[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Freeze exception for unbound 1.4.6-1

please allow unbound 1.4.6-1 to migrate to testing.  this version fixes
a FTBFS bug (#593039) and contains a number of upstream bug fixes.  some
of the more important ones IMO are:

    Builtin root hints contain AAAA for I.ROOT-SERVERS.NET.

    Max referral count from 30 to 130, because 128 one character domains
    is valid DNS.

    Fix assertion failure reported by Kai Storbeck from XS4ALL, the
    assertion was wrong.

    Fix handling of corner case reply from lame server, follows rfc2308.
    It could lead to a nodata reply getting into the cache if the search
    for a non-lame server turned up other misconfigured servers.

    Fix RFC4035 compliance with 2.2 statement that the DNSKEY at apex
    must be signed with all algorithms from the DS rrset at the parent.
    This is now checked and becomes bogus if not.

    Fix validation of qtype DNSKEY when a key-cache entry exists but no
    rr-cache entry is used (it expired or prefetch), it then goes back
    up to the DS or trust-anchor to validate the DNSKEY.

    Fix integer underflow in prefetch ttl creation from cache. This
    fixes a potential negative prefetch ttl.

    Changed the defaults for num-queries-per-thread/outgoing-range. For
    builtin-select: 512/960, for libevent 1024/4096 and for windows
    24/48 (because of win api). This makes the ratio this way to improve
    resilience under heavy load. For high performance, use libevent and
    possibly higher numbers.


Robert Edmonds

Attachment: signature.asc
Description: Digital signature

Reply to: