diff --git a/.gitignore b/.gitignore index c7fcc7d..51e13d0 100644 --- a/.gitignore +++ b/.gitignore @@ -1,9 +1,2 @@ /knot-resolver-*.tar.xz -/knot-resolver-1.2.0-rc3.tar.xz.asc -/knot-resolver-1.2.0.tar.xz.asc -/knot-resolver-1.2.3.tar.xz.asc -/knot-resolver-1.2.4.tar.xz.asc -/knot-resolver-1.2.5.tar.xz.asc -/knot-resolver-1.3.1.tar.xz.asc -/knot-resolver-1.3.2.tar.xz.asc -/knot-resolver-1.5.3.tar.xz.asc +/knot-resolver-*.tar.xz.asc diff --git a/config b/config deleted file mode 100644 index edf2e97..0000000 --- a/config +++ /dev/null @@ -1,15 +0,0 @@ --- vim:syntax=lua: --- Refer to manual: http://knot-resolver.readthedocs.org/en/latest/daemon.html#configuration - --- unmanaged DNSSEC root TA -trust_anchors.config('/etc/kresd/root.keys', nil) - --- Load useful modules -modules = { - 'policy', -- Block queries to local zones/bad sites - 'stats', -- Track internal statistics - 'predict', -- Prefetch expiring/frequent records -} - --- Cache size -cache.size = 100 * MB diff --git a/gpgkey-4A8BA48C2AED933BD495C509A1FBA5F7EF8C4869.gpg.asc b/gpgkey-4A8BA48C2AED933BD495C509A1FBA5F7EF8C4869.gpg.asc new file mode 100644 index 0000000..a3f5eea --- /dev/null +++ b/gpgkey-4A8BA48C2AED933BD495C509A1FBA5F7EF8C4869.gpg.asc @@ -0,0 +1,177 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mQINBFhITjsBEACn+jYk59OSa7eul+bIaZERXTfhgfC6esfC5WPV0NmCig0W1Jbu +nWglYX3Bs1FJR4OCpchrbAQW3bEYDsddvy5rCbaG0IoOqNsd5GEhCmegDLNU/l36 +P83UUw8kkSJhlKr/U+EO+bFyKljmF+dE+OvIky1A+wd1zgRkcljr9DOfdLsAqL4n +Ib/LC99ZD27laSEAoaZagHXWMVP0EExM3+T4V5sPJ3ghrK1hAk5spAX9yHUSF242 +zo+5Sj/l/dGL/PXDeCJPHjfdQNUkKcRTVlbAIjfl5mk//73z3XmRSKp9R5HsCKQj +BC5Q38a/ZVDdaiSwIxw2sDLrI4+91ycsJ3gjtyiqyO43a4Y6mQHw9VZxudYG1hJ1 ++pAEPyLo/xIpGIlOo6BmmSz7gYgTPKB/dmGFOx/Qtrt8jNtiy3oyRRMPdQ2Vl/MR +AZ+OVSsSplf0uGFrhWOX6OPl6h7hu1mMbmHrQtgs835ZVfMf2IoK6QkFNFkn6Hbd +gF+4IZaX4br1WqZN2c51hKcIE4AHTSVSXwXRgdN/7Q2bmOH2IvfqTOX3HyfrIqUL +nqUuD4tZB5Q+z7V5H6vzG5GR2CFlwkSgaayoplLG7h4Xh6Hyman95tl/xS61TeSf +nv7NYIZj6fw4veUUALQlTwDkOh17wByJitvYfBkoiCY7ShAxYyBckGGFxQARAQAB +tCJUb21hcyBLcml6ZWsgPHRvbWFzLmtyaXpla0BuaWMuY3o+iQJXBBMBCABBAhsD +BQsJCAcCBhUICQoLAgQWAgMBAh4BAheAAhkBFiEESoukjCrtkzvUlcUJoful9++M +SGkFAlopsXsFCQPvacAACgkQoful9++MSGleYw/9FUdMWCHWrzeTcQwPUaB9TokC +cX6KIzcdA3GVtSNMKJWJc8nkEDmhcU6/X+F3+3HZ1pl6b4MGnzKJaYE0uXsYCtIC +6nen2FPEG6NKSF/uNbT8386zBFOkgjahuZXsxrmlNP6+KziQtWM00QTx4H34Yj9s +jqSEWZag/L5aw9/rLJ9YXBweWsNF+xXEcfUY3WTFW38zkzo/QyM734NU86U02tS4 +26LsaWGL/clSF1mSX/hD3oxwlApCHh40M9YsQ7T0kgDLcHFSMFQ7+mbvUjJPm7IX +Zkk9rdEOBTAgb003Giso0FPqkBsOqhtsUUFDnfoaD7JZ6Y54taxDJWQ7zOTM1Rqc +EfEyeoL5TPGeRCcrNLpPGi/gV3OI3Yos+zRSlUTLmDVPpaOb/Cl6K/oHN6Z8L2pj +ndA0tpxkIyOyx5bxUkkU7C3W78jGvshaAUGg5qTqogi48HjQJlwdnWVLxhBjIDa8 +73bgceoaMyxtkfDDj+6rPUbKf3A20Kv6Z4ZfKW+GcnJmdUW9MaHa48mImkKdaS5n +A2Wglk7CdNJhxGBGqXgQvbUUeZJXycq6u94pFDbaqKIPQ3I3FmbcQQnNUO9IPQxM +u+dbyJImthPlXLrALhq6eYkFnzHAlMMI06TacQcJPd3auXEgNkcAzlii8odYExPS +xRsESq2Y2VaDsMPQ6Ce0IVRvbWFzIEtyaXplayA8dGtyaXpla0ByZWRoYXQuY29t +PokCUQQwAQgAOxYhBEqLpIwq7ZM71JXFCaH7pffvjEhpBQJaOnWrHR0gZW1wbG95 +bWVudCBlbmRlZCAyMDE3LTEyLTIwAAoJEKH7pffvjEhphaYP/2u3wbyZ4Bs9W4yu +8x3/Ykb1GfY9j5LkscfN92NBWCVhI6I9ZapWN4SAZAlfl6L0UpJ92JHGMw3RvAIK +XvSk3YTpVTQHIn366r4Pfp7DizO4JGmPMKzzqexfrfXiVuqKSSAXhtPuzmJKbYbQ +miVybz2exUGkudkdJTk3ald1w+8yIoP6CbbGiuylAkPqke1vn1EvovyfnGr5vS15 +HK4PSqgsQ94UKnT8mlFS111JH0YfHdGcbxRRt2sk+mfcJfUKnx7LSuJHxizckQKo +Ih8LWpaIO6pLQfQa2h4O2dikWm6Hl3RGw0qZ3/Sgg2AsljvwTYtA8jZNuwDSoplf +sEK/kWIwWG47MyyjHtGpwVhCQT9WGo8GEgdHM0MH2hQV2keELrIiShoW2ntkB++I +VraEtwtH6zlNxw91E0l1NRmIbnXglbivP1b8ZQyZCMOmnFXkhKaTdJWtJ+OVZhPQ +I3PlwS6Divl81k2eM2D5h7YE7p075gsyZfjmuaFmeKwtUtk+PGqwPN3A+ZKAvEjp +RnP1KMIOewhg/KcA4Zn9fSPu9G5An9Civvm/Bze3XV8VdabegHuFSTINBmDRwbp4 +hcXh25bUMdcySdU30QiDkBU+irIp/+Kp+3Ipot4J6R/AbamWooS1ElAKNJ0fVfKJ +AXoyc+d/0UpPdMaHTCg5aushdmjkuQENBFhIUVwBCADIQ2ryTOUFwBufozEFvWts +PTyNYij/KOKP3VEDb66SoXYjA7rf5mC2GDSLI5xdk5a6gs66sizJfinPDwrI10EN +VBgVSedqKGukzyuLEmns7T0/e7KS7CqjykzfcxQuJ7E80FslTy4CYYo2nkaqkHvP +QyIgvEsvj241T6vqSBsRUxpCHxZMPQuhsJBNy3ma4JmbLob29VyvafI29OTjn2m+ +z8+KkfEmvuxt1URLaAJySaC2DTLc2NurW+ijEETOpB9wQekhOFIy4OrLTPIf8atM +YYfykrQyjrWrWLtq5ZspEofAJQOMNViq47CI7BxKsigp/Ziw7fKDkaapX/9tMM2d +ABEBAAGJAjYEKAEIACAWIQRKi6SMKu2TO9SVxQmh+6X374xIaQUCWl6A1wIdAQAK +CRCh+6X374xIaUkrEACIkcQUpUAMkWC0zFHWh/38xfT9cY/d1XYQ0hbjk4yqohjw +5V5PDO47CVYRGZUry55Btdf8xh0M48xxayLhA69BxhCFS6eRATYG2Rx9NjUD9xmp +xDuGFkTzOi8pItdgRvEH94CQtNbLoe2HXZJ1DZXnjEAb30Ai5m7/6NKUi9TtKZGA +/2+vsjRxlpCJyXj6kh+Hz3FFhBKUaSg+gAoeajH/3scAPcWyAUjavMiMfOxtTL6O +5CpWg7evi5oV9e27LNIWoonn/oY3r+ibTZZ48EsCwGQDhKAHhz5gmaVjSoZpC0JW +zcd5nN0/OrCs8AaIGMl6/5agn4M/cmaW8OMlbQfFw1OZ1IGvHW6NrXPkAHSNjj6f +nRMKtybdygxIoHAAazct+NaR+tWp1MjUnnPRnIJEk0abWRCU+5VKnKwP3P2Trm4Z +5veKle8OAjWcNbKJdC5P5C2cak8ZuTZ9x56trgpXnW2sz98R2nQCR4Nbfu8OUdrz +gl29aX2HQ6xEXLZqFCsyl+9PBksyJHAl4JKaBE/U0yIHE02Pz7MTbEWfovAABb4d +EFLd00ce0TE54H/JRnUEb9G3UoLVSH5g1ltuxdyPQ+gNEtHId/wjiL+LFlBmM1Gj +Md3BBsUMnNPZsszeDQDqfCO6w+dBzIX/UJdGft/nDC2SelyL4VbtpL/1i8OB1okD +RAQYAQgADwUCWEhRXAIbAgUJAg4GgAEpCRCh+6X374xIacBdIAQZAQgABgUCWEhR +XAAKCRAioqlLXklBWvQZB/9Gy/uJh6oRFUZnLjCLmsYs4WZDc409K34IsxiSgedF +dE3r53uyrishVQ6bfuFjiVDR2Yr8mjynzDT42wQaFJo4CQHqBQkd8iG/FA8BPqX1 +14vH9y2E7bu0AyY1LHGrT67Ym8ySxpSvS+ZztTdm2Xc8X92jRXz82SQgYJdPuhEE +EMq1JmszyYcXEJSb+qJ0F4q6wM18UR0oxZW/kJFuZ6z0JXG6Ka2cppVOtwcXCy/e +ECSTyUkI9tMm4I1RgNtWsAswCFBRCnAv5TQI3UtdoQCnuBmgef5Zr7uTmTtzHklQ +L9eDjKQ1ZDPO7MrcLyvxdvgevYE/peotjFNsMy4n1aApOk4QAJVdvvlqqTErA+kR +QBDkBGWeOf2pXKjle27wPx9l7w/EgEc1LQ1rTBnMKUeOiPF7o1WQj1n4brNn4aHG +xfTu12dVuV8BtxI/K/Fa1ZAMVGNO4kssbtqMMU8RPZ/LNLFtAp2VLkjVxsSVKoVP +2gxHmzTeHafySDR6d+D2vjCajDoP+wXL1OrgBuiOpAwcC3L4Uz4YJukNAYkSyTKH +d7y+chsqfdN4jXvjSIEPyvlhn4N7lHrfAw1ZnAyom7KtiKntVHVu0F7rbUaMFplk +22pS9lMwbLw/YJUwpMtX8/QQCOYuO5dyOsXHqfiDWYWnDgsR7556zWpotuAi2Dkz +84jGO9CWq1JnPzxi/hgikg1Jq0/QfvR2i2ZIiJKEjfPzs3CCoJrBpa3PV4mIvomk +l/SW5PqJgANHy2pTIQs+pqB0yeET7GvIsScSVIXWFCXCtq+po/G55u6APKXFj1VP ++I0yklumuRN1I05Qdsps/OUeaz6+ghFu/HfWA9IZK8C4imSykRFW1GPA0qs7qy3j +iLx42iMHzEvJzkvi2lasWIROExsPyNMceeRyjvpXw8fVpoMRziNR1f8w6qvPv8gM +N7hiqKp8ybC11uuYejqkJtLWNF1riKtvZQWKK0Jc8rp5jL4309a+rqUlVnZ148oM +bhYq/5JC494fWUnHsMhaMNJoTRLyuQENBFhIUgIBCADTT2Zpzau7YxkaNTMYNYu3 +021R82exKDP0tc4GhFL4osvSUj+bxW/rmKnwBDafsALfskzWrNrTzWQQuSFxsnMD +mb2KheQ+jtYa71yed2NhJoFqj72A6OmqN1wo0K0zYBdP3ccSfrZ7lJcxiko5TLWe +SHTcQ2y/TWn/8IdCJ1Lu/pD3k/IP5yyEaJ/oTaM9SjbuKkmPsMAhIRGEm/nvZMP9 +a6Wmg28a3wMtkQNbj5hFOzaUJ3//SRmSga0XdTUKEqZcTHRhL/26uSHdN4pKwhwO +qIgQeuUkym1TYAXdVLCoLH0Mq9xCgrc0MlCRuQhE+kM973X6u8xbR0DaChShwgEl +ABEBAAGJAjYEKAEIACAWIQRKi6SMKu2TO9SVxQmh+6X374xIaQUCWl6A3gIdAQAK +CRCh+6X374xIaexhD/9RYHmE0dYm6lIzfGAf3MuDrDpp10P8eILcuhYbqM4IIOu+ +sJD6I3vRek+w2vlNBmY2HthQcOv3VRRiD5/RK/tLzrrQrMX7BFNOKjF6FEwllXbc +7fLPUNcvta76igxMdy1CNXTgVQkXv/L7XCzi1Ua7UgpVuF36ea+fH6/tdqK5FLRZ +WgnaPaRZo3V44xRDPh0dG6VE4leamJWz0RWtttH9jCwxPXvkf7XCZCD9M0ZURlK/ +8Bl5ES01x+09G8FS9FZwcJsZUdO0hRh5ODs7kXWZphk4xYsnPyFmcKWnbnji485D +9C8Uk6cepCOOvozmlCs1VYYjh5V1p6Tz0qNOpFOWLm6Ns+j0O6AgeopNQBqj9tbU +Q0CLXhDJ5Db4epSe+A6uc6vBm4k66DYOLl5ofOX1Uc+VA76S3YjlYkF+y8ya39wq +lBBISEgLjJfbs4bihnwfZ43ECr7fUQukg6Abpz1RvWsQi+1JzDMufpRgfKVjy+Np +81GWIyaVVrxYvxFxQ1cvwieGZuIAU6LLSH38rzCQqotXAgHxgeUzRpTSohL+ROIF +/mAcA1hoG79PPV8rS8zS3r50jbv04Agdh0ZCxG5gXtZzc06rjdGDGE+PnGjwGvuz +sbIx/KVOA/nceZs8BT3mm65MB3ppBWm8g4f3PoyW1nSOUWkngwAChAAb3HPKaYkC +JQQYAQgADwUCWEhSAgIbDAUJAg4GgAAKCRCh+6X374xIab0kD/935YykgKCxAkch +HR+fu1RB9wyL88P6nDJ/zm/O3e/QZVGrfNtTMgAM9OduxzMEzibaPCpz8nS6a4Rp +E9QcAQD3KN6TttDkzwKdtj0DKi/q5dWllnp56jC/0I6WfRyGrrcR+1rNO4LscJiV +rXYoQnJPN2B72DWnQF/fvX8dnulGjBtwCTfNQBSU1TTWcSoxB2nPaWAi2PwCfG6r +9PikrEo1Ya6NacRAVFUU0jYaEnj8dfH2oIQDo3r0V5yEFI8ky5JNTHDr1+OoEr6E +H9vBxqsimhRQJpiIkiaE8qYKJcphEv970HAVeXKKVgan+hnFN5Tn92/hcrJoUh5D +sEwBgxrgU0INWMgyJdt3MQQknTSxSJmcKlka+abIvbr5JmSxHnZ/omdxfta2euaA +X3N8lr8cxPrFx5p6moFjHonLGJUZDpZ4CSmqpiPUEFTyrUeWz1hty9L6DpisRBec +7KqSxgvGwT9gBZnMHFvFDkBLjWE7sJYu0WpTS92qwr0PPe02DGfGaGg2FW5uR1B3 +/DaxUTg4M86u/pNHvOCeifR8krTxvf0u36EJ6c1qv+5SE0py9d/50RJBQhMZZTHC +SlW4x0Eo9k9Lw2yEKHsrsxeLH6l/RAN3JUEFhqkUXRRX6tvTY/TWTPBK94g+SWla +POSDjS7ikOy4FJ7rmjR5OUcpEdsU6LkCDQRaKbA4ARAA0iJ7vcMwHis7RYSYnipd +8mi2RkRWJfsxQyj6CHUZv7NwLTyCxjat21VfDJ2SMeKaT3Sq6kvRa8/ZxpikbJ5m +ufzh+6I2lvMNYzev8SECuLMZaCmISHwH0+nRDsrWZ4DtGTCToLU74mez1GFckUTY +o8g8EGrBYbms0gKGc8639mlKZD1+eqmUxP43zfF430YNT0TAQ9zDMuyr6cKBVwBq +bXMxRQYo16IeP2lyD5RN+9NE5IqRFDRQZMqbv69iL36NtAMZ5M1KgRSn/CqCd6vK +EohJ8E4NOoKfmaOgGpYmpAHe7wYqPRHVY0r+SaY0Dlw0NmbN/HbhrcjwMjXXQCgo +Ea8aSbNH5zUXdJyOsKsF/dx7jCPS0BW2mauHVmPwMD1ZprYzFiLYE1UfScl/abvG +tzsr82wILfN0wswvsoXygGaJUUwkLGjOVrV7WIOr8XxoKOR5fqq13Jx1i6VVxCqB +pdGl7zbXJhGt5OMB072PTkJJ+pDQJlSY+r8V/lgn3bwUkXisk5SDp2ObgJhoMf3/ +WRwiIBzOlS+93xTrjego6I3lwSigUqpze44tqJNAVzT2lmbX2sZjbCafuoRDoqgy +49eSsU4eQKnKq1bp18ccl6KYsFu/Eui11atRoy0qObAbrUy54oJE+XKxoDYdZxqp +CIAmTlTXp4pvYiaOk71QF6kAEQEAAYkEcgQYAQgAJhYhBEqLpIwq7ZM71JXFCaH7 +pffvjEhpBQJaKbA4AhsCBQkCDgaAAkAJEKH7pffvjEhpwXQgBBkBCAAdFiEEFe8t +8KwPEBnPn+loGFnIJjkFVmwFAlopsDgACgkQGFnIJjkFVmya5BAA0JPGtGHpCLnL +PjxdLnIpUbQbaKA7AiYskJReIEqPOXWb9WguXYa0j8PsO8d7sn/tBMqw7XdezjWc +JWKutipV9tw6bWQfsx37dyplLwQ6FvuaAMAEXBdxS2Zvf5ffnq1/Sy+TZSRzVH9G +kkP7LgjFfjt4sXTi6KT3zv25ILblJk/Am8qpBt5Iia6hLibDtaz54o3CmotHi2JQ +LayWwQZ6A1a4/hlI7DczsEZfANxd2AItQOQQHvoTEuxFR0ew0dIdv5pLWrW2HfPi +LCFUk2tPImpLvUsmHTQ0kRp5RunObplWIkb7MqCb8DhJ7rbU4eur+qW046pNxci9 +4m0zpEBhdsgC2P+gYSfohYvpEdVMmUOETdxbEUREF1aud72+onyPSvLR6nTwM3Br +/v1NK3o8t6K9zkUnBFDtjqXn7vsf0CA1eszcygsAi06CSgpv8qnU4j7YoBspbCjE +INhip5iNigI3SN49gA9ON+0+FszDZU3sokvIu2xfvePyZ7OhQD6lu+KITlwUH2ED +IVpirH1ubO3VhxY6M9qBWs49UuCQbBaGBwpHlhg7n+wggx+k6Z59kU+4cd1Q9XNf +bk2hVvYdCvHbtH78rh8maLBdGsiyoWrLvcDF+z3G/afej3QVAP2LdWkurAxhUp7s +Af7VBKvcXCQ0/PGrfRpgdofxmNcQG1vVJw/7BtNHys0WLcT5AKEa27o1BpvsNgZ6 +h7i0/4AxTwrjAqzFRBvqs/hSJ/8hF5alfJUKv42OpzzSzSqqQUOH8WjgXX6bWn77 +LkwKLzEAsMnE2HtWRnBUjNqYxN/C//jSDW5foOqwL00J9/Skk9n9RYDdXUyQXsRg +6JKx78oqcYvApEgqEEO1maW++pOq3KH/Q2FQNOSL2E4nmVBIv782K0xGBgS/zHWn +KWLPstihrj0S4SemlVmhKoL9rh01hHiTDVtGfcIMl1dsjNM+1dr4rv+P/a9s3pFn +YfiEt0LwCnE/PS/CfeB/j0HuVIyLZ3V988UzQHanUcoc4G7GCXQfuSHmeeMm6Q7K +KbDFHHxeF5xEWmjvBT+imM4KqVdwBU7PmFpjB2pSlkAGHrXWvg7MjFqmiw4xCDEO +Ij1HCfptxbQ72T5v35z8WVvI04fNNyYGELBfE1gnU7fTYBqJEP0ySY3H4G+kUNgw +zAEy7GhC1eBSHq7PgygxnmxsTDrTPIuV6YixFN+aOwj8ta6pdNgRVn+tOEZo5G9U +i1qsGx+ZaObfC+Wj0i3AOXEC4K+8iknp8lxYfbMiK2raQtcKKhkh7sG5SNnnAeV7 +yFPLxxJ+VYkQA19fKQBTXbx9QvcCmsfFlsQctmQtD8SFGSAGG7p1Wvn839/WgGN/ +DFk7OCejSkFxA/e5Ag0EWimwwgEQANMcgbXsj94aW4O0CCrmvINtdzarw0w1ai2w +0m+P0xtPqwI6ruDAcKuxs8zKXE9MCzP8sh9oXMXl4gomzgF9AmSAus083oOvjTOr +/6t+Xi2Ot+kTPEVFiupNEchUSFzZMRN0GRA1/fnUf50Ayty2MW8LOgSFqnQyivFa +a5u4ctep2w08ICacsKSfie4Gbj2oE+3Fk5qVspDHY6kHGSu+Ee9NiHTvxY2oEWLf +LYRbZFirFWsjm7h8vYDZvnTm5pq+6naBAg64iCydRyIjDWIZQNEeVC3XnDYfXLrD +SsjmpgMrBVs7xwzqDdEIKHUD6xhjJeE+3ECqT7NwKzBTXl+5p/g+Zx1LyOzsInFc +lV5QP/XGtcNUwtLKtMkIsNPkqL6MBOiq3xTMZ4PI/qRS/Pt/bk7Z55H6bLLzIPDx +0X8I8dAuischzN5A1HG9tYTC4GAwo0NC/IFPH2OmYCNn6gBzufp4AvBkXTqGWEC7 +5PtpODYMcKihsNJIbXFZ+/V6wE+NIyvhCm6tM40wlckEyIG5tUjuOwuW0AhqCmCC +KaZl8NM76WYj7+7r2Ir8tlN3Sv3rQeGLGaYdxw2RzvBaetImvSzrNM2Lt12xwt0v +7P36DrWDYu6dDN7jAc70F3nFygNZQ5jtNgpcrGTBql8cd0Eb2groXchk7+q+3gEA +uJLDT4otABEBAAGJAjwEGAEIACYWIQRKi6SMKu2TO9SVxQmh+6X374xIaQUCWimw +wgIbDAUJAg4GgAAKCRCh+6X374xIaXwOD/wPK32kWIyo9r61bG3rLEjpagge62w7 +Pi5m9Ak3ezojYA12JO3BXhOfNB26iIUwWqAcLXCIsuaMPzr+lRX1KXxkeWkwmUyF +/pUcQ2D3fMdcz1pnsOK3Ijxi3eYbD7tK91WZJbrFlNI2XzPr9ARzLfYF5oZN02k7 +qd5XdMqtEc6Z3KZaVC2StvpI0AbpY+xEYmsYabM7ahEWQnHGf3zY8VpH62SIx19B +xjziZH3gIuhxgmkpxfMS15fxTEI4Nrq+uszzmTFeNfBPpOu2+lFVGDVk54b5KKgQ +/TOGXnbHbvFmgyKI1g7bTkJderhhj/IWdKjmIYRECEslDvlV7kXqR2Rm2F8JyHvV +iL9QYXVs5kwTPjUjYSDiazK8Ya6r2QPZSeSf8gfh4IkxQu4uOgUm+OeVp6BmnXef +BKJS+c5PL2OLKiOWjiVJMhfZfsKIWqE16Og5Ebs4x5pd25fxfUj6XBTwAsSMMZYj +3XvgDuTBlKBO6x3JESMjZE5PtXEl/T7xpgO+tAa6eegjcWSE9ct+Iup0Os26vMvc +B8EV5oS4OUr1bYoOnSvkWzm6LQIsYnpSufiwwFMrhoUOcLxPYzRDNDgFy+jrEEIr +fvo8QJDBx+1mc7oeoIgVlgS+o6bcziU7Dy36RfMrwaHXiWJwli79QzVWdinwoLFI +wsbCpWeHFBg8a7gzBFplBcMWCSsGAQQB2kcPAQEHQPlBkrV9cmCpdkqXV5lecMos +lNi1+tPfqS8XVYhw0XrXiQI8BBgBCAAmFiEESoukjCrtkzvUlcUJoful9++MSGkF +AlplBcMCGyAFCQHhM4AACgkQoful9++MSGkf6w/6AsoN1I77tjqtblHYtEZhS8Oj +peNmmk7xFA7r8EhjXiAUVUaLxucQQlBIMySnmg5jc5PGdCafzFL5axeaqLEUrvty +AhluNN9/LaMFVX/tBla7tJqWa1sfn4gJL0kvTp1szMIpnzaLhdf+qQmgqFHrHjpg +ovbry9KPWbKGVfDKQmMd04qzEMai1AF8Jcsm5AROljzC6hOK81nZxz7/LOiZN+UW +xPy5OzkuCvlOyrEztDdZjlyhyWkAnp+Nk2leO0kGHqETNDXFvGLzEy8QDCWMetRg +BuXhpnXVYu1qnaZLmVmym0A8NxZkh8GDLllyVxrTdLwAeigZcvRL6Cs9nFL9AjU+ +dekTKe8pSPb8rQb0xau1nuP33Miy4sDe22JmgUsdGfEM+m8Vq70gUlnO+PjPDcqJ +EJ3aL0MVVIpYpwM6n/mFFKYY5+/DPW3bBFnpmVwG0mc0tIXk4v0gsYTBr1IXFgpE +ZRciTksLq/ulCs+aXRwZoNuDex13Ka1rfXyGk7WaYRZ3rzWL0k0BJI3jFniMnrCV +aYvutuHTNTEThA0sjBmvb2N7oDM3zjtwx50v+gMrrrHEUXBjAU8CI5RcHpouh6MS +4Vp7vtSmQy27sWesWVf2ehe9da27/WtIZvL6f+4RjjyMJbDvUr/qptvOgjVM93mB +bMkzQRvMkEcKnbcBjGE= +=lP30 +-----END PGP PUBLIC KEY BLOCK----- diff --git a/knot-resolver.spec b/knot-resolver.spec index 0e979a8..8a382e6 100644 --- a/knot-resolver.spec +++ b/knot-resolver.spec @@ -1,16 +1,17 @@ %global _hardened_build 1 -# comment out this define using #%% if it is not a pre-release version -# %% define PRERELEASE rc3 +%define GPG_CHECK 1 +%define VERSION 2.1.0 +%define repodir %{_builddir}/%{name}-%{version} + Name: knot-resolver -Version: 1.5.3 -Release: %{?PRERELEASE}%{?PRERELEASE:.}1%{?dist}.1 +Version: %{VERSION} +Release: 1%{?dist} Summary: Caching full DNS Resolver License: GPLv3 URL: https://www.knot-resolver.cz/ -Source0: https://secure.nic.cz/files/%{name}/%{name}-%{version}%{?PRERELEASE:-}%{?PRERELEASE}.tar.xz -Source1: https://secure.nic.cz/files/%{name}/%{name}-%{version}%{?PRERELEASE:-}%{?PRERELEASE}.tar.xz.asc +Source0: https://secure.nic.cz/files/%{name}/%{name}-%{version}.tar.xz # LuaJIT only on these arches %if 0%{?rhel} @@ -20,24 +21,21 @@ ExclusiveArch: %{ix86} x86_64 ExclusiveArch: %{arm} aarch64 %{ix86} x86_64 %endif -Source2: config -Source3: rootkeys/root.keys - -Source100: kresd.service -Source101: kresd.socket -Source102: kresd-control.socket -Source103: kresd-tls.socket -Source104: kresd.tmpfiles +Source2: kresd.conf +Source3: root.keys +%if 0%{GPG_CHECK} +Source1: https://secure.nic.cz/files/%{name}/%{name}-%{version}.tar.xz.asc # PGP keys used to sign upstream releases # Export with --armor using command from https://fedoraproject.org/wiki/PackagingDrafts:GPGSignatures -# Don't forget to update %prep section when adding/removing keys -Source1000: gpgkey-B6006460B60A80E782062449E747DF1F9575A3AA.gpg.asc -Source1001: gpgkey-BE26EBB9CBE059B3910CA35BCE8DD6A1A50A21E4.gpg.asc - +# Don't forget to update %%prep section when adding/removing keys +Source100: gpgkey-B6006460B60A80E782062449E747DF1F9575A3AA.gpg.asc +Source101: gpgkey-BE26EBB9CBE059B3910CA35BCE8DD6A1A50A21E4.gpg.asc +Source102: gpgkey-4A8BA48C2AED933BD495C509A1FBA5F7EF8C4869.gpg.asc BuildRequires: gnupg2 +%endif -BuildRequires: pkgconfig(libknot) >= 2.3.1 +BuildRequires: pkgconfig(libknot) >= 2.6.4 BuildRequires: pkgconfig(libzscanner) >= 2.3.1 BuildRequires: pkgconfig(libdnssec) >= 2.3.1 BuildRequires: pkgconfig(libuv) @@ -78,12 +76,13 @@ architecture of the library keeps the core tiny and efficient, and provides a state-machine like API for extensions. The package is pre-configured as local caching resolver. -To start using it, just start the local DNS socket: -# systemctl start kresd.socket +To start using it, start a single kresd instance: +# systemctl start kresd@1.service -BEWARE: -Because of https://bugzilla.redhat.com/show_bug.cgi?id=1366968 -you need to switch your system to SELinux permissive mode. +If you run into issues with activation of the service or its sockets, either +update your selinux-policy package or turn off selinux (setenforce 0). +https://bugzilla.redhat.com/show_bug.cgi?id=1366968 +https://bugzilla.redhat.com/show_bug.cgi?id=1543049 %package devel Summary: Development headers for Knot DNS Resolver @@ -96,25 +95,27 @@ The package contains development headers for Knot DNS Resolver. # Disable doc package in EPEL - it missing fonts in sphinx_rtd_theme # https://bugzilla.redhat.com/show_bug.cgi?id=1492884 %package doc -Summary: Documentation for Knot DNS Resolver -BuildArch: noarch -Requires: %{name} = %{version}-%{release} +Summary: Documentation for Knot DNS Resolver +BuildArch: noarch +Requires: %{name} = %{version}-%{release} %description doc Documentation for Knot DNS Resolver %endif %prep +%if 0%{GPG_CHECK} export GNUPGHOME=./gpg-keyring mkdir ${GNUPGHOME} -gpg2 --import %{SOURCE1000} %{SOURCE1001} +gpg2 --import %{SOURCE100} %{SOURCE101} %{SOURCE102} gpg2 --verify %{SOURCE1} %{SOURCE0} +%endif +%setup -q -n %{name}-%{version} -%setup -q -n %{name}-%{version}%{?PRERELEASE:-}%{?PRERELEASE} rm -v scripts/bootstrap-depends.sh %build -%global build_paths PREFIX=%{_prefix} BINDIR=%{_bindir} LIBDIR=%{_libdir} INCLUDEDIR=%{_includedir} ETCDIR=%{_sysconfdir}/kresd +%global build_paths PREFIX=%{_prefix} BINDIR=%{_bindir} LIBDIR=%{_libdir} INCLUDEDIR=%{_includedir} ETCDIR=%{_sysconfdir}/knot-resolver %global build_flags V=1 CFLAGS="%{optflags}" LDFLAGS="%{__global_ldflags}" %{build_paths} HAS_go=no %make_build %{build_flags} @@ -128,27 +129,41 @@ make doc # move sample configuration files to documentation install -m 0755 -d %{buildroot}%{_pkgdocdir} -mv %{buildroot}%{_sysconfdir}/kresd/config.* %{buildroot}%{_pkgdocdir} +mv %{buildroot}%{_sysconfdir}/knot-resolver/config.* %{buildroot}%{_pkgdocdir} chmod 0644 %{buildroot}%{_pkgdocdir}/config.* # install configuration files mkdir -p %{buildroot}%{_sysconfdir} -install -m 0755 -d %{buildroot}%{_sysconfdir}/kresd -install -m 0644 -p %SOURCE2 %{buildroot}%{_sysconfdir}/kresd/config -install -m 0664 -p %SOURCE3 %{buildroot}%{_sysconfdir}/kresd/root.keys +install -m 0755 -d %{buildroot}%{_sysconfdir}/knot-resolver +install -m 0644 -p %SOURCE2 %{buildroot}%{_sysconfdir}/knot-resolver/kresd.conf +install -m 0664 -p %SOURCE3 %{buildroot}%{_sysconfdir}/knot-resolver/root.keys -# install systemd units +# install systemd units and doc mkdir -p %{buildroot}%{_unitdir} -install -m 0644 -p %SOURCE100 %{buildroot}%{_unitdir}/kresd.service -install -m 0644 -p %SOURCE101 %{buildroot}%{_unitdir}/kresd.socket -install -m 0644 -p %SOURCE102 %{buildroot}%{_unitdir}/kresd-control.socket -install -m 0644 -p %SOURCE103 %{buildroot}%{_unitdir}/kresd-tls.socket +install -m 0644 -p %{repodir}/systemd/kresd@.service %{buildroot}%{_unitdir}/kresd@.service +mkdir -p %{buildroot}%{_mandir}/man7 +install -m 0644 -p %{repodir}/doc/kresd.systemd.7 %{buildroot}%{_mandir}/man7/kresd.systemd.7 + +%if 0%{?rhel} +mkdir -p %{buildroot}%{_unitdir}/kresd@.service.d +install -m 0644 -p %{repodir}/systemd/drop-in/systemd-compat.conf %{buildroot}%{_unitdir}/kresd@.service.d/override.conf +%endif +%if 0%{?fedora} +# no socket activation for CentOS 7 (requires systemd.227) +install -m 0644 -p %{repodir}/systemd/kresd.socket %{buildroot}%{_unitdir}/kresd.socket +install -m 0644 -p %{repodir}/systemd/kresd-control@.socket %{buildroot}%{_unitdir}/kresd-control@.socket +install -m 0644 -p %{repodir}/systemd/kresd-tls.socket %{buildroot}%{_unitdir}/kresd-tls.socket +%endif # install tmpfiles.d mkdir -p %{buildroot}%{_tmpfilesdir} -install -m 0644 -p %SOURCE104 %{buildroot}%{_tmpfilesdir}/kresd.conf +install -m 0644 -p %{repodir}/systemd/tmpfiles/knot-resolver.conf %{buildroot}%{_tmpfilesdir}/knot-resolver.conf mkdir -p %{buildroot}%{_rundir} -install -m 0750 -d %{buildroot}%{_rundir}/kresd +install -m 0751 -d %{buildroot}%{_rundir}/knot-resolver + +# install cache +mkdir -p %{buildroot}%{_localstatedir}/cache +install -m 0750 -d %{buildroot}%{_localstatedir}/cache/knot-resolver # remove module with unsatisfied dependencies rm -r %{buildroot}%{_libdir}/kdns_modules/{http,http.lua} @@ -158,38 +173,65 @@ rm -r %{buildroot}%{_libdir}/kdns_modules/{http,http.lua} LD_PRELOAD=lib/libkres.so make check-unit %{build_flags} LDFLAGS="%{__global_ldflags} -ldl" %pre -getent group kresd >/dev/null || groupadd -r kresd -getent passwd kresd >/dev/null || useradd -r -g kresd -d %{_sysconfdir}/kresd -s /sbin/nologin -c "Knot DNS Resolver" kresd -exit 0 +getent group knot-resolver >/dev/null || groupadd -r knot-resolver +getent passwd knot-resolver >/dev/null || useradd -r -g knot-resolver -d %{_sysconfdir}/knot-resolver -s /sbin/nologin -c "Knot DNS Resolver" knot-resolver %post -%systemd_post kresd.service kresd.socket +%systemd_post system-kresd.slice /sbin/ldconfig +# TODO: can be removed when Fedora 27 is no longer supported and migration is no longer necessary +# Migration script +if [ -f "/etc/kresd/config" ]; then + echo -e '\n\n---------------------------------------------------------' + echo ' WARNING: Migrating to knot-resolver 2.0' + echo -e '---------------------------------------------------------\n' + echo 'Please check your configuration still works, it has been moved to' + echo '/etc/knot-resolver/kresd.conf' + echo -e "\nTo start or enable the service, please use 'kresd@1.service', e.g.:" + echo -e ' # systemctl start kresd@1.service\n\n' + systemctl stop kresd.service kresd{,-tls,-control}.socket &>/dev/null ||: + cp -r /etc/kresd/* /etc/knot-resolver/ + mv /etc/knot-resolver/config /etc/knot-resolver/kresd.conf + chown -R root:knot-resolver /etc/knot-resolver + sed -i 's#/etc/kresd#/etc/knot-resolver#' /etc/knot-resolver/kresd.conf +fi +if [ -d "/run/kresd" ]; then + rm -f /run/kresd/control + mv /run/kresd/* /var/cache/knot-resolver/ &>/dev/null + chown -R knot-resolver:knot-resolver /var/cache/knot-resolver +fi + %preun -%systemd_preun kresd.service kresd.socket +%systemd_preun system-kresd.slice %postun -%systemd_postun_with_restart kresd.service +%systemd_postun_with_restart system-kresd.slice /sbin/ldconfig %files %license COPYING %doc %{_pkgdocdir} -%attr(775,root,kresd) %dir %{_sysconfdir}/kresd -%attr(644,root,kresd) %config(noreplace) %{_sysconfdir}/kresd/config -%attr(664,root,kresd) %config(noreplace) %{_sysconfdir}/kresd/root.keys -%attr(644,root,kresd) %config(noreplace) %{_sysconfdir}/kresd/root.hints -%attr(644,root,kresd) %{_sysconfdir}/kresd/icann-ca.pem -%attr(750,kresd,kresd) %dir %{_rundir}/kresd -%{_unitdir}/kresd.service +%attr(775,root,knot-resolver) %dir %{_sysconfdir}/knot-resolver +%attr(644,root,knot-resolver) %config(noreplace) %{_sysconfdir}/knot-resolver/kresd.conf +%attr(664,root,knot-resolver) %config(noreplace) %{_sysconfdir}/knot-resolver/root.keys +%attr(644,root,knot-resolver) %config(noreplace) %{_sysconfdir}/knot-resolver/root.hints +%attr(644,root,knot-resolver) %config(noreplace) %{_sysconfdir}/knot-resolver/icann-ca.pem +%attr(750,knot-resolver,knot-resolver) %dir %{_localstatedir}/cache/knot-resolver +%{_unitdir}/kresd*.service +%if 0%{?rhel} +%{_unitdir}/kresd@.service.d/override.conf +%endif +%if 0%{?fedora} %{_unitdir}/kresd*.socket -%{_tmpfilesdir}/kresd.conf +%endif +%{_tmpfilesdir}/knot-resolver.conf %{_sbindir}/kresd %{_sbindir}/kresc %{_libdir}/libkres.so.