1 13 February 2015: Wouter
2 - Fix #643: doc/example.conf.in: unnecessary whitespace.
4 12 February 2015: Wouter
7 11 February 2015: Wouter
8 - iana portlist update.
10 10 February 2015: Wouter
11 - Fix scrubber with harden-glue turned off to reject NS (and other
14 9 February 2015: Wouter
15 - Fix validation failure in case upstream forwarder (ISC BIND) does
16 not have the same trust anchors and decides to insert unsigned NS
17 record in authority section.
19 2 February 2015: Wouter
20 - infra-cache-min-rtt patch from Florian Riehm, for expected long
21 uplink roundtrip times.
23 30 January 2015: Wouter
24 - Fix 0x20 capsforid fallback to omit gratuitous NS and additional
26 - Portability fix for Solaris ('sun' is not usable for a variable).
28 29 January 2015: Wouter
29 - Fix pyunbound byte string representation for python3.
31 26 January 2015: Wouter
32 - Fix unintended use of gcc extension for incomplete enum types,
33 compile with pedantic c99 compliance (from Daniel Dickman).
35 23 January 2015: Wouter
36 - windows port fixes, no AF_LOCAL, no chown, no chmod(grp).
38 16 January 2015: Wouter
39 - unit test for local unix connection. Documentation and log_addr
40 does not inspect port for AF_LOCAL.
41 - unbound-checkconf -f prints chroot with pidfile path.
43 13 January 2015: Wouter
44 - iana portlist update.
46 12 January 2015: Wouter
47 - Cast sun_len sizeof to socklen_t.
48 - Fix pyunbound ord call, portable for python 2 and 3.
50 7 January 2015: Wouter
51 - Fix warnings in pythonmod changes.
53 6 January 2015: Wouter
54 - iana portlist update.
55 - patch for remote control over local sockets, from Dag-Erling
56 Smorgrav, Ilya Bakulin. Use control-interface: /path/sock and
58 - Fixup that patch and uid lookup (only for daemon).
59 - coded the default of control-use-cert, to yes.
61 5 January 2015: Wouter
62 - getauxval test for ppc64 linux compatibility.
63 - make strip works for unbound-host and unbound-anchor.
64 - patch from Stephane Lapie that adds to the python API, that
65 exposes struct delegpt, and adds the find_delegation function.
66 - print query name when max target count is exceeded.
67 - patch from Stuart Henderson that fixes DESTDIR in
68 unbound-control-setup for installs where config is not in
70 - Fix #634: fix fail to start on Linux LTS 3.14.X, ignores missing
71 IP_MTU_DISCOVER OMIT option (fix from Remi Gacogne).
72 - Updated contrib warmup.cmd/sh to support two modes - load
73 from pre-defined list of domains or (with filename as argument)
74 load from user-specified list of domains, and updated contrib
75 unbound_cache.sh/cmd to support loading/save/reload cache to/from
76 default path or (with secondary argument) arbitrary path/filename,
78 - Patch from Philip Paeps to contrib/unbound_munin_ that uses
79 type ABSOLUTE. Allows munin.conf: [idleserver.example.net]
80 unbound_munin_hits.graph_period minute
82 9 December 2014: Wouter
83 - svn trunk has 1.5.2 in development.
84 - config.guess and config.sub update from libtoolize.
85 - local-zone: example.com inform makes unbound log a message with
86 client IP for queries in that zone. Eg. for finding infected hosts.
88 8 December 2014: Wouter
89 - Fix CVE-2014-8602: denial of service by making resolver chase
90 endless series of delegations.
92 1 December 2014: Wouter
93 - Fix bug#632: unbound fails to build on AArch64, protects
94 getentropy compat code from calling sysctl if it is has been removed.
96 29 November 2014: Wouter
97 - Add include to getentropy_linux.c, hopefully fixing debian build.
99 28 November 2014: Wouter
100 - Fix makefile for build from noexec source tree.
102 26 November 2014: Wouter
103 - Fix libunbound undefined symbol errors for main.
104 Referencing main does not seem to be possible for libunbound.
106 24 November 2014: Wouter
107 - Fix log at high verbosity and memory allocation failure.
108 - iana portlist update.
110 21 November 2014: Wouter
111 - Fix crash on multiple thread random usage on systems without
114 20 November 2014: Wouter
115 - fix compat/getentropy_win.c check if CryptGenRandom works and no
116 immediate exit on windows.
