diff --git a/knot.spec b/knot.spec
index c3872d7..839bffe 100644
--- a/knot.spec
+++ b/knot.spec
@@ -1,82 +1,98 @@
 %global _hardened_build 1
-%{!?_pkgdocdir: %global _pkgdocdir %{_docdir}/%{name}-%{version}}
+%{!?_pkgdocdir: %global _pkgdocdir %{_docdir}/%{name}}
 
 %define GPG_CHECK 1
-%define VERSION 2.6.8
+%define VERSION 2.7.1
+%define repodir %{_builddir}/%{name}-%{version}
 
-Summary: High-performance authoritative DNS server
-Name: knot
-Version: %{VERSION}
-Release: 2%{?dist}
-License: GPLv3
-Group: System Environment/Daemons
-URL: http://www.knot-dns.cz
-Source0: http://public.nic.cz/files/knot-dns/%{name}-%{version}.tar.xz
-
-Source2: %{name}.service
-Source3: %{name}.conf
-Source4: %{name}.tmpfiles
+Summary:	High-performance authoritative DNS server
+Name:		knot
+Version: 	%{VERSION}
+Release: 	1%{?dist}
+License:	GPLv3
+Group:		System Environment/Daemons
+URL:		http://www.knot-dns.cz
+Source0:	http://public.nic.cz/files/knot-dns/%{name}-%{version}.tar.xz
 
 %if 0%{GPG_CHECK}
-Source1: http://public.nic.cz/files/knot-dns/%{name}-%{version}.tar.xz.asc
+Source1:	http://public.nic.cz/files/knot-dns/%{name}-%{version}.tar.xz.asc
 # PGP keys used to sign upstream releases
 # Export with --armor using command from https://fedoraproject.org/wiki/PackagingDrafts:GPGSignatures
 # Don't forget to update %%prep section when adding/removing keys
-Source100: gpgkey-742FA4E95829B6C5EAC6B85710BB7AF6FEBBD6AB.gpg.asc
-BuildRequires:  gnupg2
+Source100:	gpgkey-742FA4E95829B6C5EAC6B85710BB7AF6FEBBD6AB.gpg.asc
+BuildRequires:	gnupg2
 %endif
 
 # Required dependencies
-BuildRequires: gcc
-BuildRequires: pkgconfig(liburcu) pkgconfig(gnutls) >= 3.3 pkgconfig(nettle) lmdb-devel pkgconfig(libedit)
+BuildRequires:	gcc
+BuildRequires:	pkgconfig(liburcu)
+BuildRequires:	pkgconfig(gnutls) >= 3.3
+BuildRequires:	pkgconfig(libedit)
+
 # Optional dependencies
-BuildRequires: pkgconfig(libcap-ng) pkgconfig(libidn2) pkgconfig(libsystemd) pkgconfig(libfstrm) pkgconfig(libprotobuf-c)
-BuildRequires: systemd
+BuildRequires:	pkgconfig(libcap-ng)
+BuildRequires:	pkgconfig(libfstrm)
+BuildRequires:	pkgconfig(libidn2)
+BuildRequires:	pkgconfig(libmaxminddb)
+BuildRequires:	pkgconfig(libprotobuf-c)
+BuildRequires:	pkgconfig(libsystemd)
+BuildRequires:	pkgconfig(systemd)
 
-Requires: python2-lmdb
+# Distro-dependent dependencies
+%if 0%{?suse_version}
+BuildRequires:	python3-Sphinx
+BuildRequires:	lmdb-devel
+BuildRequires:	protobuf-c
+Requires(pre):  pwdutils
+%endif
+%if 0%{?rhel}
+BuildRequires:	python-sphinx
+BuildRequires:	lmdb-devel
+%endif
+%if 0%{?fedora}
+BuildRequires:	python3-sphinx
+BuildRequires:	pkgconfig(lmdb)
+%endif
 
-Requires(post): python2-lmdb
-Requires(post): systemd %{_sbindir}/runuser
-Requires(preun): systemd
-Requires(postun): systemd
+Requires(post):		systemd %{_sbindir}/runuser
+Requires(preun):	systemd
+Requires(postun):	systemd
 
-Requires: %{name}-libs%{?_isa} = %{version}-%{release}
+# Knot DNS 2.7+ isn't compatible with earlier knot-resolver
+Conflicts:	knot-resolver < 3.0.0
+
+Requires:	%{name}-libs%{?_isa} = %{version}-%{release}
 
 %description
 Knot DNS is a high-performance authoritative DNS server implementation.
 
 %package libs
-Summary: Libraries used by the Knot DNS server and client applications
+Summary:	Libraries used by the Knot DNS server and client applications
 
 %description libs
 The package contains shared libraries used by the Knot DNS server and
 utilities.
 
