please allow unbound 1.4.6-1 to migrate to testing. this version fixes
a FTBFS bug (#593039) and contains a number of upstream bug fixes. some
of the more important ones IMO are:
Builtin root hints contain AAAA for I.ROOT-SERVERS.NET.
Max referral count from 30 to 130, because 128 one character domains
is valid DNS.
Fix assertion failure reported by Kai Storbeck from XS4ALL, the
assertion was wrong.
Fix handling of corner case reply from lame server, follows rfc2308.
It could lead to a nodata reply getting into the cache if the search
for a non-lame server turned up other misconfigured servers.
Fix RFC4035 compliance with 2.2 statement that the DNSKEY at apex
must be signed with all algorithms from the DS rrset at the parent.
This is now checked and becomes bogus if not.
Fix validation of qtype DNSKEY when a key-cache entry exists but no
rr-cache entry is used (it expired or prefetch), it then goes back
up to the DS or trust-anchor to validate the DNSKEY.
Fix integer underflow in prefetch ttl creation from cache. This
fixes a potential negative prefetch ttl.
Changed the defaults for num-queries-per-thread/outgoing-range. For
builtin-select: 512/960, for libevent 1024/4096 and for windows
24/48 (because of win api). This makes the ratio this way to improve
resilience under heavy load. For high performance, use libevent and
possibly higher numbers.
http://www.unbound.net/download.html
--
Robert Edmonds
edmonds@debian.org
Attachment:
signature.asc
Description: Digital signature