Unbound-users Digest, Vol 69, Issue 8

ub40 at mag3.co ub40 at mag3.co
Thu Sep 18 12:39:54 UTC 2025 

Is there a package repository on which I can get this version (1.24.0) 
without having to bring down the source code and "Make" it? This would 
be a repository for Ubuntu 22.04 or thereabouts.  The one I have now (by 
using "apt update") only has ver 1.13.1. I am wondering if some of my 
problems might be "version" related.

Thanks very much.

Regards,
Arnold

On 2025-09-18 07:00, unbound-users-request at lists.nlnetlabs.nl wrote:

> Send Unbound-users mailing list submissions to
> unbound-users at lists.nlnetlabs.nl
> 
> To subscribe or unsubscribe via the World Wide Web, visit
> https://lists.nlnetlabs.nl/mailman/listinfo/unbound-users
> or, via email, send a message with subject or body 'help' to
> unbound-users-request at lists.nlnetlabs.nl
> 
> You can reach the person managing the li
> unbound-users-owner at lists.nlnetlabs.nl
> 
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Unbound-users digest..."
> 
> Today's Topics:
> 
> 1. Unbound 1.24.0 released (Wouter Wijngaards)
> 
> ----------------------------------------------------------------------
> 
> Message: 1
> Date: Thu, 18 Sep 2025 10:33:06 +0200
> From: Wouter Wijngaards <wouter at nlnetlabs.nl>
> To: unbound-users at lists.nlnetlabs.nl, maintainers at lists.nlnetlabs.nl
> Subject: Unbound 1.24.0 released
> Message-ID: <bb1920ba-9733-3b32-9035-fb314e148cbd at nlnetlabs.nl>
> Content-Type: text/plain; charset=UTF-8; format=flowed
> 
> Hi,
> 
> Unbound 1.24.0 is available:
> https://nlnetlabs.nl/downloads/unbound/unbound-1.24.0.tar.gz
> sha256 147b22983cc7008aa21007e251b3845bfcf899ffd2d3b269253ebf2e27465086
> pgp https://nlnetlabs.nl/downloads/unbound/unbound-1.24.0.tar.gz.asc
> 
> This release features increased defaults, num.valops statistic,
> unbound-control cache_lookup, and bug fixes.
> 
> The default value increase for num-queries-per-thread is to make
> saturation of the task queue more resource intensive and less
> practical. Thanks to Shiming Liu, Network and Information Security
> Lab, Tsinghua University for the report.
> 
> The default value increase for so-sndbuf is to mitigate a cross-layer
> issue where the UDP socket send buffers are exhausted waiting for
> ARP/NDP resolution. Thanks to Reflyable for the report.
> 
> To help the server start more easily, the setsockopt for sndbuf buffer
> size prints a warning instead of a failure to start the server if it
> can not set the buffer size. This change has been added after RC1.
> 
> Various cache -slabs options are auto-configured if not specified
> in the config file. It uses a power of two close to the number of
> threads. When the option is specified in the config file that value
> is used instead.
> 
> An extra statistic is added to track the number of signature validation
> operations by the validator, `num.valops`.
> 
> The unbound-control `cache_lookup` command prints cache information for
> names in the domain given. This prints similar to dump_cache, but only
> names under the zone(s) specified. Because of that it locks the caches
> for a much shorter time, and this is good for server responsiveness.
> 
> The `sock-queue-timeout` option is adapted to work on FreeBSD as well
> as Linux.
> 
> Features
> - Increase default to `num-queries-per-thread: 2048`, when unbound is
> compiled with libevent. It makes saturation of the task queue more
> resource intensive and less practical. Thanks to Shiming Liu,
> Network and Information Security Lab, Tsinghua University for the
> report.
> - Merge #1276: Auto-configure '-slabs' values.
> - Change default for so-sndbuf to 1m, to mitigate a cross-layer
> issue where the UDP socket send buffers are exhausted waiting
> for ARP/NDP resolution. Thanks to Reflyable for the report.
> - Adjusted so-sndbuf default to 4m.