 %package devel
-Summary: Development header files for the Knot DNS libraries
-Requires: %{name}-libs%{?_isa} = %{version}-%{release}
+Summary:	Development header files for the Knot DNS libraries
+Requires:	%{name}-libs%{?_isa} = %{version}-%{release}
 
 %description devel
 The package contains development header files for the Knot DNS libraries
 included in knot-libs package.
 
 %package utils
-Summary: DNS client utilities shipped with the Knot DNS server
-Requires: %{name}-libs%{?_isa} = %{version}-%{release}
+Summary:	DNS client utilities shipped with the Knot DNS server
+Requires:	%{name}-libs%{?_isa} = %{version}-%{release}
 
 %description utils
 The package contains DNS client utilities shipped with the Knot DNS server.
 
 %package doc
-Summary: Documentation for the Knot DNS server
-License: GPLv3 and BSD and MIT
-BuildArch: noarch
-%if 0%{?rhel}
-BuildRequires: python-sphinx
-%else
-BuildRequires: python3-sphinx
-%endif
-Provides: bundled(jquery) = 3.1.0
+Summary:	Documentation for the Knot DNS server
+License:	GPLv3 and BSD and MIT
+BuildArch:	noarch
+Provides:	bundled(jquery) = 3.1.0
 
 %description doc
 The package contains documentation for the Knot DNS server.
@@ -91,9 +107,6 @@ gpg2 --verify %{SOURCE1} %{SOURCE0}
 %endif
 %setup -q
 
-# make sure embedded LMDB library is not used
-rm -vr src/contrib/lmdb
-
 %build
 # disable debug code (causes unused warnings)
 CFLAGS="%{optflags} -DNDEBUG -Wno-unused"
@@ -101,10 +114,19 @@ CFLAGS="%{optflags} -DNDEBUG -Wno-unused"
 %ifarch armv7hl i686
 # 32-bit architectures sometimes do not have sufficient amount of
 # contiguous address space to handle default values
-%define configure_db_sizes --with-conf-mapsize=64 --with-timer-mapsize=16
+%define configure_db_sizes --with-conf-mapsize=64
 %endif
 
-%configure %{configure_db_sizes} --disable-fastparser  # FIXME
+%configure \
+  --sysconfdir=/etc \
+  --localstatedir=/var/lib \
+  --libexecdir=/usr/lib/knot \
+  --with-rundir=/run/knot \
+  --with-storage=/var/lib/knot \
+  %{?configure_db_sizes} \
+  --disable-static \
+  --enable-dnstap=yes \
+  --with-module-dnstap=yes
 make %{?_smp_mflags}
 make html
 
@@ -112,96 +134,89 @@ make html
 make install DESTDIR=%{buildroot}
 
 # install documentation
-mkdir -p %{buildroot}%{_pkgdocdir}
+install -d -m 0755 %{buildroot}%{_pkgdocdir}/samples
+install -p -m 0644 -t %{buildroot}%{_pkgdocdir}/samples samples/*.zone*
+install -p -m 0644 NEWS README %{buildroot}%{_pkgdocdir}
 cp -av doc/_build/html %{buildroot}%{_pkgdocdir}
 [ -r %{buildroot}%{_pkgdocdir}/html/index.html ] || exit 1
 rm -f %{buildroot}%{_pkgdocdir}/html/.buildinfo
 
-# install customized configuration file
+# install configuration file
 rm %{buildroot}%{_sysconfdir}/%{name}/*
-install -p -m 0644 -D %{SOURCE3} %{buildroot}%{_sysconfdir}/%{name}/%{name}.conf
+install -p -m 0644 -D %{repodir}/samples/%{name}.sample.conf %{buildroot}%{_sysconfdir}/%{name}/%{name}.conf
 
-# install service file and create rundir
-install -p -m 0644 -D %{SOURCE2} %{buildroot}%{_unitdir}/%{name}.service
-install -p -m 0644 -D %{SOURCE4} %{buildroot}%{_tmpfilesdir}/%{name}.conf
-install -d -m 0755 %{buildroot}%{_localstatedir}/run/%{name}
+# install systemd files
+install -p -m 0644 -D %{repodir}/distro/common/%{name}.service %{buildroot}%{_unitdir}/%{name}.service
+install -p -m 0644 -D %{repodir}/distro/common/%{name}.tmpfiles %{buildroot}%{_tmpfilesdir}/%{name}.conf
 
