Lines Matching full:for
5 - Fix for print of connection type in log-replies for dot and doh.
12 - Tag for 1.23.0rc1.
17 configuration option 'dns-error-reporting' and new statistics for
23 - Fix nettle compile for warnings and ticket keys.
24 - Fix redis_replica test for unused option defaults and log printout.
26 - Fix to update common.sh for speed of kill_pid.
30 Introduces new 'redis-replica-*' options for the Redis cache backend.
37 - Fix test for stat_values for wait limit defaults for localhost.
43 - For #1262, ifdef is no longer needed.
49 - Fix that ub_event has the facility to deal with callbacks for
64 - Skip the unit tests for auth_tls.tdir and auth_tls_failcert.tdir.
68 - Fix for ci test, expat is installed on the osx image.
72 - For #1255, for ios use an older expat version that does not require
74 - For #1255, for ios disable building tests that require C++11.
75 - For #1255, for ios try the latest expat version again.
84 - Fix for #1253: Fix for redis cachedb backend to expect an integer
85 reply for the EXPIRE command.
92 - Fix for windows compile create ssl contexts.
95 - Fix representation of types GPOS and RESINFO, add rdf type for
104 Add --help output description for the SOURCE_DATE_EPOCH variable.
110 - Fix hash calculation for cachedb to ignore case. Previously, cached
111 records there were only relevant for same case queries (if not
117 - Merge #1241: Fix infra-keep-probing for low infra-cache-max-rtt
122 for servers in the infrastructure cache.
139 - Use the same interface listening port discovery code for all needed
155 - Merge #1222: Unique DoT and DoH SSL contexts to allow for different
160 - Merge #1221: Consider auth zones when checking for forwarders.
181 - For #1207: [FR] Support for RESINFO RRType 261 (RFC9606), add
185 - Merge #1204: ci: set persist-credentials: false for actions/checkout
192 - For #1175, the default value of serve-expired-ttl is set to 86400
196 - Safeguard alias loop while looking in the cache for expired answers.
197 - Merge #1187: Create the SSL_CTX for QUIC before chroot and privilege
205 - For #1175, update serve-expired tests.
211 - Merge #1169 from Sergey Kacheev, fix: lock-free counters for
217 - Fix for #1183: release nsec3 hashes per test file.
220 - More descriptive text for 'harden-algo-downgrade'.
221 - Complete fix for max-global-quota to 200.
229 - Fix for the serve expired DNSSEC information fix, it would not allow
233 information around for later dnssec valid expired responses.
247 - Merge #1159: Stats for discard-timeout and wait-limit.
248 - Add test case for #1159.
249 - Some clean up for stat_values.test.
259 - Tag for 1.22.0 release. This did not contain the 1154 fix
264 - Fix for dnsoverquic and dnstap to use the correct dnstap
268 - Fix for dnstap with dnscrypt and dnstap without dnsoverquic.
269 - Fix #1154: Tag Incorrectly Applying for Other Interfaces
270 Using the Same IP. This fix is not for 1.22.0.
280 - Fix harden-unverified-glue for AAAA cache_fill_missing lookups.
281 - Fix contrib/aaaa-filter-iterator.patch for change in call
282 signature for cache_fill_missing.
285 - Fix cookie_file test sporadic fails for time change during
290 - Tag for 1.22.0rc1.
299 - Fix to limit NSEC TTL for messages from cachedb. Fix to limit the
300 prefetch ttl for messages after a CNAME with short TTL.
301 - Fix for dnstap compile of doqclient with doq disabled.
317 - Fix negative cache NSEC3 parameter compares for zero length NSEC3
329 - More clear text for prefetch and minimal-responses in the
345 that can set the timeout separately for commands and the
358 - Add unit test for ttl limit for aggressive nsec.
365 - Fix config file read for dnstap-sample-rate.
372 - Fix for #1132, adjusted unit test for change in the test file.
373 - Fix for #1132, comment about adjusted copy of reference check.
376 - Unit test for auth zone transfer TLS, and TLS failure.
377 - Fix to print port number in logs for auth zone transfer activities.
381 the validator. That stops validation failures for the message.
383 for long content.
386 - Fix #1130: Loads of logs: "validation failure: key for validation
387 <domain>. is marked as invalid because of a previous" for
391 - Merge patch to fix for glue that is outside of zone, with
399 - Fix documentation for cache_fill_missing function.
403 - Fix for char signedness warnings on NetBSD.
410 - Fix #1126: unbound-control-setup hangs while testing for openssl
414 - Fix spelling for the cache-min-negative-ttl entry in the
416 - Tag for release 1.21.0, the repository continues with 1.21.1
425 - Set version number to 1.21.0 for release. This has tag 1.21.0rc1.
426 - Fix that for windows the module startup is called and sets up
432 - Fix testbound for alloc stats strdup in util/alloc.c.
435 cookie secrets for EDNS COOKIE secret rollover. The remote control
437 commands can be used for rollover, the command print_cookie_secrets
439 - Fix that alloc stats for forwards and hints are printed, and when
440 alloc stats is enabled, the unit test for unbound control waits for
445 for tap_data_free, does not delete NULL items. Also it does not try
447 picked up the next item in the list for its loop causing invalid
448 free. Added internal unit test to unbound-dnstap-socket for that.
454 - Fix for #1114: Fix that cache fill for forward-host names is
457 delegation point cache fill routines use CDflag for AAAA message
459 cache uses the bit for disambiguation for dns64 but the recursion
460 uses CDflag for the AAAA target lookups, so the check correctly
467 - Add root key 38696 from 2024 for DNSSEC validation. It is added
474 - For #935 and #1104, clarify RPZ order and semantics.
477 - Merge #1110: Make fallthrough explicit for libworker.c.
478 - For #1110: Test for fallthrough attribute in configure and add
482 - Fix to have empty definition when not supported for weak attribute.
488 - Add dnstap-sample-rate that logs only 1/N messages, for high volume
497 - For #1103: Fix to drop mesh state reference for the http2 stream
500 h2_stream is NULL when not in use, for more initialisation.
503 - For #1103: fix to also drop mesh state reference when the discard
509 - For #1102: clearer text for using interface-* options for the
514 - For #1103: fix to also drop mesh state reference when a h2 reply is
518 - For #773: In contrib/unbound.service.in set unbound to start after
519 network-online.target. Also for contrib/unbound_portable.service.in.
531 - Don't check for message TTL changes if the RRsets remain the same.
534 - Fix for neater printout for error for missing DS response.
537 - Fix for #1099: Fix to check for deleted RRset when the contents
538 is updated and fetched after it is stored, and also check for a
543 when validation fails due to the missing DNSKEY. Also for key prime
547 - Fix for repeated use of a DNAME record: first overallocate and then
567 - Explicitly set the RD bit for the mesh query flags when prefetching.
577 adding helpful text for the Python interpreter version and allowing
585 - Add unit test for validation of repeated use of a DNAME record.
589 - Fix typos for 'the the' in text.
590 - Fix validation for repeated use of a DNAME record.
597 - Fix memory leak on exit for unbound-dnstap-socket; creates false
602 that the tcp read errors are labeled as initial for the first calls.
607 - Fix for #1079: fix RPZ taglist in iterator callback that no client
614 - Fix to enable that SERVFAIL is cached, for a short period, for more
636 - Fix to print a parse error when config is read with no name for
638 - Fix for parse end of forward-zone, stub-zone and view.
639 - Fix for #1064: Fix that cachedb expired messages are considered
643 - Merge #1069: Fix unbound-control stdin commands for multi-process
654 - Merge #1070: Fix rtt assignement for low values of
671 invalid argument for IPv6 link local addresses.
676 - Fix for #1062: declaration before statement, avoid print of null,
677 and redundant check for array size.
680 - Fix for the DNSBomb vulnerability CVE-2024-33655. Thanks to Xiang Li
682 for reporting it.
683 - Set version number to 1.20.0 for release. This became the release
687 - Cleanup unnecessary strdup calls for EDE strings.
690 - Fix doxygen comment for errinf_to_str_bogus.
698 - Add unit tests for cachedb and subnet cache expired data.
699 - Man page entry for unbound-checkconf -q.
706 - Fix configure flto check error, by finding grep for it.
708 for them and fixes #1038: fatal error: Could not initialize
711 with a nonzero value for the socket option argument.
712 - Fix doc unit test for out of directory build.
715 - Fix ci workflow for macos for moved install locations.
728 - Fix configure, autoconf for #1048.
735 - Fix cachedb for serve-expired with serve-expired-client-timeout.
736 - Fixup unit test for cachedb server expired client timeout with
746 - Add test for cachedb serve expired.
747 - Extended test for cachedb serve expired.
748 - Fix makefile dependencies for fake_event.c.
749 - Fix cachedb for serve-expired with serve-expired-reply-ttl.
750 - Fix to not reply serve expired unless enabled for cachedb.
760 like Unbound already does for auto-trust-anchor-file.
763 - Fix comment syntax for view function views_find_view.
771 - For #1040: adjust error text and disallow negative ports in other
778 - Fix #369: dnstap showing extra responses; for client responses
784 - Fix for crypto related failures to have a better error string.
787 - Fix name of unit test for subnet cache response.
790 - Fix for #1032, add safeguard to make table space positive.
792 - Fix to add unit test for lruhash space that exercises the routines.
800 - For #831: Format text, use exclamation icon and explicit label
811 - Fix rpz, it follows iterator CNAMEs for nsip and nsdname and sets
812 the reply query_info values, that is better for debug logging.
815 - Add rpz unit test for nsip action override.
816 - Fix rpz for qtype CNAME after nameserver trigger.
819 - Merge #1030: Persist the openssl and expat directories for repeated
832 for the clientip trigger.
833 - Fix to unify codepath for local alias for rpz cname action override.
834 - Fix rpz for cname override action after nsdname and nsip triggers.
837 - Merge #1028: Clearer documentation for tcp-idle-timeout and
846 are long enough for newer OpenSSL versions. This fix is included
851 - Fix validator classification of qtype DNAME for positive and
852 redirection answers, and fix validator signature routine for dealing
853 with the synthesized CNAME for a DNAME without previously
854 encountering it and also for when the qtype is DNAME.
855 - Fix qname minimisation for reply with a DNAME for qtype CNAME that
866 - Version set to 1.19.3 for release. After 1.19.2 point release with
867 security fix for CVE-2024-1931, Denial of service when trimming
869 is for version 1.19.3. The code repo continues for version 1.19.4,
873 - Fix for #1022: Fix ede prohibited in access control refused answers.
876 - Fix edns subnet replies for scope zero answers to not get stored
884 - Document the suspend argument for process_ds_response().
904 - Fix documentation for access-control in the unbound.conf man page.
910 - Merge #999: Search for protobuf-c with pkg-config.
918 - Update error printout for duplicate trust anchors to include the
922 - Fix for #997: Print details for SSL certificate failure.
925 - Update workflow for ports to use newer openssl on windows compile.
926 - Fix warning for windres on resource files due to redefinition.
929 - Fix to link with libssp for libcrypto and getaddrinfo check for
930 only header. Also update crosscompile to remove ssp for 32bit.
934 - Fix to link with -lcrypt32 for OpenSSL 3.2.0 on Windows.
942 - Fix unit test for #987 change in udp1xxx retry packet send.
950 for non-HTTP/2 DoH clients.
958 - Merge PR #973: Use the origin (DNAME) TTL for synthesized CNAMEs as
972 - Updated IPv4 and IPv6 address for b.root-servers.net in root hints.
998 - Tag for 1.19.0rc1 release. It became 1.19.0 release on 8 nov 2023.
1006 - Fix SSL compile failure for definition in log_crypto_err_io_code_arg.
1007 - Fix SSL compile failure for other missing definitions in
1023 - Clearer configure text for missing protobuf-c development libraries.
1036 - Mailing list patches from Daniel Gröber for DNS64 fallback to plain
1037 AAAA when no A record exists for synthesis, and minor DNS64 code
1038 refactoring for better readability.
1039 - Fixes for the DNS64 patches.
1040 - Update the dns64_lookup.rpl test for the DNS64 fallback patch.
1042 - Update testdata/ipset.tdir test for ipset fix.
1045 - Fix #954: Inconsistent RPZ handling for A record returned along with
1055 - For multi Python module setups, clean previously parsed module
1060 - Better fix for infinite loop when reading multiple lines of input on
1067 for devices that cannot handle DNSSEC information. But it should not
1069 DNSSEC validation would not work for Unbound itself, and also not
1070 for downstream users. Default is no. The option
1081 - Fix for #949: Fix pythonmod/ubmodule-tst.py for Python 3.x.
1111 - Merge #936: Check for c99 with autoconf versions prior to 2.70.
1115 - Fix authority zone answers for obscured DNAMEs and delegations.
1119 and also waits for the condition to go away. Reported by Florian
1127 - Fix to set ede match in unit test for rr length removal.
1138 - Fix for WKS call to getservbyname that creates allocation on exit
1143 - Fix for version generation race condition that ignored changes.
1149 - Tag for 1.18.0rc1 release. This became the 1.18.0 release on
1159 - Fix for #925: unbound.service: Main process exited, code=killed,
1163 - Fix unit test for unbound-control to work when threads are disabled,
1167 - Fix for iter_dec_attempts that could cause a hang, part of
1174 RFC9018. Create server cookies for clients that send client cookies.
1176 `answer-cookie: yes`. A `cookie-secret:` can be configured for
1182 value determines a rate limit for queries with cookies, if desired.
1183 - Fix regional_alloc_init for potential unaligned source of the copy.
1193 - For #911: Try to trim EXTRA-TEXT (and LDNS_EDE_OTHER options
1195 - More braces and formatting for Fix for EDNS EDE size calculation to
1197 - Fix to use the now cached EDE, if any, for CD_bit queries.
1200 - Fix for EDNS EDE size calculation.
1203 - Merge #790 from Tom Carpay: Add support for EDE caching in cachedb
1213 - Fix unused variable compile warning for kernel timestamps in
1219 - For #857: fix mixed declarations and code.
1220 - Merge #118 from mibere: Changed verbosity level for Redis init &
1224 - Cleaner failure code for callback functions in interface.i.
1227 - For #889: use netcat-openbsd instead of netcat-traditional.
