Unbound 1.16.1 pre-release

Yuri yvoinov at gmail.com
Sun Jul 10 08:40:32 UTC 2022


Built and runs ok.

04.07.2022 18:23, Wouter Wijngaards via Unbound-users пишет:
> Hi,
>
> Unbound 1.16.1rc1 pre-release is available:
> https://nlnetlabs.nl/downloads/unbound/unbound-1.16.1rc1.tar.gz
> sha256 a02581c8fb730c8c7885d1ae76d0c4df44f27cb9131d0813002b8ea7c6183fa6
> pgp https://nlnetlabs.nl/downloads/unbound/unbound-1.16.1rc1.tar.gz.asc
>
> This release fixes a number of bugs. The number of nxdomains encountered
> when looking up a nameserver is not counted as such when the lookup was
> from cache. Also parent side queries are not created when the addresses
> are lame or already in cache. This solves lookup problems of domains
> with a lot of nxdomains, and that have parent-child differences.
>
> Algorithms that are not supported are disabled when the system OpenSSL
> does not provide them, for FIPS OpenSSL installations.
>
> Unbound sets IP_BIND_ADDRESS_NO_PORT socket option on outgoing tcp
> sockets to make the port space larger that can be used. The number of
> outgoing udp packets is collected in the num.query.udpout statistic.
>
> Features
> - Fix #704: [FR] Statistics counter for number of outgoing UDP queries
>   sent; introduces 'num.query.udpout' to the 'unbound-control stats'
>   command.
>
> Bug Fixes
> - makedist.sh picks up 32bit libssp-0.dll when 32bit compile.
> - Fix for edns client subnet to respect not looking in its cache when
>   instructed to do so (e.g., prefetch).
> - Merge PR #688: Rpz url notify issue.
> - Note in the unbound.conf text that NOTIFY is allowed from the url:
>   addresses for auth and rpz zones.
> - Remove unused LDNS function check for GOST Engine unloading.
> - Fix for loading locally stored zones that have lines with blanks or
>   blanks and comments.
> - Fix #663: use after free issue with edns options.
> - Clarify -v flag manpage entry (#705)
> - Fix test program dohclient close to use portability routine.
> - Show the output of the exact .rpl run that failed with 'make test'.
> - Fix for cached 0 TTL records to not trigger prefetching when
>   serve-expired-client-timeout is set.
> - Add debug option to the mini_tdir.sh test code.
> - Fix to not count cached NXDOMAIN for MAX_TARGET_NX.
> - Allow fallback to the parent side when MAX_TARGET_NX is reached.
>   This will also allow MAX_TARGET_NX more NXDOMAINs.
> - iana portlist update.
> - Fix detection of libz on windows compile with static option.
> - Fix compile warning for windows compile.
> - Merge PR #706: NXNS fallback.
> - From #706: Cached NXDOMAIN does not increase the target nx
>   responses.
> - From #706: Don't generate parent side queries if we already
>   have the lame records in cache.
> - From #706: When a lame address is the best choice, don't try to
>   generate target queries when the missing targets are all lame.
> - Merge PR #671 from Petr Menšík: Disable ED25519 and ED448 in FIPS
>   mode on openssl3.
> - Merge PR #660 from Petr Menšík: Sha1 runtime insecure.
> - For #660: formatting, less verbose logging, add EDE information.
> - Fix for correct openssl error when adding windows CA certificates to
>   the openssl trust store.
> - Improve val_sigcrypt.c::algo_needs_missing for one loop pass.
> - Reintroduce documentation and more EDE support for
>   val_sigcrypt.c::dnskeyset_verify_rrset_sig.
> - Fix bug introduced in 'improve val_sigcrypt.c::algo_needs_missing for
>   one loop pass'.
> - Merge PR #668 from Cristian Rodríguez: Set IP_BIND_ADDRESS_NO_PORT on
>   outbound tcp sockets.
>
> Best regards, Wouter


More information about the Unbound-users mailing list