Maintained by: NLnet Labs

[Unbound-users] Release of unbound 1.3.1

W.C.A. Wijngaards
Thu Jul 9 11:42:58 CEST 2009


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

Unbound 1.3.1 is released.  Tarball is here:
http://unbound.net/downloads/unbound-1.3.1.tar.gz
sha1 19fd5aaddfce7de9e05bb5d6720707f98c1f649a
sha256 55961c23c6cde824adef8de8d83dae7dcd40528333960d5c3d5028904d799e87


Short summary:  contains bugfixes for bugs reported.


Features
* unbound_munin_ in contrib uses ps to show total memory rss if sbrk
hack does not work.
* Added build-unbound-localzone-from-hosts.pl to contrib, from Dennis
DeDonatis. It converts /etc/hosts into config statements.

Bug Fixes
* Fixup potential wrong NSEC picked out of the cache.
* If unfulfilled callbacks are deleted they are called with an error.
* fwd above stub in configuration works.
* [bugzilla: 254 ] removed random whitespace from example.conf.
* Fixed bug where cached responses would lose their security status on
second validation, which especially impacted dlv lookups. Reported by
Hauke Lampe.
* Fixup opportunistic target query generation to it does not generate
queries that are known to fail.
* harden-referral-path: handle cases where NS is in answer section.
* updated fedora specfile in contrib from Paul Wouters.
* Fix EDNS fallback when EDNS works for short answers but long answers
are dropped.
* On Linux, fragment IPv6 datagrams to the IPv6 minimum MTU, to avoid
dropped packets at routers.
* Fix of message parse bug where (specifically) an NSEC and RRSIG in the
wrong order would be parsed, but put wrongly into internal structures so
that later validation would fail.
* Queries for type DS when forward or stub zones are there. They are
performed to higherup domains, and thus treated as if going to higher
zones when looking up the right forward or stub server. This makes a
stub pointing to a local server that has a local view of example.com
signed with the same keys as are publicly used work. Reported by Johan
Ihren.
* same thing fixed for forward-zone and DS, chain of trust from public
internet into the forward-zone works now.
* flush_type and flush_name remove message cache entries as well, so
they remove errors from the cache as well
* delegationpoint bogus flag copied fix
* [bugzilla: 251 ] openssl key files are opened 'apache-style', from
user root and before the chroot. This makes permissions on
remote-control key files easier.
* fail to configure with python if swig is not found.
* Fix of empty -L during linking
* updated ldns tarball to latest
* updated iana portlist

Best regards,
   Wouter
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAkpVu6IACgkQkDLqNwOhpPg6OwCdEQ5jm/PSvYwZmufEE9b2mi1l
ev4AoJu16hFrA6vIF/OoEQGtfGOk9QUH
=s8FR
-----END PGP SIGNATURE-----