* %{_libdir}/kdns_modules -%{_mandir}/man8/kresd.* +%{_mandir}/man8/kresd.8.gz +%{_mandir}/man7/kresd.systemd.7.gz %files devel %{_includedir}/libkres @@ -202,6 +244,67 @@ exit 0 %endif %changelog +* Fri Feb 16 2018 Tomas Krizek - 2.1.0-1 +- New upstream release 2.1.0 + +Knot Resolver 2.1.0 (2018-02-16) +================================ + +Incompatible changes +-------------------- +- stats: remove tracking of expiring records (predict uses another way) +- systemd: more chages in default unit files (TODO) +- ta_sentinel: implement protocol draft-ietf-dnsop-kskroll-sentinel-01 + (our draft-ietf-dnsop-kskroll-sentinel-00 implementation had inverted logic) +- libknot: require version 2.6.4 or newer to get bugfixes for DNS-over-TLS + +Bugfixes +-------- +- detect_time_jump module: don't clear cache on suspend-resume (#284) +- stats module: fix stats.list() returning nothing, regressed in 2.0.0 +- policy.TLS_FORWARD: refusal when configuring with multiple IPs (#306) +- cache: fix broken refresh of insecure records that were about to expire +- fix the hints module on some systems, e.g. Fedora (came back on 2.0.0) +- build with older gnutls (conditionally disable features) +- fix the predict module to work with insecure records & cleanup code + + +Knot Resolver 2.0.0 (2018-01-31) +================================ + +Incompatible changes +-------------------- +- systemd: change unit files to allow running multiple instances, + deployments with single instance now must use `kresd@1.service` + instead of `kresd.service`; see kresd.systemd(8) for details +- systemd: the directory for cache is now /var/cache/knot-resolver +- unify default directory and user to `knot-resolver` +- directory with trust anchor file specified by -k option must be writeable +- policy module is now loaded by default to enforce RFC 6761; + see documentation for policy.PASS if you use locally-served DNS zones +- drop support for alternative cache backends memcached, redis, + and for Lua bindings for some specific cache operations +- REORDER_RR option is not implemented (temporarily) + +New features +------------ +- aggressive caching of validated records (RFC 8198) for NSEC zones; + thanks to ICANN for sponsoring this work. +- forwarding over TLS, authenticated by SPKI pin or certificate. + policy.TLS_FORWARD pipelines queries out-of-order over shared TLS connection + Beware: Some resolvers do not support out-of-order query processing. + TLS forwarding to such resolvers will lead to slower resolution or failures. +- trust anchors: you may specify a read-only file via -K or --keyfile-ro +- trust anchors: at build-time you may set KEYFILE_DEFAULT (read-only) +- ta_sentinel module implements draft ietf-dnsop-kskroll-sentinel-00, + enabled by default +- serve_stale module is prototype, subject to change +- extended API for Lua modules + +Bugfixes +-------- +- fix build on osx - regressed in 1.5.3 (different linker option name) + * Wed Feb 07 2018 Fedora Release Engineering - 1.5.3-1.1 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild @@ -259,6 +362,11 @@ Improvements - add doc package - configure tarball signature verification - add root.hints file +- use upstream