Opened 5 years ago

Closed 5 years ago

Last modified 5 years ago

#9180 closed enhancement (fixed)


Reported by: bdubbs@… Owned by: bdubbs@…
Priority: normal Milestone: 8.1
Component: BOOK Version: SVN
Severity: normal Keywords:


New point version. Sure glad I updated to 1.6.1 yesterday.

Change History (5)

comment:1 by bdubbs@…, 5 years ago

Owner: changed from blfs-book@… to bdubbs@…
Status: newassigned

comment:2 by bdubbs@…, 5 years ago


  • Add trustanchor.unbound CH TXT that gets a response with a number of TXT RRs with a string like " 2345 1234" with the trust anchors and their keytags.
  • Patch for view functionality for local-data-ptr from Björn Ketelaars.
  • Response actions based on IP address from Jinmei Tatuya (Infoblox).
  • Patch from Luiz Fernando Softov for Stats Shared Memory.
  • unbound-control stats_shm command prints stats using shared memory, which uses less cpu.
  • --disable-sha1 disables SHA1 support in RRSIG, so from DNSKEY and DS records. NSEC3 is not disabled.
  • #1217. DNSCrypt support, with --enable-dnscrypt, libsodium and then enabled in the config file from Manu Bretelle.
  • Merge EDNS Client subnet implementation from feature branch into main branch, using new EDNS processing framework.
  • harden-algo-downgrade: no also makes unbound more lenient about digest algorithms in DS records.

Bug fixes

  • sldns has ED25519 and ED448 algorithm number and name for display.
  • sldns updated for vfixed and buffer resize indication from getdns.
  • iana portlist update
  • Fix #1224: Fix that defaults should not fall back to "Program Files (x86) if Unbound is 64bit by default on windows.
  • Fix doc/CNAME-basedRedirectionDesignNotes.pdf zone static to redirect.
  • make depend, autoconf, doxygen and lint fixed up.
  • include sys/time.h for new shm code on NetBSD.
  • Fix #1227: Fix that Unbound control allows weak ciphersuits.
  • Fix #1226: provide official 32bit binary for windows.
  • For #1227: if we have sha256, set the cipher list to have no known vulns.
  • Fix testpkts.c, check if DO bit is set, not only if there is an OPT record.
  • Fix #1229: Systemd service sandboxing in contrib/unbound.service.
  • Fix #1230: swig version 2.0.1 is required for pythonmod, with 1.3.40 it crashes when running repeatly unbound-control reload.
  • fix enum conversion warnings
  • fake-sha1 test option; print warning if used. To make unit tests.
  • unbound-control list local zone and data commands listed in the help output.
  • Fix #1234: shortening DNAME loop produces duplicate DNAME records in ANSWER section.
  • testbound understands Deckard MATCH rcode question answer commands.
  • Fix #1235: Fix too long DNAME expansion produces SERVFAIL instead of YXDOMAIN + query loop, reported by Petr Spacek.
  • Fix that SHM is not inited if not enabled.
  • Fix that looped DNAMEs do not cause unbound to spend effort.
  • trustanchor tags are sorted. reusable routine to fetch taglist.
  • Fix #1237 - Wrong resolving in chain, for norec queries that get SERVFAIL returned.
  • make depend, autoconf, remove warnings about statement before var.
  • lru_demote and lruhash_insert_or_retrieve functions for getdns.
  • fixup for lruhash (whitespace and header file comment).
  • dnscrypt tests.
  • Fix doxygen for dnscrypt files.
  • Fix #1238: segmentation fault when adding through the remote interface a per-view local zone to a view with no previous (configured) local zones.
  • Fix #1229: Systemd service sandboxing, options in wrong sections.
  • Fix #1239: configure fails to find python distutils if python prints warning.
  • Fix to prevent non-referal query from being cached as referal when the no_cache_store flag was set.
  • Remove (now unused) event2 include from dnscrypt code.
  • Fix #1217: Add metrics to unbound-control interface showing crypted, cert request, plaintext and malformed queries (from Manu Bretelle).
  • Do not add current time twice to TTL before ECS cache store.
  • Do not touch rrset cache after ECS cache message generation.
  • Use LDNS_EDNS_CLIENT_SUBNET as default ECS opcode.
  • Fix #1244: document that use of chroot requires trust anchor file to be under chroot.
  • Small fixup for documentation.
  • Fix respip for braces when locks arent used.
  • Fix pythonmod for cb changes.
  • Generalise inplace callback (de)registration
  • (de)register inplace callbacks for module id
  • No unbound-control set_option for ECS options
  • Deprecated client-subnet-opcode config option
  • Introduced client-subnet-always-forward config option
  • Changed max-client-subnet-ipv6 default to 56 (as in RFC)
  • Removed extern ECS config options
  • module_restart_next now calls clear on all following modules
  • Also create ECS module qstate on module_event_pass event
  • remove malloc from inplace_cb_register
  • Unlock view in respip unit test
  • Some whitespace fixup.
  • Remove ECS option after REFUSED answer.
  • Fix small memory leak in edns_opt_copy_alloc.
  • Respip dereference after NULL check.
  • Zero initialize addrtree allocation.
  • Use correct identifier for SHM destroy.
  • Display ECS module memory usage.
  • Fix #1247: unbound does not shorten source prefix length when forwarding ECS.
  • Properly check for allocation failure in local_data_find_tag_datas.
  • Fix #1249: unbound doesn't return FORMERR to bogus ECS.
  • Set SHM ECS memory usage to 0 when module not loaded.
  • subnet mem value is available in shm, also when not enabled, to make the struct easier to memmap by other applications, independent of the configuration of unbound.
  • Fix #1250: inconsistent indentation in services/listen_dnsport.c.

comment:3 by bdubbs@…, 5 years ago

Resolution: fixed
Status: assignedclosed

Fixed at revision 18666.

comment:4 by bdubbs@…, 5 years ago

Milestone: 8.1m8.1

Milestone renamed

comment:5 by bdubbs@…, 5 years ago

Milestone: m8.18.1

Milestone renamed

Note: See TracTickets for help on using tickets.