Features:
* RFC6725 deprecates RSAMD5: this DNSKEY algorithm is disabled.
The contrib/patch_rsamd5_enable.diff patch enables RSAMD5 validation
otherwise it is treated as insecure. The MD5 hash is considered weak for
some purposes, if you want to sign your zone, then RSASHA256 is an
uncontested hash.
* unbound-control -q option is quiet
* include: directive in config file accepts wildcards.
Suggested use: include: "/etc/unbound.d/conf.d/*"
Bug Fixes:
* Fix openssl race condition, initializes openssl locks.
* Improved forward-first and stub-first documentation.
* Fix that enables modules to register twice for the same serviced_query,
without race conditions or administration issues.
* Fix forward-first option where it sets the RD flag wrongly.
* added manpage links for libunbound calls.
* Add documentation to libunbound for default nonuse of resolv.conf.
* Fix timeouts so that when a server has been offline for a while and is
probed to see it works, it becomes fully available for server selection again.
* Fallback to 1472 and 1232, one fragment size without headers.
* [bugzilla: 465 ] Nicer comments outgoing-port-avoid.
* chdir to / after chroot call (suggested by Camiel Dobbelaar).
* updated contrib/unbound.spec.
* ignore trusted-keys globs that have no files (from Paul Wouters).
* fix text in unbound-anchor man page.
* fix build of pythonmod in objdir.
* make clean and makerealclean remove generated python and docs.
* Fix validation for responses with both CNAME and wildcard expanded CNAME
records in answer section.
* [bugzilla: 477 ] Fix unbound-anchor segfault if EDNS is blocked.
* Fix unbound-control forward disables configured stubs below it.
* [bugzilla: 481 ] Fix python example0.
* iana portlist updated.
