Bugfixes * Fixed Knot resolver version to 5.2.1 (fixed ocassional slow resolution issue and issues with particular domains)



New features

  • Completely reworked DNS logging (passivedns service is replaced by dnstag service)

  • Ability to log even encrypted traffic (DNS over HTTPS / TLS)

  • New DNS query types supported

  • Under heavy load does not overload single CPU core but distributes the load evenly

  • New network and disk operations metrics will be available from the portal

  • Based on up-to-date Knot Resolver version (5.5.0)


  • Fixed memory leak causing occasional swap issues on some of the resolvers

  • Higher precision of reporting of the available memory on the resolver machine

  • Fixed minor issues during update process in the agent (will be put to work after the update is finished)

  • Set memory limit for real-time Threat Intelligence updates as we have observed occasional overconsumption

  • Adjusted DNSSEC log gathering format to comply with changes in Knot Resolver


Bugfixes * fixed issue with QName minization affecting resolution of subdomains * small fixes on real time threat intelligence updates


Important! Before upgrade, make sure that the service systemd-resolved is running (in case it is installed): sudo systemctl enable systemd-resolved sudo systemctl start systemd-resolved

Changes - Software update source for Whalebone resolver is now (please check your firewall rules) - Based on DNS Flag Day 2020 recommendation that EDNS buffer size is adjusted to 1232 bytes

New features - Blocking page is reworked from the scratch (originally referred to as “Sinkhole”)

  • You can find the configuration in Configuration -> Blocking pages and the activation can be done in the resolver details in Policy assignment

  • It is hosted directly on the resolver (ports TCP/80,443 has to be reachable from clients)

  • Full access to html code editor

  • Feature “Continue anyway” - user can decide to continue to the destination malicious website on his own

  • Different blocking pages per IP or subnet - could be used to customize the blocking page for a specific customer (school, government office, etc.)

  • Definition of supported languages and a default language (for browsers that do not tell which language they prefer if any)

  • Knot resolver updated to version 5.1.3 (from version 5.1.1)

  • Management Agent for cloud communication is now independently monitored and if there are any issues, it is automatically restarted (no impact on DNS resolution)


New features - Knot Resolver update from version 5.2.1 to version 5.3.2

  • Various new features and fixed issues

  • One of the most significant changes is an improved algorithm of nameserver selection for recursive resolution. The updated algorithm ensures a faster and more reliable process.

  • Real-time threat intelligence synchronization - Whenever Whalebone finds a new threat, the resolver immediately receives the information and starts behaving accordingly. - For this purpose, the resolver stays connected to the service on the TCP/433 port.

  • Blocking of a new type of DNS requests (Type 65/HTTPS) - At this point, this type of request is most commonly used by Apple devices accessing services hosted on Cloudflare.

  • New categories of content filtering - P2P - DoH (DNS over HTTPS) - Child abuse

  • New categories of legal blocking requirements in different countries - United Kingdom - Serbia - Philippines

Fixed issues - Improvements in specific scenarios for threat evaluation of specific subdomains, which are included in content categories and at the same time under legal requirements of countries - Optimization of memory usage of the service which manages the threat database and the local blocking page