Knot Resolver 2.1.0 released

Incompatible changes

  • stats: remove tracking of expiring records (predict uses another way)
  • systemd: re-use a single kresd.socket and kresd-tls.socket
  • ta_sentinel: implement protocol draft-ietf-dnsop-kskroll-sentinel-01 (our draft-ietf-dnsop-kskroll-sentinel-00 implementation had inverted logic)
  • libknot: require version 2.6.4 or newer to get bugfixes for DNS-over-TLS


  • detect_time_jump module: don't clear cache on suspend-resume (#284)
  • stats module: fix stats.list() returning nothing, regressed in 2.0.0
  • policy.TLS_FORWARD: refusal when configuring with multiple IPs (#306)
  • cache: fix broken refresh of insecure records that were about to expire
  • fix the hints module on some systems, e.g. Fedora (came back on 2.0.0)
  • build with older gnutls (conditionally disable features)
  • fix the predict module to work with insecure records & cleanup code