Features:
* applied patch to support outgoing-interface with ub_ctx_set_option.
Bug Fixes:
* Fix validation failures (like: validation failure xx: no NSEC3 closest
encloser from yy for DS zz. while building chain of trust, because of
a bug in the TTL-fix in 1.4.15, it picked the wrong rdata for an NSEC3.
Now it does not change rdata, and fixes TTL.
* Fix version-number in libtool to be version-info so it produces
libunbound.so.2 like it should.
* Fixes for port to OpenIndiana OS with gcc 4.6.
* Fix to write key files completely to a temporary file, and if that
succeeds, replace the real key file. So failures leave a useful file.
Unbound 1.4.15
Bug Fixes:
* Fix for memory leak (about 20 bytes when a tcp or udp send operation
towards authority servers failed, takes about 50.000 such failures to
leak one Mb, such failures are also usually logged).
* Fix to randomize hash function, based on 28c3 congress.
* [bugzilla: 425 ] unbound reports wrong TTL in reply, it reports a TTL
that would be permissible by the RFCs but it is not the TTL in the cache.
* [bugzilla: 429 ] add ub_version() call to libunbound. API version increase,
with (binary) backwards compatibility for the previous version.
* Fix bug where canonical_compare of RRSIG did not downcase the signer-name.
This is mostly harmless because RRSIGs do not have to be sorted in
canonical order, usually.
* uninitialised variable in reprobe for rtt blocked domains fixed.
* iana portlist updated.
Features:
* Makefile changed for BSD make compatibility.
* dns over ssl support as a client, ssl-upstream yes turns it on.
It performs an SSL transaction for every DNS query.
* dns over ssl support as a server, ssl-service-pem and ssl-service-key files
can be given and then TCP queries are serviced wrapped in SSL.
* lame-ttl and lame-size options no longer exist, it is integrated with the
host info. They are ignored (with verbose warning) if encountered
to keep the config file backwards compatible.
* TCP-upstream calculates tcp-ping so server selection works if there are
alternatives.
* Unbound probes at EDNS1480 if there an EDNS0 timeout.
Bug Fixes:
* Fix for VU#209659 CVE-2011-4528: Unbound denial of service vulnerabilities
from nonstandard redirection and denial of existence
http://www.unbound.net/downloads/CVE-2011-4528.txt
* Fix for tcp-upstream and ssl-upstream for if a laptop sleeps,
causes SERVFAILs. Also fixed for UDP (but less likely).
* Fix quartile time estimate, it was too low.
* Fix double free in unbound-host.
* fix -flto detection on Lion for llvm-gcc.
* [bugzilla: 416 ] Infra cache stores information about ping and lameness
per IP, zone.
* [bugzilla: 415 ] Fix resolve of partners.extranet.microsoft.com with a fix
for the server selection for choosing out of a (particular) list of bad
choices.
* Fix make_new_space function so that the incoming query is not overwritten
if a jostled out query causes a waiting query to be resumed that then fails
and sends an error message.
* fix unbound-anchor for broken strptime on OSX lion, detected in configure.
* Detect if GOST really works, openssl1.0 on OSX fails.
* Implement ipv6%interface notation for scope_id usage.
* better documentation for inform_super.
* Fix for out-of-memory condition in libunbound.
* Fix --enable-allsymbols, it depended on link specifics of the target platform, or fptr_wlist assertion failures could occur.
* updated contrib/unbound_munin_ to family=auto so that it works with
munin-node-configure automatically.
* Fix classification of NS set in answer section, where there is a
parent-child server, and the answer has the AA flag for dir.slb.com.
* [bugzilla: 408 ] accept patch from Steve Snyder that comments out unused
functions in lookup3.c.
* fix various compiler warnings.
* max sent count. EDNS1480 only for rtt < 5000. No promiscuous fetch if
sentcount > 3, stop query if sentcount > 16. Count is reset when referral
or CNAME happens. This makes unbound better at managing large NS sets,
they are explored when there is continued interest (in the form of queries).
* remove uninit warning from cachedump code.
* Fix parse error on negative SOA RRSIGs if badly ordered in the packet.
* fix infra cache comparison.
* Fix to constrain signer_name to be a parent of the lookupname.
* robust checks for next-closer NSEC3s.
* iana portlist updated.
