Maintained by: NLnet Labs

[Unbound-users] Unbound 1.5.2 release

Maciej Soltysiak
Thu Feb 19 17:55:00 CET 2015


Cool stuff!

Can I use inform and refuse at the same time?

Please forgive brevity, on mobile device.
Maciej
On 19 Feb 2015 16:15, "W.C.A. Wijngaards" <wouter at nlnetlabs.nl> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> Hi,
>
> Unbound 1.5.2 is available:
> http://www.unbound.net/downloads/unbound-1.5.2.tar.gz
> sha1 91c805af3fc702eb98ec2679a586cacd05fc4268
> sha256 33ab6c6a5ce3247b0a57e34d209fe8936e1218ff89a9b7ca3ff00c2060dd35c7
> http://www.unbound.net/downloads/unbound-1.5.2.zip
>
> This release fixes a DNSSEC validation issue when an upstream server
> with different trust anchors introduces unsigned records in messages.
>  Harden-glue when turned off allows potentially poisonous records in
> the cache in the hopes of that enabling DNS resolution for 'impossible
> to resolve' domains, it is fixed to have 'less cache poisoning',
> quotes added because it is by definition not secure to turn off
> harden-glue.  New features are that "inform" can be used to see which
> IPs lookup a domain, and unbound-control can use named unix pipes.
>
> Features
> - -   local-zone: example.com inform makes unbound log a message with
> client IP for queries in that zone. Eg. for finding infected hosts.
> - -   patch from Stephane Lapie that adds to the python API, that
> exposes struct delegpt, and adds the find_delegation function.
> - -   Updated contrib warmup.cmd/sh to support two modes - load from
> pre-defined list of domains or (with filename as argument) load from
> user-specified list of domains, and updated contrib
> unbound_cache.sh/cmd to support loading/save/reload cache to/from
> default path or (with secondary argument) arbitrary path/filename,
> from Yuri Voinov.
> - -   patch for remote control over local sockets, from Dag-Erling
> Smorgrav, Ilya Bakulin. Use control-interface: /path/sock and
> control-use-cert: no.
> - -   unbound-checkconf -f prints chroot with pidfile path.
> - -   infra-cache-min-rtt patch from Florian Riehm, for expected long
> uplink roundtrip times.
>
> Bug Fixes
> - -   config.guess and config.sub update from libtoolize.
> - -   getauxval test for ppc64 linux compatibility.
> - -   make strip works for unbound-host and unbound-anchor.
> - -   print query name when max target count is exceeded.
> - -   patch from Stuart Henderson that fixes DESTDIR in
> unbound-control-setup for installs where config is not in the prefix
> location.
> - -   [bugzilla: 634 ] Fix #634: fix fail to start on Linux LTS 3.14.X,
> ignores missing IP_MTU_DISCOVER OMIT option (fix from Remi Gacogne).
> - -   Patch from Philip Paeps to contrib/unbound_munin_ that uses type
> ABSOLUTE. Allows munin.conf: [idleserver.example.net]
> unbound_munin_hits.graph_period minute
> - -   Fix pyunbound ord call, portable for python 2 and 3.
> - -   Fix unintended use of gcc extension for incomplete enum types,
> compile with pedantic c99 compliance (from Daniel Dickman).
> - -   Fix pyunbound byte string representation for python3.
> - -   Fix 0x20 capsforid fallback to omit gratuitous NS and additional
> section changes.
> - -   Fix validation failure in case upstream forwarder (ISC BIND) does
> not have the same trust anchors and decides to insert unsigned NS
> record in authority section.
> - -   Fix scrubber with harden-glue turned off to reject NS (and other
> not-address) records.
> - -   iana portlist update.
> - -   [bugzilla: 643 ] Fix doc/example.conf.in: unnecessary whitespace.
>
> Best regards,
>    Wouter
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1
>
> iQIcBAEBCAAGBQJU5f1BAAoJEJ9vHC1+BF+NeLMP/3U+1z4Xwf9ehKiT5wrX/ABO
> Dny7cOU3fi9hkibpE/fL4Zq7NgYb96v/WvyodD5fxVFCTaogs7A/fJG4IMw9iIBm
> WKBVAqdQKDCe+sMejGbZ3fm4YagjIrMXL7gsMdXmMdqzDVLGvwTZHkueedACTyg8
> fvMi06VfpK9I1ENBtrytmRZKHZ4fLh4CZuo4pbFSML8KrkIfzYux6zHTjppCI7TC
> hhkA4LVTNBYsIgVK3m1a8p1FVGKb4Cwe8PjugrvQF5yYLvbYGZaOWruD0FawR/Yl
> GGofFSPni3pM1kC4gvEHO6hjAtR4e0HakE9Tym6mrVbehSHiEMT6s3wBVmWe1ZGA
> hgklV/NpgVdkjlTiRiP6qxRHFg42UAEo7VxWpzpJy1V1dSyUaE5/LujE3dXWVaAl
> DG66wvffn39SQHt/9IxkYfMLh6V5ObNGKANjYxdOuz4GsuImtNXuWc09jDrErGuV
> eG/7wtm7U2jTTZqZ6WmDc5aIfdw0AHR066apjBGBJCsEJ69iwXmrKcgsL1ZpP6TY
> sldqlGNiyjjwlg4RJJPdO63YxOEtdVOjHXkVeeZD8mdbW23NzPX0QxgyY9Vcdaqi
> sh0sd6xj/bz9ExDEdKDJ1nEyzGli6jmuwGFITqY6so/t/BxOXlu8JRP7enV413ye
> 8U7Sj9D6Quqa/NO+Oa0O
> =cOnj
> -----END PGP SIGNATURE-----
> _______________________________________________
> Unbound-users mailing list
> Unbound-users at unbound.net
> http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://unbound.nlnetlabs.nl/pipermail/unbound-users/attachments/20150219/9c76dcfc/attachment.html>