![]() |
Unbound 1.2.0 |
Unbound An open source, validating, recursive, and caching DNS resolver
System Requirememts
Mac OS X |
  |
| Download Details |
|
| Company |
NLnet Labs |
| Version |
1.2.0 |
| Post Date |
October 01, 2009 |
| License |
Freeware |
| File Size |
3.6 MB |
|
|
|
|
|
 There are no screenshots |
|
Unbound 1.2.0
An open source, validating, recursive, and caching DNS resolver Unbound is designed as a set of modular components, so that also DNSSEC (secure DNS) stub-resolvers (that do not run as a server, but are linked into an application) and validation are easily possible. NOTE: Unbound is developed, licensed and provided under the terms of the BSD License. Main features of Unbound:
Recursive service.
Caching service.
Forwarding and stub zones.
No authoritative service.
DNSSEC Validation options.
EDNS0, NSEC3, Unknown-RR-types.
What's New in This Release:
Features:
Wildcard support for trusted-keys-file: "/etc/keys/*.key"
unbound-control status command.
extended statistics has a number of ipv6 queries counter. contrib/unbound_munin_ was updated to draw ipv6 in the hits graph.
SElinux policy files in contrib/selinux for the unbound daemon, by Paul Wouters and Adam Tkac.
Bug Fixes:
The long standing bug with libevent use is fixed. It turns out to be a race condition in the calls to libevent. The builtin mini-event did not have a problem being called like this, but libevent and libev usage is now fixed. Libevent 1.1 is reported to still give problems, but 1.4.5 and 1.4.8 seem fine.
Certain packets could cause an assertion failure. Resulting in a denial-of-service vector if the server was compiled with --enable-debug (assertions enabled). This is fixed.
fixed bug reported by Duane Wessels: error in DLV lookup, would make some zones that had correct DLV keys as insecure.
[bugzilla: 228 ]fix lame marking. security fix that resolves denial of service that could be triggered by an unusual configuration. Thanks to Mark Zealey for reporting.
[bugzilla: 224 ]no more race condition in makefile during built with high -j inside included libldns version.
iana portlist updated to most recent, avoids allocated ports.
L root server AAAA record added to builtin root hints.
removed possible race condition in unit test for race conditions.
fixup reported problem with transparent local-zone data where queries with different type could get nxdomain. Now queries with a different name get resolved normally, with different type get a correct NOERROR/NODATA answer.
HINFO no longer downcased for validation, making unbound compatible with bind and ldns.
fix reading included config files when chrooted. Give full path names for include files. Relative path names work if the start dir equals the working dir.
fix libunbound message transport when no packet buffer is available.
fixup getaddrinfo failure handling for remote control port.
fixup so it works with libev-3.51 from http://dist.schmorp.de/libev/
ldns tarball updated with 1.4.1rc for DLV unit test.
fixup BSD port for infra host storage. It hashed wrongly.
follow ldns rc makedist name generation.
snapshot version uses _ not - to help rpm distinguish the version number.
do not reopen syslog to avoid dev/log dependency. This makes chroot environments easier.
[bugzilla: 219 ]better fix for bug #219: use LOG_NDELAY with openlog() call. Thanks to Tamas Tevesz.
[bugzilla: 221 ]fixed: unbound checkconf checks if key files exist if remote control is enabled. Also fixed NULL printf when not chrooted.
Fix problem reported by Jaco Engelbrecht where unbound-control stats freezes up unbound if this was compiled without threading, and was using multiple processes.
test for remote control with interprocess communication.
created command distribution mechanism so that remote control commands other than 'stats' work on all processes in a nonthreaded compiled version. dump/load cache work, on the first process.
fixup remote control local_data addition memory corruption bug.
blacklisted servers are polled at a low rate (1%) to see if they come back up. But not if there is some other working server.
documented that the user of the server daemon needs read privileges on the keys and certificates generated by unbound-control-setup. This is different per system or distribution, usually, running the script under the same username as the server uses suffices. i.e. sudo -u unbound unbound-control-setup
unbound-control-setup.sh removes read/write permissions other from the keys it creates (as suggested by Dmitriy Demidov).
fixed tcp accept, errors were printed when they should not.
fixup fatal error due to faulty error checking after tcp accept.
add check in rlimit code to avoid integer underflow.
rlimit check with new formula; better estimate for number interfaces.
|
Mac Categories
