- knot-resolver-users - lists.nic.cz

by Aleš Mrázek

Dear Knot Resolver users, Knot Resolver 6.0.15 (early-access) has been released! Security: - DoS: fix a rare segfault in `resolve` function (!1717) Someone controlling the DNS traffic might be able to trigger this crash intentionally and too often. - DoS: drop a wrong assertion/crash (!1718) Someone controlling the DNS traffic will most likely be able to trigger this crash intentionally and too often. Bugfixes: - manager: prometheus metrics update (!1703, #917, !1712) - added missing metrics split by IPv4 and IPv6 - typo: resolver_answer_flags_rd_total -> resolver_answer_flag_rd_total - /dnssec/trust-anchors-files: fix resolver startup (!1704) - /network/edns-buffer-size: fix swapped upstream+downstream (!1711) - cache: fix a crash in case garbage collection is too slow (!1713) [system] assertion "env->is_cache" failed in cdb_write - /cache/prefill: fix 6.0.13 regression (!1705) - datamodel: improve file permission check (#933, !1714) - NO_CACHE flag: fix and tweak its behavior (!1715) Improvements: - update/more precise default answers for special names (!1709) https://www.iana.org/assignments/special-use-domain-names https://www.iana.org/assignments/locally-served-dns-zones - kresctl: strict validation is now disabled by default (!1714) Full changelog: https://gitlab.nic.cz/knot/knot-resolver/raw/v6.0.15/NEWS Sources: https://secure.nic.cz/files/knot-resolver/knot-resolver-6.0.15.tar.xz GPG signature: https://secure.nic.cz/files/knot-resolver/knot-resolver-6.0.15.tar.xz.asc Documentation: https://www.knot-resolver.cz/documentation/v6.0.15/ -- Ales Mrazek PGP: 3057 EE9A 448F 362D 7420 5A77 9AB1 20DA 0A76 F6DE

1 měsíc, 4 týdny

1
0
0 0

Knot Resolver 5.7.6

by Aleš Mrázek

Dear Knot Resolver users, Knot Resolver 5.7.6 (stable) has been released! Please consider using our packages from https://pkg.labs.nic.cz/doc/?project=knot-resolver and https://copr.fedorainfracloud.org/coprs/g/cznic/knot-resolver5 if you're not already using them. Security: - DoS: fix a rare segfault in `resolve` function (!1720) Someone controlling the DNS traffic might be able to trigger this crash intentionally and too often. - DoS: drop a wrong assertion/crash (!1721) Someone controlling the DNS traffic will most likely be able to trigger this crash intentionally and too often. Full changelog: https://gitlab.nic.cz/knot/knot-resolver/raw/v5.7.6/NEWS Sources: https://secure.nic.cz/files/knot-resolver/knot-resolver-5.7.6.tar.xz GPG signature: https://secure.nic.cz/files/knot-resolver/knot-resolver-5.7.6.tar.xz.asc Documentation: https://www.knot-resolver.cz/documentation/v5.7.6/ -- Ales Mrazek PGP: 3057 EE9A 448F 362D 7420 5A77 9AB1 20DA 0A76 F6DE

1 měsíc, 4 týdny

1
0
0 0

Re: [knot-dns-users] Knot Resolver 6.X : split config.yaml in several files ?

by Vladimír Čunát

Hello. On 23/06/2025 10.18, Stéphane Paillet wrote: > I would like to know if it's possible to split the config.yaml in > several files (the main config in one file, acl and views section in > another, data-local section with rpz lists and tags to rely acl lists > to blocklists in another), and if the answer is yes, how can I do ? Currently it's not possible. You could of course use some generator that produces the config.yaml, but that's of course less ergonomic. Incidentally we have this WIP: https://gitlab.nic.cz/knot/knot-resolver/-/merge_requests/1710 --Vladimir

2 měsíce, 3 týdny

1
0
0 0

Knot Resolver 6.0.14

by Aleš Mrázek

Dear Knot Resolver users, Knot Resolver 6.0.14 (early-access) has been released! Bugfixes: - /local-data/**: fix 6.0.13 regressions (!1697, !1699) The errors read as "wrong number of arguments for function call" or "does not have field named 'log'" Full changelog: https://gitlab.nic.cz/knot/knot-resolver/raw/v6.0.14/NEWS Sources: https://secure.nic.cz/files/knot-resolver/knot-resolver-6.0.14.tar.xz GPG signature: https://secure.nic.cz/files/knot-resolver/knot-resolver-6.0.14.tar.xz.asc Documentation: https://www.knot-resolver.cz/documentation/v6.0.14/ -- Ales Mrazek PGP: 3057 EE9A 448F 362D 7420 5A77 9AB1 20DA 0A76 F6DE

3 měsíce, 1 týden

1
0
0 0

[PATCH 0/1] Fix crash in knot-resolver6 v6.0.13 when local-data enabled

by Brad Cowie

knot-resolver6 v6.0.13 introduces a bug that causes an invalid policy-loader.conf to be generated when the following local-data options are enabled: * addresses * addresses-files * rules/subtree The log message from the crash: kresd[223706]: [system] error while loading config: policy-loader.conf:65: wrong number of arguments for function call (workdir '/run/knot-resolver') The attached patch fixes this crash: Brad Cowie (1): datamodel/templates: fix kr_rule_local_* macros .../templates/macros/local_data_macros.lua.j2 | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) -- 2.43.0

