Libor Peltan
96ee3484a3
Merge branch 'zone-reload-expired' into 'master'
...
Allow zone-reload on expired zone
See merge request knot/knot-dns!1794
2025-07-28 10:03:47 +02:00
Jan Doskočil
048c94982d
libngtcp2: update embedded library to v1.14.0
2025-07-25 18:07:15 +02:00
Daniel Salzman
e365c348c6
ctl: allow zone-reload on expired zone
...
This operation is useful for resolving issues such as journal inconsistencies.
2025-07-25 13:34:39 +02:00
Daniel Salzman
d7a4883482
server: fix possible use after free if member zone is reused when full reload
2025-07-25 08:19:50 +02:00
Daniel Salzman
3ba7c8677f
keymgr: make log message more general
2025-07-21 14:24:21 +02:00
Daniel Salzman
4be0af187b
keymgr: support colon separators in keyid
2025-07-21 14:24:21 +02:00
Daniel Salzman
ac4b4a9f33
keymgr: refactoring
2025-07-21 14:24:21 +02:00
Daniel Salzman
103e315fb1
keymgr: update help and documentation
2025-07-21 14:24:21 +02:00
Daniel Salzman
3edaf24f02
keymgr: interpret omitted bool argument as true
2025-07-21 14:20:48 +02:00
Libor Peltan
a47773cfe6
keymgr: implement key for-auto key pregeneration
2025-07-21 14:20:48 +02:00
Daniel Salzman
b4e2e48e79
systemd: remove no longer needed systemd_tasks_status_notify()
2025-07-17 18:37:53 +02:00
David Vašek
07ff168c50
knotd: cycle the interrupt-processing/start-detection loop faster
2025-07-17 18:37:53 +02:00
David Vašek
cb089b2123
knotd: update the wording of logs regarding server start
2025-07-17 18:37:53 +02:00
David Vašek
6149c8b850
knotd: don't log "starting server" berfore the server can answer queries
2025-07-17 18:37:53 +02:00
David Vašek
60d01eb363
knotd: start ctl early in server bootstrap
2025-07-17 18:37:53 +02:00
David Vašek
b6fd803bbc
server: allow separate start of answering
2025-07-17 18:37:53 +02:00
David Vašek
be1db77fb5
server: discriminate between server running and answering (add the ServerAnswering state)
2025-07-17 18:37:53 +02:00
David Vašek
0857cf0b2d
zone: optimize preferred_master allocation
2025-07-17 18:37:53 +02:00
Jan Hák
4a4337af8e
knot: skip empty timers at lmdb key
2025-07-17 12:25:58 +02:00
Daniel Salzman
8c59b46adb
conf: rework notify-delay to be more practical and consistent with Bind
2025-07-14 07:53:48 +02:00
Daniel Salzman
803947eb40
keymgr: print keystore name and its type when listing keys
2025-07-01 10:51:18 +02:00
Libor Peltan
34cb1aef7c
dnssec/multi-keystore: implemented ksk-only keystore...
...
...so that KSKs and ZSKs can be in distinct keystores
2025-07-01 10:51:18 +02:00
Libor Peltan
415f5bf88e
dnssec: implemented multi-keystore option...
...
...useful e.g. for hsm-to-pem migration
2025-07-01 08:42:04 +02:00
Daniel Salzman
626d062f54
conf: support default values for multivalued items
2025-06-30 11:28:09 +02:00
Daniel Salzman
eec9afaa65
requestor: avoid calling close(-1) (Coverity)
2025-06-30 06:55:48 +02:00
Daniel Salzman
0a7d0fd9ca
libknot: avoid calling close(-1) (Coverity)
2025-06-30 06:55:48 +02:00
Daniel Salzman
6dce07a796
refresh: establish a new TCP connection for XFR if no-edns is set
2025-06-27 14:29:19 +02:00
David Vašek
d0db6eac3b
server: coding style
2025-06-24 11:09:04 +02:00
David Vašek
7857bc5089
ctl: after receiving the 'stop' command, interrupt the socket ctl thread immediately
...
This enables quick shutdown without waiting for timeouts in the socket ctl thread.
2025-06-24 11:09:04 +02:00
David Vašek
c07046a2cf
ctl: link concurrent_ctl_ctx_t to the main socket control thread
2025-06-24 11:09:04 +02:00
David Vašek
4789dc2375
ctl: don't assign to a cctx thread that carries the 'stop' information
...
Otherwise the 'stop' information (KNOT_CTL_ESTOP) would be overwritten.
2025-06-24 11:09:04 +02:00
Daniel Salzman
326525dbbe
Merge branch 'knotd-cert-ca' into 'master'
...
remote/acl TLS certificate validation
See merge request knot/knot-dns!1779
2025-06-23 18:19:04 +02:00
Daniel Salzman
801e107605
server: decrease SESSION_TICKET_POOL_TIMEOUT to 1200 seconds
2025-06-23 18:07:02 +02:00
Daniel Salzman
9f0f79779a
server: purge sessticket_pool on server reload if creds changed
2025-06-23 17:55:14 +02:00
Jan Doskočil
261c378b74
conf: implemented certificate hostname validation
2025-06-23 17:55:14 +02:00
Daniel Salzman
82df13121e
utils: add class aliases INTERNET and CHAOS
2025-06-14 20:48:18 +02:00
Daniel Salzman
442c5e9d7e
src: relicense omitted files to GPL-2.0-or-later
2025-06-12 14:46:16 +02:00
Daniel Salzman
4c9feb2572
tls: avoid passing NULL to strlen() when generating a certificate
2025-06-03 15:46:53 +02:00
Daniel Salzman
d2a50caaca
ctl: add 'parser failed,' prefix to zone-(un)set error messages
2025-06-03 14:44:52 +02:00
Daniel Salzman
a7f614b9b2
zonefile: add libgen.h for basename(), cleanup
2025-06-02 16:33:17 +02:00
Vladimír Čunát
f3124e1c4f
pkt: fix our check for trailing rdata when parsing
...
- in case the \0 terminator got "compressed", we would get
a spurious KNOT_EMALF
- if real compression happened, we could miss the fact
that there are trailing data
2025-06-02 15:57:23 +02:00
Libor Peltan
51ef3b645f
Merge branch 'zonemd_dbus' into 'master'
...
zonemd: emit 'dnssec-invalid' dbus event when validation fails
See merge request knot/knot-dns!1782
2025-06-02 15:55:43 +02:00
Jan Doskočil
ffe6b37715
kdig: support certificates missing Subject field
2025-06-02 11:27:57 +02:00
Jan Doskočil
56979de6f8
knotd: self-signed cert with SAN instead of Subject: CN
2025-06-02 11:27:57 +02:00
Daniel Salzman
d17189c820
ctl: don't log zone-(un)set parser failed, send details to the client instead
2025-06-02 09:17:06 +02:00
Daniel Salzman
c54e0886f0
quic-handler: add check for empty conn to prevent assert
2025-06-01 09:06:44 +02:00
Daniel Salzman
1f3ba914f6
zonefile: fix possible memory leak (Coverity)
2025-06-01 08:56:59 +02:00
Daniel Salzman
423cbe075f
zonemd: emit 'dnssec-invalid' dbus event when validation fails
2025-05-30 13:50:19 +02:00
Daniel Salzman
1464b18288
kzonecheck: consider zone file name with origin auto-detection
...
Partially revert 38f65806dd
2025-05-30 13:16:37 +02:00
Daniel Salzman
1cec5a5fb0
dnskey-sync: use deterministic jitter always if keytag-modulo is configured
2025-05-30 12:44:57 +02:00
