Unbound 1.7.2rc1 pre-release

W.C.A. Wijngaards wouter at nlnetlabs.nl
Mon Jun 4 12:07:57 UTC 2018


Unbound 1.7.2rc1 pre-release is available:
sha256 561c33f80b757820e3bd632cd339673da84a71dbb6328d124324db2c63a7f833
pgp https://www.nlnetlabs.nl/downloads/unbound/unbound-1.7.2rc1.tar.gz.asc

This release fixes bugs in DNS-over-TLS for windows, and adds the option
for windows users to use the CA certificates from the Windows cert
stores, tls-win-cert: yes in unbound.conf.

The code has been updated with a speed up that improves performance for
large numbers of incoming TCP and TLS connections.

There is an option to allow to ignore an unset RD bit for access control
subnets and always allow recursion to the request.

Windows unbound 1.7.2rc1 download links, 64 and then 32bit:
And .asc pgp signatures.

- Fix low-rtt-pct to low-rtt-permil, as it is parts in one thousand.
- Qname minimisation default changed to yes.
- Use accept4 to speed up incoming TCP (and TLS) connections,
  available on Linux and FreeBSD.
- tls-win-cert option that adds the system certificate store for
  authenticating DNS-over-TLS connections.  It can be used instead
  of the tls-cert-bundle option, or with it to add certificates.
- Patch from Syzdek: Add ability to ignore RD bit and treat all
  requests as if the RD bit is set.
- Rename additional-tls-port to tls-additional-ports.
  The older name is accepted for backwards compatibility.

Bug fixes:
- Fix for crash in daemon_cleanup with dnstap during reload,
  from Saksham Manchanda.
- Also that for dnscrypt.
- Fix spelling error in man page and note defaults as no instead of
- Fix that unbound-control reload frees the rrset keys and returns
  the memory pages to the system.
- Fix fail to reject dead peers in forward-zone, with ssl-upstream.
- Fix that configure --with-libhiredis also turns on cachedb.
- Fix gcc 8 buffer warning in testcode.
- Fix function type cast warning in libunbound context callback type.
- Fix windows to not have sticky TLS events for TCP.
- Fix read of DNS over TLS length and data in one read call.
- Fix mesh state assertion failure due to callback removal.
- Fix contrib/libunbound.pc for libssl libcrypto references,
  from https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=226914
- Fix that libunbound can do DNS-over-TLS, when configured.
- Fix that windows unbound service can use DNS-over-TLS.
- unbound-host initializes ssl (for potential DNS-over-TLS usage
  inside libunbound), when ssl upstream or a cert-bundle is configured.
- For TCP and TLS connections that don't establish, perform address
  update in infra cache, so future selections can exclude them.
- Fix that tcp sticky events are removed for closed fd on windows.
- Fix close events for tcp only.
- Fix windows tcp and tls spin on events.
- Add routine from getdns to add windows cert store to the SSL_CTX.
- in compat/arc4random call getentropy_urandom when getentropy fails
  with ENOSYS.
- Fix that fallback for windows port.
- Fix deadlock caused by incoming notify for auth-zone.

Best regards, Wouter

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.nlnetlabs.nl/pipermail/unbound-users/attachments/20180604/d1401833/attachment.bin>

More information about the Unbound-users mailing list