<p dir="ltr">Cool stuff!</p>
<p dir="ltr">Can I use inform and refuse at the same time?</p>
<p dir="ltr">Please forgive brevity, on mobile device.<br>
Maciej</p>
<div class="gmail_quote">On 19 Feb 2015 16:15, "W.C.A. Wijngaards" <<a href="mailto:wouter@nlnetlabs.nl">wouter@nlnetlabs.nl</a>> wrote:<br type="attribution"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">-----BEGIN PGP SIGNED MESSAGE-----<br>
Hash: SHA256<br>
<br>
Hi,<br>
<br>
Unbound 1.5.2 is available:<br>
<a href="http://www.unbound.net/downloads/unbound-1.5.2.tar.gz" target="_blank">http://www.unbound.net/downloads/unbound-1.5.2.tar.gz</a><br>
sha1 91c805af3fc702eb98ec2679a586cacd05fc4268<br>
sha256 33ab6c6a5ce3247b0a57e34d209fe8936e1218ff89a9b7ca3ff00c2060dd35c7<br>
<a href="http://www.unbound.net/downloads/unbound-1.5.2.zip" target="_blank">http://www.unbound.net/downloads/unbound-1.5.2.zip</a><br>
<br>
This release fixes a DNSSEC validation issue when an upstream server<br>
with different trust anchors introduces unsigned records in messages.<br>
Harden-glue when turned off allows potentially poisonous records in<br>
the cache in the hopes of that enabling DNS resolution for 'impossible<br>
to resolve' domains, it is fixed to have 'less cache poisoning',<br>
quotes added because it is by definition not secure to turn off<br>
harden-glue. New features are that "inform" can be used to see which<br>
IPs lookup a domain, and unbound-control can use named unix pipes.<br>
<br>
Features<br>
- - local-zone: <a href="http://example.com" target="_blank">example.com</a> inform makes unbound log a message with<br>
client IP for queries in that zone. Eg. for finding infected hosts.<br>
- - patch from Stephane Lapie that adds to the python API, that<br>
exposes struct delegpt, and adds the find_delegation function.<br>
- - Updated contrib warmup.cmd/sh to support two modes - load from<br>
pre-defined list of domains or (with filename as argument) load from<br>
user-specified list of domains, and updated contrib<br>
<a href="http://unbound_cache.sh/cmd" target="_blank">unbound_cache.sh/cmd</a> to support loading/save/reload cache to/from<br>
default path or (with secondary argument) arbitrary path/filename,<br>
from Yuri Voinov.<br>
- - patch for remote control over local sockets, from Dag-Erling<br>
Smorgrav, Ilya Bakulin. Use control-interface: /path/sock and<br>
control-use-cert: no.<br>
- - unbound-checkconf -f prints chroot with pidfile path.<br>
- - infra-cache-min-rtt patch from Florian Riehm, for expected long<br>
uplink roundtrip times.<br>
<br>
Bug Fixes<br>
- - config.guess and config.sub update from libtoolize.<br>
- - getauxval test for ppc64 linux compatibility.<br>
- - make strip works for unbound-host and unbound-anchor.<br>
- - print query name when max target count is exceeded.<br>
- - patch from Stuart Henderson that fixes DESTDIR in<br>
unbound-control-setup for installs where config is not in the prefix<br>
location.<br>
- - [bugzilla: 634 ] Fix #634: fix fail to start on Linux LTS 3.14.X,<br>
ignores missing IP_MTU_DISCOVER OMIT option (fix from Remi Gacogne).<br>
- - Patch from Philip Paeps to contrib/unbound_munin_ that uses type<br>
ABSOLUTE. Allows munin.conf: [<a href="http://idleserver.example.net" target="_blank">idleserver.example.net</a>]<br>
unbound_munin_hits.graph_period minute<br>
- - Fix pyunbound ord call, portable for python 2 and 3.<br>
- - Fix unintended use of gcc extension for incomplete enum types,<br>
compile with pedantic c99 compliance (from Daniel Dickman).<br>
- - Fix pyunbound byte string representation for python3.<br>
- - Fix 0x20 capsforid fallback to omit gratuitous NS and additional<br>
section changes.<br>
- - Fix validation failure in case upstream forwarder (ISC BIND) does<br>
not have the same trust anchors and decides to insert unsigned NS<br>
record in authority section.<br>
- - Fix scrubber with harden-glue turned off to reject NS (and other<br>
not-address) records.<br>
- - iana portlist update.<br>
- - [bugzilla: 643 ] Fix doc/<a href="http://example.conf.in" target="_blank">example.conf.in</a>: unnecessary whitespace.<br>
<br>
Best regards,<br>
Wouter<br>
<br>
-----BEGIN PGP SIGNATURE-----<br>
Version: GnuPG v1<br>
<br>
iQIcBAEBCAAGBQJU5f1BAAoJEJ9vHC1+BF+NeLMP/3U+1z4Xwf9ehKiT5wrX/ABO<br>
Dny7cOU3fi9hkibpE/fL4Zq7NgYb96v/WvyodD5fxVFCTaogs7A/fJG4IMw9iIBm<br>
WKBVAqdQKDCe+sMejGbZ3fm4YagjIrMXL7gsMdXmMdqzDVLGvwTZHkueedACTyg8<br>
fvMi06VfpK9I1ENBtrytmRZKHZ4fLh4CZuo4pbFSML8KrkIfzYux6zHTjppCI7TC<br>
hhkA4LVTNBYsIgVK3m1a8p1FVGKb4Cwe8PjugrvQF5yYLvbYGZaOWruD0FawR/Yl<br>
GGofFSPni3pM1kC4gvEHO6hjAtR4e0HakE9Tym6mrVbehSHiEMT6s3wBVmWe1ZGA<br>
hgklV/NpgVdkjlTiRiP6qxRHFg42UAEo7VxWpzpJy1V1dSyUaE5/LujE3dXWVaAl<br>
DG66wvffn39SQHt/9IxkYfMLh6V5ObNGKANjYxdOuz4GsuImtNXuWc09jDrErGuV<br>
eG/7wtm7U2jTTZqZ6WmDc5aIfdw0AHR066apjBGBJCsEJ69iwXmrKcgsL1ZpP6TY<br>
sldqlGNiyjjwlg4RJJPdO63YxOEtdVOjHXkVeeZD8mdbW23NzPX0QxgyY9Vcdaqi<br>
sh0sd6xj/bz9ExDEdKDJ1nEyzGli6jmuwGFITqY6so/t/BxOXlu8JRP7enV413ye<br>
8U7Sj9D6Quqa/NO+Oa0O<br>
=cOnj<br>
-----END PGP SIGNATURE-----<br>
_______________________________________________<br>
Unbound-users mailing list<br>
<a href="mailto:Unbound-users@unbound.net">Unbound-users@unbound.net</a><br>
<a href="http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users" target="_blank">http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users</a><br>
</blockquote></div>