We are pleased to announce the release of version 1.15.0 of the Unbound recursive DNS resolver.
This release has bug fixes for crashes that happened on heavy network usage. The default for the aggressive-nsec option has changed, it is now enabled.
The ratelimit logic had to be reworked for the crash fixes. As a result, there are new options to control the behaviour of ratelimiting. The ratelimit-backoff and ip-ratelimit-backoff options can be used to control how severe the backoff is when the ratelimit is exceeded.
The rpz-signal-nxdomain-ra option can be used to unset the RA flag, for NXDOMAIN answers from RPZ. That is used by some clients to detect that the domain is externally blocked. The RPZ option for-downstream can be used like for auth zones, this allows the RPZ zone information to be queried. That can be useful for monitoring scripts.
For a full list of changes and binary and source packages, see the download page.