From: Petr Špaček <petr.spacek@nic.cz>
Date: Thu, 15 Feb 2018 16:25:56 +0000 (+0100)
Subject: Require libknot 2.6.4 to avoid mysterious problems with DNS-over-TLS.
X-Git-Tag: v2.1.0~2^2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=7fed96903458f59360fb7f5fc128b6afc02fbd51;p=thirdparty%2Fknot-resolver.git

Require libknot 2.6.4 to avoid mysterious problems with DNS-over-TLS.

Respdiff on kresd under load showed that DNS-over-TLS has higher ratio
of SERVFAILs than other transports. For some reason the problem
disappeared after upgrading from libknot 2.6.3 to 2.6.4, and appeared
again after downgrade.
---

diff --git a/Makefile b/Makefile
index 80269b214..27b6c50a2 100644
--- a/Makefile
+++ b/Makefile
@@ -16,7 +16,7 @@ lint-lua: $(patsubst %.lua.in,%.lua,$(wildcard */*/*.lua.in))
 .PHONY: all install check clean doc info lint
 
 # Dependencies
-KNOT_MINVER := 2.4.0
+KNOT_MINVER := 2.6.4
 $(eval $(call find_lib,libknot,$(KNOT_MINVER),yes))
 $(eval $(call find_lib,libdnssec,$(KNOT_MINVER),yes))
 $(eval $(call find_lib,libzscanner,$(KNOT_MINVER),yes))
diff --git a/NEWS b/NEWS
index 2cae8a224..dcd7b1791 100644
--- a/NEWS
+++ b/NEWS
@@ -7,6 +7,7 @@ Incompatible changes
 - systemd: more chages in default unit files (TODO)
 - ta_sentinel: implement protocol draft-ietf-dnsop-kskroll-sentinel-01
   (our draft-ietf-dnsop-kskroll-sentinel-00 implementation had inverted logic)
+- libknot: require version 2.6.4 or newer to get bugfixes for DNS-over-TLS
 
 Bugfixes
 --------