Accepting request 1109457 from home:pmonrealgonzalez:branches:server:dns
- Update to 1.18.0: * Features: - Аdd a metric about the maximum number of collisions in lrushah. - Set max-udp-size default to 1232. This is the same default value as the default value for edns-buffer-size. It restricts client edns buffer size choices, and makes unbound behave similar to other DNS resolvers. - Add harden-unknown-additional option. It removes unknown records from the authority section and additional section. - Added new static zone type block_a to suppress all A queries for specific zones. - [FR] Ability to use Redis unix sockets. - [FR] Ability to set the Redis password. - Features/dropqueuedpackets, with sock-queue-timeout option that drops packets that have been in the socket queue for too long. Added statistics num.queries_timed_out and query.queue_time_us.max that track the socket queue timeouts. - 'eqvinox' Lamparter: NAT64 support. - [FR] Use kernel timestamps for dnstap. - Add cachedb hit stat. Introduces 'num.query.cachedb' as a new statistical counter. - Add SVCB dohpath support. - Add validation EDEs to queries where the CD bit is set. - Add prefetch support for subnet cache entries. - Add EDE (RFC8914) caching. - Add support for EDE caching in cachedb and subnetcache. - Downstream DNS Server Cookies a la RFC7873 and RFC9018. Create server cookies for clients that send client cookies. This needs to be explicitly turned on in the config file with: `answer-cookie: yes`. * Bug Fixes OBS-URL: https://build.opensuse.org/request/show/1109457 OBS-URL: https://build.opensuse.org/package/show/server:dns/unbound?expand=0&rev=165
This commit is contained in:
parent
fbf5ab5836
commit
e451daacea
@ -1,3 +1,68 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Thu Sep 7 08:03:33 UTC 2023 - Pedro Monreal <pmonreal@suse.com>
|
||||||
|
|
||||||
|
- Update to 1.18.0:
|
||||||
|
* Features:
|
||||||
|
- Аdd a metric about the maximum number of collisions in lrushah.
|
||||||
|
- Set max-udp-size default to 1232. This is the same default value
|
||||||
|
as the default value for edns-buffer-size. It restricts client
|
||||||
|
edns buffer size choices, and makes unbound behave similar to
|
||||||
|
other DNS resolvers.
|
||||||
|
- Add harden-unknown-additional option. It removes unknown records
|
||||||
|
from the authority section and additional section.
|
||||||
|
- Added new static zone type block_a to suppress all A queries for
|
||||||
|
specific zones.
|
||||||
|
- [FR] Ability to use Redis unix sockets.
|
||||||
|
- [FR] Ability to set the Redis password.
|
||||||
|
- Features/dropqueuedpackets, with sock-queue-timeout option that
|
||||||
|
drops packets that have been in the socket queue for too long.
|
||||||
|
Added statistics num.queries_timed_out and query.queue_time_us.max
|
||||||
|
that track the socket queue timeouts.
|
||||||
|
- 'eqvinox' Lamparter: NAT64 support.
|
||||||
|
- [FR] Use kernel timestamps for dnstap.
|
||||||
|
- Add cachedb hit stat. Introduces 'num.query.cachedb' as a new
|
||||||
|
statistical counter.
|
||||||
|
- Add SVCB dohpath support.
|
||||||
|
- Add validation EDEs to queries where the CD bit is set.
|
||||||
|
- Add prefetch support for subnet cache entries.
|
||||||
|
- Add EDE (RFC8914) caching.
|
||||||
|
- Add support for EDE caching in cachedb and subnetcache.
|
||||||
|
- Downstream DNS Server Cookies a la RFC7873 and RFC9018. Create server
|
||||||
|
cookies for clients that send client cookies. This needs to be explicitly
|
||||||
|
turned on in the config file with: `answer-cookie: yes`.
|
||||||
|
* Bug Fixes
|
||||||
|
- Response change to NODATA for some ANY queries since 1.12.
|
||||||
|
- Fix not following cleared RD flags potentially enables
|
||||||
|
amplification DDoS attacks.
|
||||||
|
- Set default for harden-unknown-additional to no. So that it
|
||||||
|
does not hamper future protocol developments.
|
||||||
|
- Fix to ignore entirely empty responses, and try at another authority.
|
||||||
|
This turns completely empty responses, a type of noerror/nodata into
|
||||||
|
a servfail, but they do not conform to RFC2308, and the retry can fetch
|
||||||
|
improved content.
|
||||||
|
- Allow TTL refresh of expired error responses.
|
||||||
|
- Fix: Unexpected behavior with client-subnet-always-forward and serve-expired
|
||||||
|
- Fix unbound-dnstap-socket test program to reply the finish frame over
|
||||||
|
a TLS connection correctly.
|
||||||
|
- Fix: reserved identifier violation
|
||||||
|
- Fix: Unencrypted query is sent when forward-tls-upstream: yes is used
|
||||||
|
without tls-cert-bundle
|
||||||
|
- Extra consistency check to make sure that when TLS is requested,
|
||||||
|
either we set up a TLS connection or we return an error.
|
||||||
|
- Fix: NXDOMAIN instead of NOERROR rcode when asked for existing CNAME record.
|
||||||
|
- Fix: Bad interaction with 0 TTL records and serve-expired
|
||||||
|
- Fix RPZ IP responses with trigger rpz-drop on cache entries.
|
||||||
|
- Fix RPZ removal of client-ip, nsip, nsdname triggers from IXFR.
|
||||||
|
- Fix dereference of NULL variable warning in mesh_do_callback.
|
||||||
|
- Fix ip_ratelimit test to work with dig that enables DNS cookies.
|
||||||
|
- Fix for iter_dec_attempts that could cause a hang, part of capsforid
|
||||||
|
and qname minimisation, depending on the settings.
|
||||||
|
- Fix uninitialized memory passed in padding bytes of cmsg to sendmsg.
|
||||||
|
- Fix stat_values test to work with dig that enables DNS cookies.
|
||||||
|
- unbound.service: Main process exited, code=killed, status=11/SEGV.
|
||||||
|
Fixes cachedb configuration handling.
|
||||||
|
- Fix: processQueryResponse() THROWAWAY should be mindful of fail_reply.
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Thu May 4 13:57:54 UTC 2023 - Frederic Crozat <fcrozat@suse.com>
|
Thu May 4 13:57:54 UTC 2023 - Frederic Crozat <fcrozat@suse.com>
|
||||||
|
|
||||||
|
@ -22,7 +22,7 @@
|
|||||||
%bcond_without hardened_build
|
%bcond_without hardened_build
|
||||||
#
|
#
|
||||||
Name: libunbound-devel-mini
|
Name: libunbound-devel-mini
|
||||||
Version: 1.17.1
|
Version: 1.18.0
|
||||||
#!BcntSyncTag: unbound
|
#!BcntSyncTag: unbound
|
||||||
Release: 0
|
Release: 0
|
||||||
Summary: Just a devel package for build loops
|
Summary: Just a devel package for build loops
|
||||||
|
BIN
unbound-1.17.1.tar.gz
(Stored with Git LFS)
BIN
unbound-1.17.1.tar.gz
(Stored with Git LFS)
Binary file not shown.
@ -1,16 +0,0 @@
|
|||||||
-----BEGIN PGP SIGNATURE-----
|
|
||||||
|
|
||||||
iQIzBAABCAAdFiEE7fqj8spObrBWga+On28cLX4EX40FAmO/wmUACgkQn28cLX4E
|
|
||||||
X40EBxAApOIAHQGYxRcnMWgqB+hN2YR+M/CcOz19UiQ/KrG8f+ji9mUfIUsUTQsa
|
|
||||||
Oat/TuWPqQ4gCXocX4Dc4+LE0bebHVJkg4TQniEIjYOWja/6uBOfav14GBfJsq+m
|
|
||||||
3A9IBdOGYTAR5mGfTs1cxJfWAbX3U+oroKwn5zPh+wCRR0CoY8sEumZu7Tzb4yUx
|
|
||||||
OPhlj1Qzz/NkSi+0RkwogJy2hHdXVvHYUtTDKheFye/GeGa+trRnu8mCKpuyw6N9
|
|
||||||
dnQ7oXlCds8JW7YgaBf4qh1pH6VO18CTo7KG3yKiEeRb+HRRmr7KKQUOlefjcct+
|
|
||||||
QKOFhSPnVYhfvaPYEQiqVQ92ae7/wBT6cQzOMXRbY+NQjr/QfeF3QWTMRFrz3kHn
|
|
||||||
ZccpvcsjOR3wRDGQkcaa8ta40soEkzD+XRPK4oxB9D/Z5FOVoR/WTX9DZVm7PJ5+
|
|
||||||
SGHFBGOddICBWao1h01KCSyQ7nxNi1lLIRndj+AKtQAW/kO8hKh4YYKHAlI0dRQD
|
|
||||||
MLitcrQOU1pJha+hhb/87BihtXlevUVO45ctCLLooSCrVG8cca8p3jwvJoPPwdCp
|
|
||||||
1MBVZv8STPAO//4XoZkAtTcgnaUle/ro/1DFmAK/IhDyU4KP6l3uvcUvsk3Xpk1O
|
|
||||||
AzazgiqVuIYXQ98cTh0QzAGUuFAWNFqWSF2mj+poNv0RnL/J14U=
|
|
||||||
=xZw4
|
|
||||||
-----END PGP SIGNATURE-----
|
|
3
unbound-1.18.0.tar.gz
Normal file
3
unbound-1.18.0.tar.gz
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
version https://git-lfs.github.com/spec/v1
|
||||||
|
oid sha256:3da95490a85cff6420f26fae0b84a49f5112df1bf1b7fc34f8724f02082cb712
|
||||||
|
size 6315297
|
16
unbound-1.18.0.tar.gz.asc
Normal file
16
unbound-1.18.0.tar.gz.asc
Normal file
@ -0,0 +1,16 @@
|
|||||||
|
-----BEGIN PGP SIGNATURE-----
|
||||||
|
|
||||||
|
iQIzBAABCAAdFiEE7fqj8spObrBWga+On28cLX4EX40FAmTu91gACgkQn28cLX4E
|
||||||
|
X40hGg//TtnNy+MiXJbt//5tEmW9NFFL6BEmD4B9WN+Mm7HFJpOaMiOobM/mWCmD
|
||||||
|
kRDrx7HGJ5tDwOxCdHytsWq73OvJuMtyV7uUzGe1QFDyU7OiIgM0ZgPA4zp+/PDh
|
||||||
|
3oZjNlLb1IlXwZE3VtgxR0IVjKeWgDrnB5Ir1iYk55Q1aWI5tdDDDmjT/m/5fjuh
|
||||||
|
FTaMuy6W/J3K/EW0IyjSy1GUPi14lSpmjXUhJdY3hqr+lZ9Z9eXyUyezS0S3c8i+
|
||||||
|
c4t01ZC5NZ7RjNgGd9Hx/WDnf8V0KSrb1qk/QfgysVSKLneDzwAAGWrGnt/CN8LO
|
||||||
|
wPRou7u7vkZqbKNTTU6LZtWX6bmFRFZZDjgRwtPHH47SM8Sj4wqDyexW5dZYeepM
|
||||||
|
cNbIo+Jf4JOm+BhJqWFU/fLETi2HKSNGa8uaMn6sFxboFGw87JPeKoC0YZiXTw8B
|
||||||
|
5qWl+2elzScxckMFKdK91iI01mCVV5WoZUyPAl/Xrw5ecoK3v/2aAAuYee4KTQNh
|
||||||
|
tVvACJkIBE8rWGVXDa8ihPNi8HPd8NHthOKhFoMvidBgDui7eA/+4LlEt4qYi7Zd
|
||||||
|
TJQJ4Tz+2ibtw9pnHJDHbtupiIC4cCcUuBQPgdlribXacPGh7YeEO9QWCNX8duAM
|
||||||
|
cU3Y4wFCw1QV4PtuRy9E6d+V5Uc7oX5+OixtDvOXu6o/WFrwYqo=
|
||||||
|
=FPbs
|
||||||
|
-----END PGP SIGNATURE-----
|
@ -1,3 +1,68 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Thu Sep 7 08:03:33 UTC 2023 - Pedro Monreal <pmonreal@suse.com>
|
||||||
|
|
||||||
|
- Update to 1.18.0:
|
||||||
|
* Features:
|
||||||
|
- Аdd a metric about the maximum number of collisions in lrushah.
|
||||||
|
- Set max-udp-size default to 1232. This is the same default value
|
||||||
|
as the default value for edns-buffer-size. It restricts client
|
||||||
|
edns buffer size choices, and makes unbound behave similar to
|
||||||
|
other DNS resolvers.
|
||||||
|
- Add harden-unknown-additional option. It removes unknown records
|
||||||
|
from the authority section and additional section.
|
||||||
|
- Added new static zone type block_a to suppress all A queries for
|
||||||
|
specific zones.
|
||||||
|
- [FR] Ability to use Redis unix sockets.
|
||||||
|
- [FR] Ability to set the Redis password.
|
||||||
|
- Features/dropqueuedpackets, with sock-queue-timeout option that
|
||||||
|
drops packets that have been in the socket queue for too long.
|
||||||
|
Added statistics num.queries_timed_out and query.queue_time_us.max
|
||||||
|
that track the socket queue timeouts.
|
||||||
|
- 'eqvinox' Lamparter: NAT64 support.
|
||||||
|
- [FR] Use kernel timestamps for dnstap.
|
||||||
|
- Add cachedb hit stat. Introduces 'num.query.cachedb' as a new
|
||||||
|
statistical counter.
|
||||||
|
- Add SVCB dohpath support.
|
||||||
|
- Add validation EDEs to queries where the CD bit is set.
|
||||||
|
- Add prefetch support for subnet cache entries.
|
||||||
|
- Add EDE (RFC8914) caching.
|
||||||
|
- Add support for EDE caching in cachedb and subnetcache.
|
||||||
|
- Downstream DNS Server Cookies a la RFC7873 and RFC9018. Create server
|
||||||
|
cookies for clients that send client cookies. This needs to be explicitly
|
||||||
|
turned on in the config file with: `answer-cookie: yes`.
|
||||||
|
* Bug Fixes
|
||||||
|
- Response change to NODATA for some ANY queries since 1.12.
|
||||||
|
- Fix not following cleared RD flags potentially enables
|
||||||
|
amplification DDoS attacks.
|
||||||
|
- Set default for harden-unknown-additional to no. So that it
|
||||||
|
does not hamper future protocol developments.
|
||||||
|
- Fix to ignore entirely empty responses, and try at another authority.
|
||||||
|
This turns completely empty responses, a type of noerror/nodata into
|
||||||
|
a servfail, but they do not conform to RFC2308, and the retry can fetch
|
||||||
|
improved content.
|
||||||
|
- Allow TTL refresh of expired error responses.
|
||||||
|
- Fix: Unexpected behavior with client-subnet-always-forward and serve-expired
|
||||||
|
- Fix unbound-dnstap-socket test program to reply the finish frame over
|
||||||
|
a TLS connection correctly.
|
||||||
|
- Fix: reserved identifier violation
|
||||||
|
- Fix: Unencrypted query is sent when forward-tls-upstream: yes is used
|
||||||
|
without tls-cert-bundle
|
||||||
|
- Extra consistency check to make sure that when TLS is requested,
|
||||||
|
either we set up a TLS connection or we return an error.
|
||||||
|
- Fix: NXDOMAIN instead of NOERROR rcode when asked for existing CNAME record.
|
||||||
|
- Fix: Bad interaction with 0 TTL records and serve-expired
|
||||||
|
- Fix RPZ IP responses with trigger rpz-drop on cache entries.
|
||||||
|
- Fix RPZ removal of client-ip, nsip, nsdname triggers from IXFR.
|
||||||
|
- Fix dereference of NULL variable warning in mesh_do_callback.
|
||||||
|
- Fix ip_ratelimit test to work with dig that enables DNS cookies.
|
||||||
|
- Fix for iter_dec_attempts that could cause a hang, part of capsforid
|
||||||
|
and qname minimisation, depending on the settings.
|
||||||
|
- Fix uninitialized memory passed in padding bytes of cmsg to sendmsg.
|
||||||
|
- Fix stat_values test to work with dig that enables DNS cookies.
|
||||||
|
- unbound.service: Main process exited, code=killed, status=11/SEGV.
|
||||||
|
Fixes cachedb configuration handling.
|
||||||
|
- Fix: processQueryResponse() THROWAWAY should be mindful of fail_reply.
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Thu Aug 24 10:07:02 UTC 2023 - Marcus Rueckert <mrueckert@suse.de>
|
Thu Aug 24 10:07:02 UTC 2023 - Marcus Rueckert <mrueckert@suse.de>
|
||||||
|
|
||||||
|
@ -33,7 +33,7 @@
|
|||||||
%define piddir /run
|
%define piddir /run
|
||||||
|
|
||||||
Name: unbound
|
Name: unbound
|
||||||
Version: 1.17.1
|
Version: 1.18.0
|
||||||
Release: 0
|
Release: 0
|
||||||
BuildRequires: flex
|
BuildRequires: flex
|
||||||
BuildRequires: ldns-devel >= %{ldns_version}
|
BuildRequires: ldns-devel >= %{ldns_version}
|
||||||
|
Loading…
Reference in New Issue
Block a user