Maintained by: NLnet Labs

[Unbound-users] Unbound 1.4.7 release

lst_hoe02 at kwsoft.de
Tue Nov 9 09:37:11 CET 2010


Zitat von "W.C.A. Wijngaards" <wouter at NLnetLabs.nl>:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hi,
>
> Unbound 1.4.7 is available.
>
> You can find it here:
> unbound.net/downloads/unbound-1.4.7rc1.tar.gz
> sha1  eb062726e074ebb0e7d64e31495db693defc6a9f
> sha256  f04944d10c65a548eb6a5ff17715283d9315d9a6c5585248e90384f10aee5748
>
> There are some bugfixes since 1.4.7rc1, which do not affect the build
> process, that are in release 1.4.7
>
> New dependency on libexpat (for parsing xml in unbound-anchor: tool to
> get the DNSSEC root key).
>
> Also, GOST is enabled by default, and errors if not supported.  And ldns
> if not recent enough there is a configure error (you can use the builtin
> or 1.6.7).

Is GOST a supported cipher for DNSSEC or will it be some time in the  
future? As far as i can see it is only available in openssl 1.x or  
newer and for the next few years this will probably not be the  
standard on Unix. So most of us have to use "--disable-gost" anyway...

> If you want to create a package with DNSSEC support then unbound-anchor
> is a tool that you can use.  It contains a copy of the root key DS, and
> a certificate to update it, it does RFC5011 tracking and https fetches
> to keep the DNSSEC root anchor updated.  Just put a line in unbound.conf
> and run it before you start unbound, thus, you may want to review your
> rc.init scripts.
>
> You can audit the included keys with unbound-anchor -l (or override with
> commandline options and it is open source).
>
> There are also some nice bugfixes in 1.4.7 :-)  Here is a long,
> detailed, list:

Thanks, i will try it out.

Regards

Andreas