118 19 November 2014: Wouter
119 - Fix cdflag dns64 processing.
121 18 November 2014: Wouter
122 - Fix that CD flag disables DNS64 processing, returning the DNSSEC
124 - iana portlist update.
126 17 November 2014: Wouter
127 - Fix #627: SSL_CTX_load_verify_locations return code not properly
130 14 November 2014: Wouter
131 - parser with bison 2.7
133 13 November 2014: Wouter
134 - Patch from Stephane Lapie for ASAHI Net that implements aaaa-filter,
135 added to contrib/aaaa-filter-iterator.patch.
137 12 November 2014: Wouter
138 - trunk has 1.5.1 in development.
139 - Patch from Robert Edmonds to build pyunbound python module
140 differently. No versioninfo, with -shared and without $(LIBS).
141 - Patch from Robert Edmonds fixes hyphens in unbound-anchor man page.
142 - Removed 'increased limit open files' log message that is written
143 to console. It is only written on verbosity 4 and higher.
144 This keeps system bootup console cleaner.
145 - Patch from James Raftery, always print stats for rcodes 0..5.
147 11 November 2014: Wouter
148 - iana portlist update.
149 - Fix bug where forward or stub addresses with same address but
150 different port number were not tried.
151 - version number in svn trunk is 1.5.0
153 - review fix from Ralph.
155 7 November 2014: Wouter
156 - dnstap fixes by Robert Edmonds:
157 dnstap/dnstap.m4: cosmetic fixes
158 dnstap/: Remove compiled protoc-c output files
159 dnstap/dnstap.m4: Error out if required libraries are not found
160 dnstap: Fix ProtobufCBufferSimple usage that is incorrect as of
162 dnstap/: Adapt to API changes in latest libfstrm (>= 0.2.0)
164 4 November 2014: Wouter
165 - Add ub_ctx_add_ta_autr function to add a RFC5011 automatically
166 tracked trust anchor to libunbound.
167 - Redefine internal minievent symbols to unique symbols that helps
168 linking on platforms where the linker leaks names across modules.
170 27 October 2014: Wouter
171 - Disabled use of SSLv3 in remote-control and ssl-upstream.
172 - iana portlist update.
174 16 October 2014: Wouter
175 - Documented dns64 configuration in unbound.conf man page.
177 13 October 2014: Wouter
178 - Fix #617: in ldns in unbound, lowercase WKS services.
179 - Fix ctype invocation casts.
181 10 October 2014: Wouter
182 - Fix unbound-checkconf check for module config with dns64 module.
183 - Fix unbound capsforid fallback, it ignores TTLs in comparison.
185 6 October 2014: Wouter
186 - Fix #614: man page variable substitution bug.
187 6 October 2014: Willem
188 - Whitespaces after $ORIGIN are not part of the origin dname (ldns).
189 - $TTL's value starts at position 5 (ldns).
191 1 October 2014: Wouter
192 - fix #613: Allow tab ws in var length last rdfs (in ldns str2wire).
194 29 September 2014: Wouter
195 - Fix #612: create service with service.conf in present directory and
197 - Fix for mingw compile openssl ranlib.
199 25 September 2014: Wouter
200 - updated configure and aclocal with newer autoconf 1.13.
202 22 September 2014: Wouter
203 - Fix swig and python examples for Python 3.x.
204 - Fix for mingw compile with openssl-1.0.1i.
206 19 September 2014: Wouter
207 - improve python configuration detection to build on Fedora 22.
209 18 September 2014: Wouter
210 - patches to also build with Python 3.x (from Pavel Simerda).
212 16 September 2014: Wouter
213 - Fix tcp timer waiting list removal code.
214 - iana portlist update.
215 - Updated the TCP_BACLOG from 5 to 256, so that the tcp accept queue
216 is longer and more tcp connections can be handled.
218 15 September 2014: Wouter
219 - Fix unit test for CDS typecode.
221 5 September 2014: Wouter
222 - type CDS and CDNSKEY types in sldns.
224 25 August 2014: Wouter
225 - Fixup checklock code for log lock and its mutual initialization
227 - iana portlist update.
228 - Removed necessity for pkg-config from the dnstap.m4, new are
229 the --with-libfstrm and --with-protobuf-c configure options.