(Ok'ed by wiz@)
Features:
* Note that Unbound implements RFC6303 (since version 1.4.7).
tcp-upstream yes/no option (works with set_option) for tunnels.
* The format of answers to the qtype ANY with a CNAME have changed, so that there can be proper validated DNSSEC answers for them. This is for queries with qtype ANY where the domain name has a CNAME. Now an answer is returned, where before it resulted in SERVFAIL due to validation failure. When DNSSEC validation is disabled, the contents of the response have changed: the CNAME is not followed, and the correct contents of the RRsets at the initial name are included (where previously only partial contents of the initial names could have been included but the CNAME was followed). The qtype ANY is a query for debug where the resolver is to fill in relevant data that happens to be at hand from the cache.
Bug Fixes:
* Fix validation of qtype ANY responses with CNAMEs. Unbound responds with the RR types that are available at the name for qtype ANY and validates those RR types. It does not test for completeness (i.e. with NSEC or NSEC3 query), and it does not follow the CNAME or DNAME to another name (with even more data for the already large response)
* Documented the options that work with control set_option command.
* Fix that internally, CNAMEs with NXDOMAIN have that as rcode.
* Fix validation of . DS query.
* Fix wildcard expansion no-data reply under an optout NSEC3 zone is validated as insecure.
* Fix python site-packages path to /usr/lib64.
* fix memory and fd leak after out-of-memory condition.
* contrib. patch fixes load of python modules.
* contrib. patch that fixes a memory leak in the unbound python module, in string conversions.
* Fix num-threads 0 does not segfault.
* Fix autoconf 2.68 warnings
* iana portlist updated
Bug Fixes:
* removed ldns-src tarball inside the unbound tarball.
* [bugzilla: 395 ]
fix that id bits of other query may leak out under conditions
* fix replyaddr count wrong after jostled queries, which leads to eventual starvation where the daemon has no replyaddrs left to use.
* fix that the listening socket is not closed when too many remote control connections are made at the same time.
* version number in example config file.
* fix that --enable-static-exe does not complain about it unknown.
* iana portlist updated
1.4.11:
Features:
* log-queries: yesno option, default is no, prints querylog.
* ignore-cd-flag: yesno to provide dnssec to legacy servers.
* Use -flto compiler flag for link time optimization, if supported.
* unbound-control has version number in the header, and uses port number registered with IANA, 8953.
Bug Fixes:
* Fix Makefile for U in environment, since wrong U is more common than deansification necessity.
* defense in depth against the assertion failure bug fixed in 1.4.10, an error is printed to log instead of an assertion failure.
* [bugzilla: 386 ]
--enable-allsymbols option links all binaries to libunbound and reduces install size significantly.
* Fix TTL of SOA so negative TTL is separately cached from normal TTL.
* configure created with newer autoconf 2.66.
* [bugzilla: 378 ]
Fix that configure checks for ldns_get_random presence.
* queries with CD flag set cause DNSSEC validation, but the answer is not withheld if it is bogus. Thus, unbound will retry if it is bad and curb the TTL if it is bad, thus protecting the cache for use by downstream validators.
* val-override-date: -1 ignores dates entirely, for NTP usage.
* harden-below-nxdomain: changed so that it activates when the cached nxdomain is dnssec secure. This avoids backwards incompatibility because those old servers do not have dnssec.
* statistics-interval prints the number of jostled queries to log.
* IPv6 service address for d.root-servers.net (2001:500:2D::D).
* updated ldns tarball to 1.6.10rc2 snapshot
* iana portlist updated.
Bug Fixes:
* Added explicit note on unbound-anchor usage: Please note usage of
unbound-anchor root anchor is at your own risk and under the terms of our
LICENSE (see that file in the source).
* Fix remove private address does not throw away entire response. [bugzilla: 361 ]
* Fix, time.elapsed variable not reset with stats_noreset.
* Fix no ADflag for NXDOMAIN in NSEC3 optout. And wildcard in optout.
* give config parse error for multiple names on a stub or forward zone.
* updated ldns tarball to 1.6.9(snapshot).
* iana portlist updated.
Features:
* harden-below-nxdomain config option, default off (because very old software
may be incompatible). We could enable it by default in the future.
From draft-vixie-dnsext-resimprove-00.
* typetransparent localzone: does not block other RR types.
* so-sndbuf option for very busy servers, a bit like so-rcvbuf.
