.gitlab-ci.yml

@@ -10,23 +10,20 @@ stages:
   - deploy
 
 .debian_stretch: &debian_stretch
-  image: cznic/debian:stretch-knot-v2
+  image: cznic/debian:stretch-knot-latest
   tags:
-    - docker
     - linux
     - amd64
   
 .ubuntu_xenial: &ubuntu_xenial
   image: cznic/ubuntu:16.04-knot
   tags:
-    - docker
     - linux
     - amd64
 
 .debian_stretch_armel: &debian_stretch_armel
   image: cznic/armel-debian-knot
   tags:
-    - docker
     - linux
     - arm
 
@@ -57,7 +54,7 @@ configure:ubuntu:amd64:
   <<: *configure_job
   except:
     - tags
-    - docs-*
+    - docs-2.4
 
 build:ubuntu:amd64:
   <<: *ubuntu_xenial
@@ -66,7 +63,7 @@ build:ubuntu:amd64:
     - configure:ubuntu:amd64
   except:
     - tags
-    - docs-*
+    - docs-2.4
 
 test:ubuntu:amd64:
   <<: *ubuntu_xenial
@@ -75,7 +72,7 @@ test:ubuntu:amd64:
     - build:ubuntu:amd64
   except:
     - tags
-    - docs-*
+    - docs-2.4
 
 configure:debian:stretch:amd64:
   <<: *debian_stretch
@@ -86,12 +83,16 @@ build:debian:stretch:amd64:
   <<: *build_job
   dependencies:
     - configure:debian:stretch:amd64
+  except:
+    - docs-2.4
 
 test:debian:stretch:amd64:
   <<: *debian_stretch
   <<: *test_job
   dependencies:
     - build:debian:stretch:amd64
+  except:
+    - docs-2.4
 
 configure:debian:stretch:armel:
   <<: *debian_stretch_armel
@@ -123,7 +124,7 @@ build:documentation:
   only:
     - tags
     - triggers
-    - docs-*
+    - docs-2.4
   script:
     - make -C doc html singlehtml pdf
   artifacts:
@@ -136,12 +137,10 @@ build:documentation:
 deploy:documentation:
   <<: *debian_stretch
   stage: deploy
-  before_script:
-    - apt-get -y install curl
   only:
     - tags
     - triggers
-    - docs-*
+    - docs-2.4
   script:
     - "curl --http1.1 --request POST --form token=$WEBSITE_TOKEN --form ref=master --form \"variables[RELEASE_CI_BUILD_REF_NAME]=$CI_BUILD_REF_NAME\" --form \"variables[RELEASE_CI_BUILD_ID]=$CI_BUILD_ID\" https://gitlab.labs.nic.cz/api/v3/projects/5/trigger/builds"
   artifacts:

