Unbound is a validating, recursive, and caching DNS resolver.
The C implementation of Unbound is developed and maintained by NLnet Labs. It is based on ideas and algorithms taken from a java prototype developed by Verisign labs, Nominet, Kirei and ep.net.
Unbound is designed as a set of modular components, so that also DNSSEC (secure DNS) validation and stub-resolvers (that do not run as a server, but are linked into an application) are easily possible.
Unbound's source code is distributed under a BSD License.
What's New in This Release: [ read full changelog ]
· Experimental ECC-GOST algorithm support, needs openssl-1.0.0 and currently needs ldns from svn trunk. Uses ECC-GOST algorithm number 12 (assigned by IANA). As the RFC is written, we intend to make it optional, because a dependency on openssl-1.0.0 is hard across distributions right now.
· unbound-host disables use-syslog from config file so that the config file for the main server can be used more easily.
· Include less in config.h and include per code file for ldns, ssl.
· [bugzilla: 305 ]
· pkt_dname_tolower could read beyond end of buffer or get into an endless loop, if 0x20 was enabled, and buffers are small or particular broken packets are received.
· Fix chain of trust with CNAME at an intermediate step, for the DS processing proof.
· Fix validation of queries with wildcard names (*.example).
· Fix EDNS probe for .de DNSSEC testbed failure, where the infra cache timeout coincided with a server update, the current EDNS backoff is less sensitive, and does not cache the backoff unless the backoff actually works and the domain is not expecting DNSSEC.
· unbound control flushed items are not counted when flushed again.
· iana portlist updated.
· [bugzilla: 301 ]
· unbound-checkconf could not parse interface '0.0.0.0@5353', even though unbound itself worked fine.
· Fixed random numbers for port, interface and server selection. Removed very small bias.
· Refer to the listing in unbound-control man page in the extended statistics entry in the unbound.conf man page.
· Fix interface-automatic for OpenBSD: msg.controllen was too small, also assertions on ancillary data buffer.
· check for IP_SENDSRCADDR for interface-automatic or IP_PKTINFO.
· for NSEC3 check if signatures are cached.
· Reordered configure checks so fork and -lnsl -lsocket checks are earlier, and thus later checks benefit from and do not hinder them.
· ldns tarball updated.
· Fix python use when multithreaded.
· Fix solaris python compile.
· spelling fix in validation error involving cnames.