231 19 August 2014: Wouter
232 - Update unbound manpage with more explanation (from Florian Obser).
234 18 August 2014: Wouter
235 - Fix #603: unbound-checkconf -o <option> should skip verification
237 - iana portlist update.
238 - Fixup doc/unbound.doxygen to remove obsolete 1.8.7 settings.
240 5 August 2014: Wouter
241 - dnstap support, with a patch from Farsight Security, written by
242 Robert Edmonds. The --enable-dnstap needs libfstrm and protobuf-c.
243 It is BSD licensed (see dnstap/dnstap.c).
244 Building with --enable-dnstap needs pkg-config with this patch.
245 - Noted dnstap in doc/README and doc/CREDITS.
246 - Changes to the dnstap patch.
248 - dnstap/dnstap_config.h should not have been added to the repo,
249 because is it generated.
251 1 August 2014: Wouter
252 - Patch add msg, rrset, infra and key cache sizes to stats command
253 from Maciej Soltysiak.
254 - iana portlist update.
257 - DNS64 from Viagenie (BSD Licensed), written by Simon Perrault.
258 Initial commit of the patch from the FreeBSD base (with its fixes).
259 This adds a module (for module-config in unbound.conf) dns64 that
260 performs DNS64 processing, see README.DNS64.
261 - Changes from DNS64:
262 strcpy changed to memmove.
263 arraybound check fixed from prefix_net/8/4 to prefix_net/8+4.
264 allocation of result consistently in the correct region.
265 time_t is now used for ttl in unbound (since the patch's version).
266 - testdata/dns64_lookup.rpl for unit test for dns64 functionality.
269 - Patch from Dag-Erling Smorgrav that implements feature, unbound -dd
270 does not fork in the background and also logs to stderr.
273 - Fix endian.h include for OpenBSD.
276 - And Fix#596: Bail out of unbound-control dump_infra when ssl
280 - Fix #596: Bail out of unbound-control list_local_zones when ssl
282 - iana portlist update.
285 - Configure tests if main can be linked to from getentropy compat.
288 - Fix getentropy compat code, function refs were not portable.
289 - Fix to check openssl version number only for OpenSSL.
290 - LibreSSL provides compat items, check for that in configure.
291 - Fix bug in fix for log locks that caused deadlock in signal handler.
292 - update compat/getentropy and arc4random to the most recent ones from OpenBSD.
294 11 July 2014: Matthijs
295 - fake-rfc2553 patch (thanks Benjamin Baier).
298 - arc4random in compat/ and getentropy, explicit_bzero, chacha for
299 dependencies, from OpenBSD. arc4_lock and sha512 in compat.
300 This makes arc4random available on all platforms, except when
301 compiled with LIBNSS (it uses libNSS crypto random).
302 - fix strptime implicit declaration error on OpenBSD.
303 - arc4random, getentropy and explicit_bzero compat for Windows.
306 - Fix #593: segfault or crash upon rotating logfile.
310 - signit tool fixup for compile with libldns library.
311 - iana portlist updated.
314 - so-reuseport is available on BSDs(such as FreeBSD 10) and OS/X.
317 - unbound-control status reports if so-reuseport was successful.
318 - iana portlist updated.
321 - Fix caps-for-id fallback, and added fallback attempt when servers
322 drop 0x20 perturbed queries.
323 - Fixup testsetup for VM tests (run testcode/run_vm.sh).
326 - iana portlist updated.
329 - Add AAAA for B root server to default root hints.
332 - Remove unused define from iterator.h
335 - Fixup sldns_enum_edns_option typedef definition.
338 - Code cleanup patch from Dag-Erling Smorgrav, with compiler issue
339 fixes from FreeBSD's copy of Unbound, he notes:
340 Generate unbound-control-setup.sh at build time so it respects
341 prefix and sysconfdir from the configure script. Also fix the
342 umask to match the comment, and the comment to match the umask.
343 Add const and static where needed. Use unions instead of
344 playing pointer poker. Move declarations that are needed in
345 multiple source files into a shared header. Move sldns_bgetc()
346 from parse.c to buffer.c where it belongs. Introduce a new
347 header file, worker.h, which declares the callbacks that
348 all workers must define. Remove those declarations from
349 libworker.h. Include the correct headers in the correct places.