1228 - For #889: Account for num_detached_states before possible
1234 - For #909: Fix return values.
1239 - For #909: Fix RR class comparison.
1250 - Merge #664 from tilan7763: Add prefetch support for subnet cache
1252 - For #664: Easier code flow for subnetcache prefetching.
1253 - For #664: Add testcase.
1254 - For #664: Rename subnet_prefetch tests to subnet_global_prefetch to
1259 - Code cleanup for sldns_str2wire_svcparam_key_lookup.
1261 - For #802: Cleanup comments and add RCODE check for CD bit test case.
1271 - More fixes for reference counting for python module and clean up
1289 - Fix for issue #887 (Timeouts to forward servers on BSD based
1303 - Fix for uncertain unit test for doh buffer size events.
1307 - Fix unbound-dnstap-socket time fraction conversion for printout.
1314 - Fix #888: [FR] Use kernel timestamps for dnstap.
1315 - Fix to print debug log for ancillary data with correct IP address.
1328 - For #722: minor fixes, formatting, refactoring.
1340 socket queue for too long. Added statistics num.queries_timed_out
1342 - Fix for #882: small changes, date updated in Copyright for
1345 - Fix for #882: document variable to stop doxygen warning.
1348 - Fix for #878: Invalid IP address in unbound.conf causes Segmentation
1359 - Fix for #870: Add test case for the qname minimisation and CNAME.
1362 - Fix #870: NXDOMAIN instead of NOERROR rcode when asked for existing
1389 - Fix for #852: Completion of error handling.
1396 - Clean up iterator/iterator.c::error_response_cache() and allow for
1402 - Add testcase for refreshing expired error responses.
1409 - Fix unit tests for spurious empty messages.
1410 - Fix consistency of unit test without roundrobin answers for the
1418 - Add duration variable for speed_local.test.
1421 - Fix acx_nlnetlabs.m4 for -Wstrict-prototypes.
1431 queries for specific zones.
1435 the default value for edns-buffer-size. It restricts client edns
1443 - Set default for harden-unknown-additional to no. So that it does
1445 - Fix test for new default.
1456 - Improve documentation for #826, describe the large collisions amount.
1463 - Fix #823: Response change to NODATA for some ANY queries since
1471 - Tag for 1.17.1 release.
1474 - Fix windows compile for libunbound subprocess reap comm point closes.
1492 - Fix to wrap Makefile scripts directory in quotes for uninstall.
1500 - Clear documentation for interactivity between the subnet module and
1507 - Fix for the ignore of tcp events for closed comm points, preserve
1518 - Fix #779: [doc] Missing documention in ub_resolve_event() for
1522 - Complementary fix for distutils.sysconfig deprecation in Python 3.10
1526 - Fix to ignore tcp events for closed comm points.
1551 - Tag for 1.17.0 release. The code repository continues with 1.17.1.
1554 - Fix PROXYv2 header read for TCP connections when no proxied addresses
1558 - Tag for 1.17.0rc1 release.
1573 - Fix dnscrypt compile for proxy protocol code changes.
1576 - Use DEBUG_TDIR from environment in mini_tdir.sh for debugging.
1579 - Fix checkconf test for dnscrypt and proxy port.
1582 - Merge #764: Leniency for target discovery when under load (for
1602 - Better output for skipped tdir tests.
1605 - Patch for CVE-2022-3204 Non-Responsive Delegation Attack.
1607 with the previous features and fixes for 1.17.0.
1619 - Remove include that was there for debug purposes.
1637 - Fix to wait for blocked write on UDP sockets, with a timeout if it
1639 - Fix for wait for udp send to stop when packet is successfully sent.
1653 - Fix ratelimit inconsistency, for ip-ratelimits the value is the
1654 amount allowed, like for ratelimits.
1658 queries for answers from cache if from a query with sourcemask 0.
1659 - Fix unittest for edns subnet change.
1665 - Tests for ghost domain fixes.
1666 - Tag for 1.16.2 release. The code repo continues with 1.16.3.
1671 - Update documentation for 'outbound-msg-retry:'.
1683 - For windows crosscompile, fix setting the IPV6_MTU socket option
1688 - Fix dname count in sldns parse type descriptor for SVCB and HTTPS.
1694 - Fix bug introduced in 'improve val_sigcrypt.c::algo_needs_missing for
1700 - Tag for 1.16.1rc1 release. This became 1.16.1 on 11 July 2022.
1707 - For #660: formatting, less verbose logging, add EDE information.
1708 - Fix for correct openssl error when adding windows CA certificates to
1710 - Improve val_sigcrypt.c::algo_needs_missing for one loop pass.
1711 - Reintroduce documentation and more EDE support for
1726 - Fix compile warning for windows compile.
1730 - Fix #704: [FR] Statistics counter for number of outgoing UDP queries
1733 - Fix to not count cached NXDOMAIN for MAX_TARGET_NX.
1739 - Fix for cached 0 TTL records to not trigger prefetching when
1752 - Fix for loading locally stored zones that have lines with blanks or
1756 - Remove unused LDNS function check for GOST Engine unloading.
1761 addresses for auth and rpz zones.
1764 - Fix for edns client subnet to respect not looking in its cache when
1772 - Version is set to 1.16.0 for release. Release tag 1.16.0rc1. This
1777 - Fix to silence test for ede error output to the console from the
1783 - Fix typos in config_set_option for the 'num-threads' and
1797 - For #677: Added tls-system-cert to config parser and documentation.
1808 - Merge PR #604: Add basic support for EDE (RFC8914).
1821 and check for success for debug printout.
1832 - Fix #651: [FR] Better logging for refused queries.
1840 configuration option, to allow for more broadly view of the options.
1850 - Fix configure for python to use sysutils, because distutils is
1855 - Fix for #637: fix integer overflow checks in sldns_str2period.
1859 - Various fixes for #632: variable initialisation, convert the qinfo
1863 - Fix compile warnings for printf ll format on mingw compile.
1866 - Fix pythonmod for change in iter_dp_is_useless function prototype.
1873 - Fix #633: Document unix domain socket support for unbound-control.
1874 - Fix for #633: updated fix with new text.
1876 so that it is not state dependent, after the state fix of #605 for
1878 - Fix for edns client subnet option add fix in removal code, from review.
1882 useless for delegation point lookups.
1884 - Fix check interface existence for support detection in remote lookup.
1887 - Fix that address not available is squelched from the logs for
1893 - Fix for #628: fix rpz-passthru for qname trigger by localzone type.
1912 - Fix for #611: Integer overflow in sldns_wire2str_pkt_scan.
1913 - Tag for 1.15.0rc1 created. That became 1.15.0 on 10 feb 2022.
1927 - Update version number in repo to 1.15.0 for upcoming release,
1929 - Fix header comment for doxygen for authextstrtoaddr.
1930 - please clang analyzer for loop in test code.
1932 - Update contrib/aaaa-filter-iterator.patch with diff for current
1940 - Fix review comment for use-after-free when failing to send UDP out.
1955 - Test for NSID in SERVFAIL response due to DNSSEC bogus.
1966 - For dnstap, do not wakeupnow right there. Instead zero the timer to
1973 - Add a region to serviced_query for allocations.
1976 - Add rpz: for-downstream: yesno option, where the RPZ zone is
1977 authoritatively answered for, so the RPZ zone contents can be
1979 - For #602: Allow the module-config "subnetcache validator cachedb
1990 - Fix for #596: fix that rpz return message is returned and not just
1993 - Fix unit tests for rpz now that the AA flag returns successfully from
1995 - Fix for #596: add unit test for nsdname trigger and signal unset RA.
1996 - Fix for #596: add unit test for nsip trigger and signal unset RA.
1999 - Fix for #596: Fix rpz-signal-nxdomain-ra to work for clientip
2007 - Fix to add test for rpz-signal-nxdomain-ra.
2014 apply cleanly to the current coderepo for the current code version.
2020 - Add missing configure flags for optional features in the
2028 - Allow local-data for classes other than IN to inherit a configured
2033 - Add code similar to fix for ldns for tab between strings, for
2042 - Fix compile warning for if_nametoindex on windows 64bit.
2059 - Fix #574: Review fixes for size allocation.
2067 - Fix for #570: regen aclocal.m4, fix configure.ac for spelling.
2070 are used as value for interfaces:
2071 - Fix #574: Review fixes for it.
2073 - Fix #574: Review fix for spelling.
2076 - Improve EDNS option handling, now also works for synthesised
2080 - Fix for #558: fix loop in comm_point->tcp_free when a comm_point is
2082 - Fix for #558: clear the UB_EV_TIMEOUT bit before adding an event.
2097 - Fix chaos replies to have truncation for short message lengths,
2102 - Fix to add example.conf note for outbound-msg-retry.
2108 - For crosscompile on windows, detect 64bit stackprotector library.
2111 - For the windows compile script disable gost.
2114 - Fix crosscompile script for the shared build flags.
2118 link with ws2_32 needs -l:libssp.a for __strcpy_chk.
2123 - Fix lock debug code for gcc sanitizer reports.
2129 - Small fixes for #41: changelog, conflicts resolved,
2131 functions in the iterator, no colon in string for set_option,
2133 - Fix for #41: change outbound retry to int to fix signed comparison
2158 for ipbased triggers. Unlock the nsdname zone lock when done.
2161 - Fix compile warning in libunbound for listen desetup routine.
2162 - Fix asynclook unit test for setup of lockchecks before log.
2180 - Fix to support harden-algo-downgrade for ZONEMD dnssec checks.
2184 - Fix for #431: Squelch permission denied errors for udp connect,
2191 - Merge PR #514, from ziollek: Docker environment for run tests.
2192 - For #514: generate configure.
2195 - And 1.13.2rc1 became the 1.13.2 with the fix for the python module
2200 - Merge #519: Support for selective enabling tcp-upstream for
2202 - For #519: note stub-tcp-upstream and forward-tcp-upstream in
2204 - For #519: yacc and lex. And fix python bindings, and test program
2206 - For #519: fix comments for doxygen.
2207 - Fix to print error from unbound-anchor for writing to the key
2211 - Tag for 1.13.2rc1 release.
2228 - Fix unit test zonemd_reload for use in run_vm.
2242 - Prepare for OpenSSL 3.0.0 provider API usage, move the sldns
2252 - For #515: Fix compilation with openssl 3.0.0 beta2, lib64 dir and
2258 introduces a couple of fixes for the stream reuse functionality
2264 - Fix readzone unknown type print for memory resize.
2267 - Fix that ldns_zone_new_frm_fp_l counts the line number for an empty
2276 - Fix for #510: in depth, use ifdefs for windows api event calls.
2283 - Fix from lint for ignored return value.
2284 - Fix for older parsers for function call in serve expired get cached.
2290 - Fix compiler warnings for #491.
2291 - Fix clang-analysis warnings for testcode/readzone.c.
2307 - Fix configure grep for reuseport default for failure.
2310 - Fix unit test in the ctime_r calls for autotrust and in testbound.
2339 - Generated lexer and parser for #486; updated example.conf.
2342 - Use host_os instead of target_os in configure for Darwin8 build.
2354 - Fix test for zonemd-check option.
2360 of ZONEMD records for that zone.
2365 for it in the configuration to 150 for all key sizes.
2368 - For #492: Fix font highlighting for the man page on emacs.
2371 - Test code has -q option for quiet output.
2374 - Fix for #411, #439, #469: Reset the DNS message ID when moving queries
2376 - Refactor for uniform way to produce random DNS message IDs.
2393 - Fix for #367: only attempt to get the interface for queries that are no
2395 - Add more logging for out-of-memory cases.
2398 - Merge #478: Allow configuration of TCP timeout while waiting for
2408 about one of the last failures for that query.
2411 - Fix compiler warning for signed/unsigned comparison for
2425 - Further fix for #468: detect SSL_CTX_set_alpn_protos for build with
2430 - Fix documentation comment for files previously residing in checkconf/.
2438 - Fix (increase) verbosity level for iterator error log in
2446 - rebuild configure to set EXTRALINK to libunbound.la for #460.
2449 - Fix for #411: Depth protect for crash on deleted element timeout.
2462 - Disable the use of stack-protector for cross compiled 32-bit windows
2466 - Fix #429: Also fix end of transfer for http download of auth zones.
2469 - Fix deprecation test to work for iOS TVOS and WatchOS, it uses
2487 - Fix for #367: fix memory leak when cannot bind to listening port.
2498 - Fix for #447: squelch connection refused tcp connection failures
2502 - Fix #441: Minimal NSEC range not accepted for top level domains.
2505 - Fix parse of LOC RR type for decimetres.
2508 - Workaround for #439: prevent loops in the reuse rbtree.
2509 - Debug output for #411 and #439: printout internal error and details.
2518 - Fix for #367: rc_ports don't have ub_sock; skip cleaning up.
2525 and fixes #368 : dnstap does not log the DNS message ID for
2532 - ipsecmod: Better logging for detecting a cycle when attaching the
2537 sufficient for the configured cache size, and logs warning if not.
2539 - Fix unit test for added ulimit checks.
2543 - Fix for zonemd, that domain-insecure zones work without dnssec.
2544 - Fix for zonemd, do not reject insecure result from trust anchor
2548 - Fix #431: Squelch permission denied errors for tcp connect
2550 - Fix for zonemd, that nxdomain for the chain of trust is allowed
2551 for island zones, it is treated as an insecure zone for verification.
2555 ZONEMD records are checked for zones loaded as auth-zone,
2558 With zonemd-reject-absence for an auth-zone the presence of a
2559 zonemd can be mandated for specific zones.
2562 - rpz skip nsec3param records, and nicer log for unsupported actions.
2567 - Fix to make tests work with support indicators set for iterator.
2575 - Fix for Python 3.9, no longer use deprecated functions of
2586 - Fix dynlibmod link on rhel8 for -ldl inclusion.
2589 - Fix indentation of root anchor for use by windows install script.
2595 - Fix for doxygen 1.8.20 compatibility.
2599 - Fix to use correct type for label count in rpz routine.
2601 - Fix to use correct type for label count in ipdnametoaddr rpz routine.
2602 - Fix empty clause warning in edns pass for padding.
