diff --git a/libunbound-devel-mini.changes b/libunbound-devel-mini.changes
index 77cb453..607b6ea 100644
--- a/libunbound-devel-mini.changes
+++ b/libunbound-devel-mini.changes
@@ -1,3 +1,95 @@
+-------------------------------------------------------------------
+Thu May  3 16:38:07 UTC 2018 - michael@stroeder.com
+
+- update to 1.7.1
+
+Features
+- Add --with-libhiredis, unbound support for a new cachedb
+  backend that uses a Redis server as the storage.  This
+  implementation depends on the hiredis client library
+  (https://redislabs.com/lp/hiredis/).
+  And unbound should be built with both --enable-cachedb and
+  --with-libhiredis[=PATH] (where $PATH/include/hiredis/hiredis.h
+  should exist).  Patch from Jinmei Tatuya (Infoblox).
+- Create additional tls service interfaces by opening them on other
+  portnumbers and listing the portnumbers as additional-tls-port: nr.
+- ED448 support.
+- num.query.authzone.up and num.query.authzone.down statistics counters.
+- Accept both option names with and without colon for get_option
+  and set_option.
+- low-rtt and low-rtt-pct in unbound.conf enable the server selection
+  of fast servers for some percentage of the time.
+- num.query.aggressive.NOERROR and num.query.aggressive.NXDOMAIN
+  statistics counters.
+- allow-notify: config statement for auth-zones.
+- Can set tls authentication with forward-addr: IP#tls.auth.name
+  And put the public cert bundle in tls-cert-bundle: "ca-bundle.pem".
+  such as forward-addr: 9.9.9.9@853#dns.quad9.net or
+  1.1.1.1@853#cloudflare-dns.com
+- list_auth_zones unbound-control command.
+- Added root-key-sentinel support
+
+Bug Fixes
+- Fix #3727: Protocol name is TLS, options have been renamed but
+  documentation is not consistent.
+- Check IXFR start serial.
+- Fix typo in documentation.
+- Fix #3736: Fix 0 TTL domains stuck on SERVFAIL unless manually
+  flushed with serve-expired on.
+- Fix #3817: core dump happens in libunbound delete, when queued
+  servfail hits deleted message queue.
+- corrected a minor typo in the changelog.
+- move htobe64/be64toh portability code to cachedb.c.
+- iana port update.
+- Do not use cached NSEC records to generate negative answers for
+  domains under DNSSEC Negative Trust Anchors.
+- Fix unbound-control get_option aggressive-nsec
+- Check "result" in dup_all(), by Florian Obser.
+- Fix #4043: make test fails due to v6 presentation issue in macOS.
+- Fix unable to resolve after new WLAN connection, due to auth-zone
+  failing with a forwarder set.  Now, auth-zone is only used for
+  answers (not referrals) when a forwarder is set.
+- Combine write of tcp length and tcp query for dns over tls.
+- nitpick fixes in example.conf.
+- Fix above stub queries for type NS and useless delegation point.
+- Fix unbound-control over pipe with openssl 1.1.1, the TLSv1.3
+  tls_choose_sigalg routine does not allow the ciphers for the pipe,
+  so use TLSv1.2.
+- Fix that flush_zone sets prefetch ttl expired, so that with
+  serve-expired enabled it'll start prefetching those entries.
+- Fix downstream auth zone, only fallback when auth zone fails to
+  answer and fallback is enabled.
+- Fix for max include depth for authzones.
+- Fix memory free on fail for $INCLUDE in authzone.
+- Fix that an internal error to look up the wrong rr type for
+  auth zone gets stopped, before trying to send there.
+- Fix auth zone target lookup iterator.
+- Fix auth-zone retry timer to be on schedule with retry timeout,
+  with backoff.  Also time a refresh at the zone expiry.
+- Fix #658: unbound using TLS in a forwarding configuration does not
+  verify the server's certificate (RFC 8310 support).
+- For addr with #authname and no @port notation, the default is 853.
+- man page documentation for dns-over-tls forward-addr '#' notation.
+- removed free from failed parse case.
+- Fix #4091: Fix that reload of auth-zone does not merge the zonefile
+  with the previous contents.
+- Delete auth zone when removed from config.
+- makedist uses bz2 for expat code, instead of tar.gz.
+- Fix #4092: libunbound: use-caps-for-id lacks colon in
+  config_set_option.
+- auth zone http download stores exact copy of downloaded file,
+  including comments in the file.
+- Fix sldns parse failure for CDS alternate delete syntax empty hex.
+- Attempt for auth zone fix; add of callback in mesh gets from
+  callback does not skip callback of result.
+- Fix cname classification with qname minimisation enabled.
+- Fix contrib/fastrpz.patch for this release.
+- Fix auth https for libev.
+- Fix memory leak when caching wildcard records for aggressive NSEC use
+- Fix for crash in daemon_cleanup with dnstap during reload,
+  from Saksham Manchanda.
+- Also that for dnscrypt.
+
 -------------------------------------------------------------------
 Sun Apr 22 19:26:03 UTC 2018 - michael@stroeder.com
 
diff --git a/libunbound-devel-mini.spec b/libunbound-devel-mini.spec
index a73ebde..d7265d9 100644
--- a/libunbound-devel-mini.spec
+++ b/libunbound-devel-mini.spec
@@ -24,7 +24,7 @@
 
