Skip to content
Snippets Groups Projects
  • Released date
  • Created date
Evidence collection
Collected 1 month ago

Improvements

  • rate-limiting: add these options, mechanism, docs (!1624)

  • manager: secret for TLS session resumption via ticket (RFC5077) (!1567)

    The manager creates and sets the secret for all running kresd workers. The secret is created automatically if the user does not configure their own secret in the configuration. This means that the workers will be able to resume each other's TLS sessions, regardless of whether the user has configured it to do so.

  • answer NOTIMPL for meta-types and non-IN RR classes (!1589)

  • views: improve interaction with old-style policies (!1576)

  • stats: add stale answer counter 'answer.stale' (!1591)

  • extended_errors: answer with EDE in more cases (!1585, !1588, !1590, !1592)

  • local-data: make DNAMEs work, i.e. generate CNAMEs (!1609)

  • daemon: use connected UDP sockets by default (#326, !1618)

  • docker: multiplatform builds (#922, !1623)

  • docker: shared VOLUMEs are prepared for configuration and cache (!1625, !1627)

    Configuration path was changed to standard /etc/knot-resolver/config.yaml.

Bugfixes

  • daemon/proxyv2: fix informing the engine about TCP/TLS from the actual client (!1578)
  • forward: fix wrong pin-sha256 length; also log pins on mismatch (!1601, #813)

Incompatible changes

  • -f/--forks is removed (#631, !1602)
  • gnutls < 3.4 support is dropped, released over 9 years ago (!1601)
  • libuv < 1.27 support is dropped, released over 5 years ago (!1618)
Loading