Maintained by: NLnet Labs

Unbound 1.6.6rc2 prerelease

W.C.A. Wijngaards
Wed Sep 13 09:17:13 CEST 2017


Hi,

Unbound 1.6.6rc2 prerelease is available:
https://unbound.net/downloads/unbound-1.6.6rc2.tar.gz
sha256 e723acf16cd8c80eea898873d98d9ba696516b1dd9571181b6b17aa0e29d91f9
pgp https://unbound.net/downloads/unbound-1.6.6rc2.tar.gz.asc

The RC2 is caused by configure script changes because of windows build
with the new openssl, it should not have an impact on other platforms.

Fixes:
- Fix #1412: QNAME minimisation strict mode not honored
- Fix #1434: Fix windows openssl 1.1.0 linking.
- Add dns64 for client-subnet in unbound-checkconf.

Best regards, Wouter

On 04/09/17 16:01, W.C.A. Wijngaards wrote:
> Hi,
> 
> Unbound 1.6.6rc1 prerelease is available:
> https://unbound.net/downloads/unbound-1.6.6rc1.tar.gz
> sha256 49a018681c44d92c9e90af905b5c699871c3de487eff38d1303229ea69bed73a
> pgp https://unbound.net/downloads/unbound-1.6.6rc1.tar.gz.asc
> 
> This version is a prerelease for packagers and maintainers.
> 
> This version blocks .test and .invalid by default.  It has a -p option
> to suppress pidfile creation (for startup script integration).  And more
> stats and a shared secret cache for dnscrypt.  And bug fixes.
> 
> 
> Features:
> - unbound-control dump_infra prints port number for address if not 53.
> - Fix #1344: RFC6761-reserved domains: test. and invalid.
> - Fix #1349: allow suppression of pidfiles (from Daniel Kahn Gillmor).
>   With the -p option unbound does not create a pidfile.
> - Added stats for queries that have been ratelimited by domain
>   recursion.
> - Patch to show DNSCrypt status in help output, from Carsten
>   Strotmann.
> - Fix #1407: Add ECS options check to unbound-checkconf.
> - Fix #1415: [dnscrypt] shared secret cache, patch from
>   Manu Bretelle.
> 
> Bug Fixes:
> - fixup of dnscrypt_cert_chacha test (from Manu Bretelle).
> - First fix for zero b64 and hex text zone format in sldns.
> - Better fixup of dnscrypt_cert_chacha test for different escapes.
> - Fix that infra cache host hash does not change after reconfig.
> - Fix python example0 return module wait instead of error for pass.
> - enhancement for hardened-tls for DNS over TLS.  Removed duplicated
>   security settings.
> - Fix for unbound-checkconf, check ipsecmod-hook if ipsecmod is turned
>   on.
> - Fix #1331: libunbound segfault in threaded mode when context is
>   deleted.
> - Fix pythonmod link line option flag.
> - Fix openssl 1.1.0 load of ssl error strings from ssl init.
> - Fix 1332: Bump verbosity of failed chown'ing of the control socket.
> - Redirect all localhost names to localhost address for RFC6761.
> - Fix #1350: make cachedb backend configurable (from JINMEI Tatuya).
> - Fix tests to use .tdir (from Manu Bretelle) instead of .tpkg.
> - upgrade aclocal(pkg.m4 0.29.1), config.guess(2016-10-02),
>   config.sub(2016-09-05).
> - annotate case statement fallthrough for gcc 7.1.1.
> - flex output from flex 2.6.1.
> - snprintf of thread number does not warn about truncated string.
> - squelch TCP fast open error on FreeBSD when kernel has it disabled,
>   unless verbosity is high.
> - remove warning from windows compile.
> - Fix compile with libnettle
> - Fix DSA configure switch (--disable dsa) for libnettle and libnss.
> - Fix #1365: Add Ed25519 support using libnettle.
> - Fix #1394: mix of serve-expired and response-ip could cause a crash.
> - Remove unused iter_env member (ip6arpa_dname)
> - Do not reset rrset.bogus stats when called using stats_noreset.
> - Do not add rrset_bogus and query ratelimiting stats per thread, these
>   module stats are global.
> - Fix #1397: Recursive DS lookups for AS112 zones names should recurse.
> - Fix #1398: make cachedb secret configurable.
> - Remove spaces from Makefile.
> - Fix issue on macOX 10.10 where TCP fast open is detected but not
>   implemented causing TCP to fail. The fix allows fallback to regular
>   TCP in this case and is also more robust for cases where connectx()
>   fails for some reason.
> - Fix #1402: squelch invalid argument error for fd_set_block on windows.
> - Fix to reclaim tcp handler when it is closed due to dnscrypt buffer
>   allocation failure.
> - Fix #1415: patch to free dnscrypt environment on reload.
> - iana portlist update
> - Small fixes for the shared secret cache patch.
> - Fix WKS records on kvm autobuild host, with default protobyname
>   entries for udp and tcp.
> - Fix #1414: fix segfault on parse failure and log_replies.
> - zero qinfo in handle_request, this zeroes local_alias and also the
>   qname member.
> - new keys and certs for dnscrypt tests.
> - fixup WKS test on buildhost without servicebyname.
> - updated contrib/fastrpz.patch to apply with configparser changes.
> - Fix 1416: qname-minimisation breaks TLSA lookups with CNAMEs.
> - Fix #1424: cachedb:testframe is not thread safe.
> - Fix #1417: [dnscrypt] shared secret cache counters, and works when
>   dnscrypt is not enabled.  And cache size configuration option.
> - Fix #1418: [ip ratelimit] initialize slabhash using
>   ip-ratelimit-slabs.
> - Recommend 1472 buffer size in unbound.conf
> 
> Best regards, Wouter
> 
> 
> 
> _______________________________________________
> maintainers mailing list
> maintainers at nlnetlabs.nl
> https://nlnetlabs.nl/mailman/listinfo/maintainers
> 


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <https://unbound.nlnetlabs.nl/pipermail/unbound-users/attachments/20170913/eca5aa54/attachment.sig>