instead of warning after a first error occurred
Knot DNS 2.9.3 (2020-03-03)
===========================
Features:
---------
- New configuration option 'remote.block-notify-after-transfer' to suppress
sending NOTIFY messages
- Enabled testing support for Ed448 DNSSEC algorithm (requires GnuTLS 3.6.12+
and not-yet-released Nettle 3.6+)
- New keymgr parameter 'local-serial' for getting/setting signed zone SOA serial
in the KASP database
- keymgr can import Ed25519 and Ed448 keys in the BIND format (Thanks to Conrad Hoffmann)
Improvements:
-------------
- kdig returns error if the query name is invalid
- Increased 'server.tcp-io-timeout' default value to 500 ms
- Decreased 'database.journal-db-max-size' default value to 512 MiB on 32-bit systems
- Server no longer falls back to AXFR if master is outdated during zone refresh
- Some documentation improvements (including new EPUB format and compatibility
with Ultra Electronics CIS Keyper Plus HSM)
- Some packaging improvements (including new python3-libknot deb package)
Bugfixes:
---------
- Outgoing IXFR can be malformed if the message size has specific size
- Server can crash if the zone contains solo NSEC3 record
- Improved compatibility with older journal format
- Incorrect SOA TTL in negative answers — SOA minimum not considered
- Cannot unset uppercase nodes via control interface #668
- Module RRL doesn't set AA flag and NOERROR rcode in slipped responses
- Server returns FORMERR instead of NOTIMP if empty QUESTION and unknown OPCODE
Knot DNS 2.9.2 (2019-12-12)
===========================
Improvements:
-------------
- Tiny ds-check log message rewording
- Some unnecessary code cleanup
Bugfixes:
---------
- ds-push doesn't replace the DS RRset on the parent #661
- Server gets stuck in a never-ending logging loop when changing SOA TTL
- Server can crash when the journal database size limit is reached
- Server can create a bogus changeset with equal serials from and to
- Unreasonable re-signing of the NSEC3PARAM record when reloading the zone
and 'zonefile-load: difference-no-serial' is configured
- SOA RRSIG not updated if the only changed record is SOA
- Failed to remove NSEC3 records through the control interface #666
- Failed to stop the server if a zone transaction is active
Knot DNS 2.9.1 (2019-11-11)
===========================
Features:
---------
- New option for OCSP stapling '+[no]tls-ocsp-stapling[=H]' in kdig (Thanks to Alexander Schultz)
Improvements:
-------------
- Kdig always randomizes source TCP port on recent Linux #575
- Server no longer warns about disabled zone file synchronization during shutdown
- Zone loading stops if failed to load zone from the journal
- Speed-up of insertion to big RRSets
- Various code and documentation improvements
Bugfixes:
---------
- Failed to apply journal changes after upgrade #659
- Failed to finish zone loading if journal changeset serials from and to are equal
- Incorrect handling of 0 value for 'tcp-io-timeout' and 'tcp-remote-io-timeout' configuration
- Server can crash if zone transaction is open during zone update
- NSEC3 chain not fully updated if NSEC3 salt changes during zone update
- Server can crash when flushing zone to a specified directory
- Server can respond incorrect NSEC3 records after NSEC3 salt change
- Delegation glue records not updated after specific zone change
Knot DNS 2.9.0 (2019-10-10)
===========================
Features:
---------
- Full support for different master/slave serial arithmetics when on-slave signing
- Module geoip newly supports wildcard records #650
- New DNSSEC policy configuration option 'rrsig-pre-refresh' for reducing
frequency of the zone signing event
- New server configuration option 'tcp-reuseport' for setting SO_REUSEPORT(_LB)
mode on TCP sockets
- New server configuration option 'tcp-io-timeout' [ms] for restricting inbound
IO operations over TCP #474
Improvements:
-------------
- Significant speed-up of zone contents modifications
- Avoided double zone signing during CSK rollovers
- Self-created RRSIGs are not cryptographically verified if not necessary
- Zone journal can store two changesets if zone file difference computing
and DNSSEC signing are enabled. The first one containing the difference of
zone history needed by slave servers, the second one containing the difference
between zone file and zone needed for server restart
- Universal and more robust memory clearing
- More precise socket timeout handling
- New notice log message for configuration changes requiring server restart
- Module RRL logs both trigger source address and affected subnet
- Various code (especially zone and TCP processing) and documentation improvements
Bugfixes:
---------
- RRSIGs are wrongly checked for inconsistent RRSet TTLs during zone update
- DS check/push warnings after disabled DNSSEC signing
- NSEC3 records not accessible through control interface
- Module geoip doesn't accept underscore character in dname specification #655
Compatibility:
--------------
- Removed runtime reconfiguration of network workers and interfaces since
it was imperfect and also couldn't work after dropped process privileges
- Removed inaccurate and misleading knotc command 'zone-memstats' because
memory consumption varies during zone modifications or transfers
- Removed useless 'zone.request-edns-option' configuration option
- Reimplemented DNS Cookies to be interoperable (based on draft-ietf-dnsop-server-cookies
and work by Witold Kręcicki)
- Default limit on TCP clients is auto-configured to one half of the file
descriptor limit for the server process
- Number of open files limit is set to 1048576 in upstream packages
- Default number of TCP workers is equal to the number of online CPUs or at least 10
- Default EDNS buffer size is 1232 for both IPv4 and IPv6
- Removed 'tcp-handshake-timeout' server configuration option
- Some configuration options were renamed and possibly moved. Old names will