Bug Fixes:
* Fix so a changed NS RRset does not get moved name stuck on old server,
for type NS the TTL is not increased.
* Fix prefetch so it does not get stuck on old server for moved names.
* Fix insecure CNAME sequence marked as secure, reported by Bert Hubert.
* faster lruhash get_mem routine.
* [bugzilla: 346 ] remove ITAR scripts from contrib,
the service is discontinued, use the root.
* Fix in infra cache that could cause rto larger than TOP_TIMEOUT kept.
* algorithm compromise protection using the algorithms signalled in the DS
record. Also, trust anchors, DLV, and RFC5011 receive this, and thus,
if you have multiple algorithms in your trust-anchor-file then it will now
behave different than before. Also, 5011 rollover for algorithms needs to be
double-signature until the old algorithm is revoked.
* squelch 'tcp connect: bla' in logfile, (set verbosity 2 to see them)
* fix validation in this case: CNAME to nodata for co-hosted opt-in
NSEC3 insecure delegation, was bogus, fixed to be insecure.
* Fix our 'BDS' license (typo reported by Xavier Belanger).
* [bugzilla: 338 ] print address when socket creation fails.
* Fix storage of EDNS failures in the infra cache.
* silence 'tcp connect: broken pipe' and 'net down' at low verbosity.
* unbound-anchor compiles with openssl 0.9.7.
* Be lenient and accept imgw.pl malformed packet (like BIND).
* the included ldns tarball is updated (to 1.6.8)
* iana portlist updated.
unbound 1.47:
Features:
* unbound-anchor app, unbound requires libexpat (xml parser library).
It creates or updates a root.key file. Use it before you start the validator
(e.g. at system boot time).
* dump_infra and flush_infra commands for unbound-control.
Bug Fixes:
* GOST code enabled by default (RFC 5933).
* Configure detects libev-4.00.
* do not synthesize a CNAME message from cache for qtype DS.
* Use central entropy to seed threads.
* Change the rtt used to probe EDNS-timeout hosts to 1000 msec.
* Fix validation failure for parent and child on same server with an insecure
childzone and a CNAME from parent to child.
* Change of timeout code. No more lost and backoff in blockage. At 12sec timeout
(and at least 2x lost before) one probe per IP is allowed only. At 120sec,
the IP is blocked. After 15min, a 120sec entry has a single retry packet.
* no timeout backoff if meanwhile a query succeeded.
* Configure errors if ldns is not found.
* Windows 7 fix for the installer.
* Fix bug where fallback_tcp causes wrong roundtrip and edns observation to be
noted in cache. Fix bug where EDNSprobe halted exponential backoff if EDNS
status unknown.
* interface automatic works for some people with ip6 disabled. Therefore the
error check is removed, so they can use the option.
* Fix TCP so it uses a random outgoing-interface.
* Fix bug when DLV below a trust-anchor that uses NSEC3 optout where the zone
has a secure delegation hosted on the same server did not verify as secure
(it was insecure by mistake).
* Fix alloc_reg_release for longer uptime in out of memory conditions.
* [bugzilla: 329 ] in example.conf show correct ipv4 link-local 169.254/16.
* compliance with draft-ietf-dnsop-default-local-zones-14,
removed reverse ipv6 orchid prefix from builtin list.
* Algorithm rollover operational reality intrudes, for trust-anchor and
5011-store, if one key matches it's good enough.
* Fix reported validation error in out of memory condition.
* Abide RFC5155 section 9.2: no AD flag for replies with NSEC3 optout.
* increased mesh-max-activation from 1000 to 3000 for crazy domains like
_tcp.slb.com with 262 servers.
* [bugzilla: 327 ] Fix for cannot access stub zones until the root is primed.
* openbsd-lint fixes
* [bugzilla: 321 ] Fix resolution of rs.ripe.net artifacts with 0x20.
Delegpt structures checked for duplicates always.
No more nameserver lookups generated when depth is full anyway.
* [bugzilla: 322 ] Fix, configure does not respect CFLAGS on Solaris.
Pass CFLAGS="-xO4 -xtarget=generic" on the configure command line if use
sun-cc, but some systems need different flags.
* Fix acx_nlnetlabs.m4 configure output for autoconf-2.66 AS_TR_CPP changes,
uses m4_bpatsubst now.
