-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi,
There is a new version of unbound: 1.4.17. It is available here: http://unbound.net/downloads/unbound-1.4.17.tar.gz sha1 fea4d812c03af4737ef671ac30b7b7400d346516 sha256 2637d6bda4065d7abf1cd11ee25bfc8e916241153c2d331de99ab6c63df5e3d3 windows port http://unbound.net/downloads/unbound-1.4.17.zip (and exe) This release has hotly wanted (and debated) features, and a list of bug fixes. Features included are more unbound-control commands, round-robin option, minimal-response option, ECDSA, forward-first. Maintainers, this release implements ECDSA (elliptic curve) signature functions for DNSSEC, it is enabled by default. This needs openssl 0.9.8 or later and ldns compiled with ecdsa support (1.6.13rc1 is just out that does this). Although unbound's ECDSA implementation will work with openssl 0.9.8, the workaround is not implemented inside ldns which will just compile --with-ecdsa with openssl 0.9.8 (it works enough with 0.9.8 to support unbound, though). This is because of a bug in the openssl EVP API with mixed algorithms that is fixed in openssl 1.0.0. Features o unbound-control forward_add, forward_remove, stub_add, stub_remove can modify stubs and forwards for running unbound they can also add and remove domain-insecure for the zone. This is to support reconfiguration of a DNSSEC validator on a computer that changes networks and has to enable new network config for the new location. o new approach to NS fetches for DS lookup that works with cornercases, and is more robust and considers forwarders. o contrib/validation-reporter follows rotated log file (patch from Augie Schwer). o Applied patch from Daisuke HIGASHI for rrset-roundrobin and minimal- responses features (new options, enable in unbound.conf to use). o ECDSA support (RFC 6605) by default. Use --disable-ecdsa for older openssl. o Patch for access to full DNS packet data in unbound python module from Ondrej Mikle. o forward-first option. Tries without forward if a query fails. Also stub-first option that is similar. Bug Fixes o Fix possible uninitialised variable in windows pipe implementation. o Fix alignment problem in util/random on sparc64/freebsd. o Fix for accept spinning reported by OpenBSD. o Fix validation of nodata for DS query in NSEC zones, reported by Ondrej Mikle. o [bugzilla: 444 ] Fix that setusercontext was called too late (thanks Bjorn Ketelaars). o [bugzilla: 443 ] Fix --with-chroot-dir not honoured by configure. o [bugzilla: 442 ] Fix that Makefile depends on pythonmod headers even using --without-pythonmodule. o Fix to locate nameservers for DS lookup with NS fetches. o Applied line-buffer patch from Augie Schwer to validation.reporter.sh. o flush_infra cleans timeouted servers from the cache too. o Fix from code review, if EINPROGRESS not defined chain if statement differently. o [bugzilla: 434 ] Fix windows port to check registry for config file location for unbound-control.exe, and unbound-checkconf.exe. o Fix to squelch 'network unreachable' errors from tcp connect in logs, high verbosity will show them. o Fix prefetch and sticky NS ghost domain. It picks nameservers that 'would be valid in the future', and if this makes the NS timeout, it updates that NS by asking delegation from the parent again. If child NS has longer TTL, that TTL does not get refreshed from the lookup to the child nameserver. o RT#2955 Fix for cygwin compilation. o Slightly smaller critical region in one case in infra cache. o Fix timeouts to keep track of query type, A, AAAA and other, if o another has caused timeout blacklist, different type can still probe. o unit test fix for nomem_cnametopos.rpl race condition. o fix memory leak in errorcase for DSA signatures. o workaround for openssl 0.9.8 ecdsa sha2 and evp problem. o fix for windows, rename() is not posix compliant on windows. o iana portlist updated Best regards, Wouter -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBAgAGBQJPvfakAAoJEJ9vHC1+BF+N5wgP/R9ITaaIOltcFdBiDF8Q0kSP 5rs9zb5fEFkUFujmaLZ5TwDXhBCWYBfpfHUWZZn2RiXsfwKX7Yt4MsFMlT9p7+uO DoMvyoOSUj+hz+NCuEtBE4qX1tLYYX3y1ESscLMmuapZGQCE4Ybn6Q+/oMMy70hg SVnAmv7kScT8qLEhc09yDGQkag0yAY2IVqc/UyXtdA45UOfxzyPe3GcDnSBJzxim TifP4JDTYvZ0igvDbansABq7QqT5GlU282X6B5awOaFJwzWuaRqhjB63ASAvRWZ6 R4stvxknt0HfubkfPNFKDA3GfMbfOJeF8q9D++uR7WH889kPRU/OfmZscgL3nhdL qPxDEuBqI9LvvEnYQmhkKsoKTRoql/mu40uXWZPGqdMqYhLp5xNS2oy0BJXpnRsb ZeadZbWRPWnOyEp5f/hp8BH0HgGUSbgOtxpjHLLFHUXfzs7kQDojRdyALWAc2zLO TOE4Hpdgcy/c6ZklReBZcnzjEUnjInZ2BVlshD4mg8fdOrqsFu9NTo5ZoK7Uv0UW cJAAVj8AMyvUs/kCry5o4au31l0REBccQbXV5mxn4phnBP1ziwYiiVXd7DHKrlZd oXqUqeoh9jdZ/jXAF9HhcZa1grPoCIOMh6UOyhFfhbUmB6/VXJiA+UYSt+Nlga1Q GWKbSen593AME1mHZCzv =FHmK -----END PGP SIGNATURE----- _______________________________________________ Unbound-users mailing list [email protected] http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