350 Fix a few dummy callbacks that don't match their prototype.
351 Fix some casts. Hide the sbrk madness behind #ifdef HAVE_SBRK.
352 Remove a useless printf which breaks reproducible builds.
353 Get rid of CONFIGURE_{TARGET,DATE,BUILD_WITH} now that they're
354 no longer used. Add unbound-control-setup.sh to the list of
355 generated files. The prototype for libworker_event_done_cb()
356 needs to be moved from libunbound/libworker.h to
358 - Fixup out-of-directory compile with unbound-control-setup.sh.in.
362 - unbound-host -D enabled dnssec and reads root trust anchor from
363 the default root key file that was compiled in.
366 - Feature, unblock-lan-zones: yesno that you can use to make unbound
367 perform 10.0.0.0/8 and other reverse lookups normally, for use if
368 unbound is running service for localhost on localhost.
371 - Updated create_unbound_ad_servers and unbound_cache scripts from
372 Yuri Voinov in the source/contrib directory. Added
373 warmup.cmd (and .sh): warm up the DNS cache with your MRU domains.
376 - Implement draft-ietf-dnsop-rfc6598-rfc6303-01.
377 - iana portlist updated.
380 - Contrib windows scripts from Yuri Voinov added to src/contrib:
381 create_unbound_ad_servers.cmd: enters anti-ad server lists.
382 unbound_cache.cmd: saves and loads the cache.
383 - Added unbound-control-setup.cmd from Yuri Voinov to the windows
384 unbound distribution set. It requires openssl installed in %PATH%.
387 - Change MAX_SENT_COUNT from 16 to 32 to resolve some cases easier.
390 - More #567: remove : from output of stub and forward lists, this is
393 29 April 2014: Wouter
394 - iana portlist updated.
395 - Add unbound-control flush_negative that flushed nxdomains, nodata,
396 and errors from the cache. For dnssec-trigger and NetworkManager,
397 fixes cases where network changes have localdata that was already
398 negatively cached from the previous network.
400 23 April 2014: Wouter
401 - Patch from Jeremie Courreges-Anglas to use arc4random_uniform
402 if available on the OS, it gets entropy from the OS.
404 15 April 2014: Wouter
405 - Fix compile with libevent2 on FreeBSD.
407 11 April 2014: Wouter
408 - Fix #502: explain that do-ip6 disable does not stop AAAA lookups,
409 but it stops the use of the ipv6 transport layer for DNS traffic.
410 - iana portlist updated.
412 10 April 2014: Wouter
413 - iana portlist updated.
414 - Patch from Hannes Frederic Sowa for Linux 3.15 fragmentation
415 option for DNS fragmentation defense.
416 - Document that dump_requestlist only prints queries from thread 0.
417 - unbound-control stats prints num.query.tcpout with number of TCP
418 outgoing queries made in the previous statistics interval.
419 - Fix #567: unbound lists if forward zone is secure or insecure with
420 +i annotation in output of list_forwards, also for list_stubs
421 (for NetworkManager integration.)
422 - Fix #554: use unsigned long to print 64bit statistics counters on
424 - Fix #558: failed prefetch lookup does not remove cached response
425 but delays next prefetch (in lieu of caching a SERVFAIL).
426 - Fix #545: improved logging, the ip address of the error is printed
427 on the same log-line as the error.
430 - Fix #574: make test fails on Ubuntu 14.04. Disabled remote-control
431 in testbound scripts.
432 - iana portlist updated.
435 - C.ROOT-SERVERS.NET has an IPv6 address, and we updated the root
436 hints (patch from Anand Buddhdev).
437 - Fix #572: Fix unit test failure for systems with different
440 28 March 2014: Wouter
441 - Fix #569: do_tcp is do-tcp in unbound.conf man page.
443 25 March 2014: Wouter
444 - Patch from Stuart Henderson to build unbound-host man from .1.in.
446 24 March 2014: Wouter
447 - Fix print filename of encompassing config file on read failure.
449 12 March 2014: Wouter
451 - trunk has 1.4.23 in development.
453 10 March 2014: Wouter
454 - Fix bug#561: contrib/cacti plugin did not report SERVFAIL rcodes
455 because of spelling. Patch from Chris Coates.
457 27 February 2014: Wouter
460 21 February 2014: Wouter
461 - iana portlist updated.
