Unbound 1.13.0 released
Viktor Dukhovni
ietf-dane at dukhovni.org
Sat Dec 26 19:45:57 UTC 2020
On Thu, Dec 03, 2020 at 10:11:10AM +0100, Wouter Wijngaards wrote:
> Unbound 1.13.0 is available:
> https://nlnetlabs.nl/downloads/unbound/unbound-1.13.0.tar.gz
> sha256 a954043a95b0326ca4037e50dace1f3a207a0a19e9a4a22f4c6718fc623db2a1
> pgp https://nlnetlabs.nl/downloads/unbound/unbound-1.13.0.tar.gz.asc
Many thanks for all the fine releases over the years!
That said, for once I may have an issue in 1.13.0. This morning, my
logs show:
Dec 14 22:21:13 amnesiac pkg[60360]: unbound-1.13.0 installed
Dec 26 09:14:52 amnesiac kernel: pid 60404 (unbound), jid 0, uid 59: exited on signal 11
Dec 26 14:15:31 amnesiac unbound[48856]: [48856:0] warning: did not exit gracefully last time (60404)
Sadly, no core file or any other log messages. Anyone else seen crashes
with 1.13.0? Any known bugs that lead to segfaults?
This is on a FreeBSD 12.0 system, and unbound (built from ports) is not
configured to anything exotic like DoT or DoH:
┌──────────────────────────────────────────────────────────────────────────┐
│ [ ] DNSCRYPT Enable dnscrypt support │
│ [ ] DNSTAP Enable dnstap logging support │
│ [x] DOCS Build and/or install documentation │
│ [ ] DOH Enable DNS-over-HTTPS supports │
│ [x] ECDSA Enable ECDSA (elliptic curve) support (OpenSSL >= 1.0) │
│ [ ] EVAPI (Experimental) pluggable event based libunbound API sup│
│ [ ] FILTER_AAAA Build with AAAA filter functionality (contrib) │
│ [ ] GOST Enable GOST support (requires OpenSSL >= 1.0) │
│ [ ] HIREDIS Enable hiredis support for the cachedb module │
│ [x] LIBEVENT Build against libevent │
│ [ ] MUNIN_PLUGIN Install Munin plugin │
│ [ ] PYTHON Python bindings or support │
│ [ ] SUBNET Enable client subnet support │
│ [x] TFOCL Enable TCP Fast Open for client mode │
│ [x] TFOSE Enable TCP Fast Open for server mode │
│ [x] THREADS Threading support |
This unbound serves only my inside LAN, no public clients:
/usr/local/etc/unbound.conf:
server:
username: unbound
directory: /usr/local/etc/unbound
chroot: /usr/local/etc/unbound
pidfile: /usr/local/etc/unbound/unbound.pid
auto-trust-anchor-file: /usr/local/etc/unbound/root.key
unblock-lan-zones: yes
insecure-lan-zones: yes
verbosity: 0
module-config: "validator iterator"
minimal-responses: yes
qname-minimisation: no
cache-max-ttl: 7200
cache-max-negative-ttl: 1200
val-sig-skew-min: 3600
val-sig-skew-max: 3600
harden-algo-downgrade: no
target-fetch-policy: "3 3 3 2 1 1"
prefetch-key: yes
num-threads: 2
msg-cache-slabs: 2
rrset-cache-slabs: 2
infra-cache-slabs: 2
key-cache-slabs: 2
key-cache-size: 128m
rrset-cache-size: 128m
msg-cache-size: 32m
neg-cache-size: 4m
jostle-timeout: 500
delay-close: 1500
interface: 127.0.0.1
interface: 192.168.1.1
interface: fd00:53:53::53
so-reuseport: no
access-control: 127.0.0.0/8 allow
access-control: 192.168.1.0/24 allow
edns-buffer-size: 8192
max-udp-size: 8192
do-not-query-localhost: yes
do-ip4: yes
do-ip6: yes
do-udp: yes
do-tcp: yes
prefer-ip6: no
outgoing-range: 16384
num-queries-per-thread: 8192
outgoing-port-permit: 1024-65535
outgoing-port-avoid: 1-1023
outgoing-num-tcp: 512
incoming-num-tcp: 512
so-rcvbuf: 12m
so-sndbuf: 12m
infra-cache-numhosts: 100000
rrset-roundrobin: yes
local-zone: "doubleclick.net." always_nxdomain
local-zone: "facebook.com." always_nxdomain
local-zone: "googleadservices.com." always_nxdomain
local-zone: "use-application-dns.net." always_nxdomain
# Use local mirrors of the root and arpa zones:
#
stub-zone:
name: "."
stub-addr: <mirror-ip>
stub-first: yes
stub-zone:
name: "arpa"
stub-addr: <mirror-ip>
stub-first: yes
remote-control:
control-enable: yes
control-interface: /usr/local/etc/unbound/unbound.ctl
control-use-cert: no
--
Viktor.
More information about the Unbound-users
mailing list