2622 - Fix TTL of SOA record for negative answers (localzone and
2626 - Support for RFC5001: DNS Name Server Identifier (NSID) Option
2639 - Fix for #93: dynlibmodule import library is named libunbound.dll.a.
2644 - Fix for #93: dynlibmodule link fix for Windows.
2655 - For #391: use struct timeval* start_time for callback information.
2656 - For #391: fix indentation.
2657 - For #391: more double casts in python start time calculation.
2673 - For #376: Fix that comm point event is not double removed or double
2696 - Fix #360: for the additionally reported TCP Fast Open makes TCP
2703 - Fix for #283: fix stream reuse and tcp fast open.
2713 not kept for reuse.
2714 - tag for the 1.13.0rc4 release. This also became the 1.13.0
2716 fix from 2 dec 2020. The code repo continues for 1.13.1 in
2720 - Fix compile warning for type cast in http2_submit_dns_response.
2721 - Fix when use free buffer to initialize rbtree for stream reuse.
2722 - Fix compile warnings for windows.
2724 - Fix contrib/metrics.awk for FreeBSD awk compatibility.
2725 - tag for the 1.13.0rc3 release.
2730 - For #352: contrib/metrics.awk for Prometheus style metrics output.
2737 - Better fix for reuse tree comparison for is-tls sockets. Where
2740 - Fix memory leak for edns client tag opcode config element.
2741 - Attempt fix for libevent state in tcp reuse cases after a packet
2743 - Fix readagain and writeagain callback functions for comm point
2745 - tag for the 1.13.0rc2 release.
2749 reuse for performing several queries over the same TCP or TLS
2751 - set version of main branch to 1.13.0 for upcoming release.
2753 - Fix one port unit test for udp-connect.
2754 - tag for the 1.13.0rc1 release.
2757 - Fix padding of struct regional for 32bit systems.
2771 - Fix for #303 CVE-2020-28935 : Fix that symlink does not interfere
2773 - Further fix for it and retvalue 0 fix for it.
2778 - Retry for interfaces with unused ports if possible.
2782 - Fix memory leak after fix for possible memory leak failure.
2808 traffic keeps up for the domain. It probes with one at a time, eg.
2815 - Fix for PR #324 to attach the x509v3 extensions to the client
2822 - Fix that http settings have colon in set_option, for
2830 - Fix dnstap test to wait for log timer to see if queries are logged.
2834 - Clean the fix for out of order TCP processing limits on number
2842 - Fix that if there are reply callbacks for the given rcode, those
2855 - Fix for python reply callback to see mesh state reply_list member,
2856 it only removes it briefly for the commpoint call so that it does
2860 - Free up auth zone parse region after use for lookup of host
2872 - Tag for 1.12.0 release.
2877 - Current repo is version 1.12.0 for release. Tag for 1.12.0rc1.
2882 - Fix stream_ssl, ssl_req_order and ssl_req_timeout tests for
2886 - Fix double loopexit for unbound-dnstap-socket after sigterm.
2892 - Fix unit test for dnstap changes, so that it waits for the timer.
2898 - Fix to ifdef fptr wlist item for dnstap.
2910 - Error message is logged for dynlibmod malloc failures.
2920 - Introduce test for statistics.
2941 uses the IP addresses for that named interface.
2952 - Change configure to use EVP_sha256 instead of HMAC_Update for
2959 - Create and init edns tags data for libunbound.
2977 apply cleanly to the current coderepo for the current code version.
2991 - Fix doxygen comment for no ssl for tls session ticket key callback
3009 - Fix contrib/fastrpz.patch to apply cleanly. It fixes for changes
3015 - Fix libnettle compile for session ticket key callback function
3025 - Fix check conf test for referencing installation paths.
3026 - Fix unused variable warning for clang analyzer.
3035 - Fix add missing DSA header, for compilation without deprecated
3039 - Longer keys for the test set, this avoids weak crypto errors.
3045 - Fix offset of error printout for access-control-tag-datas.
3046 - Review fixes for checkconf #259 change.
3052 - Move reply list clean for serve expired mesh callback to after
3054 - Also move reply list clean for mesh callbacks to the scrip callback
3056 - Fix for mesh accounting if the reply list already empty to begin
3058 - Fix for mesh accounting when rpz decides to drop a reply with a
3059 tcp stream waiting for it.
3060 - Review fix for number of detached states due to use of variable
3067 - doxygen file comments for dynlibmodule.
3070 - Fix default explanation in man page for qname-minimisation-strict.
3074 - Mention tls name possible when tls is enabled for stub-addr in the
3082 - Update contrib/aaaa-filter-iterator.patch for the recent
3086 - Fix for integer overflow when printing RDF_TYPE_TIME.
3096 - For PR #93: windows compile warnings removal
3097 - windows compile warnings removal for ip dscp option code.
3098 - For PR #93: unit test for dynlib module.
3101 - For PR #93: dynlibmod can handle reloads and deinit and inits again,
3102 with dlclose and dlopen of the library again. Also for multiple
3105 - For PR #93: checkconf allows multiple dynlib in module-config, for
3107 - For PR #93: checkconf allows python dynlib in module-config, for
3109 - For PR #93: man page spelling reference fix.
3110 - For PR #93: fix link of other executables for dynlibmod dependency.
3114 - Fixed conflicts for PR #93 and make configure, yacc, lex.
3115 - For PR #93: Fix warnings for dynlibmodule.
3121 - Explicitly use 'rrset-roundrobin: no' for test cases.
3130 - Change default value for 'rrset-roundrobin' to yes.
3131 - Fix tests for new rrset-roundrobin default.
3135 - Fix for count of reply states in the mesh.
3143 - Add doxygen documentation for DSCP.
3147 - Fix for posix shell syntax for trap in nsd-control-setup.
3148 - Fix for posix shell syntax for trap in run_msg.sh test script.
3163 - More documentation for redis-expire-records option.
3190 tag for outgoing packets.
3192 - Travis fix for ios by omitting tools from install.
3195 - Fix compile on Solaris for unbound-checkconf.
3207 - Fix #158: open tls-session-ticket-keys as binary, for Windows. By
3231 - Changelog entry for (Fix #189, Merge PR #190).
3269 - Merge PR #172: Add IBM s390x arch for testing, by noloader.
3272 - Merge PR #173: updated makedist.sh for config.guess and
3273 config.sub and sha256 digest for gpg, by noloader.
3289 to use TCP and TLS for connecting to the log server. There
3292 address of server for TCP or TLS use. dnstap-tls to turn
3295 to configure the certificates for server authentication and
3303 - Fix #169: Fix warning for daemon/remote.c output may be truncated
3308 dname, and in the client_info_compare routine for null memcmp.
3314 - Fix #165: Add prefer-ip4: yesno config option to prefer ipv4 for
3322 - Updated contrib/unbound_smf23.tar.gz with Solaris SMF service for
3327 - protect X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS with ifdef for
3331 - changelog point where the tag for 1.10.0rc2 release is. And with
3350 - tag for 1.10.0rc1 release.
3354 - Fix contrib/fastrpz.patch to apply cleanly. Fix for serve-stale
3387 - Added missing default values for redis cachedb backend.
3405 - Fix subnet tests for disabled DSA algorithm by default.
3406 - Update contrib/fastrpz.patch for clean diff with current code.
3407 - Merge PR#151: Fixes for systemd units, by Maryse47, Edmonds
3410 - updated .gitignore for added contrib file.
3411 - Add build rule for ipset to Makefile
3422 - Merge PR#147; change rfc reference for reserved top level dns names.
3426 - Fix to silence the tls handshake errors for broken pipe and reset
3436 to Libs/Requires for crypto library dependencies.
3437 - Fix #153: Disable validation for DSA algorithms. RFC 8624
3442 contrib/unbound_nochroot.service.in, a systemd file for use with
3453 - Fix for memory leak when edns subnet config options are read when
3455 - Fix auth zone support for NSEC3 records without salt.
3467 - Fix 'make test' to work for --disable-sha1 configure option.
3470 - Updated sldns_bget_token_par fix for also space for the zero
3471 delimiter after the character. And update for more spare space.
3477 - Changes to compat/getentropy_solaris.c for,
3478 ifdef stdint.h inclusion for older systems.
3479 ifdef sha2.h inclusion for older systems.
3500 - Fix Makefile.in for ipset module compile, from Adi Prasaja.
3504 - unbound-fuzzers.tar.bz2: three programs for fuzzing, that are 1:1
3505 replacements for unbound-fuzzme.c that gets created after applying
3508 - tag for 1.9.6rc1.
3511 - Fix lock type for memory purify log lock deletion.
3512 - Fix testbound for alloccheck runs, memory purify and lock checks.
3520 - Fix text around serial arithmatic used for RRSIG times to refer
3545 - Fix Client NONCE Generation used for Server NONCE,
3573 - Fix Weak Entropy Used For Nettle,
3590 - Changes to compat/getentropy files for,
3591 no link to openssl if using nettle, and hence config.h for
3593 compat definition of MAP_ANON, for older systems.
3594 ifdef stdint.h inclusion for older systems.
3595 ifdef sha2.h inclusion for older systems.
3605 - Fix python examples/calc.py for eval, reported by X41 D-Sec.
3606 - Fix comments for doxygen in dns64.
3629 - In unbound-host use separate variable for get_option to please
3632 - Provide a prototype for compat malloc to remove compile warning.
3633 - Portable grep usage for reuseport configure test.
3634 - Check return type of HMAC_Init_ex for openssl 0.9.8.
3635 - gitignore .source tempfile used for compatible make.
3639 - contrib/fastrpz.patch updated to apply for current code.
3640 - fixes for splint cleanliness, long vs int in SSL set_mode.
3643 - Fix #109: check number of arguments for stdin-pipes in
3645 - Merge #102 from jrtc27: Add getentropy emulation for FreeBSD.
3663 will drop DNSKEY and DS lookups for tlds and hence break DNSSEC
3664 lookups for downstream clients.
3671 - Merge 1.9.4 release with fix for vulnerability CVE-2019-16866.
3678 Drop CAP_KILL, use + prefix for ExecReload= instead.
3681 - The unbound.conf includes are sorted ascending, for include
3685 - Merge #85 for #84 from sam-lunt: Add kill capability to systemd
3698 - Merge pull request #76 from Maryse47: Improvements and fixes for
3701 - Fix fix for #78 to also free service callback struct.
3702 - Fix for oss-fuzz build warning.
3703 - Fix wrong response ttl for prepended short CNAME ttls, this would
3708 - Use explicit bzero for wiping clear buffer of hash in cachedb,
3722 there is a high volume and the operator cannot do anything for the
3747 issues an uninitialised value for the token buffer at the str2wire.c
3752 - Please doxygen's parser for "@" occurrence in doxygen comment.
3759 - avoid warning about upcast on 32bit systems for autotrust.
3760 - escape commandline contents for -V.
3771 - Fix warning for unused variable for compilation without systemd.
3776 are now moved from `-h` to `-V` as well for consistency.
3780 - For #52 #53, second context does not close logfile override.
3781 - Fix #52 #53, fix for example fail program.
3783 - Fix to remove unused test for task_probe existance.
3784 - Fix to timeval_add for remaining second in microseconds.
3790 name to make it unique, for libunbound created multiple contexts.
3801 if minimal-responses is enabled, also the additional for negative
3810 - Fix for possible assertion failure when answering respip CNAME from
3814 - For #45, check that 127.0.0.1 and ::1 are not used in unbound.conf
3831 - Added documentation to the ipset files (for doxygen output).
3841 - Fix for #24: Fix abort due to scan of auth zone masters using old
3884 They can be enabled with verbosity at higher values for diagnosing
3889 - Revert fix for oss-fuzz, error is in that build script that
3907 checkable, and is better for security. It is fixed to be slower,
3911 - contrib/fastrpz.patch updated for code changes, and with git diff.
3916 - Update makedist for git.
3917 - Nicer travis output for clang analysis.
3927 - Scrub RRs from answer section when reusing NXDOMAIN message for
3929 - For harden-below-nxdomain: do not consider a name to be non-exitent
3940 - Fix tls write event for read state change to re-call SSL_write and
3944 - Update python documentation for init_standard().
3948 - Fix that auth zone uses correct network type for sockets for
3951 - Fix that auth zone fails over to next master for timeout in tcp.
3956 - Fix to use event_assign with libevent for thread-safety.
3960 plugin for the Unbound DNS resolver to resolve DNS records in
3968 - Fix to reinit event structure for accepted TCP (and TLS) sockets.
3971 - Fix spelling error in log output for event method.
3976 - Fix auth-zone NSEC3 response for wildcard nodata answers,
3980 - Fix auth-zone NSEC3 response for empty nonterminals with exact
3982 - Fix for out of bounds integers, thanks to OSTIF audit. It is in
3984 - Fix for auth zone nsec3 ent fix for wildcard nodata.
3999 with TLS, if that is enabled for the query.
4000 - Fix #4239: set NOTIMPL when deny-any is enabled, for RFC8482.
4003 - Fix for #4233: guard use of NDEBUG, so that it can be passed in
4023 - Fix for python module on Windows, fix fopen.
4026 - Fix #4227: pair event del and add for libevent for tcp_req_info.
4029 - Fix the error for unknown module in module-config is understandable,
4036 - Fix pythonmod include and sockaddr_un ifdefs for compile on
4037 Windows, and for libunbound.
4048 - Note default for module-config in man page.
4049 - Fix recursion lame test for qname minimisation asked queries,
4051 - Fix #13: Remove left-over requirements on OpenSSL >= 1.1.0 for
4056 - Fix #4206: OpenSSL 1.0.2 hostname verification for FreeBSD 11.2.
4063 - Fix that log-replies prints the correct name for local-alias
4064 names, for names that have a CNAME in local-data configuration.
4068 - Perform canonical sort for 0x20 capsforid compare of replies,
4073 - Set ub_ctx_set_tls call signature in ltrace config file for
4075 - improve documentation for tls-service-key and forward-first.
4078 - #9: For openssl 1.0.2 use the CRYPTO_THREADID locking callbacks,
4079 still supports the set_id_callback previous API. And for 1.1.0
4091 - Fix locking for libunbound context setup with broken port config.
4094 - ub_ctx_set_tls call for libunbound that enables DoT for the machines
4096 - Set build system for added call in the libunbound API.