systemd unit files, paths and user name + - migrate configuration to /etc/knot-resolver + - use user knot-resolver + - store cache in /var/cache/knot-resolver + - use systemd alias knot-resolver -> kresd * Mon Nov 06 2017 Petr Špaček - 1.5.0-1 - New upstream release 1.5.0 diff --git a/kresd-control.socket b/kresd-control.socket deleted file mode 100644 index 6a671a1..0000000 --- a/kresd-control.socket +++ /dev/null @@ -1,13 +0,0 @@ -[Unit] -Description=Knot DNS Resolver control socket -Documentation=man:kresd(8) -Before=sockets.target - -[Socket] -ListenStream=/run/kresd/control -FileDescriptorName=control -Service=kresd.service -SocketMode=0660 - -[Install] -WantedBy=sockets.target diff --git a/kresd-tls.socket b/kresd-tls.socket deleted file mode 100644 index ad696be..0000000 --- a/kresd-tls.socket +++ /dev/null @@ -1,12 +0,0 @@ -[Unit] -Description=Knot DNS Resolver TLS network listener -Documentation=man:kresd(8) -Before=sockets.target - -[Socket] -ListenStream=853 -FileDescriptorName=tls -Service=kresd.service - -[Install] -WantedBy=sockets.target diff --git a/kresd.conf b/kresd.conf new file mode 100644 index 0000000..81034c0 --- /dev/null +++ b/kresd.conf @@ -0,0 +1,20 @@ +-- vim:syntax=lua: +-- Refer to manual: http://knot-resolver.readthedocs.org/en/latest/daemon.html#configuration + +-- Load useful modules +modules = { + 'policy', -- Block queries to local zones/bad sites + 'hints', -- Load /etc/hosts and allow custom root hints + 'stats', -- Track internal statistics + 'predict', -- Prefetch expiring/frequent records +} + +-- See kresd.systemd(7) about configuring network interfaces when using systemd +-- Listen on localhost (default) +-- net = { '127.0.0.1', '::1' } + +-- Enable DNSSEC validation +trust_anchors.file = '/etc/knot-resolver/root.keys' + +-- Cache size +cache.size = 100 * MB diff --git a/kresd.service b/kresd.service deleted file mode 100644 index 8126014..0000000 --- a/kresd.service +++ /dev/null @@ -1,15 +0,0 @@ -[Unit] -Description=Knot DNS Resolver daemon -Documentation=man:kresd(8) - -[Service] -Type=simple -WorkingDirectory=/run/kresd -ExecStart=/usr/sbin/kresd -c /etc/kresd/config --forks 1 -User=kresd -Restart=on-failure -# CAP_NET_BIND_SERVICE capability is needed for manual service activation -AmbientCapabilities=CAP_NET_BIND_SERVICE - -[Install] -WantedBy=multi-user.target diff --git a/kresd.socket b/kresd.socket deleted file mode 100644 index 7d8953c..0000000 --- a/kresd.socket +++ /dev/null @@ -1,13 +0,0 @@ -[Unit] -Description=Knot DNS Resolver network listeners -Documentation=man:kresd(8) -Before=sockets.target - -[Socket] -ListenStream=[::1]:53 -ListenDatagram=[::1]:53 -ListenStream=127.0.0.1:53 -ListenDatagram=127.0.0.1:53 - -[Install] -WantedBy=sockets.target diff --git a/kresd.tmpfiles b/kresd.tmpfiles deleted file mode 100644 index b35429d..0000000 --- a/kresd.tmpfiles +++ /dev/null @@ -1 +0,0 @@ -d /run/kresd 0750 kresd kresd - - diff --git a/sources b/sources index c58786e..253c060 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (knot-resolver-1.5.3.tar.xz) = 9d301705ecc01b2c6a2f3084697a789406165c79444fdac96a3d58294f3288ea6d86be7002dff96cfbf597d9e771b8838a875afdfaae29b97eee173c08805c19 -SHA512 (knot-resolver-1.5.3.tar.xz.asc) = 0e266becbdb79fdbd785eaec8362833496f8cb668a5af4871ff5cb462e8b7ac62f9f5ecfb4cb71ac4a6db20aaa0b5ae795b95e33b0a5d38c3f215795f244b262 +SHA512 (knot-resolver-2.1.0.tar.xz) = 3ad68cd160f818727b66c758d622d8e65db3782d6e075aeffd7c211f8eb49e6b393173455d439c1715e1d6f3a091f68b3479380b42db6a12e3fb9fa6122b1935 +SHA512 (knot-resolver-2.1.0.tar.xz.asc) = 9f08efc3e28d065051d7b6d0836d0ac90357cbdc86c320e6ef14fbbfbffcbf40b93c2257f93abad44481cedb1c77c3aa144b8726b9df4f96969e6652dc634086