aboutsummaryrefslogtreecommitdiff
path: root/doc/Changelog
diff options
context:
space:
mode:
Diffstat (limited to 'doc/Changelog')
-rw-r--r--doc/Changelog249
1 files changed, 249 insertions, 0 deletions
diff --git a/doc/Changelog b/doc/Changelog
index 3d05ae53a1a5..7e81304f930f 100644
--- a/doc/Changelog
+++ b/doc/Changelog
@@ -1,14 +1,263 @@
+4 September 2018: Wouter
+ - Tag for 1.8.0rc1 release.
+
+31 August 2018: Wouter
+ - Disable minimal-responses in subnet unit tests.
+
+30 August 2018: Wouter
+ - Fix that a local-zone with a local-zone-type that is transparent
+ in a view with view-first, makes queries check for answers from the
+ local-zones defined outside of views.
+
+28 August 2018: Ralph
+ - Disable minimal-responses in ipsecmod unit tests.
+ - Added serve-expired-ttl and serve-expired-ttl-reset options.
+
+27 August 2018: Wouter
+ - Set defaults to yes for a number of options to increase speed and
+ resilience of the server. The so-reuseport, harden-below-nxdomain,
+ and minimal-responses options are enabled by default. They used
+ to be disabled by default, waiting to make sure they worked. They
+ are enabled by default now, and can be disabled explicitly by
+ setting them to "no" in the unbound.conf config file. The reuseport
+ and minimal options increases speed of the server, and should be
+ otherwise harmless. The harden-below-nxdomain option works well
+ together with the recently default enabled qname minimisation, this
+ causes more fetches to use information from the cache.
+ - next release is called 1.8.0.
+ - Fix lintflags for lint on FreeBSD.
+
+22 August 2018: George
+ - #4140: Expose repinfo (comm_reply) to the inplace_callbacks. This
+ gives access to reply information for the client's communication
+ point when the callback is called before the mesh state (modules).
+ Changes to C and Python's inplace_callback signatures were also
+ necessary.
+
+21 August 2018: Wouter
+ - log-local-actions: yes option for unbound.conf that logs all the
+ local zone actions, a patch from Saksham Manchanda (Secure64).
+ - #4146: num.query.subnet and num.query.subnet_cache counters.
+ - Fix only misc failure from log-servfail when val-log-level is not
+ enabled.
+
+17 August 2018: Ralph
+ - Fix classification for QTYPE=CNAME queries when QNAME minimisation is
+ enabled.
+
+17 August 2018: Wouter
+ - Set libunbound to increase current, because the libunbound change
+ to the event callback function signature. That needs programs,
+ that use it, to recompile against the new header definition.
+ - print servfail info to log as error.
+ - added more servfail printout statements, to the iterator.
+ - log-servfail: yes prints log lines that say why queries are
+ returning SERVFAIL to clients.
+
+16 August 2018: Wouter
+ - Fix warning on compile without threads.
+ - Fix contrib/fastrpz.patch.
+
+15 August 2018: Wouter
+ - Fix segfault in auth-zone read and reorder of RRSIGs.
+
+14 August 2018: Wouter
+ - Fix that printout of error for cycle targets is a verbosity 4
+ printout and does not wrongly print it is a memory error.
+ - Upgraded crosscompile script to include libunbound DLL in the
+ zipfile.
+
+10 August 2018: Wouter
+ - Fix #4144: dns64 module caches wrong (negative) information.
+
+9 August 2018: Wouter
+ - unbound-checkconf checks if modules exist and prints if they are
+ not compiled in the name of the wrong module.
+ - document --enable-subnet in doc/README.
+ - Patch for stub-no-cache and forward-no-cache options that disable
+ caching for the contents of that stub or forward, for when you
+ want immediate changes visible, from Bjoern A. Zeeb.
+
+7 August 2018: Ralph
+ - Make capsforid fallback QNAME minimisation aware.