4097 - List example config for root zone copy locally hosted with auth-zone
4100 - set version to 1.9.0 for release. And this was released with the
4101 spelling for tls-ciphers fix as 1.9.0 on Feb 5. Trunk has 1.9.1 in
4105 - Fix that tcp for auth zone and outgoing does not remove and
4113 - Newer aclocal and libtoolize used for generating configure scripts,
4115 - Fix unit test for python 3.7 new keyword 'async'.
4117 no check for already checked delegation pointer in iterator,
4118 in testcode check for NULL packet matches, in perf do not copy
4121 testcode for unknown macro operand give zero result. Initialise the
4125 include mini_event.h to have a prototype for mini_ev_cmp
4126 include edns.h to have a prototype for apply_edns_options
4129 no previous prototype for function
4132 no previous prototype for function
4136 no previous prototype for function...
4139 no previous prototype for function 'copy_rrset'
4140 no need for another variable "r"; gets rid of compiler warning:
4142 no need for another variable "ns"; gets rid of compiler warning:
4148 options for unbound.conf.
4149 - Fixes for the patch, and man page entry.
4150 - Fix configure to detect SSL_CTX_set_ciphersuites, for better
4152 - Patch for TLS session resumption from Manabu Sonoda,
4154 - Fixes for patch (includes, declarations, warnings). Free at end
4157 - Fix for IXFR fallback to reset counter when IXFR does not timeout.
4160 - Fix space calculation for tcp req buffer size.
4161 - Doc for stream-wait-size and unit test.
4164 - Fix for #4219: secondaries not updated after serial change, unbound
4169 - Fix tcp idle timeout test, for difference in the tcp reply code.
4170 - Unit test for tcp request reorder and timeouts.
4171 - Unit tests for ssl out of order processing.
4178 - For caps-for-id fallback, use the whitelist to avoid timeout
4179 starting a fallback sequence for it.
4180 - increase mesh max activation count for capsforid long fetches.
4183 - Get ready for the DNS flag day: remove EDNS lame procedure, do not
4187 - In the out of order processing, reset byte count for (potential)
4194 - Fix for out of order processing administration quit cleanup.
4195 - unit test for tcp out of order processing.
4198 - Initial commit for out-of-order processing for TCP and TLS.
4201 - Log query name for looping module errors.
4214 the patch adds a program used for fuzzing.
4217 - Fix for crash in dns64 module if response is null.
4223 - Fix for FreeBSD port make with dnscrypt and dnstap enabled.
4224 - Fix #4206: support openssl 1.0.2 for TLS hostname verification,
4229 - Fix dns64 allocation in wrong region for returned internal queries.
4232 - Fix icon, no ragged edges and nicer resolutions available, for eg.
4237 - Patch for typo in unbound.conf man page.
4239 log-replies in the log file for easier log filter maintenance.
4244 - tag for 1.8.2rc1, which became 1.8.2 on 4 dec 2018, with icon
4254 - Fix leak in chroot fix for auth-zone.
4255 - Fix clang analysis for outside directory build test.
4262 - New and better fix for Fix #4193: Fix that prefetch failure does
4266 - stat count SERVFAIL downstream auth-zone queries for expired zones.
4268 - Fix windows compile for new rrset roundrobin fix.
4269 - Update contrib fastrpz patch for latest release.
4277 - Fix that unbound-control can send file for view_local_datas.
4282 succeed for the python module.
4284 - ignore debug python module for test in doxygen output.
4285 - review fixes for python module.
4298 - Add patch from Jan Vcelak for pythonmod,
4299 add sockaddr_storage getters, add support for query callbacks,
4328 - Limit ECS scope returned to client to the scope used for caching.
4353 - Set default for so-reuseport to no for FreeBSD. It is enabled
4354 by default for Linux and DragonFlyBSD. The setting can
4359 - updated contrib/fastrpz.patch to apply for this version
4367 - tag for release 1.8.1rc1. Became release 1.8.1 on 8 oct, with
4377 for DNS over TLS service. It sets the configured tls auth name.
4378 This is useful for hosts that apart from the DNS over TLS services
4380 - Fix #4149: Add SSL cleanup for tcp timeout.
4383 - Fix compile on Mac for unbound, provide explicit_bzero when libc
4385 - Fix unbound for openssl in FIPS mode, it uses the digests with
4388 some iterator states for nonresponsive domains can get into a
4389 state where they waited for an empty list.
4391 to be reset by the TCP time measurement (that exists for TLS),
4396 - Fix seed for random backup code to use explicit zero when wiped.
4401 - in testcode, free async ids, initialise array, and check for null
4402 pointer during test of the test. And use exit for return to note
4408 - check for null in delegation point during iterator refetch
4411 - initialize statistics totals for printout.
4421 - Fixed unused return value warnings in contrib/fastrpz.patch for
4440 - Tag for 1.8.0rc1 release, became 1.8.0 release on 10 Sep 2018.
4447 in a view with view-first, makes queries check for answers from the
4455 - Set defaults to yes for a number of options to increase speed and
4466 - Fix lintflags for lint on FreeBSD.
4470 gives access to reply information for the client's communication
4476 - log-local-actions: yes option for unbound.conf that logs all the
4483 - Fix classification for QTYPE=CNAME queries when QNAME minimisation is
4503 - Fix that printout of error for cycle targets is a verbosity 4
4515 - Patch for stub-no-cache and forward-no-cache options that disable
4516 caching for the contents of that stub or forward, for when you
4537 - Fix for #4136: Fix to unconditionally call destroy in daemon.c.
4547 - Revert previous change for #4136: because it introduces build
4549 - New fix for #4136: This one ignores lex without without
4559 - Patches from Jim Hague (Sinodun) for EDNS KeepAlive.
4568 - Correct and expand manual page entries for keepalive and idle timeout.
4598 - Fix #4131: for solaris, error YY_CURRENT_BUFFER undeclared.
4616 verbosity is 4 or higher, for UDP outgoing sockets.
4621 - Fix for 4126 that the #define for UNKNOWN_SERVER_NICENESS can be more
4629 - Fix documentation ambiguity for tls-win-cert in tls-upstream and
4634 - Fix round robin for failed addresses with prefer-ip6: yes
4642 - Better documentation for unblock-lan-zones and insecure-lan-zones
4644 - Fix permission denied printed for auth zone probe random port nrs.
4647 - Fix checking for libhiredis printout in configure output.
4650 also set the 20326 trust anchor for the root in the example code.
4653 - dns64-ignore-aaaa: config option to list domain names for which the
4658 - num.queries.tls counter for queries over TLS.
4666 - Partial fix for permission denied on IPv6 address on FreeBSD.
4668 stop scan of masters for an updated zone.
4674 - Fix usage printout for unbound-host, hostname has to be last
4678 - Fix for unbound-control on Windows and set TCP socket parameters
4687 - Fix that control-use-cert: no works for 127.0.0.1 to disable certs.
4689 - Fix unbound-checkconf for control-use-cert.
4693 - tag for 1.7.3rc1.
4697 sequence for a master to transfer the zone from and transfers when
4702 file for url downloads.
4712 - #4102 for NSD, but for Unbound. Named unix pipes do not use
4722 - Patch to fix openwrt for mac os build darwin detection in configure.
4729 - Fix deadlock caused by incoming notify for auth-zone.
4730 - tag for 1.7.2rc1, became 1.7.2 release on 11 June 2018,
4736 The older name is accepted for backwards compatibility.
4745 - Fix that fallback for windows port.
4750 - tls-win-cert option that adds the system certificate store for
4755 - For TCP and TLS connections that don't establish, perform address
4757 - Fix that tcp sticky events are removed for closed fd on windows.
4758 - Fix close events for tcp only.
4763 - unbound-host initializes ssl (for potential DNS-over-TLS usage
4777 - Fix contrib/libunbound.pc for libssl libcrypto references,
4781 - Fix windows to not have sticky TLS events for TCP.
4802 - Fix for crash in daemon_cleanup with dnstap during reload,
4804 - Also that for dnscrypt.
4805 - tag for 1.7.1rc1 release. Became 1.7.1 release on 3 May, trunk
4809 - Fix memory leak when caching wildcard records for aggressive NSEC use
4812 - Fix contrib/fastrpz.patch for this release.
4813 - Fix auth https for libev.
4819 - makedist uses bz2 for expat code, instead of tar.gz.
4820 - Fix #4092: libunbound: use-caps-for-id lacks colon in
4824 - Fix sldns parse failure for CDS alternate delete syntax empty hex.
4825 - Attempt for auth zone fix; add of callback in mesh gets from
4831 - man page documentation for dns-over-tls forward-addr '#' notation.
4844 - For addr with #authname and no @port notation, the default is 853.
4852 - allow-notify: config statement for auth-zones.
4853 - unit test for allow-notify
4861 - Fix for max include depth for authzones.
4862 - Fix memory free on fail for $INCLUDE in authzone.
4863 - Fix that an internal error to look up the wrong rr type for
4872 - documentation for low-rtt and low-rtt-pct.
4881 - Accept both option names with and without colon for get_option
4884 of fast servers for some percentage of the time.
4887 - Combine write of tcp length and tcp query for dns over tls.
4889 - Fix above stub queries for type NS and useless delegation point.
4891 tls_choose_sigalg routine does not allow the ciphers for the pipe,
4898 failing with a forwarder set. Now, auth-zone is only used for
4908 - Do not use cached NSEC records to generate negative answers for
4919 - Add --with-libhiredis, unbound support for a new cachedb backend
4936 - Added documentation for aggressive-nsec: yes.
4952 cleanly for me, now also for others.
4959 - Reverted fix for #3512, this may not be the best way forward;
4962 - svn trunk contains 1.7.0, this is the number for the next release.
4963 - Fix for windows compile.
4967 - Fix to check define of DSA for when openssl is without deprecated.
4970 causes same port to be used twice for tcp connections.
4979 - Save wildcard RRset from answer with original owner for use in
4983 - Fix #3512: unbound incorrectly reports SERVFAIL for CAA query
4985 - Fix validation for CNAME loops. When it detects a cname loop,
4991 - Fix #3505: Documentation for default local zones references
4994 to the global local zone contents, for queries for that zone.
4995 - Fix for more maintainable code in localzone.
4998 - Fixes for clang static analyzer, the missing ; in
5010 - Unit test for auth zone https url download.
5028 eg. with auth-zone: name: "." for-downstream: no for-upstream: yes
5047 - ltrace.conf file for libunbound in contrib.
5051 for startup scripts to get the full pathname(s) of anchor file(s).
5057 also recognized and means the same. Also for tls-port,
5066 - tag 1.6.8 for release with CVE fix.
5068 - patch for CVE-2017-15105: vulnerability in the processing of
5092 - Also disable -flto for clang, to make incep-expi signature check
5116 set for stub zone. It no longer searches for DNSSEC information.
5130 - Fix #2141 - for libsodium detect lack of entropy in chroot, print
5155 - lint for recent authzone commit.
5174 - Better documentation for cache-max-negative-ttl.
5186 - Fix some more crpls in testdata for different signaling default.
5194 - Fix param unused warning for windows exportsymbol compile.
5225 - Fix unbound-host to report error for DNSSEC state of failed lookups.
5232 - Add dns64 for client-subnet in unbound-checkconf.
5240 - makedist fix for windows binaries, with openssl 1.1.0 windres fix,
5248 - For #1417: escape ; in dnscrypt tests.
5264 - new keys and certs for dnscrypt tests.
5272 - Small fixes for the shared secret cache patch.
5274 entries for udp and tcp.
5291 TCP in this case and is also more robust for cases where connectx()
5292 fails for some reason.
5293 - Fix #1402: squelch invalid argument error for fd_set_block on windows.
5304 - Fix #1397: Recursive DS lookups for AS112 zones names should recurse.
5309 - Added stats for queries that have been ratelimited by domain
5320 - annotate case statement fallthrough for gcc 7.1.1.
5327 - Fix DSA configure switch (--disable dsa) for libnettle and libnss.
5338 - Redirect all localhost names to localhost address for RFC6761.
5342 - Fix svn hooks for tdir (selected if testcode/mini_tdir.sh exists)..
5348 - Fix for unbound-checkconf, check ipsecmod-hook if ipsecmod is turned
5356 - Fix python example0 return module wait instead of error for pass.
5358 - enhancement for hardened-tls for DNS over TLS. Removed duplicated
5368 - (for 1.6.5)
5369 Better fixup of dnscrypt_cert_chacha test for different escapes.
5370 - First fix for zero b64 and hex text zone format in sldns.
5371 - unbound-control dump_infra prints port number for address if not 53.
5374 - (for 1.6.5): fixup of dnscrypt_cert_chacha test (from Manu Bretelle).
5404 - Fix stub zone queries leaking to the internet for
5406 - Fix query for refetch_glue of stub leaking to internet.
5411 contains malformed qname. When 0x20 caps-for-id is enabled, when
5414 - More fixes in depth for buffer checks in 0x20 qname checks.
5423 - Detect chacha for dnscrypt at configure time.
5431 - Add an explicit type cast for TCP FASTOPEN fix.
5453 - Add defaults for new local-zone trees added to views using
5457 - Support for openssl EVP_DigestVerify.
5458 - Support for the ED25519 algorithm with openssl (from openssl 1.1.1).
5461 - Fix assertion for low buffer size and big edns payload when worker
5471 - printout localzone for duplicate local-zone warnings.
5475 rrsets added for cname chain.
5494 - Use qstate's region for IPSECKEY rrset (ipsecmod).
5504 - better module memory lookup, fix of unbound-control shm names for
5511 - Fix queries for nameservers under a stub leaking to the internet.
5521 can share the same source port (for different destinations).
5525 - Use mesh_add_sub for key tag signaling query.
5528 - Added test for leak of stub information.
5550 Also unbound-control get_option. Also for dnscrypt.
5555 - Fix #1254: clarify ratelimit-{for,below}-domain (from Manu Bretelle).
5568 - tag for 1.6.2rc1
5569 - (for 1.6.3:) unbound.h exports the shm stats structures. They use
5580 - Properly check for allocation failure in local_data_find_tag_datas.
5596 - Use correct identifier for SHM destroy.
