-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
Hi, Unbound 1.5.7 is available: http://www.unbound.net/downloads/unbound-1.5.7.tar.gz sha1 6306fec537f507a41b9c3a7e16e4aa1c10532510 sha256 4b2088e5aa81a2d48f6337c30c1cf7e99b2e2dc4f92e463b3bee626eee731ca8 pgpsig http://www.unbound.net/downloads/unbound-1.5.7.tar.gz.asc And windows binaries at: http://www.unbound.net/downloads/unbound-1.5.7.zip http://www.unbound.net/downloads/unbound_setup_1.5.7.exe This release fixes a validation failure for nodata with wildcards and emptynonterminals. Fixes OpenSSL Library compability. Fixes correct response for malformed EDNS queries. And it has Windows changes to make unbound portable possible. For crypto in libunbound there is libnettle support. Qname minimisation is implemented. Use qname-minimisation: yes to enable it. This version sends the full query name when an error is found for intermediate names. It should therefore not fail for names on nonconformant servers. It combines well with harden-below-nxdomain: yes because those nxdomains are probed by the qname minimisation, and that will both stop privacy sensitive traffic and reduce nonsense traffic to authority servers. So consider enabling both. In this implementation IPv6 reverse lookups add several labels per increment, because otherwise those lookups would be very slow. [ Reference https://tools.ietf.org/html/draft-ietf-dnsop-qname-minimisation-08 ] For maintainers, the release is not exactly equal to rc1, whitespace fixes and a one-line fix for qname minimation made their way into the final release. Features - - Fix #594. libunbound: optionally use libnettle for crypto. Contributed by Luca Bruno. Added --with-nettle for use with --with-libunbound-only. - - Implemented qname minimisation Bug Fixes - - Fix #712: unbound-anchor appears to not fsync root.key. - - Fix #714: Document config to block private-address for IPv4 mapped IPv6 addresses. - - portability, replace snprintf if return value broken - - portability fixes. - - detect libexpat without xml_StopParser function. - - isblank() compat implementation. - - patch from Doug Hogan for SSL_OP_NO_SSLvx options. - - Fix #716: nodata proof with empty non-terminals and wildcards. - - Fix #718: Fix unbound-control-setup with support for env without HEREDOC bash support. - - ACX_SSL_CHECKS no longer adds -ldl needlessly. - - Change example.conf: ftp.internic.net to https://www.internic.net - - Fix for lenient accept of reverse order DNAME and CNAME. - - spelling fixes from Igor Sobrado Delgado. - - Fix that malformed EDNS query gets a response without malformed EDNS. - - Added assert on rrset cache correctness. - - Fix #720: add windows scripts to zip bundle, and fix unbound-control-setup windows batch file. - - Fix for #724: conf syntax to read files from run dir (on Windows). And fix PCA prompt for unbound-service-install.exe. And add Changelog to windows binary dist. - - .gitignore for git users. - - iana portlist update. - - Removed unneeded whitespace from example.conf. - - Do not minimise forwarded requests. Best regards, Wouter -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJWaTWHAAoJEJ9vHC1+BF+NPrwP/2ppWjpkFazaunyQh7jzGtv8 FqEbQ9Z/XUzxm36Z1NSCfflKawuLclqPKPVZnaWUrY3g0zmdox7nxazHoBY8YoAr bEfKvmFHV6k/BFaiQoKR/4W7t76xA/N2bQ4U4x27ZiRTYvqW4He35Ala02MXIXyX NbVKPrTz5lkzXp9dP5An1cMIENYraStRS2a9vr6/8UTC/tK34/oxGZ25IUuvno+9 SKFuX4SikS4V+TvYwuCViZY3+pPku4qt6O/UkJpnQSy4IuCWky/867kE4MOhp6E+ UMHDACoa9zhXVr72Gn6lUeDIKBn8cWyp4CiONcJg1XJp1VcMDy+t3G64vB+TSlT4 ev0qBqPncVGJp627sbfit4mEnvi/GWctZVmLiU/5WrrShKxWnFeVD8NB6ohsd1AP Rrhi818Ww55ePaHErkQunciBOfL9Ka0Sh6ILjZUo1wlBrKw9l+pUGhvWjyyzh1/x h1GFFUnE9+i8S4uptG+xTW1yhwBmjgRbHKjjLiuaZzkmrUZetFTh4ictlDlMVMj6 khk9t5aImtBNCirAwF01qd7vl0lCjKnzkzaBDYvSgRVQBo+4ABrot/2N/VQTIeiU DyLapdMz4PReCsgjL2NwgKYaIUC3vogJDxNXSYTp5oKVo6WnbkqgBfk1ffCkA1Vd wfSXqNNlTXzuxPSH23RP =Ryl1 -----END PGP SIGNATURE-----