NEWS

+Knot DNS 2.4.5 (2017-06-23)
+===========================
+
+Security:
+---------
+ - Improper TSIG validity period check can allow TSIG forgery (Thanks to Synacktiv!)
+
+Bugfixes:
+---------
+ - Corner case journal fixes (huge changesets, OpenWRT operation)
+
+Knot DNS 2.4.4 (2017-06-05)
+===========================
+
+Improvements:
+-------------
+ - Improved error handling in kjournalprint
+
+Bugfixes:
+---------
+ - Zone flush not replanned upon unsuccessful flush
+ - Journal inconsistency after deleting deleted zone
+ - Zone events not rescheduled upon server reload (Thanks to Mark Warren)
+ - Unreliable LMDB mapsize detection in kjournalprint
+ - Some minor issues found by AddressSanitizer
+
+Knot DNS 2.4.3 (2017-04-11)
+===========================
+
+Improvements:
+-------------
+ - New 'journal-db-mode' optimization configuration option
+ - The default TSIG algorithm for utilities input is HMAC-SHA256
+ - Implemented sensible default EDNS(0) padding policy (Thanks to D. K. Gillmor)
+ - Added some more semantic checks on the knotc configuration operations
+
+Bugfixes:
+---------
+ - Missing 'zone' keyword in the YAML output
+ - Missing trailing dot in the keymgr DS owner output
+ - Journal logs 'invalid parameter' in several cases
+ - Some minor journal-related problems
+
+Knot DNS 2.4.2 (2017-03-23)
+===========================
+
+Features:
+---------
+ - Zscanner can store record comments placed on the same line
+ - Knotc status extension with version, configure, and workers parameters
+
+Improvements:
+-------------
+ - Significant incoming XFR speed-up in the case of many zones
+
+Bugfixes:
+---------
+ - Double OPT RR insertion when a global module returns KNOT_STATE_FAIL
+ - User-driven zscanner parsing logic inconsistency
+ - Lower serial at master doesn't trigger any errors
+ - Queries with too long DNAME substitution do not return YXDOMAIN response
+ - Incorrect elapsed time in the DDNS log
+ - Failed to process forwarded DDNS request with TSIG
+
+Knot DNS 2.4.1 (2017-02-10)
+===========================
+
+Improvements:
+-------------
+ - Speed-up of rdata addition into a huge rrset
+ - Introduce check of minumum timeout for next refresh
+ - Dnsproxy module can forward all queries without local resolving
+
+Bugfixes:
+--------
+ - Transfer of a huge rrset goes into an infinite loop
+ - Huge response over TCP contains useless TC bit instead of SERVFAIL
+ - Failed to build utilities with disabled daemon
+ - Memory leaks during keys removal
+ - Rough TSIG packet reservation causes early truncation
+ - Minor out-of-bounds string termination write in rrset dump
+ - Server crash during stop if failed to open timers DB
+ - Failed to compile on OS X older than Sierra
+ - Poor minimum UDP-max-size configuration check
+ - Failed to receive one-record-per-message IXFR-style AXFR
+ - Kdig timeouts when receiving RCODE != NOERROR on subsequent transfer message
+
 Knot DNS 2.4.0 (2017-01-18)
 ===========================
 

configure.ac

@@ -4,11 +4,12 @@ AC_PREREQ([2.60])
 
 m4_define([knot_VERSION_MAJOR],2)dnl
 m4_define([knot_VERSION_MINOR],4)dnl
-m4_define([knot_VERSION_PATCH],0)dnl
+m4_define([knot_VERSION_PATCH],5)dnl
 m4_define([knot_VERSION_EXTRA],)dnl
 m4_define([knot_PKG_VERSION],[knot_VERSION_MAJOR.knot_VERSION_MINOR.knot_VERSION_PATCH]knot_VERSION_EXTRA)dnl
 
 AC_INIT([knot], knot_PKG_VERSION, [knot-dns@labs.nic.cz])
+configure_params="$*"
 AM_INIT_AUTOMAKE([gnits subdir-objects no-dist-gzip dist-xz -Wall -Werror])
 AM_SILENT_RULES([yes])
 AC_CONFIG_SRCDIR([src/knot])
@@ -26,6 +27,10 @@ AC_CONFIG_FILES([src/libknot/version.h
                  src/zscanner/version.h
                  src/dnssec/lib/dnssec/version.h])
 
+# Store ./configure parameters into macro
+AC_DEFINE_UNQUOTED([CONFIGURE_PARAMS],["$configure_params"],[Params passed to configure])
+AC_DEFINE_UNQUOTED([CONFIGURE_CFLAGS],["$CFLAGS"],[Passed CFLAGS from environment])
+
 # Updating version info
 # https://www.gnu.org/software/libtool/manual/html_node/Updating-version-info.html
 AC_SUBST([libknot_VERSION_INFO],["-version-info 5:0:0"])
@@ -353,7 +358,7 @@ AS_IF([test "$have_lmdb" != "no"],[
     enable_lmdb=shared
     ],[
     enable_lmdb=embedded
-    lmdb_CFLAGS='-I$(srcdir)/contrib/lmdb'
+    CFLAGS="$CFLAGS -I\$(top_srcdir)/src/contrib/lmdb"
     ])
 AM_CONDITIONAL([HAVE_LMDB], test "$enable_lmdb" = "shared")
 AC_SUBST([lmdb_CFLAGS])
@@ -486,6 +491,12 @@ AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <pthread_np.h>]], [[cpuset_t set; CPU
 AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <sched.h>]], [[cpuset_t* set = cpuset_create(); cpuset_destroy(set);]])],
 [AC_DEFINE(HAVE_CPUSET_NETBSD, 1, [Define if cpuset_t and cpuset(3) exists.])])
 
