2014-03-11 15:04:57 +01:00
|
|
|
@comment $NetBSD: PLIST,v 1.7 2014/03/11 14:05:12 jperkin Exp $
|
2008-05-27 00:36:56 +02:00
|
|
|
include/unbound.h
|
|
|
|
|
lib/libunbound.la
|
|
|
|
|
man/man1/unbound-host.1
|
|
|
|
|
man/man3/libunbound.3
|
2012-12-25 09:54:26 +01:00
|
|
|
man/man3/ub_cancel.3
|
|
|
|
|
man/man3/ub_ctx.3
|
|
|
|
|
man/man3/ub_ctx_add_ta.3
|
|
|
|
|
man/man3/ub_ctx_add_ta_file.3
|
|
|
|
|
man/man3/ub_ctx_async.3
|
|
|
|
|
man/man3/ub_ctx_config.3
|
|
|
|
|
man/man3/ub_ctx_create.3
|
|
|
|
|
man/man3/ub_ctx_data_add.3
|
|
|
|
|
man/man3/ub_ctx_data_remove.3
|
|
|
|
|
man/man3/ub_ctx_debuglevel.3
|
|
|
|
|
man/man3/ub_ctx_debugout.3
|
|
|
|
|
man/man3/ub_ctx_delete.3
|
|
|
|
|
man/man3/ub_ctx_get_option.3
|
|
|
|
|
man/man3/ub_ctx_hosts.3
|
|
|
|
|
man/man3/ub_ctx_print_local_zones.3
|
|
|
|
|
man/man3/ub_ctx_resolvconf.3
|
|
|
|
|
man/man3/ub_ctx_set_fwd.3
|
|
|
|
|
man/man3/ub_ctx_set_option.3
|
|
|
|
|
man/man3/ub_ctx_trustedkeys.3
|
|
|
|
|
man/man3/ub_ctx_zone_add.3
|
|
|
|
|
man/man3/ub_ctx_zone_remove.3
|
|
|
|
|
man/man3/ub_fd.3
|
|
|
|
|
man/man3/ub_poll.3
|
|
|
|
|
man/man3/ub_process.3
|
|
|
|
|
man/man3/ub_resolve.3
|
|
|
|
|
man/man3/ub_resolve_async.3
|
|
|
|
|
man/man3/ub_resolve_free.3
|
|
|
|
|
man/man3/ub_result.3
|
|
|
|
|
man/man3/ub_strerror.3
|
|
|
|
|
man/man3/ub_wait.3
|
2008-05-27 00:36:56 +02:00
|
|
|
man/man5/unbound.conf.5
|
unbound 1.48:
Features:
* harden-below-nxdomain config option, default off (because very old software
may be incompatible). We could enable it by default in the future.
From draft-vixie-dnsext-resimprove-00.
* typetransparent localzone: does not block other RR types.
* so-sndbuf option for very busy servers, a bit like so-rcvbuf.
Bug Fixes:
* Fix so a changed NS RRset does not get moved name stuck on old server,
for type NS the TTL is not increased.
* Fix prefetch so it does not get stuck on old server for moved names.
* Fix insecure CNAME sequence marked as secure, reported by Bert Hubert.
* faster lruhash get_mem routine.
* [bugzilla: 346 ] remove ITAR scripts from contrib,
the service is discontinued, use the root.
* Fix in infra cache that could cause rto larger than TOP_TIMEOUT kept.
* algorithm compromise protection using the algorithms signalled in the DS
record. Also, trust anchors, DLV, and RFC5011 receive this, and thus,
if you have multiple algorithms in your trust-anchor-file then it will now
behave different than before. Also, 5011 rollover for algorithms needs to be
double-signature until the old algorithm is revoked.
* squelch 'tcp connect: bla' in logfile, (set verbosity 2 to see them)
* fix validation in this case: CNAME to nodata for co-hosted opt-in
NSEC3 insecure delegation, was bogus, fixed to be insecure.
* Fix our 'BDS' license (typo reported by Xavier Belanger).
* [bugzilla: 338 ] print address when socket creation fails.
* Fix storage of EDNS failures in the infra cache.
