- Update to 1.18.0:
* Features:
- Аdd a metric about the maximum number of collisions in lrushah.
- Set max-udp-size default to 1232. This is the same default value
as the default value for edns-buffer-size. It restricts client
edns buffer size choices, and makes unbound behave similar to
other DNS resolvers.
- Add harden-unknown-additional option. It removes unknown records
from the authority section and additional section.
- Added new static zone type block_a to suppress all A queries for
specific zones.
- [FR] Ability to use Redis unix sockets.
- [FR] Ability to set the Redis password.
- Features/dropqueuedpackets, with sock-queue-timeout option that
drops packets that have been in the socket queue for too long.
Added statistics num.queries_timed_out and query.queue_time_us.max
that track the socket queue timeouts.
- 'eqvinox' Lamparter: NAT64 support.
- [FR] Use kernel timestamps for dnstap.
- Add cachedb hit stat. Introduces 'num.query.cachedb' as a new
statistical counter.
- Add SVCB dohpath support.
- Add validation EDEs to queries where the CD bit is set.
- Add prefetch support for subnet cache entries.
- Add EDE (RFC8914) caching.
- Add support for EDE caching in cachedb and subnetcache.
- Downstream DNS Server Cookies a la RFC7873 and RFC9018. Create server
cookies for clients that send client cookies. This needs to be explicitly
turned on in the config file with: `answer-cookie: yes`.
* Bug Fixes
OBS-URL: https://build.opensuse.org/request/show/1109457
OBS-URL: https://build.opensuse.org/package/show/server:dns/unbound?expand=0&rev=165
- Update to 1.17.1:
* Features:
- Expose 'statistics-inhibit-zero' as a configuration option;
the default value retains Unbound's behavior.
- Expose 'max-sent-count' as a configuration option; the default
value retains Unbound's behavior.
- Merge #461 from Christian Allred: Add max-query-restarts option.
Exposes an internal configuration but the default value retains
Unbound's behavior.
- Merge #569 from JINMEI Tatuya: add keep-cache option to
'unbound-control reload' to keep caches.
* Bug Fixes:
- Merge #768 from fobser: Arithmetic on a pointer to void is a
GNU extension.
- In unit test, print python script name list correctly.
- testcode/dohclient sets log identity to its name.
- Clarify the use of MAX_SENT_COUNT in the iterator code.
- Fix that cachedb does not store failures in the external cache.
- Merge #767 from jonathangray: consistently use IPv4/IPv6 in
unbound.conf.5.
- Fix to ignore tcp events for closed comm points.
- Fix to make sure to not read again after a tcp comm point is
closed.
- Fix#775: libunbound: subprocess reap causes parent process
reap to hang.
- iana portlist update.
- Complementary fix for distutils.sysconfig deprecation in
Python 3.10 to commit 62c5039ab9da42713e006e840b7578e01d66e7f2.
- Fix#779: [doc] Missing documention in ub_resolve_event() for
callback parameter was_ratelimited.
OBS-URL: https://build.opensuse.org/request/show/1067340
OBS-URL: https://build.opensuse.org/package/show/server:dns/unbound?expand=0&rev=159
- spec-cleaner
- update to 1.15.0
- drop python2 packages
- update to 1.15.0:
This release has bug fixes for crashes that happened on heavy network
usage. The default for the aggressive-nsec option has changed, it is now
enabled.
The ratelimit logic had to be reworked for the crash fixes. As a result,
there are new options to control the behaviour of ratelimiting.
The ratelimit-backoff and ip-ratelimit-backoff options can be used to
control how severe the backoff is when the ratelimit is exceeded.
The rpz-signal-nxdomain-ra option can be used to unset the RA flag, for
NXDOMAIN answers from RPZ. That is used by some clients to detect that
the domain is externally blocked. The RPZ option for-downstream can be
used like for auth zones, this allows the RPZ zone information to be queried.
That can be useful for monitoring scripts.
Features
- Fix#596: unset the RA bit when a query is blocked by an unbound
RPZ nxdomain reply. The option rpz-signal-nxdomain-ra allows to
signal that a domain is externally blocked to clients when it
is blocked with NXDOMAIN by unsetting RA.
- Add rpz: for-downstream: yesno option, where the RPZ zone is
authoritatively answered for, so the RPZ zone contents can be
checked with DNS queries directed at the RPZ zone.
- Merge PR #616: Update ratelimit logic. It also introduces
ratelimit-backoff and ip-ratelimit-backoff configuration options.
- Change aggressive-nsec default to yes.
Bug Fixes
- Fix compile warning for if_nametoindex on windows 64bit.
OBS-URL: https://build.opensuse.org/request/show/974920
OBS-URL: https://build.opensuse.org/package/show/server:dns/unbound?expand=0&rev=145
Hello,
some changes to unbound. Add the upcomming trust anchors and make the trust files readable for everyone (I need this for especially for opendkim, which uses unbound library and needs these files).
The changes are similar to the ones done for other distributions. Debian also patches the source code to add new keys. I don't like this much, so I only changed the configuration files.
This change should have been done last year already. While properly setup systems will follow the rollover without interaction, a new installation of the package should also work AFTER the rollover and this requires the new keys to be in the package already.
When accepting the submit request please verify the added key data against the original sources!
- add upcomming key rollover trust anchor
- make trust anchor files world readable - these files are open
knowledge and will be used by other software packages
OBS-URL: https://build.opensuse.org/request/show/613074
OBS-URL: https://build.opensuse.org/package/show/server:dns/unbound?expand=0&rev=78
