Software update: Unbound 1.8.3




If you run a dns look-up, a recursor initially starts asking the look-up question to a dns root server. This can then refer to other servers, from where it can be redirected to other servers and so on, until finally a server is reached that knows the answer or knows that the look-up is not possible. This can be the case if the name does not exist or the servers do not respond. The process of walking past several authoritative servers is called recursion. Unbound is a dns recursor with support for modern standards, such as Query Name Minimization , Aggressive Use or Dnssec-Validated Cache and authority zones . The developers have recently released version 1.8.3 with the following changes:

Version 1.8.3
Fix dns64 allocation in wrong region for internal queries.
Version 1.8.2

Add fast-server-permil and fast-server-num options.
Deprecate low-rtt and low-rtt-permil options.
Change fast-server-num default to 3.
Fix # 4154: make ECS_MAX_TREESIZE configurable, with the max-ecs-tree-size-ipv4 and max-ecs-tree-size-ipv6 options.
Fix # 4190: Please create a “ANY” deny option, adds the option deny-any: yes in unbound.conf. This responds with an empty message to queries or type ANY.
Fix # 4126: RTT_band too low on VSAT links with 600 + ms latency, adds the option unknown-server-time-limit to unbound.conf that can be avoided to the problem.
Add minus client-subnet-ipv6 and minus-client-subnet-ipv4 options.
Support SO_REUSEPORT_LB in FreeBSD 12 with the so-geneport: yes option in unbound.conf.
Add unbound-control view_local_datas command, like local_datas.
Bug Fixes
dnscrypt.c removed sizeof to get array bounds.
Fix testlock code to set noreturn on error routine.
Remove unused variable from contrib fastrpz / rpz.c and remove unused diagnostic pragmas that themselves generate warnings
clang analysis test is used only when assertions are enabled.
Squelch EADDRNOTAVAIL errors when the interface goes away, this omits ‘can not assign requested address’ errors unless verbosity is set to a high value.
Set default for so-gianteport to no for FreeBSD. It is enabled by default for Linux and DragonFlyBSD. The setting can be configured in unbound.conf to override the default.
iana port update.
Squelch log or failed to tcp initiate after TCP Fastopen failure.
Fix # 4192: unbound-control-setup generates keys not readable by group.
check that the dnstap socket file can be opened and checked, print error if not.
Add markdel function to ECS slabhash.
Limit ECS scope returned to client for the scope used for caching.
Fix # 4191: NXDOMAIN vs. SERVFAIL during dns64 PTR query.
Fix # 4141: More randomness to rrset-roundrobin.
Fix # 4132: Openness / closeness or RANGE intervals in rpl files.
remade makefile dependencies.
Fix # 4152: Logs shows wrong time when using log-time-ascii: yes.
Scrub NS records from NXDOMAIN responses to stop fragmentation poisoning of the cache.
Scrub NS records from NODATA responses as well.
Add patch from Jan Vcelak for pythonmod, add sockaddr_storage getters, add support for query callbacks, allow raw address access via comm_reply and update API documentation.
Removed compile warnings in pythonmod sockaddr routines.
With ./configure –with-pyunbound –with-python module PYTHON_VERSION = 3.6 or with 2.7 unbound can compile and unit tests for the python module.
pythonmod logs the python error and traceback on failure.
ignore debug python module for test in doxygen output.
review fixes for python module.
Fix # 4209: Crash in libunbound when called from getdns.
auth zone zonefiles can be in a chroot, the chroot directory components are removed before use.
Fix that empty zonefile means the zonefile is not set and not used.
Fix to not set GLOB_NOSORT so the unbound.conf include: files are sorted and in a predictable order.
Fix # 4193: Fix that prefetch failure does not overwrite valid cache entry with SERVFAIL.
Fix DNS64 to not store intermediate results in cache, this avoids other threads from picking up the wrong data. The module restores the previous no_cache_store setting when the module is finished.
Fix # 4208: ‘stub-no-cache’ and ‘forward-no-cache’ not work.
New and better fix for Fix # 4193: Fix that prefetch failure does not overwrite valid cache entry with SERVFAIL.
auth-zone gives SERVFAIL when expired, fallback activates when expired, and this is documented in the man page.
stat count SERVFAIL downstream auth zone queries for expired zones.
Put new logos into windows installer.
Fix windows compile for new rrset roundrobin fix.
Update contrib fastrpz patch for latest release.
Fix chroot auth zone fix to remove chroot prefix.
windows icon updated.
Version number 1.8.3
Release status Final
Operating systems Linux, BSD, macOS, Solaris, Windows Server 2012, Windows Server 2016
NLnet Labs
License type Conditions (GNU / BSD / etc.)


In: A Technology & Gadgets Asked By: [23225 Red Star Level]

Answer this Question

You must be Logged In to post an Answer.

Not a member yet? Sign Up Now »