 # create storage dir and key dir
-mkdir -p %{buildroot}%{_sharedstatedir}
-install -d -m 0775 %{buildroot}%{_sharedstatedir}/%{name}
-install -d -m 0770 %{buildroot}%{_sharedstatedir}/%{name}/keys
+install -d %{buildroot}%{_sharedstatedir}
+install -d -m 0775 -D %{buildroot}%{_sharedstatedir}/%{name}
+install -d -m 0770 -D %{buildroot}%{_sharedstatedir}/%{name}/keys
 
-# install config samples into docdir
-install -d -m 0755 %{buildroot}%{_pkgdocdir}/samples
-for sample_file in knot.sample.conf example.com.zone; do
-    install -p -m 0644 samples/${sample_file} %{buildroot}%{_pkgdocdir}/samples
-done
-
-# remove static libraries and libarchive files
-rm %{buildroot}%{_libdir}/*.a
-rm %{buildroot}%{_libdir}/*.la
+# remove libarchive files
+find %{buildroot} -type f -name "*.la" -delete -print
 
 %check
 make check
 
 %pre
 getent group knot >/dev/null || groupadd -r knot
-getent passwd knot >/dev/null || useradd -r -g knot -d %{_sysconfdir}/knot -s /sbin/nologin -c "Knot DNS server" knot
-exit 0
+getent passwd knot >/dev/null || \
+  useradd -r -g knot -d %{_sysconfdir}/knot -s /sbin/nologin \
+  -c "Knot DNS server" knot
+%if 0%{?suse_version}
+%service_add_pre knot.service
+%endif
 
 %post
+systemd-tmpfiles --create %{_tmpfilesdir}/knot.conf &>/dev/null || :
+%if 0%{?suse_version}
+%service_add_post knot.service
+%else
 %systemd_post knot.service
-if [ $1 -gt 1 ] ; then  # upgrade
-    if rpm -q --qf=%%{version} knot | grep -q "^1\." ; then  # detect versions 1.y.z
-        echo 'Automatic upgrade from Knot DNS versions 1.y.z is not supported anymore'
-        echo 'Contact https://www.knot-dns.cz/support/'
-        exit 1
-    fi
-
-    # 2.[0-4].z -> 2.5+.z migration
-    if rpm -q --qf=%%{version} knot | grep -q '^2.[0-4]\.' ; then
-        # rename modules
-        echo 'Migrating module names in configuration file /etc/knot/knot.conf'
-        sed -i.rpmsave -e 's/\bmod-online-sign\b/mod-onlinesign/' -e 's/\bmod-synth-record\b/mod-synthrecord/' /etc/knot/knot.conf
-        echo 'Migrating KASP database %{_sharedstatedir}/%{name}/keys from JSON files to LMDB database'
-        # migrate keys into LMDB
-        %{_sbindir}/runuser -u knot -- %{_sbindir}/pykeymgr -i %{_sharedstatedir}/%{name}/keys
-    fi
-fi
-
+%endif
 
 %preun
+%if 0%{?suse_version}
+%service_del_preun knot.service
+%else
 %systemd_preun knot.service
+%endif
 
 %postun
+%if 0%{?suse_version}
+%service_del_postun knot.service
+%else
 %systemd_postun_with_restart knot.service
+%endif
 
 %post libs -p /sbin/ldconfig
 
 %postun libs -p /sbin/ldconfig
 
 %files
+%license COPYING
+%{_pkgdocdir}/NEWS
+%{_pkgdocdir}/README
 %{_pkgdocdir}/samples
 %dir %attr(750,root,knot) %{_sysconfdir}/%{name}
 %config(noreplace) %attr(640,root,knot) %{_sysconfdir}/%{name}/%{name}.conf
 %dir %attr(775,root,knot) %{_sharedstatedir}/%{name}
 %dir %attr(770,root,knot) %{_sharedstatedir}/%{name}/keys
-%dir %attr(-,knot,knot) %{_localstatedir}/run/%{name}
-%{_unitdir}/%{name}.service
+%{_unitdir}/knot.service
 %{_tmpfilesdir}/%{name}.conf
-%{_bindir}/kjournalprint
 %{_bindir}/kzonecheck
+%{_sbindir}/kjournalprint
 %{_sbindir}/keymgr
 %{_sbindir}/knotc
 %{_sbindir}/knotd
-%{_sbindir}/pykeymgr
-%{_mandir}/man1/kjournalprint.*
 %{_mandir}/man1/kzonecheck.*
 %{_mandir}/man5/knot.conf.*
+%{_mandir}/man8/kjournalprint.*
 %{_mandir}/man8/keymgr.*
 %{_mandir}/man8/knotc.*
 %{_mandir}/man8/knotd.*
-%{_mandir}/man8/pykeymgr.*
 
 %files utils
 %{_bindir}/kdig
@@ -214,16 +229,18 @@ fi
 %{_mandir}/man1/knsupdate.*
 
