Software-update: Unbound 1.17.1

Als je een dns-look-up uitvoert, begint een recursor in eerste instantie met het stellen van de look-upvraag aan een dns-rootserver. Deze kan dan doorverwijzen naar andere servers, vanaf waar weer doorverwezen kan worden naar andere servers enzovoort, totdat uiteindelijk een server is bereikt die het antwoord weet of weet dat de look-up niet mogelijk is. Van dit laatste kan sprake zijn als de naam niet bestaat of de servers niet reageren. Het proces van het langslopen van verschillende authoritative servers heet recursie. Unbound is een dns-recursor met ondersteuning voor moderne standaarden, zoals Query Name Minimisation, Aggressive Use of Dnssec-Validated Cache en authority zones. De ontwikkelaars hebben versie 1.17.1 uitgebracht en sinds versie 1.16.3 zijn de volgende veranderingen en verbeteringen aangebracht:

Unbound 1.17.1

Features

• Expose 'statistics-inhibit-zero' as a configuration option; the default value retains Unbound's behavior.
• Expose 'max-sent-count' as a configuration option; the default value retains Unbound's behavior.
• Merge #461 from Christian Allred: Add max-query-restarts option. Exposes an internal configuration but the default value retains Unbound's behavior.
• Merge #569 from JINMEI Tatuya: add keep-cache option to 'unbound-control reload' to keep caches.

Bug Fixes

• Merge #768 from fobser: Arithmetic on a pointer to void is a GNU extension.
• In unit test, print python script name list correctly.
• testcode/dohclient sets log identity to its name.
• Clarify the use of MAX_SENT_COUNT in the iterator code.
• Fix that cachedb does not store failures in the external cache.
• Merge #767 from jonathangray: consistently use IPv4/IPv6 in unbound.conf.5.
• Fix to ignore tcp events for closed comm points.
• Fix to make sure to not read again after a tcp comm point is closed.
• Fix #775: libunbound: subprocess reap causes parent process reap to hang.
• iana portlist update.
• Complementary fix for distutils.sysconfig deprecation in Python 3.10 to commit 62c5039ab9da42713e006e840b7578e01d66e7f2.
• Fix #779: [doc] Missing documention in ub_resolve_event() for callback parameter was_ratelimited.
• Ignore expired error responses.
• Merge #720 from jonathangray: fix use after free when WSACreateEvent() fails.
• Fix for the ignore of tcp events for closed comm points, preserve the use after free protection features.
• Fix #782: Segmentation fault in stats.c:404.
• Add SVCB and HTTPS to the types removed by 'unbound-control flush'.
• Clear documentation for interactivity between the subnet module and the serve-expired and prefetch configuration options.
• Fix #773: When used with systemd-networkd, unbound does not start until systemd-networkd-wait-online.service times out.
• Merge #808: Wrap Makefile script's directory variables in quotes.
• Fix to wrap Makefile scripts directory in quotes for uninstall.
• Fix windows compile for libunbound subprocess reap comm point closes.
• Update github workflows to use checkout v3.
• Fix wildcard in hyperlocal zone service degradation, reported by Sergey Kacheev.

Unbound 1.17.0

Features

• Merge #753: ACL per interface. (New interface-* configuration options).
• Merge #760: PROXYv2 downstream support. (New proxy-protocol-port configuration option).

Bug Fixes

• Fix #728: alloc_reg_obtain() core dump. Stop double alloc_reg_release when serviced_create fails.
• Fix edns subnet so that scope 0 answers only match sourcemask 0 queries for answers from cache if from a query with sourcemask 0.
• Fix unittest for edns subnet change.
• Merge #730 from luisdallos: Fix startup failure on Windows 8.1 due to unsupported IPV6_USER_MTU socket option being set.
• Fix ratelimit inconsistency, for ip-ratelimits the value is the amount allowed, like for ratelimits.
• Fix #734 [FR] enable unbound-checkconf to detect more (basic) errors.
• Fix to log accept error ENFILE and EMFILE errno, but slowly, once per 10 seconds. Also log accept failures when no slow down is used.
• Fix to avoid process wide fcntl calls mixed with nonblocking operations after a blocked write.
• Patch from Vadim Fedorenko that adds MSG_DONTWAIT to receive operations, so that instruction reordering does not cause mistakenly blocking socket operations.
• Fix to wait for blocked write on UDP sockets, with a timeout if it takes too long the packet is dropped.
• Fix for wait for udp send to stop when packet is successfully sent.
• Fix #741: systemd socket activation fails on IPv6.
• Fix to update config tests to fix checking if nonblocking sockets work on OpenBSD.
• Slow down log frequency of write wait failures.
• Fix to set out of file descriptor warning to operational verbosity.
• Fix to log a verbose message at operational notice level if a thread is not responding, to stats requests. It is logged with thread identifiers.
• Remove include that was there for debug purposes.
• Fix to check pthread_t size after pthread has been detected.
• Convert tdir tests to use the new skip_test functionality.
• Remove unused testcode/mini_tpkg.sh file.
• Better output for skipped tdir tests.
• Fix doxygen warning in respip.h.
• Fix to remove erroneous TC flag from TCP upstream.
• Fix test tdir skip report printout.
• Fix windows compile, the identifier interface is defined in headers.
• Fix to close errno block in comm_point_tcp_handle_read outside of ifdef.
• Fix static analysis report to remove dead code from the rpz_callback_from_iterator_module function.
• Fix to clean up after the acl_interface unit test.
• Merge #764: Leniency for target discovery when under load (for NRDelegation changes).
• Use DEBUG_TDIR from environment in mini_tdir.sh for debugging.
• Fix string comparison in mini_tdir.sh.
• Make ede.tdir test more predictable by using static data.
• Fix checkconf test for dnscrypt and proxy port.
• Fix dnscrypt compile for proxy protocol code changes.
• Fix to stop responses with TC flag from resulting in partial responses. It retries to fetch the data elsewhere, or fails the query and in depth fix removes the TC flag from the cached item.
• Fix proxy length debug output printout typecasts.
• Fix to stop possible loops in the tcp reuse code (write_wait list and tcp_wait list). Based on analysis and patch from Prad Seniappan and Karthik Umashankar.
• Fix PROXYv2 header read for TCP connections when no proxied addresses are provided.