Unbound 1.13.0 released

Viktor Dukhovni ietf-dane at dukhovni.org
Sat Dec 26 19:45:57 UTC 2020


On Thu, Dec 03, 2020 at 10:11:10AM +0100, Wouter Wijngaards wrote:

> Unbound 1.13.0 is available:
> https://nlnetlabs.nl/downloads/unbound/unbound-1.13.0.tar.gz
> sha256 a954043a95b0326ca4037e50dace1f3a207a0a19e9a4a22f4c6718fc623db2a1
> pgp https://nlnetlabs.nl/downloads/unbound/unbound-1.13.0.tar.gz.asc

Many thanks for all the fine releases over the years!

That said, for once I may have an issue in 1.13.0.  This morning, my
logs show:

    Dec 14 22:21:13 amnesiac pkg[60360]: unbound-1.13.0 installed
    Dec 26 09:14:52 amnesiac kernel: pid 60404 (unbound), jid 0, uid 59: exited on signal 11
    Dec 26 14:15:31 amnesiac unbound[48856]: [48856:0] warning: did not exit gracefully last time (60404)

Sadly, no core file or any other log messages.  Anyone else seen crashes
with 1.13.0?  Any known bugs that lead to segfaults?

This is on a FreeBSD 12.0 system, and unbound (built from ports) is not
configured to anything exotic like DoT or DoH:

       ┌──────────────────────────────────────────────────────────────────────────┐
       │ [ ] DNSCRYPT      Enable dnscrypt support                                │
       │ [ ] DNSTAP        Enable dnstap logging support                          │
       │ [x] DOCS          Build and/or install documentation                     │
       │ [ ] DOH           Enable DNS-over-HTTPS supports                         │
       │ [x] ECDSA         Enable ECDSA (elliptic curve) support (OpenSSL >= 1.0) │
       │ [ ] EVAPI         (Experimental) pluggable event based libunbound API sup│
       │ [ ] FILTER_AAAA   Build with AAAA filter functionality (contrib)         │
       │ [ ] GOST          Enable GOST support (requires OpenSSL >= 1.0)          │
       │ [ ] HIREDIS       Enable hiredis support for the cachedb module          │
       │ [x] LIBEVENT      Build against libevent                                 │
       │ [ ] MUNIN_PLUGIN  Install Munin plugin                                   │
       │ [ ] PYTHON        Python bindings or support                             │
       │ [ ] SUBNET        Enable client subnet support                           │
       │ [x] TFOCL         Enable TCP Fast Open for client mode                   │
       │ [x] TFOSE         Enable TCP Fast Open for server mode                   │
       │ [x] THREADS       Threading support                                      |

This unbound serves only my inside LAN, no public clients:

    /usr/local/etc/unbound.conf:
        server:
                username: unbound
                directory: /usr/local/etc/unbound
                chroot: /usr/local/etc/unbound
                pidfile: /usr/local/etc/unbound/unbound.pid
                auto-trust-anchor-file: /usr/local/etc/unbound/root.key

                unblock-lan-zones: yes
                insecure-lan-zones: yes

                verbosity: 0

                module-config: "validator iterator"
                minimal-responses: yes
                qname-minimisation: no
                cache-max-ttl: 7200
                cache-max-negative-ttl: 1200
                val-sig-skew-min: 3600
                val-sig-skew-max: 3600
                harden-algo-downgrade: no

                target-fetch-policy: "3 3 3 2 1 1"
                prefetch-key: yes

                num-threads: 2
                msg-cache-slabs: 2
                rrset-cache-slabs: 2
                infra-cache-slabs: 2
                key-cache-slabs: 2
                key-cache-size: 128m
                rrset-cache-size: 128m
                msg-cache-size: 32m
                neg-cache-size: 4m
                jostle-timeout: 500
                delay-close: 1500

                interface: 127.0.0.1
                interface: 192.168.1.1
                interface: fd00:53:53::53
                so-reuseport: no
                access-control: 127.0.0.0/8 allow
                access-control: 192.168.1.0/24 allow
                edns-buffer-size: 8192
                max-udp-size: 8192

                do-not-query-localhost: yes
                do-ip4: yes
                do-ip6: yes
                do-udp: yes
                do-tcp: yes
                prefer-ip6: no
                outgoing-range: 16384
                num-queries-per-thread: 8192
                outgoing-port-permit: 1024-65535
                outgoing-port-avoid: 1-1023
                outgoing-num-tcp: 512
                incoming-num-tcp: 512
                so-rcvbuf: 12m
                so-sndbuf: 12m
                infra-cache-numhosts: 100000

                rrset-roundrobin: yes

        local-zone: "doubleclick.net." always_nxdomain
        local-zone: "facebook.com." always_nxdomain
        local-zone: "googleadservices.com." always_nxdomain
        local-zone: "use-application-dns.net." always_nxdomain

        # Use local mirrors of the root and arpa zones:
        #
        stub-zone:
                name: "."
                stub-addr: <mirror-ip>
                stub-first: yes
        stub-zone:
                name: "arpa"
                stub-addr: <mirror-ip>
                stub-first: yes

        remote-control:
                control-enable: yes
                control-interface: /usr/local/etc/unbound/unbound.ctl
                control-use-cert: no

-- 
    Viktor.


More information about the Unbound-users mailing list