463 20 February 2014: Matthijs
464 - Be lenient when a NSEC NameError response with RCODE=NXDOMAIN is
465 received. This is okay according 4035, but not after revising
466 existence in 4592. NSEC empty non-terminals exist and thus the
467 RCODE should have been NOERROR. If this occurs, and the RRsets
468 are secure, we set the RCODE to NOERROR and the security status
469 of the reponse is also considered secure.
471 14 February 2014: Wouter
472 - Works on Minix (3.2.1).
474 11 February 2014: Wouter
475 - Fix parse of #553(NSD) string in sldns, quotes without spaces.
477 7 February 2014: Wouter
478 - iana portlist updated.
479 - add body to ifstatement if locks disabled.
480 - add TXT string"string" test case to unit test.
481 - Fix #551: License change "Regents" to "Copyright holder", matching
482 the BSD license on opensource.org.
484 6 February 2014: Wouter
485 - sldns has type HIP.
486 - code documentation on the module interface.
488 5 February 2014: Wouter
489 - Fix sldns parse tests on osx.
491 3 February 2014: Wouter
492 - Detect libevent2 install automatically by configure.
493 - Fixup link with lib/event2 subdir.
494 - Fix parse in sldns of quoted parenthesized text strings.
496 31 January 2014: Wouter
497 - unit test for ldns wire to str and back with zones, root, nlnetlabs
499 - Fix for hex to string in unknown, atma and nsap.
500 - fixup nss compile (no ldns in it).
501 - fixup warning in unitldns
502 - fixup WKS and rdata type service to print unsigned because strings
503 are not portable; they cannot be read (for sure) on other computers.
504 - fixup type EUI48 and EUI64, type APL and type IPSECKEY in string
507 30 January 2014: Wouter
508 - delay-close does not act if there are udp-wait queries, so that
509 it does not make a socketdrain DoS easier.
511 28 January 2014: Wouter
512 - iana portlist updated.
513 - iana portlist test updated so it does not touch the source
514 if there are no changes.
515 - delay-close: msec option that delays closing ports for which
516 the UDP reply has timed out. Keeps the port open, only accepts
517 the correct reply. This correct reply is not used, but the port
518 is open so that no port-denied ICMPs are generated.
520 27 January 2014: Wouter
521 - reuseport is attempted, then fallback to without on failure.
523 24 January 2014: Wouter
524 - Change unbound-event.h to use void* buffer, length idiom.
525 - iana portlist updated.
526 - unbound-event.h is installed if you configure --enable-event-api.
527 - speed up unbound (reports say it could be up to 10%), by reducing
528 lock contention on localzones.lock. It is changed to an rwlock.
529 - so-reuseport: yesno option to distribute queries evenly over
530 threads on Linux (Thanks Robert Edmonds).
533 21 January 2014: Wouter
534 - Fix #547: no trustanchor written if filesystem full, fclose checked.
536 17 January 2014: Wouter
537 - Fix isprint() portability in sldns, uses unsigned int.
538 - iana portlist updated.
540 16 January 2014: Wouter
541 - fix #544: Fixed +i causes segfault when running with module conf
543 - Windows port, adjust %lld to %I64d, and warning in win_event.c.
545 14 January 2014: Wouter
546 - iana portlist updated.
549 - Fix bug in cachedump that uses sldns.
550 - update pythonmod for ldns_ to sldns_ name change.
553 - Fix sldns to use sldns_ prefix for all ldns_ variables.
554 - Fix windows compile to compile with sldns.
557 - Fix sldns to make globals use sldns_ prefix. This fixes
558 linking with libldns that uses global variables ldns_ .
561 - Fix bug#537: compile python plugin without ldns library.
564 - Fix bug#536: acl_deny_non_local and refuse_non_local added.
567 - Patch from Neel Goyal to fix async id assignment if callback
568 is called by libunbound in the mesh attach.
569 - Accept ip-address: as an alternative for interface: for
570 consistency with nsd.conf syntax.
573 - Patch from Neel Goyal to fix callback in libunbound.
576 - if configured --with-libunbound-only fix make install.
579 - Fix #531: Set SO_REUSEADDR so that the wildcard interface and a
580 more specific interface port 53 can be used at the same time, and
581 one of the daemons is unbound.
582 - iana portlist update.
583 - separate ldns into core ldns inside ldns/ subdirectory. No more
584 --with-ldns is needed and unbound does not rely on libldns.