be supported at least until next major release:
- 'server.tcp-reply-timeout' [s] to 'server.tcp-remote-io-timeout' [ms]
- 'server.max-tcp-clients' to 'server.tcp-max-clients'
- 'server.max-udp-payload' to 'server.udp-max-payload'
- 'server.max-ipv4-udp-payload' to 'server.udp-max-payload-ipv4'
- 'server.max-ipv6-udp-payload' to 'server.udp-max-payload-ipv6'
- 'template.journal-db' to 'database.journal-db'
- 'template.journal-db-mode' to 'database.journal-db-mode'
- 'template.max-journal-db-size' to 'database.journal-db-max-size'
- 'template.kasp-db' to 'database.kasp-db'
- 'template.max-kasp-db-size' to 'database.kasp-db-max-size'
- 'template.timer-db' to 'database.timer-db'
- 'template.max-timer-db-size' to 'database.timer-db-max-size'
- 'zone.max-journal-usage' to 'zone.journal-max-usage'
- 'zone.max-journal-depth' to 'zone.journal-max-depth'
- 'zone.max-zone-size' to 'zone.zone-max-size'
- 'zone.max-refresh-interval' to 'zone.refresh-max-interval'
- 'zone.min-refresh-interval' to 'zone.refresh-min-interval'
Knot DNS 2.8.5 (2020-01-01)
===========================
Improvements:
-------------
- Tiny ds-check log message rewording
- Various code and documentation improvements
Bugfixes:
---------
- RRSIGs are wrongly checked for inconsistent RRSet TTLs during zone update
- Server can crash when flushing zone to a specified directory
- ds-push doesn't replace the DS RRset on the parent #661
- Server gets stuck in a never-ending logging loop when changing SOA TTL
- Server can crash when the journal database size limit is reached
- Server can create a bogus changeset with equal serials from and to
- Server returns FORMERR instead of NOTIMP if empty QUESTION and unknown OPCODE
Knot DNS 2.8.4 (2019-09-24)
===========================
Features:
---------
- Automatic uploading of DS records to parent zone using DDNS,
see 'policy.ds-push' configuration option
Improvements:
-------------
- Incoming IXFR no longer falls back to AXFR if connection error #642
- More accurate semantic checks for missing glue records
- Various code and documentation improvements
Bugfixes:
---------
- Failed to read/export configuration if 'acl.update-type' is set #651
- Failed to generate initial zero-length salt
- Missing error log for invalid rrtype input to dynamic configuration #652
- Missing error log when AXFR processing fails to store zone data
- Redundant notice log about unavailable persistent configuration DB
- Zone not flushed after retransfer if SOA serial not changed
- Zone contents not properly fixed during zone transfers
- No changeset created for updated rrset's TTL if changed by RR addition
Knot DNS 2.8.3 (2019-07-16)
===========================
Features:
---------
- Added cert/key file configuration for TLS in kdig (Thanks to Alexander Schultz)
Improvements:
-------------
- More verbose log message for offline-KSK signing
- Module RRL logs affected source address subnet instead of only one source address
- Extended DNSSEC policy configuration checks
- Various improvements in the documentation
Bugfixes:
---------
- Excessive server load when maximum TCP clients limit is reached
- Incorrect reply after zone update with a node changed from non-authoritative to delegation
- Wrong error line number in a config file if it contains leading tab character
- Config file error message contains unrelated parsing context
- NSEC3 salt not updated when reconfigured to zero length
- Kjournalprint sometimes prints a random value for per-zone occupation
- Missing debug log for failed zone refresh triggered by zone notification
- DS check not scheduled when reconfigured
- Broken unit test on NetBSD 8.x
Knot DNS 2.8.2 (2019-06-05)
===========================
Features:
---------
- New blocking mode for zone event triggers in knotc
- New weighted records mode in the module geoip (Thanks to Conrad Hoffmann)
- Module noudp allows UDP allow rate configuration
Improvements:
-------------
- NSEC3 salt lifetime can be set to infinity
- New 'running' zone event status in the knotc output
- Knotc in the forced mode returns failure also if zone check emits any warning
- Ignoring PMTU information for IPv4/UDP via IP_PMTUDISC_OMIT (Thanks to Daisuke Higashi)
- Various improvements in the documentation
Bugfixes:
---------
- Broken setting of CPU affinity for UDP workers
- Unexpected results with the geoip subnet mode
- Sometimes insufficient zone adjusting
- Incoherent DNSKEY RRSIG lifetimes in SKR
- Confusing output from keymgr if an error occurs during KSR generation
- Non-functional changeset history depth limitation in kjournalprint
- Wrong processing of multiple $INCLUDE directives #646
Knot DNS 2.8.1 (2019-04-09)
===========================
Improvements:
-------------
- Possible zone transaction is aborted by zone events to avoid inconsistency
- Added log message if no persistent config DB is available during 'conf-begin'
- New environment setting 'KNOT_VERSION_FORMAT=release' for extended version suppression
- Various improvements in the documentation
Bugfixes:
---------
- Broken NSEC3-wildcard-nonexistence proof after NSEC3 re-salt
- Glue records under delegation are sometimes signed
- RRL doesn't work correctly on big-endian architectures
- NSEC3 not re-salted during AXFR refresh
- Failed to sign new zone contents if added dynamically #641
- NSEC3 opt-out signing doesn't work in some cases
- Broken NSEC3 chain after adding new sub-delegations
- Redundant SOA RRSIG on slave if RRSIG TTL changed on master
- Sometimes confusing log error message for NOTIFY event
- Improper include for LMDB #638
Knot DNS 2.8.0 (2019-03-05)
===========================
Features:
---------
- New offline-KSK mode of operation
- Configurable multithreaded DNSSEC signing for large zones
- Extended ACL configuration for dynamic updates
- New knotc trigger 'zone-key-rollover' for immediate DNSKEY rollover
- Added support for OPENPGPKEY, CSYNC, SMIMEA, and ZONEMD RR types