> - Merge #1289 from Roland van Rijswijk-Deij: Add extra statistic to
> track the number of signature validation operations.
> Adds 'num.valops' to extended statistics.
> - Fix #1303: [FR] Disable TLSv1.2.
> - unbound-control cache_lookup <domains> prints the cached rrsets
> and messages for those.
> - unbound-control cache_lookup +t allows tld and root names. And
> subnet cache contents are printed.
> - Fix #1319: [FR] zone status for Unbound auth-zones.
> 
> Bug Fixes
> - Fix #1272: assertion failure testcode/unitverify.c:202.
> - Merge #1275: Use macros for the fr_check_changed* functions.
> - Fix for parallel build of dnstap protoc-c output.
> - Fix dnstap to use protoc.
> - Sync unbound and unbound-checkconf log output for unknown modules.
> - Fix #1281: forward-zone "name: ." conflicts with auth-zone "name: ."
> in 1.23.0, but worked in 1.22.0.
> - Fix #1283: Unsafe usage of atoi() while parsing the configuration
> file.
> - Merge #1280: Fix auth nsec3 code. Fixes NSEC3 code to not break on
> broken auth zones that include unsigned out of zone (above apex)
> data. Could lead to hang while trying to prove a wildcard answer.
> - Fix #1284: NULL pointer deref in az_find_nsec_cover() (latent bug)
> by adding a log_assert() to safeguard future development.
> - Fix #1282: log-destaddr fail on long ipv6 addresses.
> - Fix config of slab values when there is no config file.
> - Fix for cname chain length with qtype ANY and qname minimisation.
> Thanks to Jim Greenwood from Nominet for the report.
> - Merge #1285:  RST man pages. It introduces restructuredText man pages
> to sync the online and source code man page documentation.
> The templated man pages (*.in) are still part of the repo but
> generated with docutils from their .rst counterpart.
> Documentation on how to generate those (mainly for core developers)
> is in README.man.
> - Add more checks about respip in unbound-checkconf.
> Also fixes #310: unbound-checkconf not reporting RPZ configuration
> error.
> - Fix #1288: [FR] Improve fuzzing of unbound by adapting the netbound
> program.
> - Small manpage corrections for the 'disable-dnssec-lame-check' option.
> - Fix unbound-anchor certificate file read for line ends and end of
> file.
> - Fix comment for the dname_remove_label_limit_len function.
> - iana portlist updated.
> - Fix bitwise operators in conditional expressions with parentheses.
> - Fix conditional expressions with parentheses for bitwise and.
> - Fix header return value description for skip_pkt_rrs and
> parse_edns_from_query_pkt.
> - Fix to check control-interface addresses in unbound-checkconf.
> - Fix #1295: Windows 32-bit binaries download seems to be missing dll
> dependency.
> - Fix for consistent use of local zone CNAME alias for configured auth
> zones. Now it also applies to downstream configured auth zones.
> - Fix #1296: DNS over QUIC depends on a very outdated version of
> ngtcp2. Fixed so it works with ngtcp2 1.13.0 and OpenSSL 3.5.0.
> - Merge #1297: edns-subnet: fix NULL_AFTER_DEREF on subnetmod.
> - Fix rrset cache create allocation failure case.
> - Fix #1293: EDE 6 is attached to insecure cached answers when client
> sends the CD bit.
> - Fix #1247: forward-first: ssl handshake failed on root nameservers.
> - For #1247, turn off fetch-policy for delegation when looking into
> parent side name servers that may not update the addresses and hit
> NXNS limits.
> - For #1247, replay test (added tcp_transport to
> outnet_serviced_query).
> - Merge #1299: Fix typos.
> - Generate ltmain.sh and configure again.
> - Fix #1300: Is 'sock-queue-timeout' a linux only feature.
> - For #1300: implement sock-queue-timeout for FreeBSD as well.
> - Fix layout of comm_point_udp_ancil_callback.
> - Fix to improve dnstap discovery on Fedora.
> - Fix detection of SSL_CTX_set_tmp_ecdh function.
> - For #1301: configure cant find SSL_is_quic in OpenSSL 3.5.1.
> - For #1289: test num.valops in existing stat_values.tdir.
