- Fix a memory alignment issue, that can be triggered remote on (some)
64bit systems
- Fix daemonize on Solaris 10 to correctly detach from terminal
- Extend unbound-control with new functions
- Better VERB_DETAIL output
- Improve latency of DNSSEC requeries by optionally prefetching the key
earlier in the validation process
- Prefetch option for popular queries before they expire
- Fix re-query pattern on invalid DNSKEY or DS records to reduce traffic
to a few packets / zone instead of a few packets / record
- Fixed bug where NSEC3 signature was not checked. This meant that
a DS could be spoofed away by a carefully crafted packet.
A downgrade attack on existing secure delegations.
- updated iana port list.
- improve chroot handling
- even stricter validation
- support for blocking DNS rebinding attacks
- DLV support
- bugfixes
The package now uses the normal net/ldns package instead of the local
copy.
stricter filtering to defeat some additional DNS attacks and support for
source address randomisation and optional capitalisation support. The
former can be configured when multiple public IPs are present, the
latter is considered experimental as a small number of servers doesn't
support it.
