Maintained by: NLnet Labs

[Unbound-users] Unbound 1.5.2rc1 maintainers' prerelease

W.C.A. Wijngaards
Thu Feb 12 14:54:24 CET 2015


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hi,

Unbound 1.5.2rc1 release candidate 1 is available:
http://www.unbound.net/downloads/unbound-1.5.2rc1.tar.gz
sha1 ab2ec77e7abafda40151c4255a527e6fb8bbc47e
sha256 6c4b51cae92a088567eb243c00cee2b7841922f39482fdf8df41981993bf3f6f
http://www.unbound.net/downloads/unbound-1.5.2rc1.zip

This release fixes a DNSSEC validation issue when an upstream server
with different trust anchors introduces unsigned records in messages.
 Harden-glue when turned off allows potentially poisonous records in
the cache in the hopes of that enabling DNS resolution for 'impossible
to resolve' domains, it is fixed to have 'less cache poisoning',
quotes added because it is by definition not secure to turn off
harden-glue.  New features are that "inform" can be used to see which
IPs lookup a domain, and unbound-control can use named unix pipes.

Features
- -   local-zone: example.com inform makes unbound log a message with
client IP for queries in that zone. Eg. for finding infected hosts.
- -   patch from Stephane Lapie that adds to the python API, that
exposes struct delegpt, and adds the find_delegation function.
- -   Updated contrib warmup.cmd/sh to support two modes - load from
pre-defined list of domains or (with filename as argument) load from
user-specified list of domains, and updated contrib
unbound_cache.sh/cmd to support loading/save/reload cache to/from
default path or (with secondary argument) arbitrary path/filename,
from Yuri Voinov.
- -   patch for remote control over local sockets, from Dag-Erling
Smorgrav, Ilya Bakulin. Use control-interface: /path/sock and
control-use-cert: no.
- -   unbound-checkconf -f prints chroot with pidfile path.
- -   infra-cache-min-rtt patch from Florian Riehm, for expected long
uplink roundtrip times.

Bug Fixes
- -   config.guess and config.sub update from libtoolize.
- -   getauxval test for ppc64 linux compatibility.
- -   make strip works for unbound-host and unbound-anchor.
- -   print query name when max target count is exceeded.
- -   patch from Stuart Henderson that fixes DESTDIR in
unbound-control-setup for installs where config is not in the prefix
location.
- -   [bugzilla: 634 ] Fix #634: fix fail to start on Linux LTS 3.14.X,
ignores missing IP_MTU_DISCOVER OMIT option (fix from Remi Gacogne).
- -   Patch from Philip Paeps to contrib/unbound_munin_ that uses type
ABSOLUTE. Allows munin.conf: [idleserver.example.net]
unbound_munin_hits.graph_period minute
- -   Fix pyunbound ord call, portable for python 2 and 3.
- -   Fix unintended use of gcc extension for incomplete enum types,
compile with pedantic c99 compliance (from Daniel Dickman).
- -   Fix pyunbound byte string representation for python3.
- -   Fix 0x20 capsforid fallback to omit gratuitous NS and additional
section changes.
- -   Fix validation failure in case upstream forwarder (ISC BIND) does
not have the same trust anchors and decides to insert unsigned NS
record in authority section.
- -   Fix scrubber with harden-glue turned off to reject NS (and other
not-address) records.
- -   iana portlist update.

Best regards,
   Wouter
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJU3LCLAAoJEJ9vHC1+BF+NkfsQAKlzOBIkqylWAQJPu4gOWhfu
Xf++CAdu8HztkA8qXmHerOsjjjj2f1r+X3kieV2/o/8HXRDUUQaK0WyFFTXq8wuy
Ay6lXabpm7spicweujfn8TK5q3QDtO5JS7gFu6uBrkv22F9pktZEZSwKVJonkopg
q3pXVFy5PREpaqgR9E3X7Tr9eHS13xinC+Z7SMprxqMBqlQ8QFaZxBiom+tb5eWS
EbrZmy0l6AHiyovqqjSJzt5WYUUOeJFJgKG/RvGBm5HvOPNmWoy/jzSsxtWfZwnw
x3xTDIoz8/7WZVj31JwYJj4pOI4Y49oA6deWhpsOpKnQE0QV8OWFFKagZ5vaLb1O
iooHYwcrv+56sTfq4Kk4jBlRiSRKSFa6p25Q5phHVkjbPSYwBfvXsfg8j4J75buD
3ihoWF8u+1JgNJdd/k0tR3nHCaF/ZzJQAk26FU8a6e4FAVgYLXX14YtBPQmDd9xA
EnrVbNJyGIX2oGK0Cv5ccoMTHYLyEALmdRP1Whv7Yr0rsnJspJYdvij4XlKsqFA5
P34BevkRmEJ08+X1zcix1sUtXYx7sd8VNxCx2v6EPrJU3fVIhl4R4SkyF5wkYKSt
gHopx37MjBqZBOlxyT0fYfc0v/Ul5VQBMP54tTxokeh2uVAFGShUFfZqwsOCpipb
nr9RCXhvqX+Ogn/sBQxu
=0OU9
-----END PGP SIGNATURE-----