Unbound 1.7.3rc2 pre-release

W.C.A. Wijngaards wouter at nlnetlabs.nl
Mon Jun 18 11:30:44 UTC 2018


Hi,

Unbound 1.7.3rc2 pre-release is available:
https://www.nlnetlabs.nl/downloads/unbound/unbound-1.7.3rc2.tar.gz
sha256 b3aa0f62fb8e672be3ebb864e8fb294f30dcac51a5f56612cc5bc9d0232b09c7
pgp https://www.nlnetlabs.nl/downloads/unbound/unbound-1.7.3rc2.tar.gz.asc

This RC2 is made because the control-use-cert changes caused startup
problems for people with control-use-cert: no and without local pipes,
now, control-use-cert: no still works like before.  For local pipes, TLS
is not used regardless of control-use-cert.

Bug Fixes
- Fix that control-use-cert: no works for 127.0.0.1 to disable certs.

Best regards, Wouter

On 15/06/18 10:29, W.C.A. Wijngaards wrote:
> Hi,
> 
> Unbound 1.7.3rc1 pre-release is available.
> https://www.nlnetlabs.nl/downloads/unbound/unbound-1.7.3rc1.tar.gz
> sha256 78913d28ff7dfa5fe8a69f235956bfdcb4cc4bdaeb45f03ed6eba5ebddfad5d0
> pgp https://www.nlnetlabs.nl/downloads/unbound/unbound-1.7.3rc1.tar.gz.asc
> 
> This release fixes a bug in qname minimisation, from 1.7.1, that double
> counts CNAMEs and this causes resolution failures because the maximum
> CNAME count is hit.  This caught attention because since 1.7.2 qname
> minimisation is enabled by default.
> 
> Features
> - #4102 for NSD, but for Unbound.  Named unix pipes do not use
>   certificate and key files, access can be restricted with file and
>   directory permissions.  The option control-use-cert is no longer
>   used, and ignored if found in unbound.conf.
> - Rename tls-additional-ports to tls-additional-port, because every
>   line adds one port.
> 
> Bug Fixes
> - Don't count CNAME response types received during qname minimisation
>   as query restart.
> - #4100: Fix stub reprime when it becomes useless.
> - Fix crash if ratelimit taken into use with unbound-control
>   instead of with unbound.conf.
> - Patch to fix openwrt for mac os build darwin detection in configure.
> - #4103: Fix that auth-zone does not insist on SOA record first in
>   file for url downloads.
> - Fix that first control-interface determines if TLS is used.  Warn
>   when IP address interfaces are used without TLS.
> 
> Best regards, Wouter
> 
> 
> 
> _______________________________________________
> maintainers mailing list
> maintainers at nlnetlabs.nl
> https://nlnetlabs.nl/mailman/listinfo/maintainers
> 


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.nlnetlabs.nl/pipermail/unbound-users/attachments/20180618/ab5da5d7/attachment.bin>


More information about the Unbound-users mailing list