5599 - Fix pythonmod for cb changes.
5607 - (de)register inplace callbacks for module id
5608 - No unbound-control set_option for ECS options
5618 - Small fixup for documentation.
5620 - Fix respip for braces when locks arent used.
5621 - Fix pythonmod for cb changes.
5661 - Fix doxygen for dnscrypt files.
5667 - lru_demote and lruhash_insert_or_retrieve functions for getdns.
5668 - fixup for lruhash (whitespace and header file comment).
5672 - Patch for view functionality for local-data-ptr from Björn Ketelaars.
5673 - Fix #1237 - Wrong resolving in chain, for norec queries that get
5701 - make depend for build dependencies.
5706 - Fix #1230: swig version 2.0.0 is required for pythonmod, with
5719 - For #1227: if we have sha256, set the cipher list to have no
5724 - Fix #1226: provide official 32bit binary for windows.
5727 - include sys/time.h for new shm code on NetBSD.
5732 - Patch from Luiz Fernando Softov for Stats Shared Memory.
5745 - sldns updated for vfixed and buffer resize indication from getdns.
5748 - sldns has ED25519 and ED448 algorithm number and name for display.
5754 - Fix autoconf of systemd check for lack of pkg-config.
5757 - Fix pythonmod for typedef changes.
5758 - Fix dnstap for warning of set but not used.
5765 - Fix for type name change and fix warning on windows compile.
5774 - fix root_anchor test for updated icannbundle.pem lower certificates.
5802 - Fix to return formerr for queries for meta-types, to avoid
5813 systemd files for unbound, install them in /usr/lib/systemd/system.
5818 - Fix #1194: Cross build fails when $host isn't `uname` for getentropy.
5833 - 64bit is default for windows builds.
5845 - Fix #1176: stack size too small for Alpine Linux.
5852 - Add DSA support for OpenSSL 1.1.0
5853 - Fix remote control without cert for LibreSSL
5856 - Added generic EDNS code for registering known EDNS option codes,
5862 - Added code for registering inplace callback functions. The registered
5868 - Updated Python module for the above.
5903 - QNAME minimisation uses QTYPE=A, therefore always check cache for
5905 - Added unit test for QNAME minimisation + harden below nxdomain
5910 - Fix unit tests for DS hash processing for fake-dsa test option.
5916 Underneath" for the harden-below-nxdomain option.
5930 - Note that for harden-below-nxdomain the nxdomain must be secure,
5937 - .gitattributes line for githubs code language display.
5949 - Patch for server.num.zero_ttl stats for count of expired replies,
5953 - Fix unit tests for openssl 1.1, with no DSA, by faking DSA, enabled
5966 - Ported tests for local_cname unit test to testbound framework.
5970 - init lzt variable, for older gcc compiler warnings.
5984 - Fix #1125: unbound could reuse an answer packet incorrectly for
6007 - Fix Nits for 1.5.10 reported by Dag-Erling Smorgrav.
6016 - tag for 1.5.10 release
6025 - tag for 1.5.10rc1 release.
6028 - Fix 883: error for duplicate local zone entry.
6029 - Test for openssl init_crypto and init_ssl functions.
6039 - Fix for new splint on FreeBSD. Fix cast for sockaddr_un.sun_len.
6042 - Fix #831: workaround for spurious fread_chk warning against petal.c
6059 - RFC 7958 is now out, updated docs for unbound-anchor.
6060 - Fix for compile without warnings with openssl 1.1.0.
6067 - Add default root hints for IPv6 E.ROOT-SERVERS.NET, 2001:500:a8::e.
6073 - 64bit build option for makedist windows compile, -w64.
6078 - unbound.conf.5 entries for define-tag, access-control-tag,
6084 that attempt to wait for an empty list of subqueries.
6085 - Fix #804: lower num_target_queries for iterator also for failed
6092 - Fix #807: workaround for possible some "unused" function parameters
6096 - use sendmsg instead of sendto for TFO.
6107 - Fix #802: workaround for function parameters that are "unused"
6119 - Fixed unbound.doxygen for 1.8.11.
6126 - Fix detect of mingw for MXE package build.
6127 - Fixes for 64bit windows compile.
6128 - Fix #788 for nettle 3.0: Failed to build with Nettle >= 3.0 and
6132 - For #787: prefer-ip6 option for unbound.conf prefers to send
6135 freebind to use 64bits of entropy for every query with random local
6145 - Create a pkg-config file for libunbound in contrib.
6153 - Possibility to specify local-zone type for an acl/tag pair
6154 - Possibility to specify (override) local-zone type for a source address
6165 is used (200 msec, vs 2 minutes) to pressure tcp for new connects.
6168 - QNAME minimisation unit test for dropped QTYPE=A queries.
6172 null delete for wsaevent.
6180 - Use QTYPE=A for QNAME minimisation.
6182 Stop minimising when number of time-outs for a QNAME/QTYPE pair is
6187 - Fix directory: fix for unbound-checkconf, it restores cwd.
6202 - Revert fix for NetworkService account on windows due to breakage
6214 - Improve threadsafety for openssl 0.9.8 ecdsa dnssec signatures.
6223 initialisation to free up memory for more entries.
6229 - Fix libubound for edns optlist feature.
6233 - tag for release 1.5.9rc1.
6235 - Fix (for 1.5.10): Fix unbound-anchor.exe file location defaults to
6244 - and also generic edns options for upstream messages (and replies).
6251 - Attempted fix for #765: _unboundmodule missing for python3.
6273 - No QNAME minimisation fall-back for NXDOMAIN answers from DNSSEC
6293 - Fix #759: 0x20 capsforid no longer checks type PTR, for
6307 - Fix #753: document dump_requestlist is for first thread.
6310 - Document permit-small-holddown for 5011 debug.
6318 - Fix compile of getentropy_linux for SLES11 servicepack 4.
6320 - Fix test for openssl to use HMAC_Update for 1.1.0.
6322 - acx_nlnetlabs.m4 to v34, with -ldl -pthread test for libcrypto.
6328 - If QNAME minimisation is enabled, do cache lookup for QTYPE NS in
6342 - Fix ip-transparent for ipv6 on FreeBSD, thanks to Nick Hibma.
6343 - Fix ip-transparent for tcp on freebsd.
6346 - ip_freebind: yesno option in unbound.conf sets IP_FREEBIND for
6351 - Fix compile for ub_event code with older libev.
6357 - For test put free in pluggable api in parenthesis.
6360 - Fixup backend2str for libev.
6363 - User defined pluggable event API for libunbound
6364 - Fixup of compile fix for pluggable event API from P.Y. Adi
6377 - configure tests for the weak attribute support by the compiler.
6391 - ub_ctx_set_stub() function for libunbound to config stub zones.
6403 - Set IPPROTO_IP6 for ipv6 sockets otherwise invalid argument error.
6406 - ip-transparent option for FreeBSD with IP_BINDANY socket option.
6407 - wait for sendto to drain socket buffers when they are full.
6410 - Test for type OPENPGPKEY.
6415 - Fix patch typo in prevuous commit for 734 from Adi Prasaja.
6424 - Fix #741: log message for dnstap socket connection is more clear.
6430 - Fix cmsg alignment for argument to sendmsg on NetBSD.
6431 - Fix that unbound complains about unimplemented IP_PKTINFO for
6432 sendmsg on NetBSD (for interface-automatic).
6450 - Fix test if -pthreads unused to use better grep for portability.
6453 - Fix mingw crosscompile for recent mingw.
6457 - #731: tcp-mss, outgoing-tcp-mss options for unbound.conf, patch
6464 for Linux glibc 2.20.
6465 - Fixup contrib/aaaa-filter-iterator.patch for moved contents in the
6486 - Fixup 724 for unbound-control.
6496 - Committed fix to qname minimisation and unit test case for it.
6503 - Fixup 724: Fix PCA prompt for unbound-service-install.exe.
6505 - For 724: Add Changelog to windows binary dist.
6511 - Fixup 724 fix for fname_after_chroot() calls.
6512 - Remove stdout printout for unbound-service-install.exe
6513 - .gitignore for git users.
6519 - Fix for #724: conf syntax to read files from run dir (on Windows).
6522 - Fix for #720, fix unbound-control-setup windows batch file.
6537 - Fix #594. libunbound: optionally use libnettle for crypto.
6538 Contributed by Luca Bruno. Added --with-nettle for use with
6542 - Fixup DER encoded DSA signatures for libnettle.
6545 - Fix for lenient accept of reverse order DNAME and CNAME.
6554 - Fix #718: Fix unbound-control-setup with support for env
6558 - patch from Doug Hogan for SSL_OP_NO_SSLvx options.
6562 - Fix checklock testcode for linux threads on exit.
6571 - Fix #714: Document config to block private-address for IPv4
6583 - Fix sldns_wire2str_rdata_scan for malformed RRs.
6584 - tag for 1.5.6rc1 release.
6592 - Default for ssl-port is port 853, the temporary port assignment
6593 for secure domain name system traffic.
6595 to put a clause in unbound.conf for that. The new value is likely
6596 going to be the standardised port number for this traffic.
6606 - tag for 1.5.5rc1 release.
6616 - Fix #702: New IPs for for h.root-servers.net.
6621 - Fix unbound.conf(5) access-control description for precedence
6628 - Fix #697: Get PY_MAJOR_VERSION failure at configure for python
6635 - Fix deadlock for local data add and zone add when unbound-control
6639 for algorithm rollover.
6660 - please afl-gcc (llvm) for uninitialised variable warning.
6673 - Enable ECDHE for servers. Where available, use
6674 SSL_CTX_set_ecdh_auto() for TLS-wrapped server configurations to
6680 - Allow certificate chain files to allow for intermediate certificates.
6684 - makedist produces sha1 and sha256 files for created binaries too.
6694 - Fix alloc with log for allocation size checks.
6729 - Change syntax of particular validator error to be easier for
6732 failed from 2001:DB8:7:bba4::53 for <*.example.nl. NSEC IN>
6736 that cannot work with caps-for-id or its fallback.
6739 - Unit test for type ANY synthesis.
6757 Use print_function also for Python2.
6766 For particular names you can configure exceptions in unbound.conf.
6767 - Fix that get_option for cache-sizes does not print double newline.
6806 - Add ip-transparent config option for bind to non-local addresses.
6809 - Use reallocarray for integer overflow protection, patch submitted
6834 - Document that incoming-num-tcp increase is good for large servers.
6860 - Fix #646 Portability to Solaris, -lrt for getentropy_solaris.
6887 - infra-cache-min-rtt patch from Florian Riehm, for expected long
6893 - Portability fix for Solaris ('sun' is not usable for a variable).
6896 - Fix pyunbound byte string representation for python3.
6899 - Fix unintended use of gcc extension for incomplete enum types,
6906 - unit test for local unix connection. Documentation and log_addr
6907 does not inspect port for AF_LOCAL.
6915 - Fix pyunbound ord call, portable for python 2 and 3.
6922 - patch for remote control over local sockets, from Dag-Erling
6925 - Fixup that patch and uid lookup (only for daemon).
6929 - getauxval test for ppc64 linux compatibility.
6930 - make strip works for unbound-host and unbound-anchor.
6935 unbound-control-setup for installs where config is not in
6953 client IP for queries in that zone. Eg. for finding infected hosts.
6967 - Fix makefile for build from noexec source tree.
6970 - Fix libunbound undefined symbol errors for main.
6971 Referencing main does not seem to be possible for libunbound.
7001 - Patch from Stephane Lapie for ASAHI Net that implements aaaa-filter,
7012 - Patch from James Raftery, always print stats for rcodes 0..5.
7049 - Fix unbound-checkconf check for module config with dns64 module.
7064 - Fix for mingw compile openssl ranlib.
7070 - Fix swig and python examples for Python 3.x.
7071 - Fix for mingw compile with openssl-1.0.1i.
7086 - Fix unit test for CDS typecode.
7092 - Fixup checklock code for log lock and its mutual initialization
7095 - Removed necessity for pkg-config from the dnstap.m4, new are
7126 This adds a module (for module-config in unbound.conf) dns64 that
7132 time_t is now used for ttl in unbound (since the patch's version).
7133 - testdata/dns64_lookup.rpl for unit test for dns64 functionality.
7140 - Fix endian.h include for OpenBSD.
7156 - Fix to check openssl version number only for OpenSSL.
7157 - LibreSSL provides compat items, check for that in configure.
7158 - Fix bug in fix for log locks that caused deadlock in signal handler.
7165 - arc4random in compat/ and getentropy, explicit_bzero, chacha for
7170 - arc4random, getentropy and explicit_bzero compat for Windows.
7177 - signit tool fixup for compile with libldns library.
7188 - Fix caps-for-id fallback, and added fallback attempt when servers
7190 - Fixup testsetup for VM tests (run testcode/run_vm.sh).
7196 - Add AAAA for B root server to default root hints.
7222 generated files. The prototype for libworker_event_done_cb()
7234 perform 10.0.0.0/8 and other reverse lookups normally, for use if
7235 unbound is running service for localhost on localhost.
7263 and errors from the cache. For dnssec-trigger and NetworkManager,
7276 but it stops the use of the ipv6 transport layer for DNS traffic.
7281 - Patch from Hannes Frederic Sowa for Linux 3.15 fragmentation
7282 option for DNS fragmentation defense.
7287 +i annotation in output of list_forwards, also for list_stubs
7288 (for NetworkManager integration.)
7304 - Fix #572: Fix unit test failure for systems with different
7364 - unit test for ldns wire to str and back with zones, root, nlnetlabs
7366 - Fix for hex to string in unknown, atma and nsap.
7370 are not portable; they cannot be read (for sure) on other computers.
7382 - delay-close: msec option that delays closing ports for which
7417 - update pythonmod for ldns_ to sldns_ name change.
7420 - Fix sldns to use sldns_ prefix for all ldns_ variables.
7436 - Accept ip-address: as an alternative for interface: for
7452 - portability fixes for new USE_SLDNS ldns subdir codebase.
7466 and an ldns_buffer for the wire return packet to perform async
7484 - More fixes for bug#519: for the threaded case test if the bg
7495 - Fix for 2038, with time_t instead of uint32_t.
7504 - Fix#516 dnssec lameness detection for answers that are improper.
