Unbound 1.6.6rc2 prerelease
wouter at nlnetlabs.nl
Wed Sep 13 07:17:13 UTC 2017
Unbound 1.6.6rc2 prerelease is available:
The RC2 is caused by configure script changes because of windows build
with the new openssl, it should not have an impact on other platforms.
- Fix #1412: QNAME minimisation strict mode not honored
- Fix #1434: Fix windows openssl 1.1.0 linking.
- Add dns64 for client-subnet in unbound-checkconf.
Best regards, Wouter
On 04/09/17 16:01, W.C.A. Wijngaards wrote:
> Unbound 1.6.6rc1 prerelease is available:
> sha256 49a018681c44d92c9e90af905b5c699871c3de487eff38d1303229ea69bed73a
> pgp https://unbound.net/downloads/unbound-1.6.6rc1.tar.gz.asc
> This version is a prerelease for packagers and maintainers.
> This version blocks .test and .invalid by default. It has a -p option
> to suppress pidfile creation (for startup script integration). And more
> stats and a shared secret cache for dnscrypt. And bug fixes.
> - unbound-control dump_infra prints port number for address if not 53.
> - Fix #1344: RFC6761-reserved domains: test. and invalid.
> - Fix #1349: allow suppression of pidfiles (from Daniel Kahn Gillmor).
> With the -p option unbound does not create a pidfile.
> - Added stats for queries that have been ratelimited by domain
> - Patch to show DNSCrypt status in help output, from Carsten
> - Fix #1407: Add ECS options check to unbound-checkconf.
> - Fix #1415: [dnscrypt] shared secret cache, patch from
> Manu Bretelle.
> Bug Fixes:
> - fixup of dnscrypt_cert_chacha test (from Manu Bretelle).
> - First fix for zero b64 and hex text zone format in sldns.
> - Better fixup of dnscrypt_cert_chacha test for different escapes.
> - Fix that infra cache host hash does not change after reconfig.
> - Fix python example0 return module wait instead of error for pass.
> - enhancement for hardened-tls for DNS over TLS. Removed duplicated
> security settings.
> - Fix for unbound-checkconf, check ipsecmod-hook if ipsecmod is turned
> - Fix #1331: libunbound segfault in threaded mode when context is
> - Fix pythonmod link line option flag.
> - Fix openssl 1.1.0 load of ssl error strings from ssl init.
> - Fix 1332: Bump verbosity of failed chown'ing of the control socket.
> - Redirect all localhost names to localhost address for RFC6761.
> - Fix #1350: make cachedb backend configurable (from JINMEI Tatuya).
> - Fix tests to use .tdir (from Manu Bretelle) instead of .tpkg.
> - upgrade aclocal(pkg.m4 0.29.1), config.guess(2016-10-02),
> - annotate case statement fallthrough for gcc 7.1.1.
> - flex output from flex 2.6.1.
> - snprintf of thread number does not warn about truncated string.
> - squelch TCP fast open error on FreeBSD when kernel has it disabled,
> unless verbosity is high.
> - remove warning from windows compile.
> - Fix compile with libnettle
> - Fix DSA configure switch (--disable dsa) for libnettle and libnss.
> - Fix #1365: Add Ed25519 support using libnettle.
> - Fix #1394: mix of serve-expired and response-ip could cause a crash.
> - Remove unused iter_env member (ip6arpa_dname)
> - Do not reset rrset.bogus stats when called using stats_noreset.
> - Do not add rrset_bogus and query ratelimiting stats per thread, these
> module stats are global.
> - Fix #1397: Recursive DS lookups for AS112 zones names should recurse.
> - Fix #1398: make cachedb secret configurable.
> - Remove spaces from Makefile.
> - Fix issue on macOX 10.10 where TCP fast open is detected but not
> implemented causing TCP to fail. The fix allows fallback to regular
> TCP in this case and is also more robust for cases where connectx()
> fails for some reason.
> - Fix #1402: squelch invalid argument error for fd_set_block on windows.
> - Fix to reclaim tcp handler when it is closed due to dnscrypt buffer
> allocation failure.
> - Fix #1415: patch to free dnscrypt environment on reload.
> - iana portlist update
> - Small fixes for the shared secret cache patch.
> - Fix WKS records on kvm autobuild host, with default protobyname
> entries for udp and tcp.
> - Fix #1414: fix segfault on parse failure and log_replies.
> - zero qinfo in handle_request, this zeroes local_alias and also the
> qname member.
> - new keys and certs for dnscrypt tests.
> - fixup WKS test on buildhost without servicebyname.
> - updated contrib/fastrpz.patch to apply with configparser changes.
> - Fix 1416: qname-minimisation breaks TLSA lookups with CNAMEs.
> - Fix #1424: cachedb:testframe is not thread safe.
> - Fix #1417: [dnscrypt] shared secret cache counters, and works when
> dnscrypt is not enabled. And cache size configuration option.
> - Fix #1418: [ip ratelimit] initialize slabhash using
> - Recommend 1472 buffer size in unbound.conf
> Best regards, Wouter
> maintainers mailing list
> maintainers at nlnetlabs.nl
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 819 bytes
Desc: OpenPGP digital signature
More information about the Unbound-users