- New 'double-ds' option for CDS/CDNSKEY publication
Improvements:
-------------
- Significant speed-up of zone updates
- Knotc supports force option in the interactive mode
- Copy-on-write support for QP-trie (Thanks to Tony Finch)
- Unified and more efficient LMDB layer for journal, timer, and KASP databases
- DS check event is re-planned according to KASP even when purged timers
- Module DNS Cookies supports explicit Server Secret configuration
- Zone mtime is verified against full-precision timestamp (Thanks to Daniel Kahn Gillmor)
- Extended logging (loaded SOA serials, refresh duration, tiny cleanup)
- Relaxed fixed-length condition for DNSSEC key ID
- Extended semantic checks for DNAME and NS RR types
- Added support for FreeBSD's SO_REUSEPORT_LB
- Improved performance of geoip module
- Various improvements in the documentation
Compatibility:
--------------
- Changed configuration default for 'cds-cdnskey-publish' to 'rollover'
- Journal DB format changes are not downgrade-compatible
- Keymgr no longer prints DS for algorithm SHA-1
Knot DNS 2.7.8 (2019-07-16)
===========================
Improvements:
-------------
- Various improvements in the documentation
Bugfixes:
---------
- Excessive server load when maximum TCP clients limit is reached
- Incorrect reply after zone update with a node changed from non-authoritative to delegation
- Missing debug log for failed zone refresh triggered by zone notification
- Wrong processing of multiple $INCLUDE directives #646
- Broken unit test on NetBSD 8.x
Knot DNS 2.7.7 (2019-04-15)
===========================
Improvements:
-------------
- Possible zone transaction is aborted by zone events to avoid inconsistency
- Added log message if no persistent config DB is available during 'conf-begin'
- Tiny building improvements
Bugfixes:
---------
- Glue records under delegation are sometimes signed
- NSEC3 not re-salted during AXFR refresh
- Broken NSEC3 chain after adding new sub-delegations
- Failed to sign new zone contents if added dynamically #641
- NSEC3 opt-out signing doesn't work in some cases
- Redundant SOA RRSIG on slave if RRSIG TTL changed on master
- Sometimes confusing log error message for NOTIFY event
- Failed to explicit set value 0 for submission timeout
Knot DNS 2.7.6 (2019-01-23)
===========================
Improvements:
-------------
- Zone status also shows when the zone load is scheduled
- Server workers status also shows background workers utilization
- Default control timeout for knotc was increased to 10 seconds
- Pkg-config files contain auxiliary variable with library filename
Bugfixes:
---------
- Configuration commit or server reload can drop some pending zone events
- Nonempty zone journal is created even though it's disabled #635
- Zone is completely re-signed during empty dynamic update processing
- Server can crash when storing a big zone difference to the journal
- Failed to link on FreeBSD 12 with Clang
Knot DNS 2.7.5 (2019-01-07)
===========================
Features:
---------
- Keymgr supports NSEC3 salt handling
Improvements:
-------------
- Zone history in journal is dropped apon AXFR-like zone update
- Libdnssec is no longer linked against libm #628
- Libdnssec is explicitly linked against libpthread if PKCS #11 enabled #629
- Better support for libknot packaging in Python
- Manually generated KSK is 'ready' by default
- Kdig supports '+timeout' as an alias for '+time'
- Kdig supports '+nocomments' option
- Kdig no longer prints empty lines between retries
- Kdig returns failure if operations not successfully resolved #632
- Fixed repeating of the 'KSK submission, waiting for confirmation' log
- Various improvements in documentation, Dockerfile, and tests
Bugfixes:
---------
- Knotc fails to unset huge configuration section
- Kjournalprint sometimes fails to display zone journal content
- Improper timing of ZSK removal during ZSK rollover
- Missing UTC time zone indication in the 'iso' keymgr list output
- A race condition in the online signing module
Knot DNS 2.7.4 (2018-11-13)
===========================
Features:
---------
- Added SNI configuration for TLS in kdig (Thanks to Alexander Schultz)
Improvements:
-------------
- Added warning log when DNSSEC events not successfully scheduled
- New semantic check on timer values in keymgr
- DS query no longer asks other addresses if got a negative answer
- Reintroduced 'rollover' configuration option for CDS/CDNSKEY publication
- Extended logging for zone loading
- Various documentation improvements
Bugfixes:
---------
- Failed to import module configuration #613
- Improper Cflags value in libknot.pc if built with embedded LMDB #615
- IXFR doesn't fall back to AXFR if malformed reply
- DNSSEC events not correctly scheduled for empty zone updates
- During algorithm rollover old keys get removed before DS TTL expires #617
- Maximum zone's RRSIG TTL not considered during algorithm rollover #620
Knot DNS 2.7.3 (2018-10-11)
===========================
Features:
---------
- New queryacl module for query access control
- Configurable answer rrset rotation #612
- Configurable NSEC bitmap in online signing
Improvements:
-------------
- Better error logging for KASP DB operations #601
- Some documentation improvements
Bugfixes:
---------
- Keymgr "list" output doesn't show key size for ECDSA algorithms #602
- Failed to link statically with embedded LMDB
- Configuration commit causes zone reload for all zones
- The statistics module overlooks TSIG record in a request
- Improper processing of an AXFR-style-IXFR response consisting of one-record messages
- Race condition in online signing during key rollover #600
- Server can crash if geoip module is enabled in the geo mode
Knot DNS 2.7.2 (2018-08-29)
===========================
Improvements:
-------------
- Keymgr list command displays also key size
- Kjournalprint displays total occupied size in the debug mode
