Unbound 1.8.0 released

Published: Mon 10 September 2018
Last updated: Thu 21 November 2024

We are pleased to announce the release of version 1.8.0 of the Unbound recursive DNS resolver.

This release has a number of bug fixes, a list of features added and some defaults changed.

The defaults that are changed enable options that have been introduced in the past with an option that defaulted to off, but have proven to work, improve speed and resilience and we would now recommend to enable when configuring the server. Still the option exists if you want to manually specify the feature.

New features include options for unbound-control: auth_zone_reload, auth_zone_transfer. New counters in the statistics output: num.queries.tls, num.query.subnet, num.query.subnet_cache. New options in unbound.conf: dns64-ignore-aaaa, tcp-idle-timeout, edns-tcp-keepalive, edns-tcp-keepalive-timeout, tcp-connection-limit, stub-no-cache, forward-no-cache, log-servfail, log-local-actions, serve-expired-ttl, serve-expired-ttl-reset. Commandline options -R (use direct queries) for unbound-anchor, -d (delay) for streamtcp. There is support for RR type SMIMEA. There is support for EDNS option EDNS KeepAlive.

The libunbound library has gone up an api version increment because one of the callback signatures has changed. New information is available to the callback, existing usage of the function could conceivable get an upgrade by ignoring the extra function call parameter. For python scripts, a similar situation, where new information has been made available to the callback functions, in the form of extra function call parameters. This information is also available to module callbacks internally. For python the extra arguments functionality is used to extend the arguments. The extra information is connection information, exposing the client's IP address to the callback function and whether the query failed because of rate limiting.

There are a number of bug fixes for Qname minimisation, and a number of fixes for auth-zone functionality. And there has been a fix in the processing of dns64 negative cache entries and a fix about fallthrough in the view local-zone processing functionality.

For a full list of changes and binary and source packages, see the download page.

Related links:

software update