Posted
almost 6 years
ago
Features:
Added 'dateserial' (YYYYMMDDnn) serial policy configuration (Thanks to Wolfgang Jung)
Improvements:
Trailing data indication from the packet parser (libknot)
Better configuration check for a problematical option combination
Bugfixes:
Incomplete …
|
Posted
about 6 years
ago
Features:
New EDNS option counters in the statistics module
New '+orphan' filter for the 'zone-purge' operation
Improvements:
Reduced memory consuption of disabled statistics metrics
Some spelling fixes (Thanks to Daniel …
|
Posted
about 6 years
ago
Features:
New 'zone-notify' command in knotc
Kdig uses '@server' as a hostname for TLS authenticaion if '+tls-ca' is set
Improvements:
Better heap memory trimming for zone operations
Added proper polling …
|
Posted
over 6 years
ago
Features:
Module synthrecord allows multiple 'network' specification
New CSK handling support in keymgr
Improvements:
Allowed configuration for infinite zsk lifetime
Increased performance and security of the module synthrecord
Signing changeset …
|
Posted
over 6 years
ago
Bugfixes:
Unintentional zone re-sign during reload if empty NSEC3 salt
Inconsistent zone names in journald structured logs
Malformed outgoing transfer for big zone with TSIG
Unexpected reply for DS query …
|
Posted
over 6 years
ago
Bugfixes:
Wrong detection of signing scheme rollover
|
Posted
over 6 years
ago
Features:
CSK algorithm rollover and (KSK, ZSK) <-> CSK rollover support
Improvements:
Allowed explicit configuration for infinite ksk lifetime
Proper error messages instead of unclear error codes in server log
Better …
|
Posted
over 6 years
ago
Features:
NSEC3 Opt-Out support in the DNSSEC signing
New CDS/CDNSKEY publish configuration option
Improvements:
Simplified DNSSEC log message with DNSKEY details
+tls-hostname in kdig implies +tls-ca if neither +tls-ca …
|
Posted
over 6 years
ago
Improvements:
Keymgr no longer prints useless algorithm number for generated key
Bugfixes:
Faulty DNAME semantic check if present in the zone apex and NSEC3 is used
Immediate zone flush not …
|
Posted
over 6 years
ago
Features:
On-slave (inline) signing support
Automatic DNSSEC key algorithm rollover
Ed25519 algorithm support in DNSSEC (requires GnuTLS 3.6.0)
New 'journal-content' and 'zonefile-load' configuration options
keymgr tries to run …
|