[Unbound-users] Unbound 1.3.3 released
wouter at NLnetLabs.nl
Tue Aug 4 14:40:42 UTC 2009
-----BEGIN PGP SIGNED MESSAGE-----
Unbound 1.3.3 has been released. A sprinkle of smaller features and
bugfixes. Windows users should update, since a serious bug for
them was found (by Mees de Roo) impacting spoof resistance.
SHA1 checksum: 4124d3b70a38d72a1ad47bf2a9e5aee9498ae439
The val-log-level is useful during deployment, prints errors like:
Aug 03 00:11:20 unbound[80674:0] info: validation failure <ns.xvx.cz. A IN>
Aug 04 11:17:39 unbound[80674:0] info: validation failure <ns2.umdac.se.
Aug 04 12:41:31 unbound[80674:0] info: validation failure
<ns1.dotarai.in.th. A IN>
Which is fairly quiet, and tells you which domains are impacted.
Use drill -S or other troubleshooting tools to find out what is wrong.
* feature val-log-level: 1 prints validation failures so you can keep
track of them during dnssec deployment.
* contrib/update-anchor.sh has -r option for root-hints.
* crosscompile possible
* verified that --enable-sha2 works with draft rsasha256-14
* nicer warning when algorithm not supported, tells you to upgrade.
* Updated unbound-cacti contribution from Dmitriy Demidov, with the
queue statistics displayed in its own graph.
* Fix bug found by Michael Tokarev where unbound would try to prime the
root servers even though forwarders are configured for the root.
* Ignore transient sendto errors, no route to host, and host, net down.
* Fix server selection, so that it waits for open target queries when
faced with lameness.
* iana portlist updated.
* Updated ldns tarball for solaris x64 compile assistance.
* Fixed to not use RAND_MAX on windows, so all 16 ID bits are used.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
-----END PGP SIGNATURE-----
More information about the Unbound-users