-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Hi,
Unbound 1.5.7rc1 prerelease is available: http://www.unbound.net/downloads/unbound-1.5.7rc1.tar.gz sha1 938ab7e2739aa65c261ce2ff989e27e7fcccd5c4 sha256 c614c4234776d919dd296ee750d3cf6161a2749d83010b4b4385cf21cf165861 pgpsig http://www.unbound.net/downloads/unbound-1.5.7rc1.tar.gz.asc And windows binaries at: http://www.unbound.net/downloads/unbound-1.5.7rc1.zip http://www.unbound.net/downloads/unbound_setup_1.5.7rc1.exe This release fixes a validation failure for nodata with wildcards and emptynonterminals. Fixes OpenSSL Library compability. Fixes correct response for malformed EDNS queries. And it has Windows changes to make unbound portable possible. For crypto in libunbound there is libnettle support. Qname minimisation is implemented. Use qname-minimisation: yes to enable it. This version sends the full query name when an error is found for intermediate names. It should therefore not fail for names on nonconformant servers. It combines well with harden-below-nxdomain: yes because those nxdomains are probed by the qname minimisation, and that will both stop privacy sensitive traffic and reduce nonsense traffic to authority servers. So consider enabling both. In this implementation IPv6 reverse lookups add several labels per increment, because otherwise those lookups would be very slow. [ Reference https://tools.ietf.org/html/draft-ietf-dnsop-qname-minimisation-08 ] Features - - Fix #594. libunbound: optionally use libnettle for crypto. Contributed by Luca Bruno. Added --with-nettle for use with --with-libunbound-only. - - Implemented qname minimisation Bug Fixes - - Fix #712: unbound-anchor appears to not fsync root.key. - - Fix #714: Document config to block private-address for IPv4 mapped IPv6 addresses. - - portability, replace snprintf if return value broken - - portability fixes. - - detect libexpat without xml_StopParser function. - - isblank() compat implementation. - - patch from Doug Hogan for SSL_OP_NO_SSLvx options. - - Fix #716: nodata proof with empty non-terminals and wildcards. - - Fix #718: Fix unbound-control-setup with support for env without HEREDOC bash support. - - ACX_SSL_CHECKS no longer adds -ldl needlessly. - - Change example.conf: ftp.internic.net to https://www.internic.net - - Fix for lenient accept of reverse order DNAME and CNAME. - - spelling fixes from Igor Sobrado Delgado. - - Fix that malformed EDNS query gets a response without malformed EDNS. - - Added assert on rrset cache correctness. - - Fix #720: add windows scripts to zip bundle, and fix unbound-control-setup windows batch file. - - Fix for #724: conf syntax to read files from run dir (on Windows). And fix PCA prompt for unbound-service-install.exe. And add Changelog to windows binary dist. - - .gitignore for git users. - - iana portlist update. Best regards, Wouter -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJWYB5oAAoJEJ9vHC1+BF+NYOcP/AhG9pTg1bcFtVuVl0tV+SDa FEuWbmAp1o7Je9ERwWrHqFbrLarTT0URziUl746z0b7vOZNoydG5Jx1KSYfuaBjC jkvAYTC7RUMSMFsnm4n60vYa5Oty9XhNCmey6XPvCf7+9LF4Zh+1QR/qpHEFOiQb hZ8LhBNcBDAfP7q4OYkFL5W/ch8/UMOxumYluiUpV5ytdWsXWcnTE0lRBSQQEPrC 2MfwbrXqan9ON29o+3EHynefRr9KfP3G24k+UUSw5nppO5/NPRjz06ySo4wExofT WQnrxw8sdWWFREm7vuPrL/Vmy9lKx+Kn0Iut02BtI4tfsSk/Mf0XwdyDaxtSFOKR jnJjIUbOtbs2HqLhRNKIYI4i5v2I/UEh1X2ytomN80QfMTYR+TMhzM4BHU/wiuzm KSgEDYYw2/qLR6gwIgGc6XHAdEu/gRA0LOVgmsNtQn7DN04YIxmex3QSPThjM1o9 UfvyUH/PJRKZwXXy4NC5ZrkrGKTc8fEBNeYMZN3+S73nQoiN+ZvTHPLKToBrchUC fJ8g5n47QlWCdQHrH5zPuJd5uN5sye7yt7cRjruMzlk3H7sg9psZaS+2jfpAKv6K d7XzpwCdV0NNfzphbjp1lWW/GFxk55YV7V3pqowfXx4TfIY1FF+d3wGW55KXmUTq PLk++iyAHF0yYViGzeCs =tufd -----END PGP SIGNATURE-----