Knot Resolver 3.2.1 released


  • trust_anchors: respect validity time range during TA bootstrap (!748)
  • fix TLS rehandshake handling (!739)
  • make TLS_FORWARD compatible with GnuTLS 3.3 (!741)
  • special thanks to Grigorii Demidov for his long-term work on Knot Resolver!


  • improve handling of timed out outgoing TCP connections (!734)
  • trust_anchors: check syntax of public keys in DNSKEY RRs (!748)
  • validator: clarify message about bogus non-authoritative data (!735)
  • dnssec validation failures contain more verbose reasoning (!735)
  • new function trust_anchors.summary() describes state of DNSSEC TAs (!737), and logs new state of trust anchors after start up and automatic changes
  • trust anchors: refuse revoked DNSKEY even if specified explicitly, and downgrade missing the SEP bit to a warning