[knot-dns-users] Knot Resolver 1.3.0 release

Dear Knot Resolver users, CZ.NIC is proud to announce the release of Knot Resolver 1.3.0. The biggest feature of this release is the support for DNSSEC Validation in the forwarding mode, the feature many people were eagerly awaiting for. We have also squeezed refactoring of AD flag handling and several other bugfixes. The 1.3.0 is currently the recommended release to run at your recursive nameservers. Here's the 1.3.0 changelog: Security -------- - Refactor handling of AD flag and security status of resource records. In some cases it was possible for secure domains to get cached as insecure, even for a TLD, leading to disabled validation. It also fixes answering with non-authoritative data about nameservers. Improvements ------------ - major feature: support for forwarding with validation (#112). The old policy.FORWARD action now does that; the previous non-validating mode is still avaliable as policy.STUB except that also uses caching (#122). - command line: specify ports via @ but still support # for compatibility - policy: recognize 100.64.0.0/10 as local addresses - layer/iterate: *do* retry repeatedly if REFUSED, as we can't yet easily retry with other NSs while avoiding retrying with those who REFUSED - modules: allow changing the directory where modules are found, and do not search the default library path anymore. Bugfixes -------- - validate: fix insufficient caching for some cases (relatively rare) - avoid putting "duplicate" record-sets into the answer (#198) Full changelog: https://gitlab.labs.nic.cz/knot/resolver/raw/v1.3.0/NEWS Sources: https://secure.nic.cz/files/knot-resolver/knot-resolver-1.3.0.tar.xz GPG signature: https://secure.nic.cz/files/knot-resolver/knot-resolver-1.3.0.tar.xz.asc Documentation: http://knot-resolver.readthedocs.io/en/latest/ Cheers, -- Ondřej Surý -- Technical Fellow -------------------------------------------- CZ.NIC, z.s.p.o. -- Laboratoře CZ.NIC Milesovska 5, 130 00 Praha 3, Czech Republic mailto:ondrej.sury@nic.cz https://nic.cz/ --------------------------------------------