On test server runs ok. Will test on Windows today.
04.09.2018 15:09, Wouter Wijngaards via Unbound-users пишет: > Hi, > > Unbound 1.8.0rc1 pre-release is available: > https://nlnetlabs.nl/downloads/unbound/unbound-1.8.0rc1.tar.gz > sha256 9baa68a9aedc163ea2ad23787e396bf47ae5af1e4b1e86d6801e5fda0e9909a6 > pgp https://nlnetlabs.nl/downloads/unbound/unbound-1.8.0rc1.tar.gz.asc > > Windows zip files and setup.exe are also available, > https://nlnetlabs.nl/downloads/unbound/unbound-1.8.0rc1-w32.zip > https://nlnetlabs.nl/downloads/unbound/unbound-1.8.0rc1.zip > https://nlnetlabs.nl/downloads/unbound/unbound_setup_1.8.0rc1-w32.exe > https://nlnetlabs.nl/downloads/unbound/unbound_setup_1.8.0rc1.exe > > With pgp signatures > https://nlnetlabs.nl/downloads/unbound/unbound-1.8.0rc1-w32.zip.asc > https://nlnetlabs.nl/downloads/unbound/unbound-1.8.0rc1.zip.asc > https://nlnetlabs.nl/downloads/unbound/unbound_setup_1.8.0rc1-w32.exe.asc > https://nlnetlabs.nl/downloads/unbound/unbound_setup_1.8.0rc1.exe.asc > > > This is the pre-release for version 1.8.0rc1. > > This release has a number of bug fixes, a list of features added and > some defaults changed. > > The defaults that are changed enable options that have been introduced > in the past with an option that defaulted to off, but have proven to > work, improve speed and resilience and we would now recommend to enable > when configuring the server. Still the option exists if you want to > manually specify the feature. > > New features include options for unbound-control: auth_zone_reload, > auth_zone_transfer. New counters in the statistics output: > num.queries.tls, num.query.subnet, num.query.subnet_cache. New options > in unbound.conf: dns64-ignore-aaaa, tcp-idle-timeout, > edns-tcp-keepalive, edns-tcp-keepalive-timeout, tcp-connection-limit, > stub-no-cache, forward-no-cache, log-servfail, log-local-actions, > serve-expired-ttl, serve-expired-ttl-reset. Commandline options -R (use > direct queries) for unbound-anchor, -d (delay) for streamtcp. There is > support for RR type SMIMEA. There is support for EDNS option EDNS > KeepAlive. > > The libunbound library has gone up an api version increment because one > of the callback signatures has changed. New information is available to > the callback, existing usage of the function could conceivable get an > upgrade by ignoring the extra function call parameter. For python > scripts, a similar situation, where new information has been made > available to the callback functions, in the form of extra function call > parameters. This information is also available to module callbacks > internally. For python the extra arguments functionality is used to > extend the arguments. The extra information is connection information, > exposing the client's IP address to the callback function and whether > the query failed because of rate limiting. > > There are a number of bug fixes for Qname minimisation, and a number of > fixes for auth-zone functionality. And there has been a fix in the > processing of dns64 negative cache entries and a fix about fallthrough > in the view local-zone processing functionality. > > > Features > - unbound-control auth_zone_reload _zone_ option rereads the zonefile. > - unbound-control auth_zone_transfer _zone_ option starts the probe > sequence for a master to transfer the zone from and transfers when > a new zone version is available. > - num.queries.tls counter for queries over TLS. > - log port number with err_addr logs. > - dns64-ignore-aaaa: config option to list domain names for which the > existing AAAA is ignored and dns64 processing is used on the A > record. > - Fix #4112: Fix that unbound-anchor -f /etc/resolv.conf will not pass > if DNSSEC is not enabled. New option -R allows fallback from > resolv.conf to direct queries. > - Note RFC8162 support. SMIMEA record type can be read in by the > zone record parser. > - Patches from Jim Hague (Sinodun) for EDNS KeepAlive. > - Add config tcp-idle-timeout (default 30s). This applies to > client connections only; the timeout on TCP connections upstream > is unaffected. > - Add edns-tcp-keepalive and edns-tcp-keepalive timeout options > and implement option in client responses. > - Add delay parameter to streamtcp, -d secs. > To be used when testing idle timeout. > - Expose if a query (or a subquery) was ratelimited (not src IP > ratelimiting) to libunbound under 'ub_result.was_ratelimited'. > This also introduces a change to 'ub_event_callback_type' in > libunbound/unbound-event.h. > - Patch to implement tcp-connection-limit from Jim Hague (Sinodun). > This limits the number of simultaneous TCP client connections > from a nominated netblock. > - Fix #4142: unbound.service.in: improvements and fixes. > Add unit dependency ordering (based on systemd-resolved). > Add 'CAP_SYS_RESOURCE' to 'CapabilityBoundingSet' (fixes warnings > about missing privileges during startup). Add 'AF_INET6' to > 'RestrictAddressFamilies' (without it IPV6 can't work). From > Guido Shanahan. > - unbound-checkconf checks if modules exist and prints if they are > not compiled in the name of the wrong module. > - Patch for stub-no-cache and forward-no-cache options that disable > caching for the contents of that stub or forward, for when you > want immediate changes visible, from Bjoern A. Zeeb. > - Upgraded crosscompile script to include libunbound DLL in the > zipfile. > - Set libunbound to increase current, because the libunbound change > to the event callback function signature. That needs programs, > that use it, to recompile against the new header definition. > - log-servfail: yes