- Server doesn't stop if failed to load a shared module from the module directory
- Libraries libcap-ng, pthread, and dl are linked selectively if needed
Bugfixes:
---------
- Sometimes incorrect result from dnssec_nsec_bitmap_contains (libdnssec)
- Server can crash when loading zone file difference and zone-in-journal is set
- Incorrect treatment of specific queries in the module RRL
- Failed to link module Cookies as a shared library
Knot DNS 2.7.1 (2018-08-14)
===========================
Improvements:
-------------
- Added zone wire size information to zone loading log message
- Added debug log message for each unsuccessful remote address operation
- Various improvements for packaging
Bugfixes:
---------
- Incompatible handling of RRSIG TTL value when creating a DNS message
- Incorrect RRSIG TTL value in zone differences and knotc zone operation outputs
- Default configure prefix is ignored
Knot DNS 2.7.0 (2018-08-03)
===========================
Features:
---------
- New DNS Cookies module and related '+cookie' kdig option
- New module for response tailoring according to client's subnet or geographic location
- General EDNS Client Subnet support in the server
- OSS-Fuzz integration (Thanks to Jonathan Foote)
- New '+ednsopt' kdig option (Thanks to Jan Včelák)
- Online Signing support for automatic key rollover
- Non-normal file (e.g. pipe) loading support in zscanner #542
- Automatic SOA serial incrementation if non-empty zone difference
- New zone file load option for ignoring zone file's SOA serial
- New build-time option for alternative malloc specification
- Structured logging for DNSSEC key submission event
- Empty QNAME support in kdig
Improvements:
-------------
- Various library and server optimizations
- Reduced memory consumption of outgoing IXFR processing
- Linux capabilities use overhaul #546 (Thanks to Robert Edmonds)
- Online Signing properly signs delegations and CNAME records
- CDS/CDNSKEY rrset is signed with KSK instead of ZSK
- DNSSEC-related records are ignored when loading zone difference with signing enabled
- Minimum allowed RSA key length was increased to 1024
- Removed explicit dependency on Nettle
Bugfixes:
---------
- Possible uninitialized address buffer use in zscanner
- Possible index overflow during multiline record parsing in zscanner
- kdig +tls sometimes consumes 100 % CPU #561
- Single-Type Signing doesn't work with single ZSK key #566
- Zone not flushed after re-signing during zone load #594
- Server crashes when committing empty zone transaction
- Incoming IXFR with on-slave signing sometimes leads to memory corruption #595
Compatibility:
--------------
- Removed obsolete RRL configuration
- Removed obsolete module names 'mod-online-sign' and 'mod-synth-record'
- Removed obsolete 'ixfr-from-differences' configuration option
- Removed old journal migration
- Removed module rosedb
Knot DNS 2.6.9 (2018-08-14)
===========================
Improvements:
-------------
- Added zone wire size to zone loading log message
- Added debug log message for each unsuccessful remote address operation
Bugfixes:
---------
- Zone not flushed after re-signing during zone load #594
- Server crashes when committing empty zone transaction
- Incoming IXFR with on-slave signing sometimes leads to memory corruption #595
Knot DNS 2.6.8 (2018-07-10)
===========================
Features:
---------
- New 'import-pkcs11' command in keymgr
Improvements:
-------------
- Unixtime serial policy mimics Bind – increment if lower #593
Bugfixes:
---------
- Creeping memory consumption upon server reload #584
- Kdig incorrectly detects QNAME if 'notify' is a prefix
- Server crashes when zone sign fails #587
- CSK->KZSK rollover retires CSK early #588
- Server crashes when zone expires during outgoing multi-message transfer
- Kjournalprint doesn't convert zone name argument to lower-case
- Cannot switch to a previously used ksk-shared dnssec policy #589
Knot DNS 2.6.7 (2018-05-17)
===========================
Features:
---------
- Added 'dateserial' (YYYYMMDDnn) serial policy configuration (Thanks to Wolfgang Jung)
Improvements:
-------------
- Trailing data indication from the packet parser (libknot)
- Better configuration check for a problematical option combination
Bugfixes:
---------
- Incomplete configuration option item name check
- Possible buffer overflow in 'knot_dname_to_str' (libknot)
- Module dnsproxy doesn't preserve letter case of QNAME
- Module dnsproxy duplicates OPT and TSIG in the non-fallback mode
Knot DNS 2.6.6 (2018-04-11)
===========================
Features:
---------
- New EDNS option counters in the statistics module
- New '+orphan' filter for the 'zone-purge' operation
Improvements:
-------------
- Reduced memory consumption of disabled statistics metrics
- Some spelling fixes (Thanks to Daniel Kahn Gillmor)
- Server no longer fails to start if MODULE_DIR doesn't exist
- Configuration include doesn't fail if empty wildcard match
- Added a configuration check for a problematical option combination
Bugfixes:
---------
- NSEC3 chain not re-created when SOA minimum TTL changed
- Failed to start server if no template is configured
- Possibly incorrect SOA serial upon changed zone reload with DNSSEC signing
- Inaccurate outgoing zone transfer size in the log message
- Invalid dname compression if empty question section
- Missing EDNS in EMALF responses
Knot DNS 2.6.5 (2018-02-12)
===========================
Features:
---------
- New 'zone-notify' command in knotc
- Kdig uses '@server' as a hostname for TLS authentication if '+tls-ca' is set
Improvements:
-------------
- Better heap memory trimming for zone operations
- Added proper polling for TLS operations in kdig
- Configuration export uses stdout as a default output
- Simplified detection of atomic operations
- Added '--disable-modules' configure option
- Small documentation updates
Bugfixes:
---------
- Zone retransfer doesn't work well if more masters configured
