Hi, Unbound 1.6.6rc2 prerelease is available: https://unbound.net/downloads/unbound-1.6.6rc2.tar.gz sha256 e723acf16cd8c80eea898873d98d9ba696516b1dd9571181b6b17aa0e29d91f9 pgp https://unbound.net/downloads/unbound-1.6.6rc2.tar.gz.asc
The RC2 is caused by configure script changes because of windows build with the new openssl, it should not have an impact on other platforms. Fixes: - Fix #1412: QNAME minimisation strict mode not honored - Fix #1434: Fix windows openssl 1.1.0 linking. - Add dns64 for client-subnet in unbound-checkconf. Best regards, Wouter On 04/09/17 16:01, W.C.A. Wijngaards wrote: > Hi, > > Unbound 1.6.6rc1 prerelease is available: > https://unbound.net/downloads/unbound-1.6.6rc1.tar.gz > sha256 49a018681c44d92c9e90af905b5c699871c3de487eff38d1303229ea69bed73a > pgp https://unbound.net/downloads/unbound-1.6.6rc1.tar.gz.asc > > This version is a prerelease for packagers and maintainers. > > This version blocks .test and .invalid by default. It has a -p option > to suppress pidfile creation (for startup script integration). And more > stats and a shared secret cache for dnscrypt. And bug fixes. > > > Features: > - unbound-control dump_infra prints port number for address if not 53. > - Fix #1344: RFC6761-reserved domains: test. and invalid. > - Fix #1349: allow suppression of pidfiles (from Daniel Kahn Gillmor). > With the -p option unbound does not create a pidfile. > - Added stats for queries that have been ratelimited by domain > recursion. > - Patch to show DNSCrypt status in help output, from Carsten > Strotmann. > - Fix #1407: Add ECS options check to unbound-checkconf. > - Fix #1415: [dnscrypt] shared secret cache, patch from > Manu Bretelle. > > Bug Fixes: > - fixup of dnscrypt_cert_chacha test (from Manu Bretelle). > - First fix for zero b64 and hex text zone format in sldns. > - Better fixup of dnscrypt_cert_chacha test for different escapes. > - Fix that infra cache host hash does not change after reconfig. > - Fix python example0 return module wait instead of error for pass. > - enhancement for hardened-tls for DNS over TLS. Removed duplicated > security settings. > - Fix for unbound-checkconf, check ipsecmod-hook if ipsecmod is turned > on. > - Fix #1331: libunbound segfault in threaded mode when context is > deleted. > - Fix pythonmod link line option flag. > - Fix openssl 1.1.0 load of ssl error strings from ssl init. > - Fix 1332: Bump verbosity of failed chown'ing of the control socket. > - Redirect all localhost names to localhost address for RFC6761. > - Fix #1350: make cachedb backend configurable (from JINMEI Tatuya). > - Fix tests to use .tdir (from Manu Bretelle) instead of .tpkg. > - upgrade aclocal(pkg.m4 0.29.1), config.guess(2016-10-02), > config.sub(2016-09-05). > - annotate case statement fallthrough for gcc 7.1.1. > - flex output from flex 2.6.1. > - snprintf of thread number does not warn about truncated string. > - squelch TCP fast open error on FreeBSD when kernel has it disabled, > unless verbosity is high. > - remove warning from windows compile. > - Fix compile with libnettle > - Fix DSA configure switch (--disable dsa) for libnettle and libnss. > - Fix #1365: Add Ed25519 support using libnettle. > - Fix #1394: mix of serve-expired and response-ip could cause a crash. > - Remove unused iter_env member (ip6arpa_dname) > - Do not reset rrset.bogus stats when called using stats_noreset. > - Do not add rrset_bogus and query ratelimiting stats per thread, these > module stats are global. > - Fix #1397: Recursive DS lookups for AS112 zones names should recurse. > - Fix #1398: make cachedb secret configurable. > - Remove spaces from Makefile. > - Fix issue on macOX 10.10 where TCP fast open is detected but not > implemented causing TCP to fail. The fix allows fallback to regular > TCP in this case and is also more robust for cases where connectx() > fails for some reason. > - Fix #1402: squelch invalid argument error for fd_set_block on windows. > - Fix to reclaim tcp handler when it is closed due to dnscrypt buffer > allocation failure. > - Fix #1415: patch to free dnscrypt environment on reload. > - iana portlist update > - Small fixes for the shared secret cache patch. > - Fix WKS records on kvm autobuild host, with default protobyname > entries for udp and tcp. > - Fix #1414: fix segfault on parse failure and log_replies. > - zero qinfo in handle_request, this zeroes local_alias and also the > qname member. > - new keys and certs for dnscrypt tests. > - fixup WKS test on buildhost without servicebyname. > - updated contrib/fastrpz.patch to apply with configparser changes. > - Fix 1416: qname-minimisation breaks TLSA lookups with CNAMEs. > - Fix #1424: cachedb:testframe is not thread safe. > - Fix #1417: [dnscrypt] shared secret cache counters, and works when > dnscrypt is not enabled. And cache size configuration option. > - Fix #1418: [ip ratelimit] initialize slabhash using > ip-ratelimit-slabs. > - Recommend 1472 buffer size in unbound.conf > > Best regards, Wouter > > > > _______________________________________________ > maintainers mailing list > maintain...@nlnetlabs.nl > https://nlnetlabs.nl/mailman/listinfo/maintainers >
signature.asc
Description: OpenPGP digital signature