* make test (or make check) should be more portable and run the unit test and
testbound scripts. (make longtest has special requirements).
* More pleasant remote control command parsing.
* Fix name of rrset printed that failed validation.
* Return NXDOMAIN after chain of CNAMEs ends at name-not-found.
* Fix validation in case a trust anchor enters into a zone with
unsupported algorithms.
* iana portlist updated.
* updated ldns tarball.
Features:
* Builtin root hints contain AAAA for I.ROOT-SERVERS.NET.
* unbound.h has extern "C" statement for easier include in c++.
* added feature to print configure date, target and options with -h.
* added feature to print event backend system details with -h.
* (ports and works on Minix 3.1.7). On Minix, add /usr/gnu/bin to PATH,
use ./configure AR=/usr/gnu/bin/gar and gmake.
* GOST enabled if SSL is recent and ldns has GOST enabled too.
Bug Fixes:
* Fix TCPreply on systems with no writev, if just 1 byte could be sent.
* Fix to use one pointer less for iterator query state store_parent_NS.
* Max referral count from 30 to 130, because 128 one character domains is valid DNS.
* added documentation for the histogram printout to syslog.
* Fix assertion failure reported by Kai Storbeck from XS4ALL, the assertion was wrong.
* updated ldns tarball.
* iana portlist updated.
* Unbound reports libev or libevent correctly in logs in verbose mode.
* Fix handling of corner case reply from lame server, follows rfc2308.
* Fix jostle list bug found by Vince (luoce at cnnic), it caused the qps in
overload situations to be about 5 qps for the class of shortly serviced
queries.
* Fix the max number of reply-address count to be applied for duplicate queries,
and not for new query list entries.
* Fix RFC4035 compliance with 2.2 statement that the DNSKEY at apex must be
signed with all algorithms from the DS rrset at the parent.
* Fix validation of qtype DNSKEY when a key-cache entry exists but no rr-cache
entry is used (it expired or prefetch), it then goes back up to the DS or
trust-anchor to validate the DNSKEY.
* log if a server is skipped because it is on the donotquery list, at verbosity
4, to enable diagnosis why no queries to 127.0.0.1.
* failure to chown the pidfile is not fatal any more.
* Neat function prototypes, unshadowed local declarations.
* Fix integer underflow in prefetch ttl creation from cache.
This fixes a potential negative prefetch ttl.
* Changed the defaults for num-queries-per-thread/outgoing-range.
Features:
* unbound-control get_option domain-insecure shows config file items.
* Autotrust anchor file can be initialized with a ZSK key as well
(if the domain's DNSKEY set is signed with that ZSK).
* Conforms to draft-ietf-dnsop-default-local-zones-13. Added default
reverse lookup blocks for IPv4 test nets 100.51.198.in-addr.arpa,
113.0.203.in-addr.arpa and Orchid prefix 0.1.1.0.0.2.ip6.arpa.
* Contribution from Migiel de Vos (Surfnet): nagios patch for unbound-host,
in contrib/ (in the source tarball). Makes unbound-host suitable for
monitoring dnssec(-chain) status.
* GOST disabled-by-default, the algorithm number is allocated but the RFC
is still has to pass AUTH48 at the IETF.
Bug Fixes:
* Fix validation failure for qtype ANY caused by a RRSIG parse failure.
The validator error message was 'no signatures from ...'.
* Squelch log message: sendto failed permission denied for 255.255.255.255,
it is visible in VERB_DETAIL (verbosity 2).
* Fix fetch from blacklisted dnssec lame servers as last resort.
The server's IP address is then given in validator errors as well.
* Fix local-zone type redirect that did not use the query name for the
answer rrset.
* Compile fix using Sun Studio 12 compiler on Solaris 5.9, use CPPFLAGS
during configure process.
* Fix if libev is installed on the base system (not libevent),
detect it from the event.h header file and link with -lev.
* Fix configlexer.lex gets config.h, and configyyrename.h added by make,
no more double include.
* More strict scrubber (Thanks to George Barwood for the idea):
NS set must be pertinent to the query.
* [bugzilla: 307 ] In 0x20 backoff fix fallback so the number of outstanding
queries does not become -1 and block the request. Fixed handling of
recursion-lame in combination with 0x20 fallback. Fix so RRsets are
compared canonicalized and sorted if the immediate comparison fails,
this makes the 0x20 option work around round-robin sites.
