[Unbound-users] Unbound 1.3.3 released
W.C.A. Wijngaards
wouter at NLnetLabs.nl
Tue Aug 4 14:40:42 UTC 2009
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
Unbound 1.3.3 has been released. A sprinkle of smaller features and
bugfixes. Windows users should update, since a serious bug for
them was found (by Mees de Roo) impacting spoof resistance.
Download:
http://unbound.net/downloads/unbound-1.3.3.tar.gz
SHA1 checksum: 4124d3b70a38d72a1ad47bf2a9e5aee9498ae439
SHA256 checksum:
da2b24b87706a92c4b1e447cdcac26e851eb1bcaf4536e9dda1a64acb7ad92b8
The val-log-level is useful during deployment, prints errors like:
Aug 03 00:11:20 unbound[80674:0] info: validation failure <ns.xvx.cz. A IN>
Aug 04 11:17:39 unbound[80674:0] info: validation failure <ns2.umdac.se.
A IN>
Aug 04 12:41:31 unbound[80674:0] info: validation failure
<ns1.dotarai.in.th. A IN>
Which is fairly quiet, and tells you which domains are impacted.
Use drill -S or other troubleshooting tools to find out what is wrong.
Features
* feature val-log-level: 1 prints validation failures so you can keep
track of them during dnssec deployment.
* contrib/update-anchor.sh has -r option for root-hints.
* crosscompile possible
* verified that --enable-sha2 works with draft rsasha256-14
Bug Fixes
* nicer warning when algorithm not supported, tells you to upgrade.
* Updated unbound-cacti contribution from Dmitriy Demidov, with the
queue statistics displayed in its own graph.
* Fix bug found by Michael Tokarev where unbound would try to prime the
root servers even though forwarders are configured for the root.
* Ignore transient sendto errors, no route to host, and host, net down.
* Fix server selection, so that it waits for open target queries when
faced with lameness.
* iana portlist updated.
* Updated ldns tarball for solaris x64 compile assistance.
* Fixed to not use RAND_MAX on windows, so all 16 ID bits are used.
Best regards,
Wouter
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iEYEARECAAYFAkp4SGoACgkQkDLqNwOhpPhJpgCeIGet52Ko1xLSQjuGGy80ubtg
iwMAnAlCmOoKz/DYuPvQs225p09yUih4
=LjhW
-----END PGP SIGNATURE-----
More information about the Unbound-users
mailing list