585 - portability fixes for new USE_SLDNS ldns subdir codebase.
588 - Patch from Neel Goyal: Add an API call to set an event base on an
589 existing ub_ctx. This basically just destroys the current worker and
590 sets the event base to the current. And fix a deadlock in
591 ub_resolve_event – the cfglock is held when libworker_create is
592 called. This ends up trying to acquire the lock again in
593 context_obtain_alloc in the call chain.
594 - Fix #528: if very high logging (4 or more) segfault on allow_snoop.
597 - unbound-event.h is installed if configured --with-libevent. It
598 contains low-level library calls, that use libevent's event_base
599 and an ldns_buffer for the wire return packet to perform async
600 resolution in the client's eventloop.
603 - 1.4.21 tag created.
604 - trunk has 1.4.22 number inside it.
605 - iana portlist updated.
606 - acx_nlnetlabs.m4 to 26; improve FLTO help text.
609 - Fix#524: max-udp-size not effective to non-EDNS0 queries, from
613 - MIN_TTL and MAX_TTL also in time_t.
614 - tag 1.4.21rc1 made again.
617 - More fixes for bug#519: for the threaded case test if the bg
618 thread has been killed, on ub_ctx_delete, to avoid hangs.
621 - more fixes that I overlooked.
622 - review fixes from Willem.
625 - Fix#520: Errors found by static analysis from Tomas Hozza(redhat).
628 - Fix for 2038, with time_t instead of uint32_t.
631 - Fix#519 ub_ctx_delete may hang in some scenarios (libunbound).
634 - Fix uninit variable in fix#516.
637 - Fix#516 dnssec lameness detection for answers that are improper.
643 - Fix#512 memleak in testcode for testbound (if it fails).
644 - Fix#512 NSS returned arrays out of setup function to be statics.
647 - max include of 100.000 files (depth and globbed at one time).
648 This is to preserve system memory in bug cases, or endless cases.
649 - iana portlist updated.
652 - streamtcp man page, contributed by Tomas Hozza.
653 - iana portlist updated.
654 - libunbound documentation on how to avoid openssl race conditions.
657 - Squelch sendto-permission denied errors when the network is
658 not connected, to avoid spamming syslog.
659 - configure --disable-flto option (from Robert Edmonds).
662 - Fix for const string literals in C++ for libunbound, from Karel
664 - iana portlist updated.
667 - Fixup manpage syntax.
670 - get_option and set_option support for log-time-ascii, python-script
671 val-sig-skew-min and val-sig-skew-max. log-time-ascii takes effect
672 immediately. The others are mostly useful for libunbound users.
675 - get_option, set_option, unbound-checkconf -o and libunbound
676 getoption and setoption support cache-min-ttl and cache-max-ttl.
679 - Fix#501: forward-first does not recurse, when forward name is ".".
680 - iana portlist update.
681 - Max include depth is unlimited.
684 - Update acx_pthreads.m4 to ax_pthreads.4 (2013-03-29), and apply
685 patch to it to not fail when -Werror is also specified, from the
687 - iana portlist update.
690 - Explain bogus and secure flags in libunbound more.
693 - Fix#499 use-after-free in out-of-memory handling code (thanks Jake
695 - Fix#500 use on non-initialised values on socket bind failures.
698 - Fix round-robin doesn't work with some Windows clients (from Ilya
702 - update acx_nlnetlabs.m4 to v23, sleep w32 fix.
704 26 April 2013: Wouter
705 - add unbound-control insecure_add and insecure_remove for the
706 administration of negative trust anchors.
708 25 April 2013: Wouter
709 - Implement max-udp-size config option, default 4096 (thanks
711 - Robust checks on dname validity from rdata for dname compare.
712 - updated iana portlist.
714 19 April 2013: Wouter
715 - Fixup snprintf return value usage, fixed libunbound_get_option.
717 18 April 2013: Wouter
718 - fix bug #491: pick program name (0th argument) as syslog identity.
719 - own implementation of compat/snprintf.c.
721 15 April 2013: Wouter
722 - Fix so that for a configuration line of include: "*.conf" it is not
723 an error if there are no files matching the glob pattern.
724 - unbound-anchor review: BIO_write can return 0 successfully if it
725 has successfully appended a zero length string.
