Path to this page:
Subject: CVS commit: pkgsrc/net/unbound
From: Fredrik Pettai
Date: 2010-07-26 21:09:19
Message id: 20100726190920.09725175DD@cvs.netbsd.org
Log Message:
unbound-1.4.5:
Features:
* unbound-control get_option domain-insecure shows config file items.
* Autotrust anchor file can be initialized with a ZSK key as well
(if the domain's DNSKEY set is signed with that ZSK).
* Conforms to draft-ietf-dnsop-default-local-zones-13. Added default
reverse lookup blocks for IPv4 test nets 100.51.198.in-addr.arpa,
113.0.203.in-addr.arpa and Orchid prefix 0.1.1.0.0.2.ip6.arpa.
* Contribution from Migiel de Vos (Surfnet): nagios patch for unbound-host,
in contrib/ (in the source tarball). Makes unbound-host suitable for
monitoring dnssec(-chain) status.
* GOST disabled-by-default, the algorithm number is allocated but the RFC
is still has to pass AUTH48 at the IETF.
Bug Fixes:
* Fix validation failure for qtype ANY caused by a RRSIG parse failure.
The validator error message was 'no signatures from ...'.
* Squelch log message: sendto failed permission denied for 255.255.255.255,
it is visible in VERB_DETAIL (verbosity 2).
* Fix fetch from blacklisted dnssec lame servers as last resort.
The server's IP address is then given in validator errors as well.
* Fix local-zone type redirect that did not use the query name for the
answer rrset.
* Compile fix using Sun Studio 12 compiler on Solaris 5.9, use CPPFLAGS
during configure process.
* Fix if libev is installed on the base system (not libevent),
detect it from the event.h header file and link with -lev.
* Fix configlexer.lex gets config.h, and configyyrename.h added by make,
no more double include.
* More strict scrubber (Thanks to George Barwood for the idea):
NS set must be pertinent to the query.
* [bugzilla: 307 ] In 0x20 backoff fix fallback so the number of outstanding
queries does not become -1 and block the request. Fixed handling of
recursion-lame in combination with 0x20 fallback. Fix so RRsets are
compared canonicalized and sorted if the immediate comparison fails,
this makes the 0x20 option work around round-robin sites.
* Fix retry sequence if prime hints are recursion-lame.
* Fix so harden-referral-path does not result in failures due to max-depth.
You can increase the max-depth by adding numbers (' 0') after the
target-fetch-policy, this increases the depth to which is checked.
* Fix detection of GOST support in ldns (reported by Chris Smith).
* Fix for dnssec lameness detection to use the key cache.
* infra cache entries that are expired are wiped clean.
Previously it was possible to not expire host data (if accessed often).
* Fix dnssec-missing detection that was turned off by server selection.
* [bugzilla: 308 ] Fix spelling error in variable name in parser and lexer.
* Fix various compiler warnings from the clang llvm compiler.
* Fix comments in iter_utils:dp_is_useless.
* EDNS timeout code will not fire if EDNS status already known.
* EDNS failure not stored if EDNS status known to work.
* Parent-child disagreement approach altered. Older fixes are removed in
place of a more exhaustive search for misconfigured data available via
the parent of a delegation. This is designed to be throttled by cache
entries, with TTL from the parent if possible. Additionally the
loop-counter is used. It also tests for NS RRset differences between
parent and child. The fetch of misconfigured data should be more
reliable and thorough. It should work reliably even with no or only
partial data in cache. Data received from the child (as always) is
deemed more authoritative than information received from the delegation
parent. The search for misconfigured data is not performed normally.
* Fix AD flag handling, it could in some cases mistakenly copy the AD flag
from upstream servers.
* Ignore Z flag in incoming messages too.
* alloc_special_obtain out of memory is not a fatal error any more,
enabling unbound to continue longer in out of memory conditions.
* Parentside names are dispreferred but not said to be dnssec-lame.
* Fix parentside and querytargets modulestate, for dump_requestlist.
* unbound-control-setup makes keys -rw-r--- so not all users permitted.
* libtoolize 2.2.6b, autoconf 2.65 applied to configure.
* Fix compile warning if compiled without threads.
* iana portlist updated.
* included ldns tarball updated.
* Fix bug where a long loop could be entered, now cycle detection has
a loop-counter and maximum search amount.
Files: