-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Hi,
Unbound 1.5.2 is available: http://www.unbound.net/downloads/unbound-1.5.2.tar.gz sha1 91c805af3fc702eb98ec2679a586cacd05fc4268 sha256 33ab6c6a5ce3247b0a57e34d209fe8936e1218ff89a9b7ca3ff00c2060dd35c7 http://www.unbound.net/downloads/unbound-1.5.2.zip This release fixes a DNSSEC validation issue when an upstream server with different trust anchors introduces unsigned records in messages. Harden-glue when turned off allows potentially poisonous records in the cache in the hopes of that enabling DNS resolution for 'impossible to resolve' domains, it is fixed to have 'less cache poisoning', quotes added because it is by definition not secure to turn off harden-glue. New features are that "inform" can be used to see which IPs lookup a domain, and unbound-control can use named unix pipes. Features - - local-zone: example.com inform makes unbound log a message with client IP for queries in that zone. Eg. for finding infected hosts. - - patch from Stephane Lapie that adds to the python API, that exposes struct delegpt, and adds the find_delegation function. - - Updated contrib warmup.cmd/sh to support two modes - load from pre-defined list of domains or (with filename as argument) load from user-specified list of domains, and updated contrib unbound_cache.sh/cmd to support loading/save/reload cache to/from default path or (with secondary argument) arbitrary path/filename, from Yuri Voinov. - - patch for remote control over local sockets, from Dag-Erling Smorgrav, Ilya Bakulin. Use control-interface: /path/sock and control-use-cert: no. - - unbound-checkconf -f prints chroot with pidfile path. - - infra-cache-min-rtt patch from Florian Riehm, for expected long uplink roundtrip times. Bug Fixes - - config.guess and config.sub update from libtoolize. - - getauxval test for ppc64 linux compatibility. - - make strip works for unbound-host and unbound-anchor. - - print query name when max target count is exceeded. - - patch from Stuart Henderson that fixes DESTDIR in unbound-control-setup for installs where config is not in the prefix location. - - [bugzilla: 634 ] Fix #634: fix fail to start on Linux LTS 3.14.X, ignores missing IP_MTU_DISCOVER OMIT option (fix from Remi Gacogne). - - Patch from Philip Paeps to contrib/unbound_munin_ that uses type ABSOLUTE. Allows munin.conf: [idleserver.example.net] unbound_munin_hits.graph_period minute - - Fix pyunbound ord call, portable for python 2 and 3. - - Fix unintended use of gcc extension for incomplete enum types, compile with pedantic c99 compliance (from Daniel Dickman). - - Fix pyunbound byte string representation for python3. - - Fix 0x20 capsforid fallback to omit gratuitous NS and additional section changes. - - Fix validation failure in case upstream forwarder (ISC BIND) does not have the same trust anchors and decides to insert unsigned NS record in authority section. - - Fix scrubber with harden-glue turned off to reject NS (and other not-address) records. - - iana portlist update. - - [bugzilla: 643 ] Fix doc/example.conf.in: unnecessary whitespace. Best regards, Wouter -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJU5f1BAAoJEJ9vHC1+BF+NeLMP/3U+1z4Xwf9ehKiT5wrX/ABO Dny7cOU3fi9hkibpE/fL4Zq7NgYb96v/WvyodD5fxVFCTaogs7A/fJG4IMw9iIBm WKBVAqdQKDCe+sMejGbZ3fm4YagjIrMXL7gsMdXmMdqzDVLGvwTZHkueedACTyg8 fvMi06VfpK9I1ENBtrytmRZKHZ4fLh4CZuo4pbFSML8KrkIfzYux6zHTjppCI7TC hhkA4LVTNBYsIgVK3m1a8p1FVGKb4Cwe8PjugrvQF5yYLvbYGZaOWruD0FawR/Yl GGofFSPni3pM1kC4gvEHO6hjAtR4e0HakE9Tym6mrVbehSHiEMT6s3wBVmWe1ZGA hgklV/NpgVdkjlTiRiP6qxRHFg42UAEo7VxWpzpJy1V1dSyUaE5/LujE3dXWVaAl DG66wvffn39SQHt/9IxkYfMLh6V5ObNGKANjYxdOuz4GsuImtNXuWc09jDrErGuV eG/7wtm7U2jTTZqZ6WmDc5aIfdw0AHR066apjBGBJCsEJ69iwXmrKcgsL1ZpP6TY sldqlGNiyjjwlg4RJJPdO63YxOEtdVOjHXkVeeZD8mdbW23NzPX0QxgyY9Vcdaqi sh0sd6xj/bz9ExDEdKDJ1nEyzGli6jmuwGFITqY6so/t/BxOXlu8JRP7enV413ye 8U7Sj9D6Quqa/NO+Oa0O =cOnj -----END PGP SIGNATURE----- _______________________________________________ Unbound-users mailing list [email protected] http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