* silence 'tcp connect: broken pipe' and 'net down' at low verbosity.
* unbound-anchor compiles with openssl 0.9.7.
* Be lenient and accept imgw.pl malformed packet (like BIND).
* the included ldns tarball is updated (to 1.6.8)
* iana portlist updated.
unbound 1.47:
Features:
* unbound-anchor app, unbound requires libexpat (xml parser library).
It creates or updates a root.key file. Use it before you start the validator
(e.g. at system boot time).
* dump_infra and flush_infra commands for unbound-control.
Bug Fixes:
* GOST code enabled by default (RFC 5933).
* Configure detects libev-4.00.
* do not synthesize a CNAME message from cache for qtype DS.
* Use central entropy to seed threads.
* Change the rtt used to probe EDNS-timeout hosts to 1000 msec.
* Fix validation failure for parent and child on same server with an insecure
childzone and a CNAME from parent to child.
* Change of timeout code. No more lost and backoff in blockage. At 12sec timeout
(and at least 2x lost before) one probe per IP is allowed only. At 120sec,
the IP is blocked. After 15min, a 120sec entry has a single retry packet.
* no timeout backoff if meanwhile a query succeeded.
* Configure errors if ldns is not found.
* Windows 7 fix for the installer.
* Fix bug where fallback_tcp causes wrong roundtrip and edns observation to be
noted in cache. Fix bug where EDNSprobe halted exponential backoff if EDNS
status unknown.
* interface automatic works for some people with ip6 disabled. Therefore the
error check is removed, so they can use the option.
* Fix TCP so it uses a random outgoing-interface.
* Fix bug when DLV below a trust-anchor that uses NSEC3 optout where the zone
has a secure delegation hosted on the same server did not verify as secure
(it was insecure by mistake).
* Fix alloc_reg_release for longer uptime in out of memory conditions.
* [bugzilla: 329 ] in example.conf show correct ipv4 link-local 169.254/16.
* compliance with draft-ietf-dnsop-default-local-zones-14,
removed reverse ipv6 orchid prefix from builtin list.
* Algorithm rollover operational reality intrudes, for trust-anchor and
5011-store, if one key matches it's good enough.
* Fix reported validation error in out of memory condition.
* Abide RFC5155 section 9.2: no AD flag for replies with NSEC3 optout.
* increased mesh-max-activation from 1000 to 3000 for crazy domains like
_tcp.slb.com with 262 servers.
* [bugzilla: 327 ] Fix for cannot access stub zones until the root is primed.
* openbsd-lint fixes
* [bugzilla: 321 ] Fix resolution of rs.ripe.net artifacts with 0x20.
Delegpt structures checked for duplicates always.
No more nameserver lookups generated when depth is full anyway.
* [bugzilla: 322 ] Fix, configure does not respect CFLAGS on Solaris.
Pass CFLAGS="-xO4 -xtarget=generic" on the configure command line if use
sun-cc, but some systems need different flags.
* Fix acx_nlnetlabs.m4 configure output for autoconf-2.66 AS_TR_CPP changes,
uses m4_bpatsubst now.
* make test (or make check) should be more portable and run the unit test and
testbound scripts. (make longtest has special requirements).
* More pleasant remote control command parsing.
* Fix name of rrset printed that failed validation.
* Return NXDOMAIN after chain of CNAMEs ends at name-not-found.
* Fix validation in case a trust anchor enters into a zone with
unsupported algorithms.
* iana portlist updated.
* updated ldns tarball.
2011-03-21 16:04:32 +01:00
|
|
|
man/man8/unbound-anchor.8
|
2008-05-27 00:36:56 +02:00
|
|
|
man/man8/unbound-checkconf.8
|
Unbound 1.4.21
Features:
* Implement max-udp-size config option, default 4096 with fix#524 for
nonEDNS0 queries.
* add unbound-control insecure_add and insecure_remove for the administration
of negative trust anchors.
* install copy of unbound-control.8 man page for unbound-control-setup.
* code improve for minimal responses, small speed increase.
* max include of 100.000 files (depth and globbed at one time).
This is to preserve system memory in bug cases, or endless cases.
