Maintained by: NLnet Labs

Unbound 1.6.7 release

W.C.A. Wijngaards
Tue Oct 10 09:34:17 CEST 2017


Hi,

This is the unbound 1.6.7 release.
https://www.unbound.net/downloads/unbound-1.6.7.tar.gz
sha256 4e7bd43d827004c6d51bef73adf941798e4588bdb40de5e79d89034d69751c9f
pgp https://www.unbound.net/downloads/unbound-1.6.7.tar.gz.asc

This release sets the default for trust anchor signaling to yes.  This
makes a query with the key tags of the validation keys when the trust
anchor DNSKEY is retrieved.

Features:
- Set trust-anchor-signaling default to yes
- Fix #1440: [dnscrypt] client nonce cache.
- Fix #1435: Please allow UDP to be disabled separately upstream and
  downstream.

Bug fixes:
- Fix that looping modules always stop the query, and don't pass
  control.
- Fix unbound-host to report error for DNSSEC state of failed lookups.
- Spelling fixes, from Josh Soref.
- Fix #1400: allowing use of global cache on ECS-forwarding unless
  always-forward.
- use a cachedb answer even if it's "expired" when serve-expired is yes
  (patch from Jinmei Tatuya).
- trigger refetching of the answer in that case (this will bypass
  cachedb lookup)
- allow storing a 0-TTL answer from cachedb in the in-memory message
  cache when serve-expired is yes
- Fix DNSCACHE_STORE_ZEROTTL to be bigger than 0xffff.
- Log name of looping module
- Fix #1450: Generate again patch contrib/aaaa-filter-iterator.patch
   (by Danilo G. Baio).
- Fix param unused warning for windows exportsymbol compile.
- Use RCODE from A query on DNS64 synthesized answer.
- Fix trust-anchor-signaling works in libunbound.
- Fix spelling in unbound-control man page.

Best regards, Wouter


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://unbound.nlnetlabs.nl/pipermail/unbound-users/attachments/20171010/55ecdb18/attachment.sig>