This commit is contained in:
Michael Ströder
Git OBS Bridge
parent
eb1397b619
commit
3162aa4c20
@ -1,3 +1,99 @@
|
||||
-------------------------------------------------------------------
|
||||
Thu Dec 15 16:28:44 UTC 2016 - michael@stroeder.com
|
||||
|
||||
- update to 1.6.0
|
||||
|
||||
Features
|
||||
* Added generic EDNS code for registering known EDNS option codes,
|
||||
bypassing the cache response stage and uniquifying mesh states. Four
|
||||
EDNS option lists were added to module_qstate
|
||||
(module_qstate.edns_opts_*) to store EDNS options from/to front/back side.
|
||||
* Added two flags to module_qstate (no_cache_lookup, no_cache_store)
|
||||
that control the modules' cache interactions.
|
||||
* Added code for registering inplace callback functions. The registered
|
||||
functions can be called just before replying with local data or Chaos,
|
||||
replying from cache, replying with SERVFAIL, replying with a resolved
|
||||
query, sending a query to a nameserver. The functions can inspect the
|
||||
available data and maybe change response/query related data (i.e. append
|
||||
EDNS options).
|
||||
* Updated Python module for the above.
|
||||
* Updated Python documentation.
|
||||
* Added views functionality.
|
||||
* Added qname-minimisation-strict config option.
|
||||
* Patch that resolves CNAMEs entered in local-data conf statements that
|
||||
point to data on the internet, from Jinmei Tatuya (Infoblox).
|
||||
* serve-expired config option: serve expired responses with TTL 0.
|
||||
* .gitattributes line for githubs code language display.
|
||||
* log-identity: config option to set sys log identity, patch from "Robin
|
||||
H. Johnson" (robbat2@gentoo.org).
|
||||
* Added stub-ssl-upstream and forward-ssl-upstream options.
|
||||
* Added local-zones and local-data bulk addition and removal
|
||||
functionality in unbound-control (local_zones, local_zones_remove,
|
||||
local_datas and local_datas_remove).
|
||||
* g.root-servers.net has AAAA address.
|
||||
|
||||
Bug Fixes
|
||||
* Fix #836: unbound could echo back EDNS options in an error response.
|
||||
* Fix #838: 1.5.10 cannot be built on Solaris, undefined PATH_MAX.
|
||||
* Fix #839: Memory grows unexpectedly with large RPZ files.
|
||||
* Fix #840: infinite loop in unbound_munin_ plugin on unowned lockfile.
|
||||
* Fix #841: big local-zone's make it consume large amounts of memory.
|
||||
* Fix dnstap relaying "random" messages instead of resolver/forwarder
|
||||
responses, from Nikolay Edigaryev.
|
||||
* Fix Nits for 1.5.10 reported by Dag-Erling Smorgrav.
|
||||
* Fix #1117: spelling errors, from Robert Edmonds.
|
||||
* iana portlist update.
|
||||
* fix memoryleak logfile when in debug mode.
|
||||
* Re-fix #839 from view commit overwrite.
|
||||
* Fixup const void cast warning.
|
||||
* Removed patch comments from acllist.c and msgencode.c
|
||||
* Added documentation doc/CNAME-basedRedirectionDesignNotes.pdf, from
|
||||
Jinmei Tatuya (Infoblox).
|
||||
* Fix #1125: unbound could reuse an answer packet incorrectly for
|
||||
clients with different EDNS parameters, from Jinmei Tatuya.
|
||||
* Fix #1118: libunbound.pc sets strange Libs, Libs.private values.
|
||||
* Added Requires line to libunbound.pc
|
||||
* Fix #1130: whitespace in example.conf.in more consistent.
|
||||
* suppress compile warning in lex files.
|
||||
* init lzt variable, for older gcc compiler warnings.
|
||||
* fix --enable-dsa to work, instead of copying ecdsa enable.
|
||||
* Fix DNSSEC validation of query type ANY with DNAME answers.
|
||||
* Fixup query_info local_alias init.
|
||||
* Ported tests for local_cname unit test to testbound framework.
|
||||
* Fix #1134: unbound-control set_option -- val-override-date: -1 works
|
||||
immediately to ignore datetime, or back to 0 to enable it again. The --
|
||||
is to ignore the '-1' as an option flag.
|
||||
* Patch for server.num.zero_ttl stats for count of expired replies, from
|
||||
Pavel Odintsov.
|
||||
* Fix failure to build on arm64 with no sbrk.
|
||||
* Set OpenSSL security level to 0 when using aNULL ciphers.
|
||||
* configure detects ssl security level API function in the autoconf
|
||||
manner. Every function on its own, so that other libraries (eg.
|
||||
LibreSSL) can develop their API without hindrance.
|
||||
* Fix #1154: segfault when reading config with duplicate zones.
|
||||
* Note that for harden-below-nxdomain the nxdomain must be secure, this
|
||||
means nsec3 with optout is insufficient.
|
||||
* Fix #1155: test status code of unbound-control in 04-checkconf, not
|
||||
the status code from the tee command.
|
||||
* Fix #1158: reference RFC 8020 "NXDOMAIN: There Really Is Nothing
|
||||
Underneath" for the harden-below-nxdomain option.
|
||||
* patch from Dag-Erling Smorgrav that removes code that relies on sbrk().
|
||||
* Make access-control-tag-data RDATA absolute. This makes the RDATA
|
||||
origin consistent between local-data and access-control-tag-data.
|
||||
* Fix NSEC ENT wildcard check. Matching wildcard does not have to be a
|
||||
subdomain of the NSEC owner.
|
||||
* QNAME minimisation uses QTYPE=A, therefore always check cache for this
|
||||
type in harden-below-nxdomain functionality.
|
||||
* Added unit test for QNAME minimisation + harden below nxdomain synergy.
|
||||
* Fix that with openssl 1.1 control-use-cert: no uses less cpu, by using
|
||||
no encryption over the unix socket.
|
||||
* hyphen as minus fix, by Andreas Schulze
|
||||
* Fix #1170: document that 'inform' local-zone uses local-data.
|
||||
* Fix #1173: differ local-zone type deny from unset tag_actions element.
|
||||
* Add DSA support for OpenSSL 1.1.0
|
||||
* Fix remote control without cert for LibreSSL
|
||||
* Fix downcast warnings from visual studio in sldns code.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Sep 27 12:41:57 UTC 2016 - michael@stroeder.com
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user