* unbound.h header file has UNBOUND_VERSION_MAJOR define.
* get_option, set_option, unbound-checkconf -o and libunbound getoption() and
setoption() support cache-min-ttl and cache-max-ttl. Also log-time-ascii,
python-script, val-sig-skew-min and val-sig-skew-max. log-time-ascii takes
effect immediately. The others are mostly useful for libunbound users.
* configure --disable-flto option.
* streamtcp man page.
* Make reverse zones easier by documenting the nodefault statements
commented-out in the example config file.
Bug Fixes:
* committed libunbound version 4:1:2 for binary API updated in 1.4.20
* Fix for 2038, with time_t instead of uint32_t.
* Fix resolve of names that use a mix of public and private addresses.
* [bugzilla: 492 ] Fix endianness detection, revert to older lookup3.c
detection and put new detect lines after previous tests, to avoid
regressions but allow new detections to succeed.
And add detection for machine/endian.h to it.
* Fix queries leaking up for stubs and forwards, if the configured
nameservers all fail to answer.
* unbound-anchor review: BIO_write can return 0 successfully if it has
successfully appended a zero length string.
* Fix so that for a configuration line of include: "*.conf" it is not an
error if there are no files matching the glob pattern.
* own implementation of compat/snprintf.c.
* [bugzilla: 491 ] pick program name (0th argument) as syslog identity.
* Fixup snprintf return value usage, fixed libunbound_get_option.
* Robust checks on dname validity from rdata for dname compare.
* iana portlist update.
* Fix round-robin doesn't work with some Windows clients.
* [bugzilla: 500 ] use on non-initialised values on socket bind failures.
* [bugzilla: 499 ] use-after-free in out-of-memory handling code.
* Explain bogus and secure flags in libunbound more.
* Update acx_pthreads.m4 to ax_pthreads.4 (2013-03-29), and apply patch to it
to not fail when -Werror is also specified, from the autoconf-archives.
* Fixup manpage syntax.
* Fix for const string literals in C++ for libunbound.
* Squelch sendto-permission denied errors when the network is not connected,
to avoid spamming syslog.
* libunbound documentation on how to avoid openssl race conditions.
* [bugzilla: 512 ] NSS returned arrays out of setup function to be statics.
* [bugzilla: 516 ] dnssec lameness detection for answers that are improper.
* [bugzilla: 519 ] ub_ctx_delete may hang in some scenarios (libunbound).
* [bugzilla: 520 ] Errors found by static analysis
2013-11-17 23:57:38 +01:00
|
|
|
man/man8/unbound-control-setup.8
|
2008-12-17 19:14:01 +01:00
|
|
|
man/man8/unbound-control.8
|
2008-05-27 00:36:56 +02:00
|
|
|
man/man8/unbound.8
|
|
|
|
|
sbin/unbound
|
unbound 1.48:
Features:
* harden-below-nxdomain config option, default off (because very old software
may be incompatible). We could enable it by default in the future.
From draft-vixie-dnsext-resimprove-00.
* typetransparent localzone: does not block other RR types.
* so-sndbuf option for very busy servers, a bit like so-rcvbuf.
Bug Fixes:
* Fix so a changed NS RRset does not get moved name stuck on old server,
for type NS the TTL is not increased.
* Fix prefetch so it does not get stuck on old server for moved names.
* Fix insecure CNAME sequence marked as secure, reported by Bert Hubert.
* faster lruhash get_mem routine.
* [bugzilla: 346 ] remove ITAR scripts from contrib,
the service is discontinued, use the root.
* Fix in infra cache that could cause rto larger than TOP_TIMEOUT kept.
* algorithm compromise protection using the algorithms signalled in the DS
record. Also, trust anchors, DLV, and RFC5011 receive this, and thus,
if you have multiple algorithms in your trust-anchor-file then it will now
behave different than before. Also, 5011 rollover for algorithms needs to be
double-signature until the old algorithm is revoked.
* squelch 'tcp connect: bla' in logfile, (set verbosity 2 to see them)
* fix validation in this case: CNAME to nodata for co-hosted opt-in
NSEC3 insecure delegation, was bogus, fixed to be insecure.