- Kdig can leak or double free memory in corner cases
- Inconsistent error outputs from dynamic configuration operations
- Failed to generate documentation on OpenBSD
Knot DNS 2.6.4 (2018-01-02)
===========================
Features:
---------
- Module synthrecord allows multiple 'network' specification
- New CSK handling support in keymgr
Improvements:
-------------
- Allowed configuration for infinite zsk lifetime
- Increased performance and security of the module synthrecord
- Signing changeset is stored into journal even if 'zonefile-load' is whole
Bugfixes:
---------
- Unintentional zone re-sign during reload if empty NSEC3 salt
- Inconsistent zone names in journald structured logs
- Malformed outgoing transfer for big zone with TSIG
- Some minor DNSSEC-related issues
Knot DNS 2.6.3 (2017-11-24)
===========================
Bugfixes:
---------
- Wrong detection of signing scheme rollover
Knot DNS 2.6.2 (2017-11-23)
===========================
Features:
---------
- CSK algorithm rollover and (KSK, ZSK) <-> CSK rollover support
Improvements:
-------------
- Allowed explicit configuration for infinite ksk lifetime
- Proper error messages instead of unclear error codes in server log
- Better support for old compilers
Bugfixes:
---------
- Unexpected reply for DS query with an owner below a delegation point
- Old dependencies in the pkg-config file
Knot DNS 2.6.1 (2017-11-02)
===========================
Features:
---------
- NSEC3 Opt-Out support in the DNSSEC signing
- New CDS/CDNSKEY publish configuration option
Improvements:
-------------
- Simplified DNSSEC log message with DNSKEY details
- +tls-hostname in kdig implies +tls-ca if neither +tls-ca nor +tls-pin is given
- New documentation sections for DNSSEC key rollovers and shared keys
- Keymgr no longer prints useless algorithm number for generated key
- Kdig prints unknown RCODE in a numeric format
- Better support for LLVM libFuzzer
Bugfixes:
---------
- Faulty DNAME semantic check if present in the zone apex and NSEC3 is used
- Immediate zone flush not scheduled during the zone load event
- Server crashes upon dynamic zone addition if a query module is loaded
- Kdig fails to connect over TLS due to SNI is set to server IP address
- Possible out-of-bounds memory access at the end of the input
- TCP Fast Open enabled by default in kdig breaks TLS connection
Knot DNS 2.6.0 (2017-09-29)
===========================
Features:
---------
- On-slave (inline) signing support
- Automatic DNSSEC key algorithm rollover
- Ed25519 algorithm support in DNSSEC (requires GnuTLS 3.6.0)
- New 'journal-content' and 'zonefile-load' configuration options
- keymgr tries to run as user/group set in the configuration
- Public-only DNSSEC key import into KASP DB via keymgr
- NSEC3 resalt and parent DS query events are persistent in timer DB
- New processing state for a response suppression within a query module
- Enabled server side TCP Fast Open if supported
- TCP Fast Open support in kdig
Improvements:
-------------
- Better record owner compression if related to the previous rdata dname
- NSEC(3) chain is no longer recomputed whole on every update
- Remove inconsistent and unnecessary quoting in log files
- Avoiding of overlapping key rollovers at a time
- More DNSSEC-related semantic checks
- Extended timestamp format in keymgr
Bugfixes:
---------
- Incorrect journal free space computation causing inefficient space handling
- Interface-automatic broken on Linux in the presence of asymmetric routing
Knot DNS 2.5.7 (2018-01-02)
===========================
Bugfixes:
---------
- Unintentional zone re-sign during reload if empty NSEC3 salt
- Inconsistent zone names in journald structured logs
- Malformed outgoing transfer for big zone with TSIG
- Unexpected reply for DS query with an owner below a delegation point
- Old dependencies in the pkg-config file
Knot DNS 2.5.6 (2017-11-02)
===========================
Improvements:
-------------
- Keymgr no longer prints useless algorithm number for generated key
Bugfixes:
---------
- Faulty DNAME semantic check if present in the zone apex and NSEC3 is used
- Immediate zone flush not scheduled during the zone load event
- Server crashes upon dynamic zone addition if a query module is loaded
- Kdig fails to connect over TLS due to SNI is set to server IP address
Knot DNS 2.5.5 (2017-09-29)
===========================
Improvements:
-------------
- Constant time memory comparison in the TSIG processing
- Proper use of the ctype functions
- Generated RRSIG records have inception time 90 minutes in the past
Bugfixes:
---------
- Incorrect online signature for NSEC in the case of a CNAME record
- Incorrect timestamps in dnstap records
- EDNS Subnet Client validation rejects valid payloads
- Module configuration semantic checks are not executed
- Kzonecheck segfaults with unusual inputs
Knot DNS 2.5.4 (2017-08-31)
===========================
Improvements:
-------------
- New minimum and maximum refresh interval config options (Thanks to Manabu Sonoda)
- New warning when unforced flush with disabled zone file synchronization
- New 'dnskey' keymgr command
- Linking with libatomic on architectures that require it (Thanks to Pierre-Olivier Mercier)
- Removed 'OK' from listing keymgr command outputs
- Extended journal and keymgr documentation and logging
Bugfixes:
---------
- Incorrect handling of specific corner-cases with zone-in-journal
- The 'share' keymgr command doesn't work
- Server crashes if configured with query-size and reply-size statistics options
- Malformed big integer configuration values on some 32-bit platforms
- Keymgr uses local time when parsing date inputs
- Memory leak in kdig upon IXFR query
Knot DNS 2.5.3 (2017-07-14)
===========================
Features:
---------
- CSK rollover support for Single-Type Signing Scheme
Improvements:
-------------
- Allowed binding to non-local addresses for TCP (Thanks to Julian Brost!)