 #
 Name:           libunbound-devel-mini
-Version:        1.7.0
+Version:        1.7.1
 Release:        0
 #
 #
diff --git a/unbound-1.7.0.tar.gz b/unbound-1.7.0.tar.gz
deleted file mode 100644
index 047a5a7..0000000
--- a/unbound-1.7.0.tar.gz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:94dd9071fb13d8ccd122a3ac67c4524a3324d0e771fc7a8a7c49af8abfb926a2
-size 5538228
diff --git a/unbound-1.7.1.tar.gz b/unbound-1.7.1.tar.gz
new file mode 100644
index 0000000..404723d
--- /dev/null
+++ b/unbound-1.7.1.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:56e085ef582c5372a20207de179d0edb4e541e59f87be7d4ee1d00d12008628d
+size 5565938
diff --git a/unbound.changes b/unbound.changes
index 81cd5dc..0a6c48b 100644
--- a/unbound.changes
+++ b/unbound.changes
@@ -1,3 +1,95 @@
+-------------------------------------------------------------------
+Thu May  3 16:38:07 UTC 2018 - michael@stroeder.com
+
+- update to 1.7.1
+
+Features
+- Add --with-libhiredis, unbound support for a new cachedb
+  backend that uses a Redis server as the storage.  This
+  implementation depends on the hiredis client library
+  (https://redislabs.com/lp/hiredis/).
+  And unbound should be built with both --enable-cachedb and
+  --with-libhiredis[=PATH] (where $PATH/include/hiredis/hiredis.h
+  should exist).  Patch from Jinmei Tatuya (Infoblox).
+- Create additional tls service interfaces by opening them on other
+  portnumbers and listing the portnumbers as additional-tls-port: nr.
+- ED448 support.
+- num.query.authzone.up and num.query.authzone.down statistics counters.
+- Accept both option names with and without colon for get_option
+  and set_option.
+- low-rtt and low-rtt-pct in unbound.conf enable the server selection
+  of fast servers for some percentage of the time.
+- num.query.aggressive.NOERROR and num.query.aggressive.NXDOMAIN
+  statistics counters.
+- allow-notify: config statement for auth-zones.
+- Can set tls authentication with forward-addr: IP#tls.auth.name
+  And put the public cert bundle in tls-cert-bundle: "ca-bundle.pem".
+  such as forward-addr: 9.9.9.9@853#dns.quad9.net or
+  1.1.1.1@853#cloudflare-dns.com
+- list_auth_zones unbound-control command.
+- Added root-key-sentinel support
+
+Bug Fixes
+- Fix #3727: Protocol name is TLS, options have been renamed but
+  documentation is not consistent.
+- Check IXFR start serial.
+- Fix typo in documentation.
+- Fix #3736: Fix 0 TTL domains stuck on SERVFAIL unless manually
+  flushed with serve-expired on.
+- Fix #3817: core dump happens in libunbound delete, when queued
+  servfail hits deleted message queue.
+- corrected a minor typo in the changelog.
+- move htobe64/be64toh portability code to cachedb.c.
+- iana port update.
+- Do not use cached NSEC records to generate negative answers for
+  domains under DNSSEC Negative Trust Anchors.
+- Fix unbound-control get_option aggressive-nsec
+- Check "result" in dup_all(), by Florian Obser.
+- Fix #4043: make test fails due to v6 presentation issue in macOS.
+- Fix unable to resolve after new WLAN connection, due to auth-zone
+  failing with a forwarder set.  Now, auth-zone is only used for
+  answers (not referrals) when a forwarder is set.
+- Combine write of tcp length and tcp query for dns over tls.
+- nitpick fixes in example.conf.
+- Fix above stub queries for type NS and useless delegation point.
+- Fix unbound-control over pipe with openssl 1.1.1, the TLSv1.3
+  tls_choose_sigalg routine does not allow the ciphers for the pipe,
+  so use TLSv1.2.
+- Fix that flush_zone sets prefetch ttl expired, so that with
+  serve-expired enabled it'll start prefetching those entries.
+- Fix downstream auth zone, only fallback when auth zone fails to
+  answer and fallback is enabled.
+- Fix for max include depth for authzones.
+- Fix memory free on fail for $INCLUDE in authzone.
+- Fix that an internal error to look up the wrong rr type for
+  auth zone gets stopped, before trying to send there.
+- Fix auth zone target lookup iterator.
+- Fix auth-zone retry timer to be on schedule with retry timeout,
+  with backoff.  Also time a refresh at the zone expiry.
+- Fix #658: unbound using TLS in a forwarding configuration does not
+  verify the server's certificate (RFC 8310 support).
+- For addr with #authname and no @port notation, the default is 853.
+- man page documentation for dns-over-tls forward-addr '#' notation.
+- removed free from failed parse case.
+- Fix #4091: Fix that reload of auth-zone does not merge the zonefile
+  with the previous contents.
+- Delete auth zone when removed from config.
+- makedist uses bz2 for expat code, instead of tar.gz.
+- Fix #4092: libunbound: use-caps-for-id lacks colon in
+  config_set_option.
+- auth zone http download stores exact copy of downloaded file,
+  including comments in the file.
+- Fix sldns parse failure for CDS alternate delete syntax empty hex.
+- Attempt for auth zone fix; add of callback in mesh gets from
+  callback does not skip callback of result.
+- Fix cname classification with qname minimisation enabled.
+- Fix contrib/fastrpz.patch for this release.
+- Fix auth https for libev.
+- Fix memory leak when caching wildcard records for aggressive NSEC use
+- Fix for crash in daemon_cleanup with dnstap during reload,
+  from Saksham Manchanda.
+- Also that for dnscrypt.
+
 -------------------------------------------------------------------
 Sun Apr 22 19:26:03 UTC 2018 - michael@stroeder.com
 
diff --git a/unbound.spec b/unbound.spec
index 5cffef9..e8f505d 100644
--- a/unbound.spec
+++ b/unbound.spec
@@ -58,7 +58,7 @@
 %endif
 
 Name:           unbound
-Version:        1.7.0
+Version:        1.7.1
 Release:        0
 #
 #