* Fix our 'BDS' license (typo reported by Xavier Belanger).
* [bugzilla: 338 ] print address when socket creation fails.
* Fix storage of EDNS failures in the infra cache.
* silence 'tcp connect: broken pipe' and 'net down' at low verbosity.
* unbound-anchor compiles with openssl 0.9.7.
* Be lenient and accept imgw.pl malformed packet (like BIND).
* the included ldns tarball is updated (to 1.6.8)
* iana portlist updated.
unbound 1.47:
Features:
* unbound-anchor app, unbound requires libexpat (xml parser library).
It creates or updates a root.key file. Use it before you start the validator
(e.g. at system boot time).
* dump_infra and flush_infra commands for unbound-control.
Bug Fixes:
* GOST code enabled by default (RFC 5933).
* Configure detects libev-4.00.
* do not synthesize a CNAME message from cache for qtype DS.
* Use central entropy to seed threads.
* Change the rtt used to probe EDNS-timeout hosts to 1000 msec.
* Fix validation failure for parent and child on same server with an insecure
childzone and a CNAME from parent to child.
* Change of timeout code. No more lost and backoff in blockage. At 12sec timeout
(and at least 2x lost before) one probe per IP is allowed only. At 120sec,
the IP is blocked. After 15min, a 120sec entry has a single retry packet.
* no timeout backoff if meanwhile a query succeeded.
* Configure errors if ldns is not found.
* Windows 7 fix for the installer.
* Fix bug where fallback_tcp causes wrong roundtrip and edns observation to be
noted in cache. Fix bug where EDNSprobe halted exponential backoff if EDNS
status unknown.
* interface automatic works for some people with ip6 disabled. Therefore the
error check is removed, so they can use the option.
* Fix TCP so it uses a random outgoing-interface.
* Fix bug when DLV below a trust-anchor that uses NSEC3 optout where the zone
has a secure delegation hosted on the same server did not verify as secure
(it was insecure by mistake).
* Fix alloc_reg_release for longer uptime in out of memory conditions.
* [bugzilla: 329 ] in example.conf show correct ipv4 link-local 169.254/16.
* compliance with draft-ietf-dnsop-default-local-zones-14,
removed reverse ipv6 orchid prefix from builtin list.
* Algorithm rollover operational reality intrudes, for trust-anchor and
5011-store, if one key matches it's good enough.
* Fix reported validation error in out of memory condition.
* Abide RFC5155 section 9.2: no AD flag for replies with NSEC3 optout.
* increased mesh-max-activation from 1000 to 3000 for crazy domains like
_tcp.slb.com with 262 servers.
* [bugzilla: 327 ] Fix for cannot access stub zones until the root is primed.
* openbsd-lint fixes
* [bugzilla: 321 ] Fix resolution of rs.ripe.net artifacts with 0x20.
Delegpt structures checked for duplicates always.
No more nameserver lookups generated when depth is full anyway.
* [bugzilla: 322 ] Fix, configure does not respect CFLAGS on Solaris.
Pass CFLAGS="-xO4 -xtarget=generic" on the configure command line if use
sun-cc, but some systems need different flags.
* Fix acx_nlnetlabs.m4 configure output for autoconf-2.66 AS_TR_CPP changes,
uses m4_bpatsubst now.
* make test (or make check) should be more portable and run the unit test and
testbound scripts. (make longtest has special requirements).
* More pleasant remote control command parsing.
* Fix name of rrset printed that failed validation.
* Return NXDOMAIN after chain of CNAMEs ends at name-not-found.
* Fix validation in case a trust anchor enters into a zone with
unsupported algorithms.
* iana portlist updated.
* updated ldns tarball.
2011-03-21 16:04:32 +01:00
|
|
|
sbin/unbound-anchor
|
2008-05-27 00:36:56 +02:00
|
|
|
sbin/unbound-checkconf
|
2008-12-17 19:14:01 +01:00
|
|
|
sbin/unbound-control
|
|
|
|
|
sbin/unbound-control-setup
|
2008-05-27 00:36:56 +02:00
|
|
|
sbin/unbound-host
|
|
|
|
|
share/examples/unbound/unbound.conf
|