prints log lines that say why queries are > returning SERVFAIL to clients. > - log-local-actions: yes option for unbound.conf that logs all the > local zone actions, a patch from Saksham Manchanda (Secure64). > - #4146: num.query.subnet and num.query.subnet_cache counters. > - #4140: Expose repinfo (comm_reply) to the inplace_callbacks. This > gives access to reply information for the client's communication > point when the callback is called before the mesh state (modules). > Changes to C and Python's inplace_callback signatures were also > necessary. > - Set defaults to yes for a number of options to increase speed and > resilience of the server. The so-reuseport, harden-below-nxdomain, > and minimal-responses options are enabled by default. They used > to be disabled by default, waiting to make sure they worked. They > are enabled by default now, and can be disabled explicitly by > setting them to "no" in the unbound.conf config file. The reuseport > and minimal options increases speed of the server, and should be > otherwise harmless. The harden-below-nxdomain option works well > together with the recently default enabled qname minimisation, this > causes more fetches to use information from the cache. > - Added serve-expired-ttl and serve-expired-ttl-reset options. > > > Bug Fixes > - Windows example service.conf edited with more windows specific > configuration. > - #4108: systemd reload hang fix. > - Fix usage printout for unbound-host, hostname has to be last > argument on BSDs and Windows. > - Partial fix for permission denied on IPv6 address on FreeBSD. > - Fix that auth-zone master reply with current SOA serial does not > stop scan of masters for an updated zone. > - Fix that auth-zone does not start the wait timer without checking > if the wait timer has already been started. > - #4109: Fix that package config depends on python unconditionally. > - Patch, do not export python from pkg-config, from Petr Menšík. > - Fix checking for libhiredis printout in configure output. > - Fix typo on man page in ip-address description. > - Update libunbound/python/examples/dnssec_test.py example code to > also set the 20326 trust anchor for the root in the example code. > - Better documentation for unblock-lan-zones and insecure-lan-zones > config statements. > - Fix permission denied printed for auth zone probe random port nrs. > - Fix documentation ambiguity for tls-win-cert in tls-upstream and > forward-tls-upstream docs. > - iana port update. > - Fix round robin for failed addresses with prefer-ip6: yes > - Note in documentation that the cert name match code needs > OpenSSL 1.1.0 or later to be enabled. > - Fix to improve systemd socket activation code file descriptor > assignment. > - Fix for 4126 that the #define for UNKNOWN_SERVER_NICENESS can be more > easily changed to adjust default rtt assumptions. > - Fix #4127 unbound -h does not list -p help. > - Print error if SSL name verification configured but not available > in the ssl library. > - Fix that ratelimit and ip-ratelimit are applied after reload of > changed config file. > - Resize ratelimit and ip-ratelimit caches if changed on reload. > - Fix #4129 unbound-control error message with wrong cert permissions > is too cryptic. > - Fix #4130: print text describing -dd and unbound-checkconf on > config file read error at startup, the errors may have been moved > away by the startup process. > - Fix #4131: for solaris, error YY_CURRENT_BUFFER undeclared. > - Fix use-systemd readiness signalling, only when use-systemd is yes > and not in signal handler. > - Fix #4135: 64-bit Windows Installer Creates Entries Under The > Wrong Registry Key, reported by Brian White. > - Fix man page, say that chroot is enabled by default. > - Sort out test runs when the build directory isn't the project > root directory. > - Error if EDNS Keepalive received over UDP. > - Correct and expand manual page entries for keepalive and idle timeout. > - Implement progressive backoff of TCP idle/keepalive timeout. > - Fix 'make depend' to work when build dir is not project root. > - Fix #4139: Fix unbound-host leaks memory on ANY. > - Fix to remove systemd sockaddr function check, that is not > always present. Make socket activation more lenient. But not > different when socket activation is not used. > - Fix #4136: insufficiency from mismatch of FLEX capability between > released tarball and build host. Fix to unconditionally call > destroy in daemon.c. > - Make capsforid fallback QNAME minimisation aware. > - document --enable-subnet in doc/README. > - Fix #4144: dns64 module caches wrong (negative) information. > - Fix that printout of error for cycle targets is a verbosity 4 > printout and does not wrongly print it is a memory error. > - Fix segfault in auth-zone read and reorder of RRSIGs. > - Fix contrib/fastrpz.patch. > - Fix warning on compile without threads. > - print servfail info to log as error. > - added more servfail printout statements, to the iterator. > - Fix classification for QTYPE=CNAME queries when QNAME minimisation is > enabled. > - Fix only misc failure from log-servfail when val-log-level is not > enabled. > - Fix lintflags for lint on FreeBSD. > - Fix that a local-zone with a local-zone-type that is transparent > in a view with view-first, makes queries check for answers from the > local-zones defined outside of views. > > > Best regards, Wouter > -- "C++ seems like a language suitable for firing other people's legs." ***************************** * C++20 : Bug to the future * *****************************
signature.asc
Description: OpenPGP digital signature