- New documentation section for manual DNSSEC key algorithm rollover
- Initial KSK also generated in the submission state
- The 'ds' keymgr command with no parameter uses all KSK keys
- New debug mode in kjournalprint
- Updated keymgr documentation
Bugfixes:
---------
- Sometimes missing RRSIG by KSK in submission state.
- Minor DNSSEC-related issues
Knot DNS 2.5.2 (2017-06-23)
===========================
Security:
---------
- CVE-2017-11104: Improper TSIG validity period check can allow TSIG forgery (Thanks to Synacktiv!)
Improvements:
-------------
- Extended debug logging for TSIG errors
- Better error message for unknown module section in the configuration
- Module documentation compilation no longer depends on module configuration
- Extended policy section configuration semantic checks
- Improved python version compatibility in pykeymgr
- Extended migration section in the documentation
- Improved DNSSEC event timing on 32-bit systems
- New KSK rollover start log info message
- NULL qtype support in kdig
Bugfixes:
---------
- Failed to process included configuration
- dnskey_ttl policy option in the configuration has no effect on DNSKEY TTL
- Corner case journal fixes (huge changesets, OpenWRT operation)
- Confusing event timestamps in knotc zone-status output
- NSEC/NSEC3 bitmap not updated for CDS/CDNSKEY
- CDS/CDNSKEY RRSIG not updated
Knot DNS 2.5.1 (2017-06-07)
===========================
Bugfixes:
---------
- pykeymgr no longer crash on empty json files in the KASP DB directory
- pykeymgr no longer imports keys in the "removed" state
- Imported keys in the "removed" state no longer makes knotd to crash
- Including an empty configuration directory no longer makes knotd to crash
- pykeymgr is distributed and installed to the distribution tarball
Knot DNS 2.5.0 (2017-06-05)
===========================
Features:
---------
- KASP database switched from JSON files to LMDB database
- KSK rollover support using CDNSKEY and CDS in the automatic DNSSEC signing
- Dynamic module loading support with proper module API
- Journal can store full zone contents (not only differences)
- Zone freeze/thaw support
- Updated knotc zone-status output with optional column filters
- New '[no]crypto' option in kdig
- New keymgr implementation reflecting KASP database changes
- New pykeymgr for JSON-based KASP database migration
- Removed obsolete knot1to2 utility
Improvements:
-------------
- Added libidn2 support to kdig (with libidn fallback)
- Maximum timer database switched from configure to the server configuration
Knot DNS 2.4.4 (2017-06-05)
===========================
Improvements:
-------------
- Improved error handling in kjournalprint
Bugfixes:
---------
- Zone flush not replanned upon unsuccessful flush
- Journal inconsistency after deleting deleted zone
- Zone events not rescheduled upon server reload (Thanks to Mark Warren)
- Unreliable LMDB mapsize detection in kjournalprint
- Some minor issues found by AddressSanitizer
Knot DNS 2.4.3 (2017-04-11)
===========================
Improvements:
-------------
- New 'journal-db-mode' optimization configuration option
- The default TSIG algorithm for utilities input is HMAC-SHA256
- Implemented sensible default EDNS(0) padding policy (Thanks to D. K. Gillmor)
- Added some more semantic checks on the knotc configuration operations
Bugfixes:
---------
- Missing 'zone' keyword in the YAML output
- Missing trailing dot in the keymgr DS owner output
- Journal logs 'invalid parameter' in several cases
- Some minor journal-related problems
Knot DNS 2.4.2 (2017-03-23)
===========================
Features:
---------
- Zscanner can store record comments placed on the same line
- Knotc status extension with version, configure, and workers parameters
Improvements:
-------------
- Significant incoming XFR speed-up in the case of many zones
Bugfixes:
---------
- Double OPT RR insertion when a global module returns KNOT_STATE_FAIL
- User-driven zscanner parsing logic inconsistency
- Lower serial at master doesn't trigger any errors
- Queries with too long DNAME substitution do not return YXDOMAIN response
- Incorrect elapsed time in the DDNS log
- Failed to process forwarded DDNS request with TSIG
Knot DNS 2.4.1 (2017-02-10)
===========================
......@@ -7,7 +2392,7 @@ Knot DNS 2.4.1 (2017-02-10)
Improvements:
-------------
- Speed-up of rdata addition into a huge rrset
- Introduce check of minumum timeout for next refresh
- Introduce check of minimum timeout for next refresh
- Dnsproxy module can forward all queries without local resolving
Bugfixes:
......@@ -34,7 +2419,7 @@ Bugfixes:
- Timers for expired zones are reset on reload
- Zone doesn't expire when the server is down
- Failed to handle keys with duplicate keytags
- Per zone module and global module insconsistency
- Per zone module and global module inconsistency
- Obsolete online signing module configuration
- Malformed output from kjournalprint
- Redundant SO_REUSEPORT activation on the TCP socket
......@@ -58,6 +2443,21 @@ Features:
- Automatic deletion of retired DNSSEC keys
- New control logging category
Knot DNS 2.3.4 (2017-11-20)
===========================
Security:
---------
- CVE-2017-11104: Improper TSIG validity period check can allow TSIG forgery (Thanks to Synacktiv!)
