Maintained by: NLnet Labs

[Unbound-users] Release of unbound 1.2.1

W.C.A. Wijngaards
Tue Feb 10 09:00:30 CET 2009

Hash: SHA1


This is the release of unbound 1.2.1
It works with ldns-1.5.0, also just released.

Get it at
SHA1 996aea210b24f8c4bd1aa7a9584bc5b70b989b1b
SHA256 1f95ca2904dfb813bf52f15156a8c769b365deb92fa7b995344062dea966dc29
(or use if our mirror has not updated yet).

This is mainly a bugfix release.  The deadlock fix is serious, the
features are really fixes for smoother operation.  Also note another fix
for libevent 1.3andolder - there was a call to a thread unsafe routine.


* negative caching for failed queries. Queries that failed (because the
entire domain is down) are cached for a very short time (seconds), this
lowers the load generated by the failed queries. If the failure is
local, like out of memory, it is not cached.
* stop resolving AAAAs promiscuously when they are in the negative
cache, together with the negative caching feature (just above) this
dampens the spikiness of the requestlist size.
* unbound-host -4 and -6 options. Stops annoying ipv6 errors when
debugging with unbound-host -4 -d ...
* honor QUIET=no on make commandline (or QUIET=yes ).

Bug Fixes

* Fixed server deadlock. Added cycle detection for NS-check, addr-check,
root-prime and stub-prime queries in the iterator.
* [bugzilla: 229 ]
fixup configure checks for compilation with Solaris sun studio cc
compiler, ./configure CC=/opt/SUNWspro/bin/cc
* fixup warnings emitted by sun studio compiler.
* the TTL comparison for the cache used different comparisons, causing
many cache responses that used the iterator and validator state machines
unnecessarily. Fixed.
* Fixed occasional SERVFAIL response when EDNS traffic is dropped for a
domain. Set retry from 4 to 5 so that EDNS drop retry is part of the
first query resolve attempt, and cached error does not stop EDNS fallback.
* removed debug prints in code that protects against bad referrals.
* fix bug where unbound could crash using libevent 1.3 and older.
* more quiet about ipv6 network failures, i.e. when ipv6 is not
available (network unreachable). Debug still printed on high verbosity.
* printout more detailed errors on ssl certificate loading failures.
* builtin IANA allocated portlist updated (these ports are avoided).

Best regards,
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora -