[knot-resolver-users] Knot Resolver 2.3.0

Dear Knot Resolver users, Knot Resolver 2.3.0 has been released. This is a security release that fixes CVE-2018-1110. We're also introducing a new mailing list, knot-resolver-announce. Only notifications about new releases or important announcements will be posted there. https://lists.nic.cz/cgi-bin/mailman/listinfo/knot-resolver-announce Security -------- - fix CVE-2018-1110: denial of service triggered by malformed DNS messages (!550, !558, security!2, security!4) - increase resilience against slow lorris attack (security!5) Bugfixes -------- - validation: fix SERVFAIL in case of CNAME to NXDOMAIN in a single zone (!538) - validation: fix SERVFAIL for DS . query (!544) - lib/resolve: don't send unecessary queries to parent zone (!513) - iterate: fix validation for zones where parent and child share NS (!543) - TLS: improve error handling and documentation (!536, !555, !559) Improvements ------------ - prefill: new module to periodically import root zone into cache (replacement for RFC 7706, !511) - network_listen_fd: always create end point for supervisor supplied file descriptor - use CPPFLAGS build environment variable if set (!547) Full changelog: https://gitlab.labs.nic.cz/knot/knot-resolver/raw/v2.3.0/NEWS Sources: https://secure.nic.cz/files/knot-resolver/knot-resolver-2.3.0.tar.xz GPG signature: https://secure.nic.cz/files/knot-resolver/knot-resolver-2.3.0.tar.xz.asc Documentation: https://knot-resolver.readthedocs.io/en/v2.3.0/ -- Tomas Krizek PGP: 4A8B A48C 2AED 933B D495 C509 A1FB A5F7 EF8C 4869