unbound-1.7.3

[Bruce Dubbs]

New point version.

[ken@…]

from doc/Changelog

19 June 2018: Wouter

• Fix for unbound-control on Windows and set TCP socket parameters more closely.
• Fix windows unbound-control no cert bad file descriptor error.

18 June 2018: Wouter

• Fix that control-use-cert: no works for 127.0.0.1 to disable certs.
• Fix unbound-checkconf for control-use-cert.

15 June 2018: Wouter

• tag for 1.7.3rc1.

14 June 2018: Wouter

• #4103: Fix that auth-zone does not insist on SOA record first in file for url downloads.
• Fix that first control-interface determines if TLS is used. Warn when IP address interfaces are used without TLS.
• Fix nettle compile.

12 June 2018: Ralph

• Don't count CNAME response types received during qname minimisation as query restart.

12 June 2018: Wouter

• #4102 for NSD, but for Unbound. Named unix pipes do not use certificate and key files, access can be restricted with file and directory permissions. The option control-use-cert is no longer used, and ignored if found in unbound.conf.
• Rename tls-additional-ports to tls-additional-port, because every line adds one port.
• Fix buffer size warning in unit test.
• remade dependencies in the Makefile.

6 June 2018: Wouter

• Patch to fix openwrt for mac os build darwin detection in configure.

5 June 2018: Wouter

• Fix crash if ratelimit taken into use with unbound-control instead of with unbound.conf.

4 June 2018: Wouter

• Fix deadlock caused by incoming notify for auth-zone.
• tag for 1.7.2rc1, became 1.7.2 release on 11 June 2018, trunk is 1.7.3 in development from this point.
• #4100: Fix stub reprime when it becomes useless.

1 June 2018: Wouter

• Rename additional-tls-port to tls-additional-ports. The older name is accepted for backwards compatibility.

30 May 2018: Wouter

• Patch from Syzdek: Add ability to ignore RD bit and treat all requests as if the RD bit is set.

29 May 2018: Wouter

• in compat/arc4random call getentropy_urandom when getentropy fails with ENOSYS.
• Fix that fallback for windows port.

28 May 2018: Wouter

• Fix windows tcp and tls spin on events.
• Add routine from getdns to add windows cert store to the SSL_CTX.
• tls-win-cert option that adds the system certificate store for authenticating DNS-over-TLS connections. It can be used instead of the tls-cert-bundle option, or with it to add certificates.

25 May 2018: Wouter

• For TCP and TLS connections that don't establish, perform address update in infra cache, so future selections can exclude them.
• Fix that tcp sticky events are removed for closed fd on windows.
• Fix close events for tcp only.

24 May 2018: Wouter

• Fix that libunbound can do DNS-over-TLS, when configured.
• Fix that windows unbound service can use DNS-over-TLS.
• unbound-host initializes ssl (for potential DNS-over-TLS usage inside libunbound), when ssl upstream or a cert-bundle is configured.

23 May 2018: Wouter

• Use accept4 to speed up incoming TCP (and TLS) connections, available on Linux, FreeBSD and OpenBSD.

17 May 2018: Ralph

• Qname minimisation default changed to yes.

15 May 2018: Wouter

• Fix low-rtt-pct to low-rtt-permil, as it is parts in one thousand.

11 May 2018: Wouter

• Fix contrib/libunbound.pc for libssl libcrypto references, from ​https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=226914

7 May 2018: Wouter

• Fix windows to not have sticky TLS events for TCP.
• Fix read of DNS over TLS length and data in one read call.
• Fix mesh state assertion failure due to callback removal.

3 May 2018: Wouter

• Fix that configure --with-libhiredis also turns on cachedb.
• Fix gcc 8 buffer warning in testcode.
• Fix function type cast warning in libunbound context callback type.

2 May 2018: Wouter

• Fix fail to reject dead peers in forward-zone, with ssl-upstream.

1 May 2018: Wouter

• Fix that unbound-control reload frees the rrset keys and returns the memory pages to the system.

30 April 2018: Wouter

• Fix spelling error in man page and note defaults as no instead of off.

(previous item from 26 April noted as Became 1.7.1 release on 3 May)

[ken@…]

r20317