7510 - Fix#512 memleak in testcode for testbound (if it fails).
7529 - Fix for const string literals in C++ for libunbound, from Karel
7537 - get_option and set_option support for log-time-ascii, python-script
7539 immediately. The others are mostly useful for libunbound users.
7572 - add unbound-control insecure_add and insecure_remove for the
7578 - Robust checks on dname validity from rdata for dname compare.
7589 - Fix so that for a configuration line of include: "*.conf" it is not
7595 - Fix queries leaking up for stubs and forwards, if the configured
7599 - code improve for minimal responses, small speed increase.
7616 And add detection for machine/endian.h to it.
7621 - Fix makedist for new svn for -d option.
7623 - Fix windows RSRC version for long version numbers.
7628 - committed libunbound version 4:1:2 for binary API updated in 1.4.20
7629 - install copy of unbound-control.8 man page for unbound-control-setup
7636 - Fixup makedist.sh for windows compile.
7640 - testcode/ldns-testpkts.c check for makedist is informational.
7643 - fix defines in lookup3 for bigendian bsd alpha
7650 - add libunbound.ttl at end of result structure, version bump for
7656 - includes and have_ssl fixes for nss.
7662 - updated fwd_zero for newer nc. Updated common.sh for newer netstat.
7667 the signer has the correct key usage for a digital signature.
7685 - Fix unbound-anchor xml parse of entity declarations for safety.
7701 - note support for AAAA RR type RFC.
7724 - Fix validation for responses with both CNAME and wildcard
7729 - fix build of pythonmod in objdir, for unbound.py.
7754 deprecated (RFC6725). The MD5 hash is considered weak for some
7769 - Fix timeouts so that when a server has been offline for a while
7770 and is probed to see it works, it becomes fully available for
7774 - Add documentation to libunbound for default nonuse of resolv.conf.
7778 are for 1.4.19).
7787 - Fix that enables modules to register twice for the same
7791 - added manpage links for libunbound calls (Thanks Paul Wouters).
7806 - review fix for libnss, check hash prefix allocation size.
7809 - fix missing break for GOST DS hash function.
7810 - implemented forward_first for the root.
7829 - Add flush_bogus option for unbound-control
7832 - Fix validation of qtype DS queries that result in no data for
7845 - patch for unbound_munin_ script to handle arbitrary thread count by
7850 - code review: return value of cache_store can be ignored for better
7856 - disable RSAMD5 if in FIPS mode (for openssl and for libnss).
7859 - implement DS records, NSEC3 and ECDSA for compile with libnss.
7863 - nss check for verification failure.
7864 - nss crypto works for RSA and DSA.
7867 - work on --with-nss build option (for now, --with-libunbound-only).
7896 - tag for 1.4.17 release.
7904 - Protect if statements in val_anchor for compile without locks.
7905 - tag for 1.4.17rc1.
7908 - fix configure ECDSA support in ldns detection for windows compile.
7915 - Fix for accept spinning reported by OpenBSD.
7919 - Fix validation of nodata for DS query in NSEC zones, reported by
7923 - ECDSA support (RFC 6605) by default. Use --disable-ecdsa for older
7927 - Applied patch from Daisuke HIGASHI for rrset-roundrobin and
7945 - new approach to NS fetches for DS lookup that works with
7950 - fix to locate nameservers for DS lookup with NS fetches.
7953 - Patch for access to full DNS packet data in unbound python module
7972 - Fix bug#434: on windows check registry for config file location
7973 for unbound-control.exe, and unbound-checkconf.exe.
7989 - iter hints (stubs) uses malloc inside for more dynamicity.
7991 can modify stubs and forwards for running unbound (on mobile computer)
7992 they can also add and remove domain-insecure for the zone.
7996 - iter forwards uses malloc inside for more dynamicity.
7999 - RT#2955. Fix for cygwin compilation.
8006 - unit test fix for nomem_cnametopos.rpl race condition.
8009 - Fix AHX_BROKEN_MEMCMP for autoheader mess up of #undef in config.h.
8014 for use on the public internet (the protocol numbers have not
8016 - fix memory leak in errorcase for DSA signatures.
8018 - workaround for openssl 0.9.8 ecdsa sha2 and evp problem.
8021 - fix for windows, rename() is not posix compliant on windows.
8030 closest encloser from yy for DS zz. while building chain of trust,
8032 for an NSEC3. Now it does not change rdata, and fixes TTL.
8039 - Tag 1.4.15 (same as 1.4.15rc1), for 1.4.15 release.
8065 with (binary) backwards compatibility for the previous version.
8072 - uninitialised variable in reprobe for rtt blocked domains fixed.
8080 - Fix for memory leak (about 20 bytes when a tcp or udp send operation
8087 - Fix for VU#209659 CVE-2011-4528: Unbound denial of service
8090 - robust checks for next-closer NSEC3s.
8114 - Fix for tcp-upstream and ssl-upstream for if a laptop sleeps, causes
8115 SERVFAILs. Also fixed for UDP (but less likely).
8126 - Makefile changed for BSD make compatibility.
8129 - added unit test for SSL service and SSL-upstream.
8139 It performs an SSL transaction for every DNS query (250 msec).
8140 - documentation for new options: ssl-upstream, ssl-service-key and
8143 - fix -flto detection on Lion for llvm-gcc.
8153 - fix iana-update for changing gzip compression of results.
8160 - fix iana_update target for gzipped file on iana site.
8163 - Fix resolve of partners.extranet.microsoft.com with a fix for the
8164 server selection for choosing out of a (particular) list of bad
8176 - fix unbound-anchor for broken strptime on OSX lion, detected
8179 - Implement ipv6%interface notation for scope_id usage.
8182 - better documentation for inform_super (Thanks Yang Zhe).
8185 - Fix for out-of-memory condition in libunbound (thanks
8198 - unbound.exe -w windows option for start and stop service.
8206 parent-child server, and the answer has the AA flag for dir.slb.com.
8215 - max sent count. EDNS1480 only for rtt < 5000. No promiscuous
8246 for fetch of data has want_dnssec because the iter_indicate_dnssec
8249 the cache says it has this. This helps for DLV deployment when
8250 the DNSSEC status is not known for sure before the lookup concludes.
8259 available at the name for qtype ANY and validates those RR types.
8260 It does not test for completeness (i.e. with NSEC or NSEC3 query),
8262 even more data for the already large response).
8265 - tcp-upstream yes/no option (works with set_option) for tunnels.
8272 - new xml format at IANA, new awk for iana_update.
8292 meantime, those are for 1.4.13).
8296 - Quick fix for contrib/unbound.spec example, no ldns-builtin any more.
8335 - Use -flto compiler flag for link time optimization, if supported.
8339 - IPv6 service address for d.root-servers.net (2001:500:2D::D).
8346 This is the new default for the control-port config setting.
8350 - Fix Makefile for U in environment, since wrong U is more common than
8373 - bug#378: Fix that configure checks for ldns_get_random presence.
8379 and curb the TTL if it is bad, thus protecting the cache for use by
8381 - val-override-date: -1 ignores dates entirely, for NTP usage.
8394 - bug#370: new unbound.spec for CentOS 5.x from Harold Jones.
8404 - Fix no ADflag for NXDOMAIN in NSEC3 optout. And wildcard in optout.
8405 - give config parse error for multiple names on a stub or forward zone.
8425 - tpkg updated with common.sh for common functionality.
8428 - Added regression test for addition of a .net DS to the root, and
8429 cache effects with different TTL for glue and DNSKEY.
8439 - fix bug#349: no -L/usr for ldns.
8446 - add get and set option for harden-below-nxdomain feature.
8451 server, for type NS the TTL is not increased.
8454 - Fix prefetch so it does not get stuck on old server for moved names.
8478 for algorithms needs to be double-signature until the old algorithm
8485 - fix validation in this case: CNAME to nodata for co-hosted opt-in
8493 - review changes for unbound-anchor.
8517 - so-sndbuf option for very busy servers, a bit like so-rcvbuf.
8528 - do not synthesize a CNAME message from cache for qtype DS.
8545 - Fix validation failure for parent and child on same server with an
8550 - dump_infra and flush_infra commands for unbound-control.
8561 - Windows 7 fix for the installer.
8571 - interface automatic works for some people with ip6 disabled.
8575 - Fix for request list growth, if a server has long timeout but the
8580 for some queries.
8594 - ldns tarball updated (for reading cachedumps with bad RR data).
8597 - test for unbound-anchor. fix for reading certs.
8598 - Fix alloc_reg_release for longer uptime in out of memory conditions.
8623 - Algorithm rollover operational reality intrudes, for trust-anchor,
8629 - Abide RFC5155 section 9.2: no AD flag for replies with NSEC3 optout.
8632 - increased mesh-max-activation from 1000 to 3000 for crazy domains
8637 - bug#327: Fix for cannot access stub zones until the root is primed.
8653 Delegpt structures checked for duplicates always.
8664 - Fix acx_nlnetlabs.m4 configure output for autoconf-2.66 AS_TR_CPP
8671 - documentation added for return values reported by doxygen 1.7.1.
8694 - rlimit adjustments for select and ulimit can happen at the same time.
8702 - Changed the defaults for num-queries-per-thread/outgoing-range.
8703 For builtin-select: 512/960, for libevent 1024/4096 and for
8705 to improve resilience under heavy load. For high performance, use
8741 in overload situations to be about 5 qps for the class of shortly
8744 / (average time for such long queries) qps for long queries.
8746 qps for short queries, per thread.
8747 - Fix the max number of reply-address count to be applied for duplicate
8748 queries, and not for new query list entries. This raises the memory
8754 for a non-lame server turned up other misconfigured servers.
8755 - unbound.h has extern "C" statement for easier include in c++.
8764 - Fix to unload gost dynamic library module for leak testing.
8770 - Add AAAA to root hints for I.ROOT-SERVERS.NET.
8781 - Fix to use one pointer less for iterator query state store_parent_NS.
8785 - added documentation for the histogram printout to syslog.
8802 - review comments, split dependency cycle tracking for parentside
8803 last resort lookups for A and AAAA so there are more lookup options.
8815 - new splint flags for newer splint install.
8823 - parentside check for cached newname glue.
8824 - fix parentside and querytargets modulestate, for dump_requestlist.
8826 - fix parentside from cache to be marked dispreferred for bad names.
8831 removed in place of a more exhaustive search for misconfigured data
8835 It also tests for NS RRset differences between parent and child.
8840 The search for misconfigured data is not performed normally.
8843 - Contribution from Migiel de Vos (Surfnet): nagios patch for
8845 unbound-host suitable for monitoring dnssec(-chain) status.
8852 - Fix resolution for domains like safesvc.com.cn. If the iterator
8869 reverse lookup blocks for IPv4 test nets 100.51.198.in-addr.arpa,
8873 - Fix for dnssec lameness detection to use the key cache.
8897 - More strict scrubber (Thanks to George Barwood for the idea):
8906 - Squelch log message: sendto failed permission denied for
8913 - Fix local-zone type redirect that did not use the query name for
8919 - Fix validation failure for qtype ANY caused by a RRSIG parse failure.
8923 - more portability defines for CMSG_SPACE, CMSG_ALIGN, CMSG_LEN.
8928 example key and signatures for GOST. GOST requires openssl-1.0.0.
8935 - Fix chain of trust with CNAME at an intermediate step, for the DS
8942 - Fix EDNS probe for .de DNSSEC testbed failure, where the infra
8959 config file for the main server can be used more easily.
8967 - Fixed random numbers for port, interface and server selection.
8973 - Fix interface-automatic for OpenBSD: msg.controllen was too small,
8975 - check for IP_SENDSRCADDR for interface-automatic or IP_PKTINFO.
8976 - for NSEC3 check if signatures are cached.
8979 - unit test for util/regional.c.
8988 - Include less in config.h and include per code file for ldns, ssl.
8993 - fix for memory alignment in struct sock_list allocation.
8994 - Fix for MacPorts ldns without ssl default, unbound checks if ldns
9027 - --disable-rpath fixed for libtool not found errors.
9031 - Fixup prototype for lexer cleanup in daemon code.
9050 - RD flag not enabled for dnssec-blacklisted tries, unless necessary.
9051 - pickup ldns compile fix, libdl for libcrypto.
9057 - Disregard DNSKEY from authority section for chain of trust.
9062 - Check for 'no space left on device' (or other errors) when
9073 authority servers, unbound caches a failure for the DNSKEY or DS
9074 records for the entire zone, and only retries that 900 seconds later.
9079 - ldns tarball update for long label length syntax error fix.
9084 - include math.h for testbound test compile portability.
9091 - configure test for memcmp portability.
9104 - Fixup lookup trouble for parent-child domains on the first query.
9107 - Fixup ldns detection to also check for header files.
9115 - Fix unbound-checkconf for auto-trust-anchor-file present checks.
9118 - Fix for parent-child disagreement code which could have trouble
9119 when (a) ipv6 was disabled and (b) the TTL for parent and child
9131 - Stats for prefetch, in log print stats, unbound-control stats
9137 - verbose output includes parent-side-address notion for lameness.
9167 - Fix Bug#287(reopened): update of ldns tarball with fix for parse
9168 errors generated for domain names like '.example.com'.
9170 Lampe. The negative cache did not include proper SOA records for
9176 - Fix for lookup of parent-child disagreement domains, where the
9178 for itself, fixing domains such as motorcaravanners.eu.
9194 - updated ldns with release candidate for version 1.6.3.
9195 - tag for 1.4.0 release.
9201 - Patch from David Hubbard for libunbound manual page.
9209 - better argument help for unbound-control.
9213 - noted multiple entries for multiple domain names in example.conf.
9219 - Tests for CNAMEs to deeper trust anchors, secure and bogus.
9223 - Fixed validation failure for CNAME to optout NSEC3 nodata answer.
9246 - better error text for multiple domain keys in one autotrust file.
9250 - Updated GOST unit tests for unofficial algorithm number 249
9273 - Made new validator error string available from libunbound for
9276 Also the errinf is public in module_qstate (for other modules).
9279 - retry for validation failure in DS and prime results. Less mem use.
9280 unit test. Provisioning in other tests for requeries.
9281 - retry for validation failure in DNSKEY in middle of chain of trust.