Bugfixes:
---------
- Unexpected response for DS query below delegation poing
- Zone events not rescheduled upon server reload (Thanks to Mark Warren)
- Missing trailing dot in the keymgr DS owner output
- Malformed output from kjournalprint
- Redundant SO_REUSEPORT activation on the TCP socket
Knot DNS 2.3.3 (2016-12-08)
===========================
......@@ -270,7 +2670,7 @@ Bugfixes:
- Fix TC flag setting in RRL slipped answers
- Disable domain name compression for root label
- Log via journald only when running under systemd
- Fix CNAME following when quering for NSEC RR type
- Fix CNAME following when querying for NSEC RR type
- Fix refreshing of DNSSEC signatures for zone keys
- Fix binding an unavailable IPv6 address on Linux (IP_FREEBIND)
- Fix infinite loop in knotc zonestatus and memstats
......@@ -370,7 +2770,7 @@ Bugfixes:
---------
- Journal file would sometimes outgrow its limit (ixfr-fslimit in configuration)
- Fixed incompatibility with OpenSSL 0.9.8
- Proper handling when hostname cannot be retreived (for NSID and CH)
- Proper handling when hostname cannot be retrieved (for NSID and CH)
Features:
---------
......@@ -415,7 +2815,7 @@ Knot DNS 1.5.3 (2014-09-15)
Bugfixes:
---------
- Some specific incoming IXFRs were causing server to crash
- Rare sychronization error during reload caused read-after-free
- Rare synchronization error during reload caused read-after-free
- Response synthetization module did not work properly with DNSSEC-enabled zones
- When Knot sent AXFR when IXFR was requested, message ID and opcode were wrong
- Knot failed to send large messages to remote control (present since 1.5.1)
......@@ -467,7 +2867,7 @@ Bugfixes:
---------
- Zone flush planning after bootstrap
- Incorrect incoming AXFR message sizes
- DDNS signing changes were freed too soon, posibility of stale data
- DDNS signing changes were freed too soon, possibility of stale data
- knotc remote control key handling
Knot DNS 1.5.0-rc2 (2014-06-18)
......@@ -615,7 +3015,7 @@ Features:
- Defaults for CH TXT id.server,version.server (see doc)
- Much faster bootstrap of many zones
- --with-configdir option for default config path
- Reintroducted 'pidfile' config option
- Reintroduced 'pidfile' config option
- Utility to estimate memory consumption (see 'knotc memstats')
- PID file is not created when running on foreground
- UNIX sockets support for knotc
......@@ -744,7 +3144,7 @@ Features:
- Support for '/' in zone names.
- Generating journal from reloaded zone (EXPERIMENTAL).
- Outgoing-only interfaces in configuration file.
- Following DNAME if the synthetized name is in the same zone.
- Following DNAME if the synthesized name is in the same zone.
Bugfixes:
---------
......@@ -849,7 +3249,7 @@ Bugfixes:
---------
- Fixed leak when querying non-existing name and zone SOA TTL >
minimal.
- Fixed some minor bugs in tansfers.
- Fixed some minor bugs in transfers.
Improvements:
-------------
......@@ -883,7 +3283,7 @@ Features:
---------
- Support for subnets in ACL.
- Debug messages enabling in configure.
- Optimized memory consuption of zone structures.
- Optimized memory consumption of zone structures.
- NSID support (RFC5001).
- Root zone support.
- Automatic zone compiling on server start.
......@@ -971,7 +3371,7 @@ Known issues:
- Root zone support
- NSID support
- Other DNS classes than IN
- RRSet rotation not implmented
- RRSet rotation not implemented
- Dynamic update support
- IXFR code might be flaky sometimes
- IXFR may be slow when too much (10 000+) RRSets are transferred at
......
README deleted 100644 → 0
View file @ 35500368
Dependencies
============
Knot DNS has several dependencies:
* libtool
* autoconf > 2.65
* pkg-config
* liburcu >= 0.5.4
* gnutls >= 3.0
* jansson >= 2.3
* libedit
Embedded libraries:
* lmdb (system library is preferred)
Optional packages:
* libcap-ng >= 0.6.4 (for POSIX 1003.1e capabilities(7))
* libidn (for IDNA2003 support in Knot utilities)
* libsystemd (for systemd init system support)
Dependencies for building documentation:
* python-sphinx
Installation
============
Knot DNS may already be included in your operating system distribution and
therefore can be installed from packages (Linux), ports (BSD) or via
Homebrew (Mac). This is always preferred unless you want to test the latest
features, contribute to Knot development, or you just know what you are doing.
Following sections describe how to build Knot DNS from the source code.
1) Install prerequisites
Debian based distributions
--------------------------
Update the system:
$ sudo apt-get update
$ sudo apt-get upgrade
Install prerequisites:
$ sudo apt-get install \
libtool autoconf make pkg-config liburcu-dev libgnutls28-dev libjansson-dev libedit-dev
Install optional packages to override embedded libraries:
$ sudo apt-get install liblmdb-dev
Install optional packages:
$ sudo apt-get install libcap-ng-dev libsystemd-dev libidn11-dev protobuf-c-compiler libfstrm-dev
Fedora like distributions
-------------------------
Update the system:
# dnf upgrade
Install basic development tools:
# dnf install @buildsys-build
Install prerequisites:
# dnf install \
libtool autoconf pkgconfig automake userspace-rcu-devel gnutls-devel jansson-devel libedit-devel
Install optional packages to override embedded libraries:
# dnf install lmdb-devel
Install optional packages:
# dnf install libcap-ng-devel systemd-devel libidn-devel protobuf-c-devel fstrm-devel
When compiling on RHEL based system, the Fedora EPEL repository has to be
enabled. Also for RHEL 6, forward compatibility package gnutls30-devel
with newer GnuTLS is required instead of gnutls-devel.
