Unbound 1.8.2 released
wouter at nlnetlabs.nl
Tue Dec 4 17:03:48 CET 2018
Good to hear it works well for you. Fixed the windows 32bit version
files not sitting in the right place, so the link did not show up; but
the 32 (and also the 64bit) versions are now available from the download
links on the download web page.
Best regards, Wouter
On 12/4/18 4:40 PM, Yuri via Unbound-users wrote:
> Runs ok. Thank you!
> PS. BTW, No more win32 version? :-)
> 04.12.2018 15:28, Wouter Wijngaards via Unbound-users пишет:
>> Unbound 1.8.2 is available:
>> sha256 19f2235a8936d89e7dc919bbfcef355de759f220e36bb5e1e931ac000ed04993
>> pgp https://nlnetlabs.nl/downloads/unbound/unbound-1.8.2.tar.gz.asc
>> The option so-reuseport is by default disabled on FreeBSD, but it has
>> support to work on FreeBSD 12 with the REUSEPORT_LB variant, if enabled
>> in unbound.conf.
>> The python code in unbound supports python 3.6, but also python 2.7
>> works. The python module prints the python exceptions to the log, so
>> that compatibility problems are more easy to troubleshoot.
>> Fast server selection options are added that select from the fastest
>> servers in the available set, with fast-server-num and
>> fast-server-permil this can be turned on. When enabled the fastest
>> servers are selected, instead of a random server. Randomness is good
>> for poisoning prevention, but fast selection can result in faster
>> The nameserver records in large returned negative responses are scrubbed
>> out of the packet to avoid fragmentation based DNS cache poisoning,
>> from a report from T.Suzuki.
>> The automated test set now has static code analysis of the source code,
>> this is performed with the clang analyzer.
>> There is a new option to deny ANY packets, with deny-any: yes in
>> unbound.conf. The option unknown-server-time-limit can be used for
>> cases behind a slow uplink to avoid multiple timeouts on every query to
>> attain the necessary long timeout length for that uplink.
>> - Add fast-server-permil and fast-server-num options.
>> - Deprecate low-rtt and low-rtt-permil options.
>> - Change fast-server-num default to 3.
>> - Fix #4154: make ECS_MAX_TREESIZE configurable, with
>> the max-ecs-tree-size-ipv4 and max-ecs-tree-size-ipv6 options.
>> - Fix #4190: Please create a "ANY" deny option, adds the option
>> deny-any: yes in unbound.conf. This responds with an empty message
>> to queries of type ANY.
>> - Fix #4126: RTT_band too low on VSAT links with 600+ms latency,
>> adds the option unknown-server-time-limit to unbound.conf that
>> can be increased to avoid the problem.
>> - Add min-client-subnet-ipv6 and min-client-subnet-ipv4 options.
>> - Support SO_REUSEPORT_LB in FreeBSD 12 with the so-reuseport: yes
>> option in unbound.conf.
>> - Add unbound-control view_local_datas command, like local_datas.
>> Bug Fixes
>> - dnscrypt.c removed sizeof to get array bounds.
>> - Fix testlock code to set noreturn on error routine.
>> - Remove unused variable from contrib fastrpz/rpz.c and
>> remove unused diagnostic pragmas that themselves generate warnings
>> - clang analyze test is used only when assertions are enabled.
>> - Squelch EADDRNOTAVAIL errors when the interface goes away,
>> this omits 'can't assign requested address' errors unless
>> verbosity is set to a high value.
>> - Set default for so-reuseport to no for FreeBSD. It is enabled
>> by default for Linux and DragonFlyBSD. The setting can
>> be configured in unbound.conf to override the default.
>> - iana port update.
>> - Squelch log of failed to tcp initiate after TCP Fastopen failure.
>> - Fix #4192: unbound-control-setup generates keys not readable by
>> - check that the dnstap socket file can be opened and exists, print
>> error if not.
>> - Add markdel function to ECS slabhash.
>> - Limit ECS scope returned to client to the scope used for caching.
>> - Fix #4191: NXDOMAIN vs SERVFAIL during dns64 PTR query.
>> - Fix #4141: More randomness to rrset-roundrobin.
>> - Fix #4132: Openness/closeness of RANGE intervals in rpl files.
>> - remade makefile dependencies.
>> - Fix #4152: Logs shows wrong time when using log-time-ascii: yes.
>> - Scrub NS records from NXDOMAIN responses to stop fragmentation
>> poisoning of the cache.
>> - Scrub NS records from NODATA responses as well.
>> - Add patch from Jan Vcelak for pythonmod,
>> add sockaddr_storage getters, add support for query callbacks,
>> allow raw address access via comm_reply and update API documentation.
>> - Removed compile warnings in pythonmod sockaddr routines.
>> - With ./configure --with-pyunbound --with-pythonmodule
>> PYTHON_VERSION=3.6 or with 2.7 unbound can compile and unit tests
>> succeed for the python module.
>> - pythonmod logs the python error and traceback on failure.
>> - ignore debug python module for test in doxygen output.
>> - review fixes for python module.
>> - Fix #4209: Crash in libunbound when called from getdns.
>> - auth zone zonefiles can be in a chroot, the chroot directory
>> components are removed before use.
>> - Fix that empty zonefile means the zonefile is not set and not used.
>> - Fix to not set GLOB_NOSORT so the unbound.conf include: files are
>> sorted and in a predictable order.
>> - Fix #4193: Fix that prefetch failure does not overwrite valid cache
>> entry with SERVFAIL.
>> - Fix DNS64 to not store intermediate results in cache, this avoids
>> other threads from picking up the wrong data. The module restores
>> the previous no_cache_store setting when the the module is finished.
>> - Fix #4208: 'stub-no-cache' and 'forward-no-cache' not work.
>> - New and better fix for Fix #4193: Fix that prefetch failure does
>> not overwrite valid cache entry with SERVFAIL.
>> - auth-zone give SERVFAIL when expired, fallback activates when
>> expired, and this is documented in the man page.
>> - stat count SERVFAIL downstream auth-zone queries for expired zones.
>> - Put new logos into windows installer.
>> - Fix windows compile for new rrset roundrobin fix.
>> - Update contrib fastrpz patch for latest release.
>> - Fix chroot auth-zone fix to remove chroot prefix.
>> - windows icon updated.
>> Best regards, Wouter
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 833 bytes
Desc: OpenPGP digital signature
More information about the Unbound-users