From: Daniel Salzman Date: Mon, 8 Sep 2025 07:06:58 +0000 (+0200) Subject: NEWS: add version 3.5.0 X-Git-Tag: v3.5.0~4 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=aa44eb09f3f5c8a3ef47778d6d6194fa47630918;p=thirdparty%2Fknot-dns.git NEWS: add version 3.5.0 --- diff --git a/NEWS b/NEWS index 5fa02ff86b..f07fa61348 100644 --- a/NEWS +++ b/NEWS @@ -1,3 +1,58 @@ +Knot DNS 3.5.0 (2025-09-18) +=========================== + +Features: +--------- + - knotd: database zone backend using Redis/Valkey (see 'Database zone backend') + - knotd: support for multiple control sockets (see 'control.listen') + - knotd: external zone validation (see 'External validation') + - knotd: authorization based on certificate hostname validation (see 'DNS over QUIC') + - knotd: multiple keystores can be specified per policy (see 'DNSSEC multiple keystores') + - knotd: specified resource record types can be omitted when loading (see 'zone.zonefile-skip') + - knotd: configurable delay before zone change processing (see 'zone.update-delay') + - knotd: subzone flattening (see 'zone.include-from') + +Improvements: +------------- + - knotd: optimized dynamic zone addition/removal for many zones + - knotd: optimized catalog updates for many zones + - knotd: replaced a poor atomic fallback with a spin-lock-protected version + - knotd: support for independent SOA serial series on the secondary side + - knotd: self-signed certificate contains SAN instead of CN + - knotd: removed RCU synchronization lock between unrelated zones' updates + - knotd: zone-reload/reload fails if there is a module configuration error + - knotd: control interfaces are started before zones loading + - knotd: session ticket pool is purged on server reload if changed credentials + - knotc: status returns 'Loading' if the server is not yet answering + - knotc: extended tab completion for details, filters, and paths + - kzonecheck: zone origin auto-detection uses SOA owner from the checked zone file + - libknot: XDP drops packets with too many or inappropriate extended IPv6 headers + - libknot: extended XDP checks for correct packets + - libknot: semantically malformed resource records are dumped in generic format + - libs: upgraded embedded libngtcp2 to 1.15.0 + - knot-exporter: less confusing option parsing and documentation + - doc: various improvements + +Bugfixes: +--------- + - knotd: if multiple primaries send NOTIFY concurrently, only the last remote is queried + - knotd: failed to build on macOS with POSIX semaphores + - knotd: early zone free due to RCU-delayed update cleanup + - knotd: server crashes if "" value overrides template master value + - knot-exporter: label collisions caused by duplicate metrics (Thanks to Guillaume Cornet) + +Packaging: +---------- + - deb,rpm: keymgr extracted to a separate package knot-keymgr + - deb,rpm: new package redis-knot with a Knot module for Redis/Valkey + - docker: upgraded to Debian trixie-slim + +Compatibility: +-------------- + - license: project relicensed to GPL-2.0-or-later + - knotd: new default value of 'policy.nsec3-salt-length' is 0 + - knot-exporter: renamed some metrics, labes, or units (see 'Migration') + Knot DNS 3.4.8 (2025-07-29) ===========================