2010年6月16日

[installer 2404] unbound-1.4.5

unbound-1.4.5 出ています。

☆ unbound-1.4.5
http://unbound.net/
http://unbound.net/downloads/unbound-1.4.5.tar.gz

http://www.unbound.net/download.html より:

Unbound 1.4.5
Download: unbound-1.4.5.tar.gz
SHA1 checksum: c1f227b95448cdfd0006d6d00b3d4354500d7564
SHA256 checksum: 905685836715ac715098909ae5268504322f0f226c957d18ed32895c76d8224c
Date: 3 June, 2010

Features

o unbound-control get_option domain-insecure shows config file items.
o Autotrust anchor file can be initialized with a ZSK key as well (if
the domain's DNSKEY set is signed with that ZSK).
o Conforms to draft-ietf-dnsop-default-local-zones-13. Added default
reverse lookup blocks for IPv4 test nets 100.51.198.in-addr.arpa,
113.0.203.in-addr.arpa and Orchid prefix 0.1.1.0.0.2.ip6.arpa.
o Contribution from Migiel de Vos (Surfnet): nagios patch for
unbound-host, in contrib/ (in the source tarball). Makes
unbound-host suitable for monitoring dnssec(-chain) status.
o GOST disabled-by-default, the algorithm number is allocated but the
RFC is still has to pass AUTH48 at the IETF.

Bug Fixes

o Fix validation failure for qtype ANY caused by a RRSIG parse
failure. The validator error message was 'no signatures from ...'.
o Squelch log message: sendto failed permission denied for
255.255.255.255, it is visible in VERB_DETAIL (verbosity 2).
o Fix fetch from blacklisted dnssec lame servers as last resort. The
server's IP address is then given in validator errors as well.
o Fix local-zone type redirect that did not use the query name for the
answer rrset.
o Compile fix using Sun Studio 12 compiler on Solaris 5.9, use
CPPFLAGS during configure process.
o Fix if libev is installed on the base system (not libevent), detect
it from the event.h header file and link with -lev.
o Fix configlexer.lex gets config.h, and configyyrename.h added by
make, no more double include.
o More strict scrubber (Thanks to George Barwood for the idea): NS set
must be pertinent to the query.
o [bugzilla: 307 ]
In 0x20 backoff fix fallback so the number of outstanding queries
does not become -1 and block the request. Fixed handling of
recursion-lame in combination with 0x20 fallback. Fix so RRsets are
compared canonicalized and sorted if the immediate comparison fails,
this makes the 0x20 option work around round-robin sites.
o Fix retry sequence if prime hints are recursion-lame.
o Fix so harden-referral-path does not result in failures due to
max-depth. You can increase the max-depth by adding numbers (' 0')
after the target-fetch-policy, this increases the depth to which is
checked.
o Fix detection of GOST support in ldns (reported by Chris Smith).
o Fix for dnssec lameness detection to use the key cache.
o infra cache entries that are expired are wiped clean. Previously it
was possible to not expire host data (if accessed often).
o Fix dnssec-missing detection that was turned off by server
selection.
o [bugzilla: 308 ]
Fix spelling error in variable name in parser and lexer.
o Fix various compiler warnings from the clang llvm compiler.
o Fix comments in iter_utils:dp_is_useless.
o EDNS timeout code will not fire if EDNS status already known.
o EDNS failure not stored if EDNS status known to work.
o Parent-child disagreement approach altered. Older fixes are removed
in place of a more exhaustive search for misconfigured data
available via the parent of a delegation. This is designed to be
throttled by cache entries, with TTL from the parent if
possible. Additionally the loop-counter is used. It also tests for
NS RRset differences between parent and child. The fetch of
misconfigured data should be more reliable and thorough. It should
work reliably even with no or only partial data in cache. Data
received from the child (as always) is deemed more authoritative
than information received from the delegation parent. The search for
misconfigured data is not performed normally.
o Fix AD flag handling, it could in some cases mistakenly copy the AD
flag from upstream servers.
o Ignore Z flag in incoming messages too.
o alloc_special_obtain out of memory is not a fatal error any more,
enabling unbound to continue longer in out of memory conditions.
o Parentside names are dispreferred but not said to be dnssec-lame.
o Fix parentside and querytargets modulestate, for dump_requestlist.
o unbound-control-setup makes keys -rw-r--- so not all users
permitted.
o libtoolize 2.2.6b, autoconf 2.65 applied to configure.
o Fix compile warning if compiled without threads.
o iana portlist updated.
o included ldns tarball updated.
o Fix bug where a long loop could be entered, now cycle detection has
a loop-counter and maximum search amount.

----
こがよういちろう


投稿者 xml-rpc : 2010年6月16日 12:20
役に立ちました?:
過去のフィードバック 平均:(0) 総合:(0) 投票回数:(0)
本記事へのTrackback: http://hoop.euqset.org/blog/mt-tb2006.cgi/96411
トラックバック
コメント
コメントする




画像の中に見える文字を入力してください。