Add trustanchor.unbound CH TXT that gets a response with a number
of TXT RRs with a string like "example.com. 2345 1234" with
the trust anchors and their keytags.
Patch for view functionality for local-data-ptr from Björn Ketelaars.
Response actions based on IP address from Jinmei Tatuya (Infoblox).
Patch from Luiz Fernando Softov for Stats Shared Memory.
unbound-control stats_shm command prints stats using shared memory,
which uses less cpu.
--disable-sha1 disables SHA1 support in RRSIG, so from DNSKEY and
DS records. NSEC3 is not disabled.
#1217. DNSCrypt support, with --enable-dnscrypt, libsodium and then
enabled in the config file from Manu Bretelle.
Merge EDNS Client subnet implementation from feature branch into main
branch, using new EDNS processing framework.
harden-algo-downgrade: no also makes unbound more lenient about
digest algorithms in DS records.
Bug fixes
sldns has ED25519 and ED448 algorithm number and name for display.
sldns updated for vfixed and buffer resize indication from getdns.
iana portlist update
Fix #1224: Fix that defaults should not fall back to "Program Files
(x86) if Unbound is 64bit by default on windows.
Fix doc/CNAME-basedRedirectionDesignNotes.pdf zone static to
redirect.
make depend, autoconf, doxygen and lint fixed up.
include sys/time.h for new shm code on NetBSD.
Fix #1227: Fix that Unbound control allows weak ciphersuits.
Fix #1226: provide official 32bit binary for windows.
For #1227: if we have sha256, set the cipher list to have no
known vulns.
Fix testpkts.c, check if DO bit is set, not only if there is an OPT
record.
Fix #1229: Systemd service sandboxing in contrib/unbound.service.
Fix #1230: swig version 2.0.1 is required for pythonmod, with
1.3.40 it crashes when running repeatly unbound-control reload.
fix enum conversion warnings
fake-sha1 test option; print warning if used. To make unit tests.
unbound-control list local zone and data commands listed in the
help output.
Fix #1234: shortening DNAME loop produces duplicate DNAME records
in ANSWER section.
testbound understands Deckard MATCH rcode question answer commands.
Fix #1235: Fix too long DNAME expansion produces SERVFAIL instead
of YXDOMAIN + query loop, reported by Petr Spacek.
Fix that SHM is not inited if not enabled.
Fix that looped DNAMEs do not cause unbound to spend effort.
trustanchor tags are sorted. reusable routine to fetch taglist.
Fix #1237 - Wrong resolving in chain, for norec queries that get
SERVFAIL returned.
make depend, autoconf, remove warnings about statement before var.
lru_demote and lruhash_insert_or_retrieve functions for getdns.
fixup for lruhash (whitespace and header file comment).
dnscrypt tests.
Fix doxygen for dnscrypt files.
Fix #1238: segmentation fault when adding through the remote
interface a per-view local zone to a view with no previous
(configured) local zones.
Fix #1229: Systemd service sandboxing, options in wrong sections.
Fix #1239: configure fails to find python distutils if python
prints warning.
Fix to prevent non-referal query from being cached as referal when the
no_cache_store flag was set.
Remove (now unused) event2 include from dnscrypt code.
Fix #1217: Add metrics to unbound-control interface showing
crypted, cert request, plaintext and malformed queries (from
Manu Bretelle).
Do not add current time twice to TTL before ECS cache store.
Do not touch rrset cache after ECS cache message generation.
Use LDNS_EDNS_CLIENT_SUBNET as default ECS opcode.
Fix #1244: document that use of chroot requires trust anchor file to
be under chroot.
Changed max-client-subnet-ipv6 default to 56 (as in RFC)
Removed extern ECS config options
module_restart_next now calls clear on all following modules
Also create ECS module qstate on module_event_pass event
remove malloc from inplace_cb_register
Unlock view in respip unit test
Some whitespace fixup.
Remove ECS option after REFUSED answer.
Fix small memory leak in edns_opt_copy_alloc.
Respip dereference after NULL check.
Zero initialize addrtree allocation.
Use correct identifier for SHM destroy.
Display ECS module memory usage.
Fix #1247: unbound does not shorten source prefix length when
forwarding ECS.
Properly check for allocation failure in local_data_find_tag_datas.
Fix #1249: unbound doesn't return FORMERR to bogus ECS.
Set SHM ECS memory usage to 0 when module not loaded.
subnet mem value is available in shm, also when not enabled,
to make the struct easier to memmap by other applications,
independent of the configuration of unbound.
Fix #1250: inconsistent indentation in services/listen_dnsport.c.
Features
Bug fixes