+
+7 August 2018: Wouter
+ - Fix #4142: unbound.service.in: improvements and fixes.
+ Add unit dependency ordering (based on systemd-resolved).
+ Add 'CAP_SYS_RESOURCE' to 'CapabilityBoundingSet' (fixes warnings
+ about missing privileges during startup). Add 'AF_INET6' to
+ 'RestrictAddressFamilies' (without it IPV6 can't work). From
+ Guido Shanahan.
+ - Patch to implement tcp-connection-limit from Jim Hague (Sinodun).
+ This limits the number of simultaneous TCP client connections
+ from a nominated netblock.
+ - make depend, yacc, lex, doc, headers. And log the limit exceeded
+ message only on high verbosity, so as to not spam the logs when
+ it is busy.
+
+6 August 2018: Wouter
+ - Fix for #4136: Fix to unconditionally call destroy in daemon.c.
+
+3 August 2018: George
+ - Expose if a query (or a subquery) was ratelimited (not src IP
+ ratelimiting) to libunbound under 'ub_result.was_ratelimited'.
+ This also introduces a change to 'ub_event_callback_type' in
+ libunbound/unbound-event.h.
+ - Tidy pylib tests.
+
+3 August 2018: Wouter
+ - Revert previous change for #4136: because it introduces build
+ problems.
+ - New fix for #4136: This one ignores lex without without
+ yylex_destroy.
+
+1 August 2018: Wouter
+ - Fix to remove systemd sockaddr function check, that is not
+ always present. Make socket activation more lenient. But not
+ different when socket activation is not used.
+ - iana port list update.
+
+31 July 2018: Wouter
+ - Patches from Jim Hague (Sinodun) for EDNS KeepAlive.
+ - Sort out test runs when the build directory isn't the project
+ root directory.
+ - Add config tcp-idle-timeout (default 30s). This applies to
+ client connections only; the timeout on TCP connections upstream
+ is unaffected.
+ - Error if EDNS Keepalive received over UDP.
+ - Add edns-tcp-keepalive and edns-tcp-keepalive timeout options
+ and implement option in client responses.
+ - Correct and expand manual page entries for keepalive and idle timeout.
+ - Implement progressive backoff of TCP idle/keepalive timeout.
+ - Fix 'make depend' to work when build dir is not project root.
+ - Add delay parameter to streamtcp, -d secs.
+ To be used when testing idle timeout.
+ - From Wouter: make depend, the dependencies in the patches did not
+ apply cleanly. Also remade yacc and lex.
+ - Fix mesh.c incompatible pointer pass.
+ - Please doxygen so it passes.
+ - Fix #4139: Fix unbound-host leaks memory on ANY.
+
+30 July 2018: Wouter
+ - Fix #4136: insufficiency from mismatch of FLEX capability between
+ released tarball and build host.
+
+27 July 2018: Wouter
+ - Fix man page, say that chroot is enabled by default.
+
+26 July 2018: Wouter
+ - Fix #4135: 64-bit Windows Installer Creates Entries Under The
+ Wrong Registry Key, reported by Brian White.
+
+23 July 2018: Wouter
+ - Fix use-systemd readiness signalling, only when use-systemd is yes
+ and not in signal handler.
+
+20 July 2018: Wouter
+ - Fix #4130: print text describing -dd and unbound-checkconf on
+ config file read error at startup, the errors may have been moved
+ away by the startup process.
+ - Fix #4131: for solaris, error YY_CURRENT_BUFFER undeclared.
+
+19 July 2018: Wouter
+ - Fix #4129 unbound-control error message with wrong cert permissions
+ is too cryptic.
+
+17 July 2018: Wouter
+ - Fix #4127 unbound -h does not list -p help.
+ - Print error if SSL name verification configured but not available
+ in the ssl library.
+ - Fix that ratelimit and ip-ratelimit are applied after reload of
+ changed config file.