3 měsíce, 2 týdny

2
2
0 0

Knot Resolver 6.0.13

by Aleš Mrázek

Dear Knot Resolver users, Knot Resolver 6.0.13 (early-access) has been released! Security: - DoS: fix more rare crashes with `requirement` failing (#930, !1696) [system] requirement "session2_is_empty(s)" failed in session2_transport_event (and others not observed in practice) Bugfixes: - fix `dnssec: false` (!1687) - fix undefined disable_defer (!1685) - daemon: fix a memory leak present since v6.0.9 (#927) - fix logging `[prefil] empty zone file` (!1688) Improvements: - C++ compatibility of lib/ headers (!1689) - /local-data/rpz/*/log: add option to log RPZ matches (!1694) Full changelog: https://gitlab.nic.cz/knot/knot-resolver/raw/v6.0.13/NEWS Sources: https://secure.nic.cz/files/knot-resolver/knot-resolver-6.0.13.tar.xz GPG signature: https://secure.nic.cz/files/knot-resolver/knot-resolver-6.0.13.tar.xz.asc Documentation: https://www.knot-resolver.cz/documentation/v6.0.13/ -- Ales Mrazek PGP: 3057 EE9A 448F 362D 7420 5A77 9AB1 20DA 0A76 F6DE

3 měsíce, 2 týdny

2
1
0 0

error with root.keys permissions

by Mike Wright

Hi, I'm receiving this error: ERROR: write access needed to keyfile dir '/etc/knot-resolver/root.keys' Current permissions are 775 knot-resolver:knot-resolver. I've also tried 0:0. Contents of the dir are same owner 664. Suggestions? Thanks, Mike Wright

4 měsíce, 2 týdny

2
1
0 0

Kresd installation

by Ulrich Wisser

Hi, on a fresh debian system I followed this installation guide https://www.knot-resolver.cz/documentation/stable/quickstart-install.html The package installed successfully, but after that things get a bit more difficult The installed gpg key is expired > /etc/apt/trusted.gpg.d/cznic-obs.gpg > ------------------------------------ > pub rsa2048 2018-02-15 [SC] [verfallen: 2024-08-15] > 4573 7F9C 8BC3 F3ED 2791 8182 7406 2DB3 6A1F 4009 > uid [ verfallen ] home:CZ-NIC OBS Project > <home:CZ-NIC@build.opensuse.org> > > "verfallen" means expired. Sorry that system speaks german (german hoster). Makes it kind of hard to install kresd. :-) And while we are at it, why are there no kresd packages for the raspberry pi? Please!!! Kind regards /Ulrich

4 měsíce, 2 týdny

2
3
0 0

Knot Resolver 6.0.12

by Aleš Mrázek

Dear Knot Resolver users, Knot Resolver 6.0.12 (early-access) has been released! Security: - DoS: fix rare crashes with either of the lines below (!1682) [system] requirement "h && h->end > h->begin" failed in queue_pop_impl [system] requirement "val == task" failed in session2_tasklist_del Bugfixes: - daemon: fix DoH with multiple "parallel" queries in one connection (#931, !1677) - /management/unix-socket: revert to absolute path (#926, !1664) - fix `tags` when used in /local-data/rules/*/records (!1670) - stats: request latency was very incorrect in some cases (!1676) Improvements: - /local-data/rpz/*/watchdog: new configuration to enable watchdog for RPZ files (!1665) Full changelog: https://gitlab.nic.cz/knot/knot-resolver/raw/v6.0.12/NEWS Sources: https://secure.nic.cz/files/knot-resolver/knot-resolver-6.0.12.tar.xz GPG signature: https://secure.nic.cz/files/knot-resolver/knot-resolver-6.0.12.tar.xz.asc Documentation: https://www.knot-resolver.cz/documentation/v6.0.12/ -- Ales Mrazek PGP: 3057 EE9A 448F 362D 7420 5A77 9AB1 20DA 0A76 F6DE

4 měsíce, 3 týdny

1
0
0 0

Knot Resolver 5.7.5

by Aleš Mrázek

Dear Knot Resolver users, Knot Resolver 5.7.5 (stable) has been released! Please consider using our packages from https://pkg.labs.nic.cz/doc/?project=knot-resolver and https://copr.fedorainfracloud.org/coprs/g/cznic/knot-resolver5 if you're not already using them. Security: - DoS: fix unconfirmed crashes with the line below (!1683) [system] requirement "h && h->end > h->begin" failed in queue_pop_impl Improvements: - tests: disable problematic config.http test (#925, !1678) - validator: accept a confusing NODATA proof with insecure delegation (!1678) Bugfixes: - daemon/http: DoH stream got stuck after returning an error code (!1652) - stats: request latency was very incorrect in some cases (!1678) Full changelog: https://gitlab.nic.cz/knot/knot-resolver/raw/v5.7.5/NEWS Sources: https://secure.nic.cz/files/knot-resolver/knot-resolver-5.7.5.tar.xz GPG signature: https://secure.nic.cz/files/knot-resolver/knot-resolver-5.7.5.tar.xz.asc Documentation: https://www.knot-resolver.cz/documentation/v5.7.5/ -- Ales Mrazek PGP: 3057 EE9A 448F 362D 7420 5A77 9AB1 20DA 0A76 F6DE

4 měsíce, 3 týdny

1
0
0 0

2025

2024

2023

2022

2021

2020

2019

2018

knot-resolver-users