* Fix retry sequence if prime hints are recursion-lame.
* Fix so harden-referral-path does not result in failures due to max-depth.
You can increase the max-depth by adding numbers (' 0') after the
target-fetch-policy, this increases the depth to which is checked.
* Fix detection of GOST support in ldns (reported by Chris Smith).
* Fix for dnssec lameness detection to use the key cache.
* infra cache entries that are expired are wiped clean.
Previously it was possible to not expire host data (if accessed often).
* Fix dnssec-missing detection that was turned off by server selection.
* [bugzilla: 308 ] Fix spelling error in variable name in parser and lexer.
* Fix various compiler warnings from the clang llvm compiler.
* Fix comments in iter_utils:dp_is_useless.
* EDNS timeout code will not fire if EDNS status already known.
* EDNS failure not stored if EDNS status known to work.
* Parent-child disagreement approach altered. Older fixes are removed in
place of a more exhaustive search for misconfigured data available via
the parent of a delegation. This is designed to be throttled by cache
entries, with TTL from the parent if possible. Additionally the
loop-counter is used. It also tests for NS RRset differences between
parent and child. The fetch of misconfigured data should be more
reliable and thorough. It should work reliably even with no or only
partial data in cache. Data received from the child (as always) is
deemed more authoritative than information received from the delegation
parent. The search for misconfigured data is not performed normally.
* Fix AD flag handling, it could in some cases mistakenly copy the AD flag
from upstream servers.
* Ignore Z flag in incoming messages too.
* alloc_special_obtain out of memory is not a fatal error any more,
enabling unbound to continue longer in out of memory conditions.
* Parentside names are dispreferred but not said to be dnssec-lame.
* Fix parentside and querytargets modulestate, for dump_requestlist.
* unbound-control-setup makes keys -rw-r--- so not all users permitted.
* libtoolize 2.2.6b, autoconf 2.65 applied to configure.
* Fix compile warning if compiled without threads.
* iana portlist updated.
* included ldns tarball updated.
* Fix bug where a long loop could be entered, now cycle detection has
a loop-counter and maximum search amount.
Features:
* Experimental ECC-GOST algorithm support.
* unbound-host disables use-syslog from config file.
* Include less in config.h and include per code file for ldns, ssl.
Bug Fixes:
* [bugzilla: 305 ] (regarding pkt_dname_tolower).
* Fix chain of trust with CNAME, for the DS processing proof.
* Fix validation of queries with wildcard names (*.example).
* Fix EDNS probe for .de DNSSEC testbed failure (backoff).
* unbound control flushed items are not counted when flushed again.
* iana portlist updated.
* [bugzilla: 301 ] (regarding unbound-checkconf).
* Fixed random numbers for port, interface and server selection.
* Refer to the listing in unbound-control man page in the extended \
statistics entry in the unbound.conf man page.
* Fix interface-automatic for OpenBSD: msg.controllen was too small.
* check for IP_SENDSRCADDR for interface-automatic or IP_PKTINFO.
* for NSEC3 check if signatures are cached.
* Reordered configure checks so fork and -lnsl -lsocket checks are earlier.
* ldns tarball updated.
* Fix python use when multithreaded.
* Fix solaris python compile.
* spelling fix in validation error involving cnames.
- Fix a memory alignment issue, that can be triggered remote on (some)
64bit systems
- Fix daemonize on Solaris 10 to correctly detach from terminal
- Extend unbound-control with new functions
- Better VERB_DETAIL output
- Improve latency of DNSSEC requeries by optionally prefetching the key
earlier in the validation process
- Prefetch option for popular queries before they expire
- Fix re-query pattern on invalid DNSKEY or DS records to reduce traffic
to a few packets / zone instead of a few packets / record
- Fixed bug where NSEC3 signature was not checked. This meant that
a DS could be spoofed away by a carefully crafted packet.
A downgrade attack on existing secure delegations.
- updated iana port list.
- improve chroot handling
- even stricter validation
- support for blocking DNS rebinding attacks
- DLV support
- bugfixes
The package now uses the normal net/ldns package instead of the local
copy.
stricter filtering to defeat some additional DNS attacks and support for
source address randomisation and optional capitalisation support. The
former can be configured when multiple public IPs are present, the
latter is considered experimental as a small number of servers doesn't
support it.
