-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, Unbound 1.0.2 is released. Get it at http://unbound.net/downloads/unbound-1.0.2.tar.gz SHA1 93faa7b76cf7681b8c7b0c5187aaf84c36b6670b SHA256 e6bbc4bb850c211e97ee7b5bc1827f59eb5222d295b715bda4551775766240ac Announcement discussion on http://nlnetlabs.nl/publications/unbound_patch_announce.html Short summary - ------------- Major feature is a more strict scrubber that filters incoming DNS replies for possibly malicious content. It is more strict in 1.0.2 to prevent certain types of malicious content. This can stop certain variants of the recently disclosed attacks on Blackhat. Also, a couple bugfixes: * nicer error when no entropy * fix segfault on exit when msgs still wait for udp ports * fix DS validation for clients There is a new HowTo on the unbound website: http://unbound.net/documentation/howto_anchor.html It details how to set up DNSSEC validation, with a script to keep the trust anchors up to date automatically. You can use DNSSEC to stop worrying about cache poisoning (for signed domains, that is ...). Best regards, ~ Wouter -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAkiasfsACgkQkDLqNwOhpPhYNgCffId69rDhGcIFLE/eCZblb5M0 1GYAoKfSh5PBJKcelO7CQSl3sTC+uFWt =wQrQ -----END PGP SIGNATURE-----