2) Install Knot DNS
Knot DNS requires compiler to support atomic intrinsics.
GCC version at least 4.1 supports legacy atomic builtins, however 4.7
or newer is preferred. Clang supports atomics since version 2.9.
Get the source code:
$ git clone git://git.nic.cz/knot-dns.git
Or extract source package to knot-dns directory
Compile Knot
$ cd knot-dns
$ autoreconf -if
$ ./configure
$ make
Install Knot DNS into system:
$ sudo make install
$ sudo ldconfig
NOTE: If you want to reduce zscanner compile time, use configure option --disable-fastparser.
Running
=======
1) Each server needs configuration file. Please see samples/knot.sample.conf,
project documentation, or man 5 knot.conf for more details.
Configuration file has to specify:
- storage for PID files, journal files etc.
- network interfaces
- served zones
E.g. use the default config file:
$ cd /etc/knot
$ mv knot.sample.conf knot.conf
Modify the config:
$ editor knot.conf
2) Prepare working directory
$ mv example.com.zone /var/lib/knot/
3) Start the server. This can be done by running the 'knotd' command.
Alternatively, your distribution should have an init script available, if you've
installed Knot using a binary package.
Start Knot in the foreground to see if it runs:
$ knotd -c myserver.conf
For more information, refer to the user manual or:
$ knotc -h
$ knotd -h
Join the chat at https://gitter.im/CZ-NIC/knot
README.md 0 → 100644
View file @ a4da7526
[![Coverity Status](https://img.shields.io/coverity/scan/knot-dns.svg)](https://scan.coverity.com/projects/knot-dns)
[![Fuzzing Status](https://oss-fuzz-build-logs.storage.googleapis.com/badges/knot-dns.svg)](https://bugs.chromium.org/p/oss-fuzz/issues/list?sort=-opened&can=1&q=proj:knot-dns)
# Requirements
[doc/requirements.rst](doc/requirements.rst)
# Installation
[doc/installation.rst](doc/installation.rst)
## 1. Install prerequisites
### Debian based distributions
#### Update the system:
```bash
sudo apt-get update
sudo apt-get upgrade
```
#### Install prerequisites:
```bash
sudo apt-get install \
libtool autoconf automake make pkg-config liburcu-dev libgnutls28-dev libedit-dev liblmdb-dev
```
#### Install optional packages:
```bash
sudo apt-get install \
libcap-ng-dev libsystemd-dev libidn2-dev libprotobuf-c-dev protobuf-c-compiler libfstrm-dev libmaxminddb-dev libnghttp2-dev libbpf-dev libxdp-dev libmnl-dev python3-sphinx python3-sphinx-panels softhsm2
```
### Fedora like distributions
#### Update the system:
```bash
dnf upgrade
```
#### Install basic development tools:
```bash
dnf install @buildsys-build
```
#### Install prerequisites:
```bash
dnf install \
libtool autoconf automake pkgconfig userspace-rcu-devel gnutls-devel libedit-devel lmdb-devel
```
#### Install optional packages:
```bash
dnf install \
libcap-ng-devel systemd-devel libidn2-devel protobuf-c-devel fstrm-devel libmaxminddb-devel libnghttp2-devel libbpf-devel libxdp-devel libmnl-devel python-sphinx python-sphinx-panels softhsm
```
When compiling on RHEL based system, the Fedora EPEL repository has to be
enabled.
## 2. Install Knot DNS
Get the source code:
```bash
git clone https://gitlab.nic.cz/knot/knot-dns.git
```
Or extract source package to knot-dns directory.
Compile the source code:
```bash
cd knot-dns
autoreconf -if
./configure
make
```
Install Knot DNS into system:
```bash
sudo make install
sudo ldconfig
```
# Running
### 1. Ensure some configuration
[doc/configuration.rst](doc/configuration.rst)
Please see [samples/knot.sample.conf](samples/knot.sample.conf),
[project documentation](https://www.knot-dns.cz/documentation/),
or `man 5 knot.conf` for more details. Basically the configuration should specify:
- network interfaces
- served zones
E.g. use the default configuration file:
```bash
cd /etc/knot
mv knot.sample.conf knot.conf
```
Modify the configuration file:
```bash
editor knot.conf
```
### 2. Prepare working directory
```bash
mv example.com.zone /var/lib/knot/
```
### 3. Start the server
[doc/operation.rst](doc/operation.rst)
This can be done by running the `knotd` command. Alternatively, your distribution
should have an init script available, if you installed Knot DNS from a binary package.
Start the server in foreground to see if it runs:
```bash
knotd -c /etc/knot/knot.conf
```
THANKS deleted 100644 → 0
View file @ 35500368
Knot DNS was originally written by CZ.NIC Labs. It would not be what
it is today without the invaluable help of these people, who have
reported problems, suggested improvements, or submitted actual code.
Please help us keep this list complete and free from errors. Also see
the AUTHORS file for the list of people with contributions significant
enough to warrant copyright assignment.
Anton Shterenlikht mexas@bristol.ac.uk
Geert Hendrickx geert@hendrickx.be
Michal 'vorner' Vaner vorner@ucw.cz
Ondřej Caletka ondrej@caletka.cz
Anand Buddhdev anandb@ripe.net