+AC_COMPILE_IFELSE(
+  [AC_LANG_PROGRAM([[#include <stdint.h>]],
+                   [[uint64_t val = 0; __atomic_add_fetch(&val, 1, __ATOMIC_RELAXED);]])],
+  [AC_DEFINE(HAVE_ATOMIC, 1, [Define to 1 if you have '__atomic' functions.])]
+)
+
 # Prepare CFLAG_VISIBILITY to be used where needed
 gl_VISIBILITY()
 
@@ -525,24 +536,7 @@ AM_CONDITIONAL([HAVE_SPHINXBUILD], test "$SPHINXBUILD" != "false")
 AM_CONDITIONAL([HAVE_PDFLATEX], test "$PDFLATEX" != "false")
 AM_CONDITIONAL([HAVE_MAKEINFO], test "$MAKEINFO" != "false")
 
-AC_CONFIG_FILES([Makefile
-                 doc/Makefile
-                 libtap/Makefile
-                 tests/Makefile
-                 tests-fuzz/Makefile
-                 samples/Makefile
-                 python/Makefile
-                 src/Makefile
-                 src/contrib/dnstap/Makefile
-                 src/dnssec/Makefile
-                 src/dnssec/tests/Makefile
-                 src/zscanner/Makefile
-                 ])
-
-AC_OUTPUT
-
-AC_MSG_RESULT([
-  $PACKAGE $VERSION
+result_msg_base="  $PACKAGE $VERSION
 
     Target:   $host_os $host_cpu
     Compiler: ${CC}
@@ -578,7 +572,31 @@ AC_MSG_RESULT([
     Dnstap support:      ${opt_dnstap}
     Code coverage:       ${enable_code_coverage}
     Bash completions:    ${bash_completions_output}
-    PKCS #11 support:    ${enable_pkcs11}
+    PKCS #11 support:    ${enable_pkcs11}"
+
+result_msg_esc=$(echo -n "$result_msg_base" | sed '$!s/$/\\n/' | tr -d '\n')
+result_msg_add="
+$result_msg_base
 
   Continue with 'make' command
-])
+"
+
+AC_DEFINE_UNQUOTED([CONFIGURE_SUMMARY],["$result_msg_esc"],[Configure summary])
+
+AC_CONFIG_FILES([Makefile
+                 doc/Makefile
+                 libtap/Makefile
+                 tests/Makefile
+                 tests-fuzz/Makefile
+                 samples/Makefile
+                 python/Makefile
+                 src/Makefile
+                 src/contrib/dnstap/Makefile
+                 src/dnssec/Makefile
+                 src/dnssec/tests/Makefile
+                 src/zscanner/Makefile
+                 ])
+
+AC_OUTPUT
+
+AC_MSG_RESULT([$result_msg_add])

doc/man/kdig.1in

@@ -112,7 +112,7 @@ and type is set automatically.
 .TP
 \fB\-y\fP [\fIalg\fP:]\fIname\fP:\fIkey\fP
 Use the TSIG key named \fIname\fP to authenticate the request. The \fIalg\fP
-part specifies the algorithm (the default is hmac\-md5) and \fIkey\fP specifies
+part specifies the algorithm (the default is hmac\-sha256) and \fIkey\fP specifies
 the shared secret encoded in Base64.
 .TP
 \fB\-E\fP \fItapfile\fP
@@ -222,8 +222,12 @@ Request the nameserver identifier (NSID).
 \fB+\fP[\fBno\fP]\fBbufsize\fP=\fIB\fP
 Set EDNS buffer size in bytes (default is 512 bytes).
 .TP
-\fB+\fP[\fBno\fP]\fBpadding\fP=\fIB\fP
-Set EDNS(0) padding option data length (default is no).
+\fB+\fP[\fBno\fP]\fBpadding\fP[=\fIB\fP]
+Use EDNS(0) padding option to pad queries, optionally to a specific
+size. The default is to pad queries with a sensible amount when using
++tls, and not to pad at all when queries are sent without TLS.  With
+no argument (i.e., just +padding) pad every query with a sensible
+amount regardless of the use of TLS. With +nopadding, never pad.
 .TP
 \fB+\fP[\fBno\fP]\fBalignment\fP[=\fIB\fP]
 Align the query to B\-byte\-block message using the EDNS(0) padding option

