Unbound 1.23.0 released

We are pleased to announce the release of version 1.23.0 of the Unbound recursive DNS resolver.

This release features changed defaults, fast reload, redis replica, DNS Error Reporting, and bug fixes.

The fast reload is a feature that is listed as experimental. With unbound-control fast_reload the server can read the new config in a thread, and when done only briefly pauses the server to update the settings. This uses double memory, for like zones from disk or config that is loaded. It only pauses the server, for like less than a second, so DNS service is not interrupted by the reload of config. A lot of config items can be changed, but not all. It has options to print more information, or memory usage, and there is a list of config options in the man page.

The redis replica support allows for a redis backend to use a redis replica. The read commands are sent to the redis replica host, while the write commands are sent to the redis server. So with several replicas there can be more readers that all write to the redis server.

With DNS error reporting, RFC9567, enabled with dns-error-reporting: yes, this uses the error reporting agent to send failure reports to. The number of error reporting queries is output in the statistics as num.dns_error_reports.

Some defaults are changed in this release. The resolver.arpa. and service.arpa. zones are added to the default locally served zones, this can be disabled with a nodefault local zone. The default for max-global-quota has changed to 200, after operational feedback. The defaults from RFC8767 are used by serve-expired-client-timeout on 1800 milliseconds and serve-expired-ttl on 86400 seconds. If Unbound is compiled with edns subnet, the default for module-config is no longer altered, so that compilation with subnet does not interfere when the server does not use subnet. When edns subnet needs to be enabled, module-config: "subnetcache validator iterator" should be explicitly set as configuration in the server: section.

If edns subnet is enabled, the default for module-config is no longer altered, so that compilation with subnet does not interfere when the server does not use subnet. When edns subnet is in use, also module-config: "subnetcache validator iterator" should be set as configuration in the server: section.

The RC2 has fixes for building on Solaris and portability to Windows, and fixes a memory leak for DoH.

For a full list of changes, binary and source packages, see the download page.