Unbound 1.8.2 released

Tue Dec 4 15:40:45 UTC 2018

Runs ok. Thank you!

PS. BTW, No more win32 version? :-)

04.12.2018 15:28, Wouter Wijngaards via Unbound-users пишет:
> Hi,
>
> Unbound 1.8.2 is available:
> https://nlnetlabs.nl/downloads/unbound/unbound-1.8.2.tar.gz
> sha256 19f2235a8936d89e7dc919bbfcef355de759f220e36bb5e1e931ac000ed04993
> pgp https://nlnetlabs.nl/downloads/unbound/unbound-1.8.2.tar.gz.asc
>
>
> The option so-reuseport is by default disabled on FreeBSD, but it has
> support to work on FreeBSD 12 with the REUSEPORT_LB variant, if enabled
> in unbound.conf.
>
> The python code in unbound supports python 3.6, but also python 2.7
> works. The python module prints the python exceptions to the log, so
> that compatibility problems are more easy to troubleshoot.
>
> Fast server selection options are added that select from the fastest
> servers in the available set, with fast-server-num and
> fast-server-permil this can be turned on.  When enabled the fastest
> servers are selected, instead of a random server.  Randomness is good
> for poisoning prevention, but fast selection can result in faster
> roundtrips.
>
> The nameserver records in large returned negative responses are scrubbed
> out of the packet to avoid fragmentation based DNS cache poisoning,
> from a report from T.Suzuki.
>
> The automated test set now has static code analysis of the source code,
> this is performed with the clang analyzer.
>
> There is a new option to deny ANY packets, with deny-any: yes in
> unbound.conf.  The option unknown-server-time-limit can be used for
> cases behind a slow uplink to avoid multiple timeouts on every query to
> attain the necessary long timeout length for that uplink.
>
>
> Features
> - Add fast-server-permil and fast-server-num options.
> - Deprecate low-rtt and low-rtt-permil options.
> - Change fast-server-num default to 3.
> - Fix #4154: make ECS_MAX_TREESIZE configurable, with
>   the max-ecs-tree-size-ipv4 and max-ecs-tree-size-ipv6 options.
> - Fix #4190: Please create a "ANY" deny option, adds the option
>   deny-any: yes in unbound.conf.  This responds with an empty message
>   to queries of type ANY.
> - Fix #4126: RTT_band too low on VSAT links with 600+ms latency,
>   adds the option unknown-server-time-limit to unbound.conf that
>   can be increased to avoid the problem.
> - Add min-client-subnet-ipv6 and min-client-subnet-ipv4 options.
> - Support SO_REUSEPORT_LB in FreeBSD 12 with the so-reuseport: yes
>   option in unbound.conf.
> - Add unbound-control view_local_datas command, like local_datas.
>
> Bug Fixes
> - dnscrypt.c removed sizeof to get array bounds.
> - Fix testlock code to set noreturn on error routine.
> - Remove unused variable from contrib fastrpz/rpz.c and
>   remove unused diagnostic pragmas that themselves generate warnings
> - clang analyze test is used only when assertions are enabled.
> - Squelch EADDRNOTAVAIL errors when the interface goes away,
>   this omits 'can't assign requested address' errors unless
>   verbosity is set to a high value.
> - Set default for so-reuseport to no for FreeBSD.  It is enabled
>   by default for Linux and DragonFlyBSD.  The setting can
>   be configured in unbound.conf to override the default.
> - iana port update.
> - Squelch log of failed to tcp initiate after TCP Fastopen failure.
> - Fix #4192: unbound-control-setup generates keys not readable by
>   group.
> - check that the dnstap socket file can be opened and exists, print
>   error if not.
> - Add markdel function to ECS slabhash.
> - Limit ECS scope returned to client to the scope used for caching.
> - Fix #4191: NXDOMAIN vs SERVFAIL during dns64 PTR query.
> - Fix #4141: More randomness to rrset-roundrobin.
> - Fix #4132: Openness/closeness of RANGE intervals in rpl files.
> - remade makefile dependencies.
> - Fix #4152: Logs shows wrong time when using log-time-ascii: yes.
> - Scrub NS records from NXDOMAIN responses to stop fragmentation
>   poisoning of the cache.
> - Scrub NS records from NODATA responses as well.
> - Add patch from Jan Vcelak for pythonmod,
>   add sockaddr_storage getters, add support for query callbacks,
>   allow raw address access via comm_reply and update API documentation.
> - Removed compile warnings in pythonmod sockaddr routines.
> - With ./configure --with-pyunbound --with-pythonmodule
>   PYTHON_VERSION=3.6 or with 2.7 unbound can compile and unit tests
>   succeed for the python module.
> - pythonmod logs the python error and traceback on failure.
> - ignore debug python module for test in doxygen output.
> - review fixes for python module.
> - Fix #4209: Crash in libunbound when called from getdns.
> - auth zone zonefiles can be in a chroot, the chroot directory
>   components are removed before use.
> - Fix that empty zonefile means the zonefile is not set and not used.
> - Fix to not set GLOB_NOSORT so the unbound.conf include: files are
>   sorted and in a predictable order.
> - Fix #4193: Fix that prefetch failure does not overwrite valid cache
>   entry with SERVFAIL.
> - Fix DNS64 to not store intermediate results in cache, this avoids
>   other threads from picking up the wrong data.  The module restores
>   the previous no_cache_store setting when the the module is finished.
> - Fix #4208: 'stub-no-cache' and 'forward-no-cache' not work.
> - New and better fix for Fix #4193: Fix that prefetch failure does
>   not overwrite valid cache entry with SERVFAIL.
> - auth-zone give SERVFAIL when expired, fallback activates when
>   expired, and this is documented in the man page.
> - stat count SERVFAIL downstream auth-zone queries for expired zones.
> - Put new logos into windows installer.
> - Fix windows compile for new rrset roundrobin fix.
> - Update contrib fastrpz patch for latest release.
> - Fix chroot auth-zone fix to remove chroot prefix.
> - windows icon updated.
>
> Best regards, Wouter
>
-- 
"C++ seems like a language suitable for firing other people's legs."

*****************************
* C++20 : Bug to the future *
*****************************

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 659 bytes
Desc: OpenPGP digital signature
URL: <http://lists.nlnetlabs.nl/pipermail/unbound-users/attachments/20181204/fcede039/attachment.bin>