Unbound 1.9.0rc1 pre-release

A. Schulze sca at andreasschulze.de
Tue Jan 29 21:40:16 UTC 2019

Am 29.01.19 um 10:22 schrieb Wouter Wijngaards via Unbound-users:
> Hi,
> Unbound 1.9.0rc1 pre-release is available


some points I noticed while diffing against 1.8.3:
  * doc/example.conf.in
      tls-chiphers and tls-ciphersuites suggest ciphersuites in an uncommon order
      tls-chiphers prefer DHE over ECDHE while DHE is slower
      tls-ciphersuites prefer CCM over GCM and Chacha

      -> without deeper knowledge I feel, this list is not a good suggestion.

      tls-session-ticket-keys: "requires restart to take effect."
      2017 I had a conversation with Filippo Valsorda regarding session ticket keys
      (context: webservers)
      He suggested to rotate them in terms of hours. OK, that's supported but require unbound
      to restart? is not a value.

      I would love to see unbound (as well as any other TLS server)
      handle that job in a housekeeping thread without administrative interaction.


many build time scripts use #!/usr/bin/sh instead of #!/bin/sh
/usr/bin/sh does not exist on any system I use.
Just wondering, it's not a problem for compilation...

finally: 2 compile time warnings:
./util/configparser.y:2736:3: warning: ignoring return value of 'asprintf', declared with attribute warn_unused_result [-Wunused-result]
   (void)asprintf(&new_cstr, "%s\nzone %s", old_cstr?old_cstr:"", $2);
./util/configparser.y:2749:3: warning: ignoring return value of 'asprintf', declared with attribute warn_unused_result [-Wunused-result]
   (void)asprintf(&new_cstr, "%s\n%s", old_cstr ? old_cstr : "", $2);

will install on some lab servers...


More information about the Unbound-users mailing list