[Unbound-users] Unbound 1.5.2 release

W.C.A. Wijngaards wouter at nlnetlabs.nl
Thu Feb 19 15:12:01 UTC 2015


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hi,

Unbound 1.5.2 is available:
http://www.unbound.net/downloads/unbound-1.5.2.tar.gz
sha1 91c805af3fc702eb98ec2679a586cacd05fc4268
sha256 33ab6c6a5ce3247b0a57e34d209fe8936e1218ff89a9b7ca3ff00c2060dd35c7
http://www.unbound.net/downloads/unbound-1.5.2.zip

This release fixes a DNSSEC validation issue when an upstream server
with different trust anchors introduces unsigned records in messages.
 Harden-glue when turned off allows potentially poisonous records in
the cache in the hopes of that enabling DNS resolution for 'impossible
to resolve' domains, it is fixed to have 'less cache poisoning',
quotes added because it is by definition not secure to turn off
harden-glue.  New features are that "inform" can be used to see which
IPs lookup a domain, and unbound-control can use named unix pipes.

Features
- -   local-zone: example.com inform makes unbound log a message with
client IP for queries in that zone. Eg. for finding infected hosts.
- -   patch from Stephane Lapie that adds to the python API, that
exposes struct delegpt, and adds the find_delegation function.
- -   Updated contrib warmup.cmd/sh to support two modes - load from
pre-defined list of domains or (with filename as argument) load from
user-specified list of domains, and updated contrib
unbound_cache.sh/cmd to support loading/save/reload cache to/from
default path or (with secondary argument) arbitrary path/filename,
from Yuri Voinov.
- -   patch for remote control over local sockets, from Dag-Erling
Smorgrav, Ilya Bakulin. Use control-interface: /path/sock and
control-use-cert: no.
- -   unbound-checkconf -f prints chroot with pidfile path.
- -   infra-cache-min-rtt patch from Florian Riehm, for expected long
uplink roundtrip times.

Bug Fixes
- -   config.guess and config.sub update from libtoolize.
- -   getauxval test for ppc64 linux compatibility.
- -   make strip works for unbound-host and unbound-anchor.
- -   print query name when max target count is exceeded.
- -   patch from Stuart Henderson that fixes DESTDIR in
unbound-control-setup for installs where config is not in the prefix
location.
- -   [bugzilla: 634 ] Fix #634: fix fail to start on Linux LTS 3.14.X,
ignores missing IP_MTU_DISCOVER OMIT option (fix from Remi Gacogne).
- -   Patch from Philip Paeps to contrib/unbound_munin_ that uses type
ABSOLUTE. Allows munin.conf: [idleserver.example.net]
unbound_munin_hits.graph_period minute
- -   Fix pyunbound ord call, portable for python 2 and 3.
- -   Fix unintended use of gcc extension for incomplete enum types,
compile with pedantic c99 compliance (from Daniel Dickman).
- -   Fix pyunbound byte string representation for python3.
- -   Fix 0x20 capsforid fallback to omit gratuitous NS and additional
section changes.
- -   Fix validation failure in case upstream forwarder (ISC BIND) does
not have the same trust anchors and decides to insert unsigned NS
record in authority section.
- -   Fix scrubber with harden-glue turned off to reject NS (and other
not-address) records.
- -   iana portlist update.
- -   [bugzilla: 643 ] Fix doc/example.conf.in: unnecessary whitespace.

Best regards,
   Wouter

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJU5f1BAAoJEJ9vHC1+BF+NeLMP/3U+1z4Xwf9ehKiT5wrX/ABO
Dny7cOU3fi9hkibpE/fL4Zq7NgYb96v/WvyodD5fxVFCTaogs7A/fJG4IMw9iIBm
WKBVAqdQKDCe+sMejGbZ3fm4YagjIrMXL7gsMdXmMdqzDVLGvwTZHkueedACTyg8
fvMi06VfpK9I1ENBtrytmRZKHZ4fLh4CZuo4pbFSML8KrkIfzYux6zHTjppCI7TC
hhkA4LVTNBYsIgVK3m1a8p1FVGKb4Cwe8PjugrvQF5yYLvbYGZaOWruD0FawR/Yl
GGofFSPni3pM1kC4gvEHO6hjAtR4e0HakE9Tym6mrVbehSHiEMT6s3wBVmWe1ZGA
hgklV/NpgVdkjlTiRiP6qxRHFg42UAEo7VxWpzpJy1V1dSyUaE5/LujE3dXWVaAl
DG66wvffn39SQHt/9IxkYfMLh6V5ObNGKANjYxdOuz4GsuImtNXuWc09jDrErGuV
eG/7wtm7U2jTTZqZ6WmDc5aIfdw0AHR066apjBGBJCsEJ69iwXmrKcgsL1ZpP6TY
sldqlGNiyjjwlg4RJJPdO63YxOEtdVOjHXkVeeZD8mdbW23NzPX0QxgyY9Vcdaqi
sh0sd6xj/bz9ExDEdKDJ1nEyzGli6jmuwGFITqY6so/t/BxOXlu8JRP7enV413ye
8U7Sj9D6Quqa/NO+Oa0O
=cOnj
-----END PGP SIGNATURE-----



More information about the Unbound-users mailing list