-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi,
Unbound 1.4.6 source code is at http://unbound.net/downloads/unbound-1.4.6.tar.gz sha1 b0d7c58f173c5c80cc81345f6766555f96bde20d sha256 9c2ce107b551dbd65d007549caea13ecba7dd30d690821f2bafa9da2d047b9de For maintainers, this is the same as the rc1 release candidate, but for the updated ldns tarball inside (which contains some recent bugfixes that should not impact unbound). Mostly bugfixes, with this release prompted by the RFC for GOST. GOST is enabled if the SSL and ldns support it. Otherwise, unbound acts as if GOST is not supported (it becomes insecure). Also a fix for a corner case misconfiguration and fixes for high load situations. It looks like num-queries-per-thread about half of the outgoing-range is a good setting for overload situations, and the HOWTO-optimise is adjusted for this. The defaults have changed too. Features * Builtin root hints contain AAAA for I.ROOT-SERVERS.NET. * unbound.h has extern "C" statement for easier include in c++. * added feature to print configure date, target and options with -h. * added feature to print event backend system details with -h. * (ports and works on Minix 3.1.7). On Minix, add /usr/gnu/bin to PATH, use ./configure AR=/usr/gnu/bin/gar and gmake. * GOST enabled if SSL is recent and ldns has GOST enabled too. Bug Fixes * Fix TCPreply on systems with no writev, if just 1 byte could be sent. * Fix to use one pointer less for iterator query state store_parent_NS. * Max referral count from 30 to 130, because 128 one character domains is valid DNS. * added documentation for the histogram printout to syslog. * Fix assertion failure reported by Kai Storbeck from XS4ALL, the assertion was wrong. * updated ldns tarball. * iana portlist updated. * Unbound reports libev or libevent correctly in logs in verbose mode. * Fix handling of corner case reply from lame server, follows rfc2308. It could lead to a nodata reply getting into the cache if the search for a non-lame server turned up other misconfigured servers. * Fix jostle list bug found by Vince (luoce at cnnic), it caused the qps in overload situations to be about 5 qps for the class of shortly serviced queries. The capacity of the resolver is then about (numqueriesperthread / 2) / (average time for such long queries) qps for long queries. And about (numqueriesperthread / 2)/(jostletimeout in whole seconds) qps for short queries, per thread. * Fix the max number of reply-address count to be applied for duplicate queries, and not for new query list entries. This raises the memory usage to a max of (16+1)*numqueriesperthread reply addresses. * Fix RFC4035 compliance with 2.2 statement that the DNSKEY at apex must be signed with all algorithms from the DS rrset at the parent. This is now checked and becomes bogus if not. * Fix validation of qtype DNSKEY when a key-cache entry exists but no rr-cache entry is used (it expired or prefetch), it then goes back up to the DS or trust-anchor to validate the DNSKEY. * log if a server is skipped because it is on the donotquery list, at verbosity 4, to enable diagnosis why no queries to 127.0.0.1. * failure to chown the pidfile is not fatal any more. * Neat function prototypes, unshadowed local declarations. * Fix integer underflow in prefetch ttl creation from cache. This fixes a potential negative prefetch ttl. * Changed the defaults for num-queries-per-thread/outgoing-range. For builtin-select: 512/960, for libevent 1024/4096 and for windows 24/48 (because of win api). This makes the ratio this way to improve resilience under heavy load. For high performance, use libevent and possibly higher numbers. Best regards, Wouter -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.14 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAkxYATsACgkQkDLqNwOhpPjwwwCeNysp0uPBWcsi/MgeRMuW6yEa uWwAoIYJyxMZx4PU9IYW6NyAU1xtW9Zi =vzpE -----END PGP SIGNATURE----- _______________________________________________ Unbound-users mailing list [email protected] http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