doc/man/knot.conf.5in

@@ -652,6 +652,7 @@ template:
   \- id: STR
     timer\-db: STR
     journal\-db: STR
+    journal\-db\-mode: robust | asynchronous
     max\-journal\-db\-size: SIZE
     global\-module: STR/STR ...
     # All zone options (excluding \(aqtemplate\(aq item)
@@ -688,6 +689,30 @@ This option is only available in the \fIdefault\fP template.
 .UNINDENT
 .sp
 \fIDefault:\fP \fI\%storage\fP/journal
+.SS journal\-db\-mode
+.sp
+Specifies journal LMDB backend configuration, which influences performance
+and durability.
+.sp
+Possible values:
+.INDENT 0.0
+.IP \(bu 2
+\fBrobust\fP – The journal DB disk sychronization ensures DB durability but is
+generally slower
+.IP \(bu 2
+\fBasynchronous\fP – The journal DB disk synchronization is optimized for
+better perfomance at the expense of lower DB durability; this mode is
+recommended only on slave nodes with many zones
+.UNINDENT
+.sp
+\fBNOTE:\fP
+.INDENT 0.0
+.INDENT 3.5
+This option is only available in the \fIdefault\fP template.
+.UNINDENT
+.UNINDENT
+.sp
+\fIDefault:\fP robust
 .SS max\-journal\-db\-size
 .sp
 Hard limit for the common journal DB. There is no cleanup logic in journal

doc/man/knotc.8in

@@ -68,8 +68,10 @@ Print the program version.
 .SS Actions
 .INDENT 0.0
 .TP
-\fBstatus\fP
+\fBstatus\fP [\fIdetail\fP]
 Check if the server is running.
+Moreover display either the running knotd version, numbers of worker threads,
+or Knot DNS buid (configure) summary, if the parameter is specified.
 .TP
 \fBstop\fP
 Stop the server if running.
@@ -194,6 +196,8 @@ Use \fB@\fP \fIowner\fP to denote the zone name.
 .sp
 Type \fIitem\fP parameter in the form of \fIsection\fP[\fB[\fP\fIid\fP\fB]\fP][\fB\&.\fP\fIname\fP].
 .sp
+The \fIdetail\fP option for \fBstatus\fP can be one of words: version, workers, configure.
+.sp
 (*) indicates a local operation which requires a configuration.
 .SS Interactive mode
 .sp

doc/man/knsupdate.1in

@@ -75,7 +75,7 @@ Print the program version.
 .TP
 \fB\-y\fP [\fIalg\fP:]\fIname\fP:\fIkey\fP
 Use the TSIG key with a name \fIname\fP to authenticate the request. The \fIalg\fP
-part specifies the algorithm (the default is hmac\-md5) and \fIkey\fP specifies
+part specifies the algorithm (the default is hmac\-sha256) and \fIkey\fP specifies
 the shared secret encoded in Base64.
 .UNINDENT
 .SS Commands

doc/man_kdig.rst

@@ -89,7 +89,7 @@ Options
 
 **-y** [*alg*:]\ *name*:*key*
   Use the TSIG key named *name* to authenticate the request. The *alg*
-  part specifies the algorithm (the default is hmac-md5) and *key* specifies
+  part specifies the algorithm (the default is hmac-sha256) and *key* specifies
   the shared secret encoded in Base64.
 
 **-E** *tapfile*
@@ -199,8 +199,12 @@ Options
 **+**\ [\ **no**\ ]\ **bufsize**\ =\ *B*
   Set EDNS buffer size in bytes (default is 512 bytes).
 
