Maintained by: NLnet Labs

[Unbound-users] Unbound 1.0.2 released

Wouter Wijngaards
Thu Aug 7 10:27:39 CEST 2008


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

Unbound 1.0.2 is released. Get it at
http://unbound.net/downloads/unbound-1.0.2.tar.gz
SHA1 93faa7b76cf7681b8c7b0c5187aaf84c36b6670b
SHA256 e6bbc4bb850c211e97ee7b5bc1827f59eb5222d295b715bda4551775766240ac

Announcement discussion on
http://nlnetlabs.nl/publications/unbound_patch_announce.html

Short summary
- -------------

Major feature is a more strict scrubber that filters incoming DNS
replies for possibly malicious content.  It is more strict in 1.0.2 to
prevent certain types of malicious content.  This can stop certain
variants of the recently disclosed attacks on Blackhat.

Also, a couple bugfixes:
* nicer error when no entropy
* fix segfault on exit when msgs still wait for udp ports
* fix DS validation for clients

There is a new HowTo on the unbound website:
http://unbound.net/documentation/howto_anchor.html
It details how to set up DNSSEC validation, with a script to keep the
trust anchors up to date automatically. You can use DNSSEC to stop
worrying about cache poisoning (for signed domains, that is ...).

Best regards,
~   Wouter
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkiasfsACgkQkDLqNwOhpPhYNgCffId69rDhGcIFLE/eCZblb5M0
1GYAoKfSh5PBJKcelO7CQSl3sTC+uFWt
=wQrQ
-----END PGP SIGNATURE-----