9283 - retry for empty non terminals in chain of trust and unit test.
9284 - Fixed security bug where the signatures for NSEC3 records were not
9285 checked when checking for absence of DS records. This could have
9289 - val-log-level: 2 shows extended error information for validation
9290 failures, but still one (longish) line per failure. For example:
9292 192.0.2.4 for trust anchor example.com. while building chain of trust
9294 192.0.2.6 for key example.com. while building chain of trust
9299 for bogus data, and this needed to be provisioned in the tests.
9302 - first validation failure retry code. Retries for data failures.
9335 - fix DNSSEC-missing-signature detection for minimal responses
9336 for qtype DNSKEY (assumes DNSKEY occurs at zone apex).
9350 - Fix memstats test tool for log-time-ascii log format.
9357 - use linebuffering for log-file: output, this can be significantly
9359 resolvers to use high verbosity (for short periods).
9365 keep messages bogus in the cache for too long.
9366 - regression test for that bug.
9367 - documented that load_cache is meant for debugging.
9383 - do not call sphinx for documentation when python is disabled.
9389 - Got a patch from Luca Bruno for libunbound support on windows to
9392 - makefile fix for parallel makes.
9393 - Patch from Zdenek Vasicek and Attila Nagy for using the source IP
9398 - TRAFFIC keyword for testbound. Simplifies test generation.
9401 - fix revocation of RR for autotrust, stray exclamation mark.
9430 - fixup DLV lookup for DS queries to unsigned domains.
9434 - free all memory on program exit, fix for ssl and flex.
9467 - Check for openssl compatible with gost if enabled.
9468 - updated unit test for GOST=211 code.
9474 operator can use openssl.cnf for configuration options.
9478 - configure --enable-gost for GOST support, experimental
9502 prime the root servers even though forwarders are configured for
9507 - Fix server selection, so that it waits for open target queries when
9512 - contrib/update-anchor.sh has -r option for root-hints.
9521 - dependencies for compat items, for crosscompile.
9524 - package libgcc_s_sjlj exception handler for NSISdl.dll.
9527 - updated ldns tarball for solaris x64 compile assistance.
9530 - configure changes and ldns update for mingw32 crosscompile.
9533 - Fix for crash at start on windows.
9534 - tag for release 1.3.2.
9536 - Fix for ID bits on windows to use all 16. RAND_MAX was not
9540 - tag for release 1.3.1.
9559 support for c99. r2960 for better configure.
9565 - Fix EDNS fallback when EDNS works for short answers but long answers
9571 of a bit for security!)
9584 - Extreme lenience for wrongly truncated replies where a positive
9587 - autoconf 2.63 for configure.
9591 - CREDITS entry for cz.nic, sponsoring a 'summer of code' that was
9592 used for the python code in unbound. (http://www.nic.cz/vip/ in cz).
9616 - fptr wlist checks for mesh callbacks.
9620 - Fix queries for type DS when forward or stub zones are there.
9628 - same thing fixed for forward-zone and DS, chain of trust from
9641 - 1.3.0 tarball for release created.
9691 - created svn tag for 1.3.0.
9698 - fix for threadsafety in solaris thr_key_create() in tests.
9700 - fix pylib test for Darwin.
9701 - fix pymod test for Darwin and a python threading bug in pymod init.
9703 - -ldl check for libcrypto 1.0.0beta.
9706 - fix for build outside sourcedir.
9707 - fix for configure script swig detection.
9710 - Fix reentrant in minievent handler for unix. Could have resulted
9712 - timers do not take up a fd slot for winsock handler.
9713 - faster fix for winsock reentrant check.
9714 - fix rsasha512 unit test for new (interim) algorithm number.
9732 - Fix for removal of RSASHA256_NSEC3 protonumber from ldns.
9736 because that openssl defines the name STRING for itself.
9756 long. Hard to trigger, but NXDOMAINs for nameservers or CNAME
9758 - documentation test fixed for python addition.
9762 - documentation for pythonmod and pyunbound is generated in doc/html.
9771 ipv6 AAAA records for their nameservers with ipv4 mapped contents.
9794 - outofdir compile fix for python.
9801 - pythonmod in Makefile; changes to remove warnings/errors for 1.3.0.
9813 - added launchd plist example file for MacOSX to contrib.
9814 - deprecation test for daemon(3).
9819 - build fix for test asynclook.
9825 - defaults for windows baked into configure.ac (used if on mingw).
9829 - Fix for and test for unknown algorithms in a trust anchor
9831 This means a (higher)DS or DLV entry for them could succeed, and
9838 - unit test for unsupported algorithm in anchor warning.
9843 - added contrib/unbound_cacti for statistics support in cacti,
9850 - default log to syslog for windows.
9858 - anchor-update for windows, called every 24 hours; unbound reloads.
9888 - fixup --export-symbols to be -export-symbls for libtool.
9890 Thanks to Ondrej Sury and Robert Edmonds for finding it.
9893 - fix asynclook test app for libunbound not exporting symbols.
9899 - makedistro functionality for mingw. Has RC support.
9904 - windres usage for application resources.
9909 - makedist -w for window zip distribution first version.
9928 - more cycle detection. Also for target queries.
9937 This keeps it read only for speed, with no locking necessary.
9938 - forward command for unbound control to change forwarders to use
9946 - #227: flush_stats feature for unbound-control.
9947 - stats_noreset feature for unbound-control.
9948 - flush_requestlist feature for unbound-control.
9957 - #226: dump_requestlist feature for unbound-control.
9960 - contrib contains specfile for fedora 1.2.1 (from Paul Wouters).
9967 - verbosity level 5 logs customer IP for new requestlist entries.
9973 Useful for scripting in management scripts and the like.
9982 result at the same time they call cancel. For this case,
9993 - testbound test for older fix added.
9996 - tag for release 1.2.1.
9997 - trunk setup for 1.3.0 development.
10010 - more cycle detection for NS-check, addr-check, root-prime and
10015 - bug #229: fixup configure checks for compilation with Solaris
10019 - update testset for recent retry change.
10022 - 1.2.1 feature: negative caching for failed queries.
10023 Queries that failed are cached for 5 seconds (NORR_TTL).
10025 - the TTL comparison for the cache used different comparisons,
10035 - find NS rrset more cleanly for qtype NS.
10036 - Moved changes to 1.2.0 for release. Thanks to Mark Zealey for
10047 - created svn tag for 1.2.0 release.
10049 - iana portlist updated for todays list.
10055 - remove possible race condition in the test for race conditions.
10067 - added test for HINFO canonicalisation behaviour.
10072 - HINFO no longer downcased for validation, making unbound compatible
10075 Give full path names for include files.
10080 - fixup getaddrinfo failure handling for remote control port.
10089 - ldns tarball updated with 1.4.1rc for DLV unit test.
10091 - fixup BSD port for infra host storage. It hashed wrongly.
10102 - follow makedist improvements from ldns, for maintainers prereleases.
10107 - better fix for bug #219: use LOG_NDELAY with openlog() call.
10120 - test for remote control with interprocess communication.
10127 - SElinux policy files in contrib/selinux for the unbound daemon,
10155 - rlimit check with new formula; better estimate for number interfaces
10172 - theoretical fix for problems reported on mailing list.
10174 resolution would fail. Fixed to ask for the A and AAAA records.
10175 It has to ask for both always, so that it can fail quietly, from
10177 - test for above, only AAAA and doip6 is no. Fix causes A record
10178 for nameserver to be fetched.
10179 - fixup address duplication on cache fillup for delegation points.
10180 - testset updated for new query answer requirements.
10185 - fixup unittest-neg for locking.
10189 - added configure check for ldns 1.4.0 (using its compat funcs).
10199 - unit test for negative cache, stress tests the refcounting.
10200 - fix for refcounting error that could cause fptr_wlist fatal exit
10202 Attila Nagy for testing).
10205 for extended statistics.
10211 - added configure check for eee build warning.
10229 - fixed file descriptor leak for localzone type deny (for TCP).
10230 - fixed memleak at exit for nsec3 negative cached zones.
10231 - fixed memleak for the keyword 'nodefault' when reading config.
10241 - fixup build process for Mac OSX linker, use ldns b32 compat funcs.
10244 - detect if libssl needs libdl. For static linking with libssl.
10245 - changed to use new algorithm identifiers for sha256/sha512
10251 - a little more debug info for failure on signer names. prints names.
10286 and if the TTL is big enough that solves validation for the zone.
10300 - better documentation for 0x20; remove fallback TODO, it is done.
10301 - harden-referral-path feature includes A, AAAA queries for glue,
10315 Mostly only useful for lock-check testing now.
10325 - fixup tests - the negative cache contained the correct NSEC3s for
10330 - NSEC3 negative cache for qtype DS works.
10333 - NSEC negative cache for DS.
10336 - jostle-timeout option, so you can config for slow links.
10339 - documented choices for DoS, EDNS, 0x20.
10351 - tests for sha256 support and downgrade resistance.
10356 The noprime feature. manpages more explanation. Added a test for it.
10357 - shorthand for reverse PTR, local-data-ptr: "1.2.3.4 www.ex.com"
10365 - tests for remote-control.
10367 - fixup for lock checking but not unchecking in remote control.
10387 - nicer abbreviations for high query types values (ixfr, axfr, any...)
10392 - locking for threadsafe bogus rrset counter.
10406 - working start, stop, reload commands for unbound-control.
10407 - test for unbound-control working; better exit value for control.
10429 - test for private addresses. man page entry.
10430 - code refactored for name and address tree lookups.
10433 - options for 'DNS Rebinding' protection: private-address and
10435 - dnstree for reuse of routines that help with domain, addr lookups.
10445 - disallow nonrecursive queries for cache snooping by default.
10448 - two tests for it and fixups of tests for nonrec refused.
10452 - harden-referral-path option for query for NS records.
10462 - daemon(3) is causing problems for people. Reverting the patch.
10471 - test for insecure zone when DLV is in use, also does negative cache.
10472 - test for trustanchor when DLV is in use (the anchor works).
10473 - test for DLV used for a zone below a trustanchor.
10474 - added scrub filter for overreaching NSEC records and unit test.
10487 - negative cache code linked into validator, for DLV use.
10488 negative cache works for DLV.
10490 - dlv-anchor option for unit tests.
10491 - fixup NSEC_AT_APEX classification for short typemaps.
10492 - ldns-testns has subdomain checks, for unit tests.
10501 - bug #208: extra rc.d unbound flexibility for freebsd/nanobsd.
10504 - DLV nsec code fixed for better detection of closest existing
10506 - DLV works, straight to the dlv repository, so not for production.
10510 - synthesize DLV messages from the rrset cache, like done for DS.
10548 - fix bug 201: null ptr deref on cleanup while udp pkts wait for port.
10549 - added explanatory text for outgoing-port-permit in manpage.
10552 - fixup bug qtype DS for unsigned zone and signed parent validation.
10574 - branch for 1.0 support.
10590 - fixup lookup of DS records by client with trustanchor for same.
10600 - fixup streamtcp bounds setting for udp mode, in the test framework.
10601 - contrib item for updating trust anchors.
10605 - Fix for newegg lameness : ok for qtype=A, but lame for others.
10606 - fixup unit test for infra cache, test lame merging.
10612 - streamtcp can use UDP mode (connected UDP socket), for testing IPv6
10631 - fixed up some TCP porting for winsock.
10633 - use WSAGetLastError() on windows instead of errno for some errors.
10637 fds for waiting on than unixes.
10638 - winsock_event minievent handler for windows. (you could also
10639 attempt to link with libevent/libev ports for windows).
10646 - if no threading, THREADS_DISABLED is defined for use in the code.
10648 - wsa_strerror() function for more readable errors.
10661 * first check for SOA record (negative answer) before NS record
10663 * check if no AA bit for non-forwarder, and thus lame zone.
10664 In response to error report by Richard Doty for mail.opusnet.com.
10706 - bug 184: -r option for unbound-host, read resolv.conf for
10707 forwarder. (Note that forwarder must support DNSSEC for validation
10712 - test for sys/wait.h
10731 - fix bug 174 - check for tcp_sigpipe that ldns-testns is installed.
10739 - fixup for MacOSX hosts file reading (reported by John Dickinson).
10744 - accepted patch from Ondrej Sury for library version libtool option.
10745 - configure --disable-rpath fixes up libtool for rpath trouble.
10750 - TODO modified for post 1.0 plans.
10758 - DESTDIR is honored by the Makefile for rpms.
10770 - parseunbound.pl contrib update from Kai Storbeck for threads.
10775 - unit test for SIGPIPE ignore.
10800 - got update for parseunbound.pl statistics script from Kai Storbeck.
10801 - tpkg tests for udp wait list.
10805 - and check first sig byte for the encoding type.
10809 - fixup threadsafety for libevent-1.4.3+ (event_base_get_method).
10811 - created 256-port ephemeral space for the OS, 59802 available.
10843 - implemented check that for NXDOMAIN and NOERROR answers a query
10855 - -C config feature for harvest program.
10859 - patch from Hugo Koji Kobayashi for iterator logs spelling.
10862 - From report by Jinmei Tatuya, rfc2181 trust value for remainder
10864 - test for this fix.
10884 - ldns-tarball update with fix for ldns_dname_label.
10889 - option to use caps for id randomness.
10890 - config file option use-caps-for-id: yes
10903 - +2% for recursions, if identical queries (except for destination
10905 - removed TODO items for optimizations that do not show up in
10908 not needed for regular installs, only for very large port ranges.
10909 - loop check different speedup pkt-dname-reading, 1% faster for
10911 - less hashing during msg parse, 4% for recursion.
10912 - small speed fix for dname_count_size_labels, +1 or +2% recursion.
10914 optimization resulted in +40% for recursion (cache miss) and
10915 +70 to +80 for cache hits, and +96% for version.bind.
10921 - delay utility for testing.
10930 - setup speec_cache for need-ldns-testns in dotests.
10936 - updated testdata for nsec3 new algorithm numbers (6, 7).
10946 +3% speed for cache responses and +9% for recursions.
10954 released for a callback and a new cancel() for that callback.
10957 for a cancelled function then no use of library functions in
10970 - streamlined code for RD flag setting.
10973 - minievent tests for eintr and eagain.
