Unbound 1.8.1rc1 pre-release

Yuri yvoinov at gmail.com
Tue Oct 2 07:54:20 UTC 2018


It eats significantly less RAM (comparing with 1.8.0) and runs smoothly.


01.10.2018 18:30, Wouter Wijngaards via Unbound-users пишет:
> Hi,
>
> Unbound 1.8.1rc1 pre-release is available:
> https://nlnetlabs.nl/downloads/unbound/unbound-1.8.1rc1.tar.gz
> sha256 e1f285320f6f826ffe50dea8ad405bebaa84d13bdfefc91add1676c272029a46
> pgp https://nlnetlabs.nl/downloads/unbound/unbound-1.8.1rc1.tar.gz.asc
>
> This release of Unbound contains a number of bug fixes.  A memory leak
> in the TLS lookup code is fixed.  Leaked requests in the requestlist are
> fixed.  Lookup failure due to qname minimisation and a lack of IPv6 with
> connectivity issues is fixed.
>
> TLS upstream servers are signalled with SNI with the name that is
> configured.  This allows hosting servers by name on the destination.
>
> Also Unbound is fixed from calling disallowed routines, by using EVP
> code, for FIPS OpenSSL.
>
>
> Features:
> - Perform TLS SNI indication of the host that is being contacted
>   for DNS over TLS service.  It sets the configured tls auth name.
>   This is useful for hosts that apart from the DNS over TLS services
>   also provide other (web) services.
>
> Bug Fixes:
> - More explicitly mention the type of ratelimit when applying
>   ip-ratelimit.
> - Fix spelling error in header, from getdns commit by Andreas Gelmini.
> - iana port update.
> - Fixed unused return value warnings in contrib/fastrpz.patch for
>   asprintf.
> - Fix to squelch respip warning in unit test, it is printed at
>   higher verbosity settings.
> - Fix spelling errors.
> - Fix initialisation in remote.c
> - Fix seed for random backup code to use explicit zero when wiped.
> - exit log routine is annotated as noreturn function.
> - free memory leaks in config strlist and str2list insert functions.
> - do not move unused argv variable after getopt.
> - Remove unused if clause in testcode.
> - in testcode, free async ids, initialise array, and check for null
>   pointer during test of the test.  And use exit for return to note
>   irregular program stop.
> - Free memory leak in config strlist append.
> - make sure nsec3 comparison salt is initialized.
> - unit test has clang analysis.
> - remove unused variable assignment from iterator scrub routine.
> - check for null in delegation point during iterator refetch
>   in forward zone.
> - neater pointer cast in libunbound context quit routine.
> - initialize statistics totals for printout.
> - in authzone check that node exists before adding rrset.
> - in unbound-anchor, use readwrite memory BIO.
> - assertion in autotrust that packed rrset is formed correctly.
> - Fix memory leak when message parse fails partway through copy.
> - remove unused udpsize assignment in message encode.
> - nicer bio free code in unbound-anchor.
> - annotate exit functions with noreturn in unbound-control.
> - Fix compile on Mac for unbound, provide explicit_bzero when libc
>   does not have it.
> - Fix unbound for openssl in FIPS mode, it uses the digests with
>   the EVP call contexts.
> - Fix that with harden-below-nxdomain and qname minisation enabled
>   some iterator states for nonresponsive domains can get into a
>   state where they waited for an empty list.
> - Stop UDP to TCP failover after timeouts that causes the ping count
>   to be reset by the TCP time measurement (that exists for TLS),
>   because that causes the UDP part to not be measured as timeout.
> - Fix #4156: Fix systemd service manager state change notification.
> - Fix #4149: Add SSL cleanup for tcp timeout.
> - Fix #4188: IPv6 forwarders without ipv6 result in SERVFAIL, fixes
>   qname minimisation with a forwarder when connectivity has issues
>   from rejecting responses.
>
> Best regards, Wouter
>
>
>

-- 
"C++ seems like a language suitable for firing other people's legs."

*****************************
* C++20 : Bug to the future *
*****************************


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 659 bytes
Desc: OpenPGP digital signature
URL: <http://lists.nlnetlabs.nl/pipermail/unbound-users/attachments/20181002/0329ed01/attachment.bin>


More information about the Unbound-users mailing list