-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Hi,
Unbound 1.5.2rc1 release candidate 1 is available: http://www.unbound.net/downloads/unbound-1.5.2rc1.tar.gz sha1 ab2ec77e7abafda40151c4255a527e6fb8bbc47e sha256 6c4b51cae92a088567eb243c00cee2b7841922f39482fdf8df41981993bf3f6f http://www.unbound.net/downloads/unbound-1.5.2rc1.zip This release fixes a DNSSEC validation issue when an upstream server with different trust anchors introduces unsigned records in messages. Harden-glue when turned off allows potentially poisonous records in the cache in the hopes of that enabling DNS resolution for 'impossible to resolve' domains, it is fixed to have 'less cache poisoning', quotes added because it is by definition not secure to turn off harden-glue. New features are that "inform" can be used to see which IPs lookup a domain, and unbound-control can use named unix pipes. Features - - local-zone: example.com inform makes unbound log a message with client IP for queries in that zone. Eg. for finding infected hosts. - - patch from Stephane Lapie that adds to the python API, that exposes struct delegpt, and adds the find_delegation function. - - Updated contrib warmup.cmd/sh to support two modes - load from pre-defined list of domains or (with filename as argument) load from user-specified list of domains, and updated contrib unbound_cache.sh/cmd to support loading/save/reload cache to/from default path or (with secondary argument) arbitrary path/filename, from Yuri Voinov. - - patch for remote control over local sockets, from Dag-Erling Smorgrav, Ilya Bakulin. Use control-interface: /path/sock and control-use-cert: no. - - unbound-checkconf -f prints chroot with pidfile path. - - infra-cache-min-rtt patch from Florian Riehm, for expected long uplink roundtrip times. Bug Fixes - - config.guess and config.sub update from libtoolize. - - getauxval test for ppc64 linux compatibility. - - make strip works for unbound-host and unbound-anchor. - - print query name when max target count is exceeded. - - patch from Stuart Henderson that fixes DESTDIR in unbound-control-setup for installs where config is not in the prefix location. - - [bugzilla: 634 ] Fix #634: fix fail to start on Linux LTS 3.14.X, ignores missing IP_MTU_DISCOVER OMIT option (fix from Remi Gacogne). - - Patch from Philip Paeps to contrib/unbound_munin_ that uses type ABSOLUTE. Allows munin.conf: [idleserver.example.net] unbound_munin_hits.graph_period minute - - Fix pyunbound ord call, portable for python 2 and 3. - - Fix unintended use of gcc extension for incomplete enum types, compile with pedantic c99 compliance (from Daniel Dickman). - - Fix pyunbound byte string representation for python3. - - Fix 0x20 capsforid fallback to omit gratuitous NS and additional section changes. - - Fix validation failure in case upstream forwarder (ISC BIND) does not have the same trust anchors and decides to insert unsigned NS record in authority section. - - Fix scrubber with harden-glue turned off to reject NS (and other not-address) records. - - iana portlist update. Best regards, Wouter -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJU3LCLAAoJEJ9vHC1+BF+NkfsQAKlzOBIkqylWAQJPu4gOWhfu Xf++CAdu8HztkA8qXmHerOsjjjj2f1r+X3kieV2/o/8HXRDUUQaK0WyFFTXq8wuy Ay6lXabpm7spicweujfn8TK5q3QDtO5JS7gFu6uBrkv22F9pktZEZSwKVJonkopg q3pXVFy5PREpaqgR9E3X7Tr9eHS13xinC+Z7SMprxqMBqlQ8QFaZxBiom+tb5eWS EbrZmy0l6AHiyovqqjSJzt5WYUUOeJFJgKG/RvGBm5HvOPNmWoy/jzSsxtWfZwnw x3xTDIoz8/7WZVj31JwYJj4pOI4Y49oA6deWhpsOpKnQE0QV8OWFFKagZ5vaLb1O iooHYwcrv+56sTfq4Kk4jBlRiSRKSFa6p25Q5phHVkjbPSYwBfvXsfg8j4J75buD 3ihoWF8u+1JgNJdd/k0tR3nHCaF/ZzJQAk26FU8a6e4FAVgYLXX14YtBPQmDd9xA EnrVbNJyGIX2oGK0Cv5ccoMTHYLyEALmdRP1Whv7Yr0rsnJspJYdvij4XlKsqFA5 P34BevkRmEJ08+X1zcix1sUtXYx7sd8VNxCx2v6EPrJU3fVIhl4R4SkyF5wkYKSt gHopx37MjBqZBOlxyT0fYfc0v/Ul5VQBMP54tTxokeh2uVAFGShUFfZqwsOCpipb nr9RCXhvqX+Ogn/sBQxu =0OU9 -----END PGP SIGNATURE----- _______________________________________________ Unbound-users mailing list [email protected] http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