 %files libs
-%doc COPYING AUTHORS NEWS THANKS
+%license COPYING
+%doc NEWS
+%doc README
 %{_libdir}/libdnssec.so.*
 %{_libdir}/libknot.so.*
 %{_libdir}/libzscanner.so.*
 
 %files devel
-%{_includedir}/dnssec
+%{_includedir}/libdnssec
 %{_includedir}/knot
 %{_includedir}/libknot
-%{_includedir}/zscanner
+%{_includedir}/libzscanner
 %{_libdir}/libdnssec.so
 %{_libdir}/libknot.so
 %{_libdir}/libzscanner.so
@@ -237,6 +254,70 @@ fi
 %{_pkgdocdir}/html
 
 %changelog
+* Wed Aug 15 2018 Tomas Krizek <tomas.krizek@nic.cz> - 2.7.1-1
+Knot DNS 2.7.1 (2018-08-14)
+===========================
+
+Improvements:
+-------------
+ - Added zone wire size information to zone loading log message
+ - Added debug log message for each unsuccessful remote address operation
+ - Various improvements for packaging
+
+Bugfixes:
+---------
+ - Incompatible handling of RRSIG TTL value when creating a DNS message
+ - Incorrect RRSIG TTL value in zone differences and knotc zone operation outputs
+ - Default configure prefix is ignored
+
+Knot DNS 2.7.0 (2018-08-03)
+===========================
+
+Features:
+---------
+ - New DNS Cookies module and related '+cookie' kdig option
+ - New module for response tailoring according to client's subnet or geographic location
+ - General EDNS Client Subnet support in the server
+ - OSS-Fuzz integration (Thanks to Jonathan Foote)
+ - New '+ednsopt' kdig option (Thanks to Jan Včelák)
+ - Online Signing support for automatic key rollover
+ - Non-normal file (e.g. pipe) loading support in zscanner #542
+ - Automatic SOA serial incrementation if non-empty zone difference
+ - New zone file load option for ignoring zone file's SOA serial
+ - New build-time option for alternative malloc specification
+ - Structured logging for DNSSEC key submission event
+ - Empty QNAME support in kdig
+
+Improvements:
+-------------
+ - Various library and server optimizations
+ - Reduced memory consumption of outgoing IXFR processing
+ - Linux capabilities use overhaul #546 (Thanks to Robert Edmonds)
+ - Online Signing properly signs delegations and CNAME records
+ - CDS/CDNSKEY rrset is signed with KSK instead of ZSK
+ - DNSSEC-related records are ignored when loading zone difference with signing enabled
+ - Minimum allowed RSA key length was increased to 1024
+ - Removed explicit dependency on Nettle
+
+Bugfixes:
+---------
+ - Possible uninitialized address buffer use in zscanner
+ - Possible index overflow during multiline record parsing in zscanner
+ - kdig +tls sometimes consumes 100 % CPU #561
+ - Single-Type Signing doesn't work with single ZSK key #566
+ - Zone not flushed after re-signing during zone load #594
+ - Server crashes when committing empty zone transaction
+ - Incoming IXFR with on-slave signing sometimes leads to memory corruption #595
+
+Compatibility:
+--------------
+ - Removed obsolete RRL configuration
+ - Removed obsolete module names 'mod-online-sign' and 'mod-synth-record'
+ - Removed obsolete 'ixfr-from-differences' configuration option
+ - Removed old journal migration
+ - Removed module rosedb
+
+
 * Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2.6.8-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
 
diff --git a/sources b/sources
index 88b26f8..d5ae23c 100644
--- a/sources
+++ b/sources
@@ -1,2 +1,2 @@
-SHA512 (knot-2.6.8.tar.xz) = 3300985bd4fbf88b58fbb5ba06bdd3dcbe7a50885baa89f9db47811c071a93994a2b17a0dbd27d185feade056ed5d65eef712eedb26de5a4101da363a7c24967
-SHA512 (knot-2.6.8.tar.xz.asc) = 70761db0b2b01a98d18acba4bb4ea4e5f4b49452631194a3dd0e26de272e317b1107382e24c15b2773f849b97a15ae72c55aacf524f643abf144c127127b62fe
+SHA512 (knot-2.7.1.tar.xz) = 547a146abb882885ff2ba0fe070a03b29138400dad78119e9c550019369a01902bc1c8f0fd12ca19367e716e506e680acc27f4d7801a30fbdec3f4cf6f4105e7
+SHA512 (knot-2.7.1.tar.xz.asc) = 86b9c34be9fd24a153a3261551167273974b9bed06cc8e28b1ce0af02f905dc1b904a4ecc71f0f17475cd76f60ebdf8d288b4a27e5ad808bf13f39f32491e8e6