[Unbound-users] Unbound 1.4.7 release
lst_hoe02 at kwsoft.de
lst_hoe02 at kwsoft.de
Tue Nov 9 08:37:11 UTC 2010
Zitat von "W.C.A. Wijngaards" <wouter at NLnetLabs.nl>:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hi,
>
> Unbound 1.4.7 is available.
>
> You can find it here:
> unbound.net/downloads/unbound-1.4.7rc1.tar.gz
> sha1 eb062726e074ebb0e7d64e31495db693defc6a9f
> sha256 f04944d10c65a548eb6a5ff17715283d9315d9a6c5585248e90384f10aee5748
>
> There are some bugfixes since 1.4.7rc1, which do not affect the build
> process, that are in release 1.4.7
>
> New dependency on libexpat (for parsing xml in unbound-anchor: tool to
> get the DNSSEC root key).
>
> Also, GOST is enabled by default, and errors if not supported. And ldns
> if not recent enough there is a configure error (you can use the builtin
> or 1.6.7).
Is GOST a supported cipher for DNSSEC or will it be some time in the
future? As far as i can see it is only available in openssl 1.x or
newer and for the next few years this will probably not be the
standard on Unix. So most of us have to use "--disable-gost" anyway...
> If you want to create a package with DNSSEC support then unbound-anchor
> is a tool that you can use. It contains a copy of the root key DS, and
> a certificate to update it, it does RFC5011 tracking and https fetches
> to keep the DNSSEC root anchor updated. Just put a line in unbound.conf
> and run it before you start unbound, thus, you may want to review your
> rc.init scripts.
>
> You can audit the included keys with unbound-anchor -l (or override with
> commandline options and it is open source).
>
> There are also some nice bugfixes in 1.4.7 :-) Here is a long,
> detailed, list:
Thanks, i will try it out.
Regards
Andreas
More information about the Unbound-users
mailing list