> - For #1289: add num.valops in the unbound-control man page.
> - Add unit tests for non-ecs aggregation.
> - Fix to not set rlimits in the unit tests.
> - iana portlist updated.
> - Redis checks for server down and throttles reconnects.
> - Fix redis cachedb module gettimeofday init failure.
> - Fix testbound test program to accurately output packets from hex.
> - Fix #1309: incorrectly reclaimed tcp handler can cause data
> corruption and segfault.
> - Fix to use assertions for consistency checks in #1309 reclaimed
> tcp handlers.
> - Fix edns subnet, so that the subquery without subnet is stored in
> global cache if the querier used 0.0.0.0/0 and the name and address
> do not receive subnet treatment. If the name and address are
> configured for subnet, it is stored in the subnet cache.
> - Fix dname_str for printout of long names. Thanks to Jan Komissar
> for the fix.
> - Fix that edns-subnet failure to create a subquery errors as
> servfail, and not formerror.
> - Fix to whitespace in dname_str.
> - Fix that unbound-control dump_cache releases the cache locks
> every so often, so that the server stays responsive.
> - Fix to remove debug from cache_lookup.
> - Fix to unlock cache_lookup message for malformed records.
> - Fix to increase responsiveness of dump_cache.
> - Fix to decouple file descriptor activity and cache lookups in
> dump_cache.
> - Fix cache_lookup subnet printout to wipe zero part of the prefix.
> - Fix cache_lookup subnet print to not print messages without rrsets
> and perform in-depth check on node in the addrtree.
> - Fix to check for extraneous command arguments for unbound-control,
> when the command takes no arguments but there are arguments present.
> - Fix #1317: Unbound starts too early. Add
> Wants=network-online.target under [Unit] in unbound.service.
> - Fix for #1317: Fix contrib/unbound.service comment path for
> systemd network configuration.
> - For #1318: Fix compile warnings for DoH compile on windows.
> - Fix sha1 enable environment variable in test code on windows.
> - Fix that the zone acquired timestamp is set after the
> zonefile is read.
> - Fix ports workflow to install expat for macos.
> - Fix unbound-control dump_cache for double unlock of lruhash table.
> - Fix setup_listen_sslctx warning for nettle compile.
> - Limit the number of consecutive reads on an HTTP/2 session.
> Thanks to Gal Bar Nahum for exposing the possibility of infinite
> reads on the session.
> - Fix for #1324: Fix to free edns options scratch in ratelimit case.
> - Fix #1235: Outdated Python2 code in
> unbound/pythonmod/examples/log.py.
> - Fix #1324: Memory leak in 'msgparse.c' in
> 'parse_edns_options_from_query(...)'.
> - Fix indentation in tcp-mss option parsing.
> - For #1328: make depend.
> - Update documentation for using "SET ... EX" in Redis.
> - Document max buffer sizes for Redis commands.
> - Update man pages.
> - Fix #1332: CNAME chains are sometimes not followed when RPZs add a
> local CNAME rewrite.
> 
> Changes after RC1
> - Update contrib/aaaa-filter-iterator.patch so it applies on 1.24.0.
> - Small debug output improvement when attaching an EDE.
> - Fix to print warning for when so-sndbuf setsockopt is not granted.
> - Too many quotes for the EDE message debug printout.
> 
> Best regards, Wouter
> 
> ------------------------------
> 
> Subject: Digest Footer
> 
> _______________________________________________
> Unbound-users mailing list
> Unbound-users at lists.nlnetlabs.nl
> https://lists.nlnetlabs.nl/mailman/listinfo/unbound-users
> 
> ------------------------------
> 
> End of Unbound-users Digest, Vol 69, Issue 8
> ********************************************
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nlnetlabs.nl/pipermail/unbound-users/attachments/20250918/92cdf403/attachment-0001.htm>

More information about the Unbound-users mailing list