+ - Resize ratelimit and ip-ratelimit caches if changed on reload.
+
+16 July 2018: Wouter
+ - Fix qname minimisation NXDOMAIN validation lookup failures causing
+ error_supers assertion fails.
+ - Squelch can't bind socket errors with Permission denied unless
+ verbosity is 4 or higher, for UDP outgoing sockets.
+
+12 July 2018: Wouter
+ - Fix to improve systemd socket activation code file descriptor
+ assignment.
+ - Fix for 4126 that the #define for UNKNOWN_SERVER_NICENESS can be more
+ easily changed to adjust default rtt assumptions.
+
+10 July 2018: Wouter
+ - Note in documentation that the cert name match code needs
+ OpenSSL 1.1.0 or later to be enabled.
+
+6 July 2018: Wouter
+ - Fix documentation ambiguity for tls-win-cert in tls-upstream and
+ forward-tls-upstream docs.
+ - iana port update.
+ - Note RFC8162 support. SMIMEA record type can be read in by the
+ zone record parser.
+ - Fix round robin for failed addresses with prefer-ip6: yes
+
+4 July 2018: Wouter
+ - Fix #4112: Fix that unbound-anchor -f /etc/resolv.conf will not pass
+ if DNSSEC is not enabled. New option -R allows fallback from
+ resolv.conf to direct queries.
+
+3 July 2018: Wouter
+ - Better documentation for unblock-lan-zones and insecure-lan-zones
+ config statements.
+ - Fix permission denied printed for auth zone probe random port nrs.
+
+2 July 2018: Wouter
+ - Fix checking for libhiredis printout in configure output.
+ - Fix typo on man page in ip-address description.
+ - Update libunbound/python/examples/dnssec_test.py example code to
+ also set the 20326 trust anchor for the root in the example code.
+
+29 June 2018: Wouter
+ - dns64-ignore-aaaa: config option to list domain names for which the
+ existing AAAA is ignored and dns64 processing is used on the A
+ record.
+
+28 June 2018: Wouter
+ - num.queries.tls counter for queries over TLS.
+ - log port number with err_addr logs.
+
+27 June 2018: Wouter
+ - #4109: Fix that package config depends on python unconditionally.
+ - Patch, do not export python from pkg-config, from Petr Menšík.
+
+26 June 2018: Wouter
+ - Partial fix for permission denied on IPv6 address on FreeBSD.
+ - Fix that auth-zone master reply with current SOA serial does not
+ stop scan of masters for an updated zone.
+ - Fix that auth-zone does not start the wait timer without checking
+ if the wait timer has already been started.
+
+21 June 2018: Wouter
+ - #4108: systemd reload hang fix.
+ - Fix usage printout for unbound-host, hostname has to be last
+ argument on BSDs and Windows.
+
19 June 2018: Wouter
- Fix for unbound-control on Windows and set TCP socket parameters
more closely.
+ This fix is part of 1.7.3.
+ - Windows example service.conf edited with more windows specific
+ configuration.
- Fix windows unbound-control no cert bad file descriptor error.
+ This fix is part of 1.7.3.
18 June 2018: Wouter
- Fix that control-use-cert: no works for 127.0.0.1 to disable certs.
+ This fix is part of 1.7.3rc2.
- Fix unbound-checkconf for control-use-cert.
+ This fix is part of 1.7.3.
15 June 2018: Wouter
- tag for 1.7.3rc1.
+ - trunk has 1.7.4.
+ - unbound-control auth_zone_reload _zone_ option rereads the zonefile.
+ - unbound-control auth_zone_transfer _zone_ option starts the probe
+ sequence for a master to transfer the zone from and transfers when
+ a new zone version is available.
14 June 2018: Wouter
- #4103: Fix that auth-zone does not insist on SOA record first in
generated by cgit v1.2.3 (git 2.25.1) at 2024-09-26 19:26:13 +0000