Date: Fri, 18 Oct 2024 11:23:35 +0000 From: bugzilla-noreply@freebsd.org To: ports-bugs@FreeBSD.org Subject: [Bug 282172] dns/unbound: Update to 1.22.0 Message-ID: <bug-282172-7788@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D282172 Bug ID: 282172 Summary: dns/unbound: Update to 1.22.0 Product: Ports & Packages Version: Latest Hardware: Any URL: https://nlnetlabs.nl/news/2024/Oct/17/unbound-1.22.0-r eleased/ OS: Any Status: New Severity: Affects Many People Priority: --- Component: Individual Port(s) Assignee: ports-bugs@FreeBSD.org Reporter: jaap@NLnetLabs.nl Attachment #254329 maintainer-approval+ Flags: Created attachment 254329 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D254329&action= =3Dedit Patch to upgrade Release Notes We are pleased to announce the release of version 1.22.0 of the Unbound recursive DNS resolver. This release has an option to harden against unverified glue, it is enabled with harden-unverified-glue: yes. It was contributed by Karthik Umashankar = from Microsoft. This protects Unbound against bad glue, that is out of zone, by performing a lookup for it. Because it uses the original information as a l= ast resort if nothing works, it should not give lookup failures and add protect= ion. There are options to configure the scrubbing for NS records and the CNAME scrubbing and the max global quota lookup limit from previous security fix releases. They can be configured with the options iter-scrub-ns, iter-scrub-cname and max-global-quota. For redis use, with cachedb, it is possible to specify the timeout for the initial connection separately from the timeout for commands. With the optio= ns redis-command-timeout: 20 and redis-connect-timeout: 200 they can be set separately, for a longer connect attempt, but a short command timeout to ke= ep resolution faster. It is possible to log with ISO8601 format with log-time-iso: yes this also = logs time in milliseconds. Useful if the server writes to file, syslog may have = its own format. DNS over QUIC is support is added, if compiled with libngtcp2 and with the openssl+quic that it uses. Use --with-libngtcp2 for that, and enable it with quic-port: 853. There is a post about it on https://blog.nlnetlabs.nl/dns-over-quic-in-unbound [that is to appear after= the release]. For a full list of changes, see https://nlnetlabs.nl/projects/unbound/download#unbound-1-22-0. --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-282172-7788>