10977 - --prefix option for configure also changes directory: pidfile:
10979 - added cache speed test, for cache size OK and cache too small.
11004 - test program for multiple queries over a TCP channel.
11005 - tpkg test for stream tcp queries.
11016 to make room for new debug level 2 for detailed information
11017 for operators.
11019 - cleaner configure script and fixes for libevent solaris.
11020 - signedness for log output memory sizes in high verbosity.
11024 - fixup asynclook test for nothreading (it creates only one process
11033 - test for statistics option
11051 - fixup uninit use of buffer by libunbound (query id, flags) for
11055 - made openssl entropy warning more silent for library use. Needs
11057 - fixup forgotten locks for rbtree_searches on ctx->query tree.
11063 - close fds after removing commpoints only (for epoll, kqueue).
11066 - added tpkg for asynclook and library use.
11079 - fixed two races where forked bg process waits for (somehow shared?)
11081 Now those locks are only held for fg_threads and for bg_as_a_thread.
11088 - update plane for retry mode with caution to limit bandwidth.
11089 - fix Makefile for concurrent make of unbound-host.
11096 will share memory for passing results instead of writing it over
11101 - library code for async in libunbound/unbound.c.
11112 - touch up of manpage for libunbound.
11113 - support for IP_RECVDSTADDR (for *BSD ip4).
11114 - fix for BSD, do not use ip4to6 mapping, make two sockets, once
11118 - updated makedist for relative ldns pathnames.
11137 - interface-automatic feature. experimental. Nice for anycast.
11138 - tpkg test for ip6 ancillary data.
11140 - porting experience, define for Solaris, test refined for BSD
11142 - makedist fixup for ldns-src in build-dir.
11146 - configure --enable-debug is needed for dependency generation
11147 for assertions and for compiler warnings.
11154 - added text describing the use of stub zones for private zones.
11155 - checkconf tests for bad hostnames (IP address), and for doubled
11179 - document that 'refused' is a better choice than 'drop' for
11187 - respect -v for NXDOMAINs.
11189 - size_t to int for portability of the header file.
11191 - dependencies and lint for unbound-host.
11207 preparing for code-reuse.
11224 - fptr_wlist for markdelfunc.
11229 - changed checkconf/ to smallapp/ to make room for more support tools.
11235 - fix for building in a subdirectory.
11236 - link lib fix for Leopard.
11247 - Changeup plan for 0.8 - no complication needed, a simple solution
11248 has been chosen for authoritative features.
11252 - test for implicit zone creation and multiple RR RRsets local data.
11261 - fix for nonRDquery validation typing; nodata is detected when
11263 have a SOA record in authority, so this is OK for the validator),
11265 - duplicate checking when adding NSECs for a CNAME, and test.
11288 - test for correct working of static and transparent and couple
11291 - fixup implicit zone generation and AA bit for NXDOMAIN on localdata.
11297 - 0.8 - str2list config support for double string config options.
11301 - do not downcase NSEC and RRSIG for verification. Follows
11307 - 0.8: unit test for addr_mask and fixups for it.
11308 and unit test for addr_in_common().
11316 - created beta-0.7 branch for support.
11317 - tagged 0.7 for beta release.
11318 - moved trunk to 0.8 for 0.8(auth features) development.
11362 data for trust anchors. Included tests for the feature.
11381 - quieter logging at low verbosity level for common tcp messages.
11385 - fixup (grand-)parent problem for dnssec-lameness detection.
11386 - fixup tests to do additional section processing for lame replies,
11397 - added donotquerylocalhost config option. Can be turned off for
11402 See notes in requirements.txt for choices made.
11403 - tests for lameness detection.
11404 - added all to make test target; need unbound for fwd tests.
11428 - ldns-testpkts code is checked for differences between unbound
11430 - ldns trunk from today added in svn repo for fallback in case
11445 when resolving a mandatory-glue nameserver-address for that zone.
11447 the TLD server for this name. And this resolves a lot of cases where
11450 for thread safety. The random generator is initialised with
11470 - changed loopdetect % 8 with & 0x7 since % can become negative for
11482 And test for the case, uses xxd and nc.
11483 - more portable ip6 check for sockaddr types.
11486 - --disable-rpath option in configure for 64bit systems with
11490 - fixup tests for no AD bit in non-DO queries.
11497 - callback checks for event callbacks done from mini_event. Because
11513 - fix for multiple empty nonterminals, after multiple DSes in the
11519 - unit test for multiple ENT case.
11520 - fix for cname out of validated unsec zone.
11530 - test case for unbound-checkconf, fixed so it also checks the
11540 - tests for NSEC3. Fixup bitmap checks for NSEC3.
11543 - tests for NSEC3 that wrong use of OPTOUT is bad. For insecure
11544 delegation, for abuse of child zone apex nsec3.
11552 - signit can generate NSEC3 hashes, for generating tests.
11561 - added test for infinite loop case in nonRD answer validation.
11568 - fixup and test for NSEC wildcard with empty nonterminals.
11569 - makedist.sh fixup for svn info.
11572 - compat with ANS nxdomain for empty nonterminals. Attempts the nodata
11575 - plans for static and blacklist config.
11579 - plan for overload support in 0.6.
11580 - added testbound tests for a failed resolution from the logs
11581 and for failed prime when missing glue.
11588 - validator prints subtype classification for debug.
11596 - nsec3 support for cname chain ending in noerror or nodata.
11606 - fixup of manual page warnings, like for NSD bugreport.
11612 - please compiler on different platforms, for unreachable code.
11626 and *.name NSECs can prove nodata for empty nonterminals.
11627 Also, for wildcard name NSECs, check they are not from the parent
11628 zone (for wildcarded zone cuts), and check absence of CNAME bit,
11629 for a nodata proof.
11630 - configure option for memory allocation debugging.
11631 - port configure option for memory allocation to solaris10.
11635 callbacks for the same query from the same server.
11637 - fixup for referral cleanup of the additional section.
11638 - tests for cname, referral validation.
11641 - find correct signer name for DNAME responses.
11645 - test for a CNAME to a DNAME to a CNAME to an answer, all from
11646 different domains, for key fetching and signature checking of
11655 - account memory for name of lame zones, so that memory leakages does
11657 - config setting for lameness cache expressed in bytes, instead of
11673 - memory accounting for key cache (trust anchors and temporary cache).
11674 - memory accounting fixup for outside network tcp pending waits.
11675 - memory accounting fixup for outside network tcp callbacks.
11676 - memory accounting for iterator fixed storage.
11681 - test tool to sign rrsets for testing validator with.
11684 Only a trust-anchor needs to be configured for DNSSEC to work.
11685 - do not convert to DER for DSA signature verification.
11686 - validator replay test file, for a DS to DNSKEY DSA key prime and
11690 - removed double use for udp buffers, that could fail,
11698 - permissive mode feature, sets AD bit for secure, but bogus does
11701 for the same rrset. canonical rrset image in buffer is reused for
11705 - faster verification for large sigsets.
11707 algorithm for validation. Key prime failures are reported as
11715 - do not store referral in msg cache for nonRD queries.
11732 - increased default infrastructure cache size. It is important for
11734 size). To 10000 entries (for 2M entries, 4M cache size).
11739 new classification, and find signer can find for it.
11740 removal of unsigned crap from additional, and query restart for
11743 But you can query for qtype ANY, or qtype DNAME and validate that.
11757 - manual page entry for override-date.
11768 - val_nsec.c for validator NSEC proofs.
11769 - unit test for NSEC bitmap reading.
11779 - fixed iterator response type classification for queries of type
11788 - unit test for rrsig verification.
11795 - outbound entries are allocated in the query region they are for.
11796 - extensive debugging for memory allocations.
11802 - mark cycle targets for iterator did not have CD flag so failed
11814 for memory debugging.
11823 - validator override option for date check testing.
11833 - security status is copied when rdata is equal for rrsets.
11837 - val_sigcrypt file for validator signature checks.
11840 - key cache for validator.
11853 - configure change for latest libevent trunk version (needs -lrt).
11864 - module work for module to module interconnections.
11876 unbound is kept waiting by ldns-testns for 3 seconds, failed
11877 because the retry timeout for default by unbound is 3 seconds too,
11879 is kept waiting for 2 seconds instead.
11888 - cycle detection, for query state dependencies. Will attempt to
11890 - unit test for AXFR, IXFR response.
11891 - test for cycle detection.
11895 - test for version.bind and friends.
11896 - test for iterator chaining through several referrals.
11897 - test and fixup for refetch for glue. Refetch fails if glue
11902 - Addr stored for range and moment in replay.
11909 and that the potentially spoofed data is used for infrastructure
11912 Much like asking for DS at the parent side.
11936 - change untrusted rrset test to account for scrubber that is now
11943 - found and fixed a memory leak. For TTL=0 messages, that would
11947 This means that unbound tried the host for retries up to 120 secs.
11950 - utility for keeping histogram.
11955 QueryTargets state and Finished state are merged for iterator.
11961 - error encode routine for ease.
11972 - fixup crash in case no ports for the family exist.
11978 - fixup query release for cached results to sub targets.
11979 - neater error for tcp connection failure, shows addr in verbose.
11996 - uncapped timeout for server selection, so that very fast or slow
11999 - fixup queries answered without RD bit (for root prime results).
12008 - fixup last fix for duplicate callbacks.
12017 the subqueries (for other targets). These are put on the slumber
12020 stopped, with an error, and it is still waiting for other ones.
12028 - debug option: configure --enable-static-exe for compile where
12039 - Updated doxygen config for doxygen 1.5.
12041 - doxygen 1.5 fixes for comments (for the strict check on docs).
12045 for serviced queries, because the initiator does not know that
12048 if qtype directly queries for the type (and then only show that
12054 - fixup error in double linked list insertion for subqueries and
12055 for outbound list of serviced queries for iterator module.
12060 - fixup rrset TTL for prepended CNAMEs.
12061 - process better check for looping modules, and which submodule to
12063 - subreq insertion code fixup for slumber list.
12075 - worker slumber list for ongoing promiscuous queries.
12081 - more small bugs, in scrubber, query compare no ID for lookup,
12082 in dname validation for NS targets.
12083 - sets entry.key for new special allocs.
12094 - some memcmp changed to dname_compare for case preservation.
12112 - removed FLAG_CD from message and rrset caches. This was useful for
12113 an agnostic forwarder, but not for a sophisticated (trust value per
12129 - 'qnamesize' changed to 'qname_len' for similar naming scheme.
12136 members. They are still kept in network format for fast msg encode.
12142 - small changes to prepare for subqueries.
12149 - outside network does precise timers for roundtrip estimates for rtt
12150 and for setting timeout for UDP. Pending_udp takes milliseconds.
12156 - outbound query list for modules and support to callback with the
12158 - testbound support for new serviced queries.
12159 - test for retry to TCP cannot use testbound any longer.
12160 - testns test for EDNS fallback, test for TCP fallback already exists.
12161 - fixes for no-locking compile.
12162 - mini_event timer precision and fix for change in timeouts during
12163 timeout callback. Fix for fwd_three tests, performed nonexit query.
12173 - services/cache/rrset.c for rrset cache code.
12176 - config settings for infra cache.
12181 - unit test for host cache.
12202 - tpkg test for retry in TCP mode, against ldns-testns server.
12209 - outgoing network keeps list of available tcp buffers for outgoing
12212 - outgoing network keeps waiting list of queries waiting for buffer.
12218 - EDNS BADVERS response, if asked for too high edns version.
12224 - config settings for rrset cache size and slabs.
12229 - thread keeps a scratchpad region for handling messages.
12232 - test for one rrset updated in the cache.
12233 - test for one rrset which is not updated, as it is not deemed
12235 - test for TTL refreshed in rrset.
12250 But only for answers from other servers, not for plain queries.
12258 - removed iov usage, it is not good for dns message encoding.
12267 - define for offset range that can be compressed to.
12271 - datatype used for hashvalue of converted rrsig structure.
12275 - ttl per RR, for RRSIG rrsets and others.
12295 - uses less iov space for header.
12305 - util/data/msgparse.c for message parsing code.
12308 * did & of ptr on stack for memory position calculation.
12317 memory size to allocate for rrs.
12331 - Improved alignment of reply_info packet, nice for 32 and 64 bit.
12337 - doxygen documentation for region-allocator.
12338 - setup for parse scratch data.
12346 - layout of memory for rrsets.
12353 - constants for DNS flags.
12357 - casts for printf warning portability.
12374 for easier access (and no repeated byteswapping).
12376 - configure detects and config.h includes sys/uio.h for writev decl.
12380 - added tpkg test for answering three queries at the same time
12384 - added test for cache and not cached answers, in testbound replays.
12393 - config settings for slab hash message cache.
12394 - test for cached answer.
12401 - sanity check for incoming query replies.
12415 - fixup accounting of sizes for removing items from hashtable.
12416 - unit test for hash table, single threaded test of integrity.
12425 - unit tests for hash internal bin, lru functions.
12429 - util/storage/lruhash.h for LRU hash table structure.
12441 - unit test for alloc.
12442 - identifier for union in checklocks to please older compilers.
12450 checking for data race and deadlock, and basic performance
12478 - Also randomize the outgoing port range for tests.
12479 - If query list is full, will stop selecting listening ports for read.
12491 - don't open pipes for #0, doesn't need it.
12498 - Ports for queries are shared.
12521 - added acx_pthread.m4 autoconf check for pthreads from
12538 - malloc rndstate, so that it is aligned for access.
12551 - port to OSX: cast to int for some prints of sizet.
12580 - LIBEVENT option for testbed to set libevent directory.
12589 - defined constants for netevent callback error code.
12590 - unit test for strisip6.
12593 - Created udp4 and udp6 port arrays to provide service for both
12595 - uses IPV6_USE_MIN_MTU for udp6 ,IPV6_V6ONLY to make ip6 sockets.
12609 - Added UDP recv to netevent, worker callback for udp.
12611 - minimal query header sanity checking for worker.
12616 - links in example/ldns-testpkts.c and .h for premade packet support.
12644 - configure searches for libevent.
12645 - search for libs at end of configure (when other headers and types
12651 - Designed header file for network communication.
12671 - 01-doc: doxygen doc target added for html docs. And stringent test