-**+**\ [\ **no**\ ]\ **padding**\ =\ *B*
-  Set EDNS(0) padding option data length (default is no).
+**+**\ [\ **no**\ ]\ **padding**\[\ =\ *B*\]
+  Use EDNS(0) padding option to pad queries, optionally to a specific
+  size. The default is to pad queries with a sensible amount when using
+  +tls, and not to pad at all when queries are sent without TLS.  With
+  no argument (i.e., just +padding) pad every query with a sensible
+  amount regardless of the use of TLS. With +nopadding, never pad.
 
 **+**\ [\ **no**\ ]\ **alignment**\[\ =\ *B*\]
   Align the query to B\-byte-block message using the EDNS(0) padding option

doc/man_knotc.rst

@@ -45,8 +45,10 @@ Parameters
 Actions
 .......
 
-**status**
+**status** [*detail*]
   Check if the server is running.
+  Moreover display either the running knotd version, numbers of worker threads,
+  or Knot DNS buid (configure) summary, if the parameter is specified.
 
 **stop**
   Stop the server if running.
@@ -172,6 +174,8 @@ Use **@** *owner* to denote the zone name.
 
 Type *item* parameter in the form of *section*\ [**[**\ *id*\ **]**\ ][**.**\ *name*].
 
+The *detail* option for **status** can be one of words: version, workers, configure.
+
 (*) indicates a local operation which requires a configuration.
 
 Interactive mode

doc/man_knsupdate.rst

@@ -52,7 +52,7 @@ Options
 
 **-y** [*alg*:]\ *name*:*key*
   Use the TSIG key with a name *name* to authenticate the request. The *alg*
-  part specifies the algorithm (the default is hmac-md5) and *key* specifies
+  part specifies the algorithm (the default is hmac-sha256) and *key* specifies
   the shared secret encoded in Base64.
 
 Commands

doc/reference.rst

@@ -774,6 +774,7 @@ if a zone doesn't have another template specified.
    - id: STR
      timer-db: STR
      journal-db: STR
+     journal-db-mode: robust | asynchronous
      max-journal-db-size: SIZE
      global-module: STR/STR ...
      # All zone options (excluding 'template' item)
@@ -811,6 +812,27 @@ as a relative path to the *default* template :ref:`storage<zone_storage>`.
 
 *Default:* :ref:`storage<zone_storage>`/journal
 
+.. _template_journal-db-mode:
+
+journal-db-mode
+---------------
+
+Specifies journal LMDB backend configuration, which influences performance
+and durability.
+
+Possible values:
+
+- ``robust`` – The journal DB disk sychronization ensures DB durability but is
+  generally slower
+- ``asynchronous`` – The journal DB disk synchronization is optimized for
+  better perfomance at the expense of lower DB durability; this mode is
+  recommended only on slave nodes with many zones
+
+.. NOTE::
+   This option is only available in the *default* template.
+
+*Default:* robust
+
 .. _template_max-journal-db-size:
 
 max-journal-db-size

python/libknot/control.py

@@ -330,7 +330,7 @@ class KnotCtl(object):
         section = reply[KnotCtlDataIdx.SECTION]
         item = reply[KnotCtlDataIdx.ITEM]
         idx = reply[KnotCtlDataIdx.ID]
-        data = reply[KnotCtlDataIdx.DATA]
+        data = int(reply[KnotCtlDataIdx.DATA])
 
         # Add the zone if not exists.
         if zone:

src/contrib/ucw/lists.c

@@ -218,3 +218,17 @@ void ptrlist_rem(ptrnode_t *node, knot_mm_t *mm)
 	rem_node(&node->n);
 	mm_free(mm, node);
 }
+
+/**
+ * ptrlist_deep_free - free all nodes incl referenced data
+ * @list: list nodes
+ * @mm: memory context
+ */
+void ptrlist_deep_free(list_t *l, knot_mm_t *mm)
+{
+	ptrnode_t *n;
+	WALK_LIST(n, *l) {
+		mm_free(mm, n->d);
+	}
+	ptrlist_free(l, mm);
+}

src/contrib/ucw/lists.h

@@ -79,4 +79,5 @@ typedef struct ptrnode {
 ptrnode_t *ptrlist_add(list_t *, void *, knot_mm_t *);
 void ptrlist_free(list_t *, knot_mm_t *);
 void ptrlist_rem(ptrnode_t *node, knot_mm_t *mm);
+void ptrlist_deep_free(list_t *, knot_mm_t *);
 

src/knot/common/stats.c

-/*  Copyright (C) 2016 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz>
+/*  Copyright (C) 2017 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz>
 
     This program is free software: you can redistribute it and/or modify
     it under the terms of the GNU General Public License as published by
@@ -32,6 +32,13 @@ struct {
 	server_t *server;
 } stats = { 0 };
 
+typedef struct {
+	FILE *fd;
+	const list_t *query_modules;
+	const knot_dname_t *zone;
+	bool zone_emitted;
+} dump_ctx_t;
+
 #define DUMP_STR(fd, level, name, ...) do { \
 	fprintf(fd, "%-.*s"name": %s\n", level, "    ", ##__VA_ARGS__); \
 	} while (0)
@@ -69,36 +76,36 @@ static void dump_counters(FILE *fd, int level, mod_ctr_t *ctr)
 	}
 }
 
-static void dump_modules(FILE *fd, list_t *query_modules, const knot_dname_t *zone)
+static void dump_modules(dump_ctx_t *ctx)
 {
-	static int level = 0;
+	int level = 0;
 	struct query_module *mod = NULL;
-	WALK_LIST(mod, *query_modules) {
+	WALK_LIST(mod, *ctx->query_modules) {
 		// Skip modules without statistics.
 		if (mod->stats_count == 0) {
 			continue;
 		}
 
 		// Dump zone name.
-		if (zone != NULL) {
+		if (ctx->zone != NULL) {
 			// Prevent from zone section override.
-			if (level == 0) {
-				DUMP_STR(fd, level++, "zone", "");
-			} else {
-				level = 1;
+			if (!ctx->zone_emitted) {
+				DUMP_STR(ctx->fd, 0, "zone", "");
+				ctx->zone_emitted = true;
 			}
+			level = 1;
 
 			char name[KNOT_DNAME_TXT_MAXLEN + 1];
-			if (knot_dname_to_str(name, zone, sizeof(name)) == NULL) {
+			if (knot_dname_to_str(name, ctx->zone, sizeof(name)) == NULL) {
 				return;
 			}
-			DUMP_STR(fd, level++, "\"%s\"", name, "");
+			DUMP_STR(ctx->fd, level++, "\"%s\"", name, "");
 		} else {
 			level = 0;
 		}
 
 		// Dump module counters.
-		DUMP_STR(fd, level, "%s", mod->id->name + 1, "");
+		DUMP_STR(ctx->fd, level, "%s", mod->id->name + 1, "");
 		for (int i = 0; i < mod->stats_count; i++) {
 			mod_ctr_t *ctr = mod->stats + i;
 			if (ctr->name == NULL) {
@@ -107,23 +114,26 @@ static void dump_modules(FILE *fd, list_t *query_modules, const knot_dname_t *zo
 			}
 			if (ctr->count == 1) {
 				// Simple counter.
-				DUMP_CTR(fd, level + 1, "%s", ctr->name, ctr->counter);
+				DUMP_CTR(ctx->fd, level + 1, "%s", ctr->name, ctr->counter);
 			} else {
 				// Array of counters.
-				DUMP_STR(fd, level + 1, "%s", ctr->name, "");
-				dump_counters(fd, level + 2, ctr);
+				DUMP_STR(ctx->fd, level + 1, "%s", ctr->name, "");
+				dump_counters(ctx->fd, level + 2, ctr);
 			}
 		}
 	}
 }
 
-static void zone_stats_dump(zone_t *zone, FILE *fd)
+static void zone_stats_dump(zone_t *zone, dump_ctx_t *ctx)
 {
 	if (EMPTY_LIST(zone->query_modules)) {
 		return;
 	}
 
-	dump_modules(fd, &zone->query_modules, zone->name);
+	ctx->query_modules = &zone->query_modules;
+	ctx->zone = zone->name;
+
+	dump_modules(ctx);
 }
 
 static void dump_to_file(FILE *fd, server_t *server)
@@ -139,7 +149,7 @@ static void dump_to_file(FILE *fd, server_t *server)
 	// Get the server identity.
 	conf_val_t val = conf_get(conf(), C_SRV, C_IDENT);
 	const char *ident = conf_str(&val);
-	if (val.code != KNOT_EOK || ident[0] == '\0') {
+	if (ident == NULL || ident[0] == '\0') {
 		ident = conf()->hostname;
 	}
 
@@ -156,11 +166,16 @@ static void dump_to_file(FILE *fd, server_t *server)
 		DUMP_CTR(fd, 1, "%s", item->name, item->val(server));
 	}
 
+	dump_ctx_t ctx = {
+		.fd = fd,
+		.query_modules = &conf()->query_modules,
+	};
+
 	// Dump global statistics.
-	dump_modules(fd, &conf()->query_modules, NULL);
+	dump_modules(&ctx);
 
 	// Dump zone statistics.
-	knot_zonedb_foreach(server->zone_db, zone_stats_dump, fd);
+	knot_zonedb_foreach(server->zone_db, zone_stats_dump, &ctx);
 }
 
 static void dump_stats(server_t *server)

src/knot/conf/base.c

@@ -336,7 +336,7 @@ void conf_update(
 			old_conf->io.zones = NULL;
 		}
 		if (flags & CONF_UPD_FMODULES) {
-			init_list(&old_conf->query_modules);
+			WALK_LIST_FREE(old_conf->query_modules);
 			old_conf->query_plan = NULL;
 		}
 

src/knot/conf/confio.c

@@ -361,7 +361,9 @@ static int diff_iter_section(
 	case KNOT_EOK:
 		break;
 	case KNOT_ENOENT:
-		return KNOT_EOK;
+		// Continue to the second step.
+		ret = KNOT_EOF;
+		break;
 	default:
 		return ret;
 	}
@@ -930,25 +932,34 @@ int conf_io_set(
 
 	// Key1 is not a group identifier.
 	if (parent != NULL) {
+		if (node->data_len == 0) {
+			ret = KNOT_YP_ENODATA;
+			goto set_error;
+		}
 		upd_type = CONF_IO_TCHANGE;
 		upd_flags |= parent->item->flags;
 		io_reset_bin(&io, parent->item, node->item, parent->id,
 		             parent->id_len, node->data, node->data_len);
-	// No key1 but a group identifier.
-	} else if (node->id_len != 0) {
-		assert(node->item->type == YP_TGRP &&
-		       (node->item->flags & YP_FMULTI) != 0);
-		assert(node->data_len == 0);
-
+	// A group identifier or whole group.
+	} else if (node->item->type == YP_TGRP) {
 		upd_type = CONF_IO_TSET;
-		upd_flags |= node->item->var.g.id->flags;
-		io_reset_bin(&io, node->item, node->item->var.g.id, node->id,
-		             node->id_len, NULL, 0);
-	// Ensure some data for non-group items (include).
-	} else if (node->item->type == YP_TGRP || node->data_len != 0) {
+		if ((node->item->flags & YP_FMULTI) != 0) {
+			if (node->id_len == 0) {
+				ret = KNOT_YP_ENOID;
+				goto set_error;
+			}
+			upd_flags |= node->item->var.g.id->flags;
+		} else {
+			ret = KNOT_ENOTSUP;
+			goto set_error;
+		}
+		assert(node->data_len == 0);
 		io_reset_bin(&io, node->item, NULL, node->id, node->id_len,
-		             node->data, node->data_len);
-	// Non-group without data.
+		             NULL, 0);
+	// A non-group item with data (include).
+	} else if (node->data_len > 0) {
+		io_reset_bin(&io, node->item, NULL, NULL, 0, node->data,
+		             node->data_len);
 	} else {
 		ret = KNOT_YP_ENODATA;
 		goto set_error;
@@ -1132,21 +1143,18 @@ int conf_io_unset(
 		upd_flags |= parent->item->flags;
 		io_reset_bin(&io, parent->item, node->item, parent->id,
 		             parent->id_len, node->data, node->data_len);
-	// No key1 but a group identifier or whole group.
-	} else {
+	// A group identifier or whole group.
+	} else if (node->item->type == YP_TGRP) {
+		upd_type = CONF_IO_TUNSET;
 		if (node->id_len != 0) {
-			assert(node->item->type == YP_TGRP &&
-			       (node->item->flags & YP_FMULTI) != 0);
-
-			upd_type = CONF_IO_TUNSET;
+			assert((node->item->flags & YP_FMULTI) != 0);
 			upd_flags |= node->item->var.g.id->flags;
 		}
+		assert(node->data_len == 0);
 		io_reset_bin(&io, node->item, NULL, node->id, node->id_len,
-		             node->data, node->data_len);
-	}
-
-	// Check for a non-group item.
-	if (io.key0->type != YP_TGRP) {
+		             NULL, 0);
+	// A non-group item (include).
+	} else {
 		ret = KNOT_ENOTSUP;
 		goto unset_error;
 	}

src/knot/conf/scheme.c

@@ -107,6 +107,12 @@ static const knot_lookup_t log_severities[] = {
 	{ 0, NULL }
 };
 
+static const knot_lookup_t journal_modes[] = {
+	{ JOURNAL_MODE_ROBUST, "robust" },
+	{ JOURNAL_MODE_ASYNC,  "asynchronous" },
+	{ 0, NULL }
+};
+
 static const yp_item_t desc_server[] = {
 	{ C_IDENT,                YP_TSTR,  YP_VNONE },
 	{ C_VERSION,              YP_TSTR,  YP_VNONE },
@@ -268,6 +274,8 @@ static const yp_item_t desc_template[] = {
 	{ C_GLOBAL_MODULE,       YP_TDATA, YP_VDATA = { 0, NULL, mod_id_to_bin, mod_id_to_txt },
 	                                   YP_FMULTI | CONF_IO_FRLD_MOD, { check_modref } },
 	{ C_JOURNAL_DB,          YP_TSTR,  YP_VSTR = { "journal" }, CONF_IO_FRLD_SRV },
+	{ C_JOURNAL_DB_MODE,     YP_TOPT,  YP_VOPT = { journal_modes, JOURNAL_MODE_ROBUST },
+	                                   CONF_IO_FRLD_SRV },
 	{ C_MAX_JOURNAL_DB_SIZE, YP_TINT,  YP_VINT = { JOURNAL_MIN_FSLIMIT, VIRT_MEM_LIMIT(TERA(100)),
 	                                               VIRT_MEM_LIMIT(GIGA(20)), YP_SSIZE },
 	                                               CONF_IO_FRLD_SRV },

src/knot/conf/scheme.h

@@ -55,6 +55,7 @@
 #define C_IXFR_DIFF		"\x15""ixfr-from-differences"
 #define C_JOURNAL		"\x07""journal" /* obsolete, old journal compat */
 #define C_JOURNAL_DB		"\x0A""journal-db"
+#define C_JOURNAL_DB_MODE	"\x0F""journal-db-mode"
 #define C_KASP_DB		"\x07""kasp-db"
 #define C_KEY			"\x03""key"
 #define C_KEYSTORE		"\x08""keystore"

src/knot/conf/tools.c

@@ -507,6 +507,7 @@ int check_template(
 	CHECK_DFLT(C_TIMER_DB, "timer database");
 	CHECK_DFLT(C_GLOBAL_MODULE, "global module");
 	CHECK_DFLT(C_JOURNAL_DB, "journal database path");
+	CHECK_DFLT(C_JOURNAL_DB_MODE, "journal database mode");
 	CHECK_DFLT(C_MAX_JOURNAL_DB_SIZE, "journal database maximum size");
 
 	return KNOT_EOK;