-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi,
Unbound 1.4.21 is available for download: http://unbound.net/downloads/unbound-1.4.21.tar.gz sha1 3ef4ea626e5284368d48ab618fe2207d43f2cee1 sha256 502f817a72721f78243923eb1d6187029639f7a8bdcc33a6ce0819bbb2a80970 The release has a new max udp size feature that is primarily useful for people that have full resolvers that are publicly accessible and want to throttle reflection, by setting max-udp-size: 512 ; this reduces amplification and sends TC (for TCP fallback) for larger replies. Negative trust anchors can be added and removed with unbound-control. The unbound.conf include files can have 100.000 includes in * or recursive. There is a bugfix for year 2038 for 32bits time, unbound now uses time_t so that if the OS defines time_t as 64bits long long (eg. with OpenBSD) unbound should be y2038k compliant. Features * Implement max-udp-size config option, default 4096 (thanks Daisuke Higashi), with fix#524 for nonEDNS0 queries. * add unbound-control insecure_add and insecure_remove for the administration of negative trust anchors. * install copy of unbound-control.8 man page for unbound-control-setup. * code improve for minimal responses, small speed increase. * max include of 100.000 files (depth and globbed at one time). This is to preserve system memory in bug cases, or endless cases. * unbound.h header file has UNBOUND_VERSION_MAJOR define. * get_option, set_option, unbound-checkconf -o and libunbound getoption() and setoption() support cache-min-ttl and cache-max-ttl. Also log-time-ascii, python-script, val-sig-skew-min and val-sig-skew-max. log-time-ascii takes effect immediately. The others are mostly useful for libunbound users. * configure --disable-flto option (from Robert Edmonds). * streamtcp man page, contributed by Tomas Hozza. * Make reverse zones easier by documenting the nodefault statements commented-out in the example config file. Bug Fixes * committed libunbound version 4:1:2 for binary API updated in 1.4.20 * Fix for 2038, with time_t instead of uint32_t. * Fix resolve of names that use a mix of public and private addresses. * [bugzilla: 492 ] Fix endianness detection, revert to older lookup3.c detection and put new detect lines after previous tests, to avoid regressions but allow new detections to succeed. And add detection for machine/endian.h to it. * Fix queries leaking up for stubs and forwards, if the configured nameservers all fail to answer. * unbound-anchor review: BIO_write can return 0 successfully if it has successfully appended a zero length string. * Fix so that for a configuration line of include: "*.conf" it is not an error if there are no files matching the glob pattern. * own implementation of compat/snprintf.c. * [bugzilla: 491 ] pick program name (0th argument) as syslog identity. * Fixup snprintf return value usage, fixed libunbound_get_option. * Robust checks on dname validity from rdata for dname compare. * iana portlist update. * Fix round-robin doesn't work with some Windows clients (from Ilya Bakulin). * [bugzilla: 500 ] use on non-initialised values on socket bind failures. * [bugzilla: 499 ] use-after-free in out-of-memory handling code (thanks Jake Montgomery). * Explain bogus and secure flags in libunbound more. * Update acx_pthreads.m4 to ax_pthreads.4 (2013-03-29), and apply patch to it to not fail when -Werror is also specified, from the autoconf-archives. * Fixup manpage syntax. * Fix for const string literals in C++ for libunbound, from Karel Slany. * Squelch sendto-permission denied errors when the network is not connected, to avoid spamming syslog. * libunbound documentation on how to avoid openssl race conditions. * [bugzilla: 512 ] NSS returned arrays out of setup function to be statics. * [bugzilla: 516 ] dnssec lameness detection for answers that are improper. * [bugzilla: 519 ] ub_ctx_delete may hang in some scenarios (libunbound). * [bugzilla: 520 ] Errors found by static analysis from Tomas Hozza(redhat). Best regards, Wouter -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBAgAGBQJSOvHaAAoJEJ9vHC1+BF+NfWYQAIA0JnlrsRHet8/fkP9d/G6G vcYmmaen7yTMDxJ2E/4B9w/mCVU55CjIBX7EzvQH1ji1QyybiFZpzNHUB361BmmN LbosmDqmZa/OwweFhVwVK+TjW9mwb3vNoL0XduvhsA3d2XInFvWA7EMUK5+TFO19 cVLPnzKC9mPXYzuUfSj9YaPhnVBwoQRosQ/aes/YG1ZMoiEuMgx9NDzbzdZhsD78 8KYGh/XU2z8FIk44HJonv6vH5h1upek9nzhm5CFZ5CFR/0kzXlAGXYt4YX+4wxhF BsUeGXEDQ27D+W75Uha5QR4eFXDwdxdgypFj5i0oXdyXO8vWJsq1OONYqLtiuLVK CYtLU4RK+e3ZxvJgv4EUyeZ+7ZknpoIxqjeIpJI5iZL9+BtSBC4lnNijA3+bMRRK XX3OW96vrUkxyH4TsZDfWdiS3k5iBX2wwqiPSbdzYubLOnv67oDZXrvLoOp9/IsH bT+EbjRYuNb2++9OiRbh5shAqpiacEasd47VYxxYQrZJg0YptbRB+cXcQ6XjCQI5 VZ6lHh+tnx1IBi9rbpJEmVxAAQstTSGXqkA4SyO1GzWV23GUaoB6D6lcEep6hQy6 wf4kgY0BFmT4gRafyYrO2/MQ+7USrNCm3c+NAtXxCb03DfQpoK8ZXM1VoI9aA5uS eLzNQMh79h9pz2tR25b8 =TOmw -----END PGP SIGNATURE----- _______________________________________________ Unbound-users mailing list [email protected] http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