727 11 April 2013: Wouter
728 - Fix queries leaking up for stubs and forwards, if the configured
729 nameservers all fail to answer.
731 10 April 2013: Wouter
732 - code improve for minimal responses, small speed increase.
735 - updated iana portlist.
736 - Fix crash in previous private address fixup of 22 March.
738 28 March 2013: Wouter
739 - Make reverse zones easier by documenting the nodefault statements
740 commented-out in the example config file.
742 26 March 2013: Wouter
743 - more fixes to lookup3.c endianness detection.
745 25 March 2013: Wouter
746 - #492: Fix endianness detection, revert to older lookup3.c detection
747 and put new detect lines after previous tests, to avoid regressions
748 but allow new detections to succeed.
749 And add detection for machine/endian.h to it.
751 22 March 2013: Wouter
752 - Fix resolve of names that use a mix of public and private addresses.
753 - iana portlist update.
754 - Fix makedist for new svn for -d option.
755 - unbound.h header file has UNBOUND_VERSION_MAJOR define.
756 - Fix windows RSRC version for long version numbers.
758 21 March 2013: Wouter
761 - committed libunbound version 4:1:2 for binary API updated in 1.4.20
762 - install copy of unbound-control.8 man page for unbound-control-setup
764 14 March 2013: Wouter
765 - iana portlist update.
768 12 March 2013: Wouter
769 - Fixup makedist.sh for windows compile.
771 11 March 2013: Wouter
772 - iana portlist update.
773 - testcode/ldns-testpkts.c check for makedist is informational.
775 15 February 2013: Wouter
776 - fix defines in lookup3 for bigendian bsd alpha
778 11 February 2013: Wouter
779 - Fixup openssl_thread init code to only run if compiled with SSL.
781 7 February 2013: Wouter
782 - detect endianness in lookup3 on BSD.
783 - add libunbound.ttl at end of result structure, version bump for
784 libunbound and binary backwards compatible, but 1.4.19 is not
785 forward compatible with 1.4.20.
786 - update iana port list.
788 30 January 2013: Wouter
789 - includes and have_ssl fixes for nss.
791 29 January 2013: Wouter
792 - printout name of zone with duplicate fwd and hint errors.
794 28 January 2013: Wouter
795 - updated fwd_zero for newer nc. Updated common.sh for newer netstat.
797 17 January 2013: Wouter
798 - unbound-anchors checks the emailAddress of the signer of the
799 root.xml file, default is dnssec@iana.org. It also checks that
800 the signer has the correct key usage for a digital signature.
801 - update iana port list.
803 3 January 2013: Wouter
804 - Test that unbound-control checks client credentials.
805 - Test that unbound can handle a CNAME at an intermediate node in
806 the chain of trust (where it seeks a DS record).
807 - Check the commonName of the signer of the root.xml file in
808 unbound-anchor, default is dnssec@iana.org.
810 2 January 2013: Wouter
811 - Fix openssl lock free on exit (reported by Robert Fleischman).
812 - iana portlist updated.
813 - Tested that unbound implements the RFC5155 Technical Errata id 3441.
814 Unbound already implements insecure classification of an empty
815 nonterminal in NSEC3 optout zone.
817 20 December 2012: Wouter
818 - Fix unbound-anchor xml parse of entity declarations for safety.
820 19 December 2012: Wouter
821 - iana portlist updated.
823 18 December 2012: Wouter
824 - iana portlist updated.
826 14 December 2012: Wouter
827 - Change of D.ROOT-SERVERS.NET A address in default root hints.
829 12 December 2012: Wouter
831 - trunk has 1.4.20 under development.
833 5 December 2012: Wouter
834 - note support for AAAA RR type RFC.
836 4 December 2012: Wouter
839 30 November 2012: Wouter
840 - bug 481: fix python example0.
841 - iana portlist updated.
843 27 November 2012: Wouter
844 - iana portlist updated.
846 9 November 2012: Wouter
847 - Fix unbound-control forward disables configured stubs below it.
849 7 November 2012: Wouter
850 - Fixup ldns-testpkts, identical to ldns/examples.
851 - iana portlist updated.
853 30 October 2012: Wouter
854 - Fix bug #477: unbound-anchor segfaults if EDNS is blocked.
856 29 October 2012: Matthijs
857 - Fix validation for responses with both CNAME and wildcard
858 expanded CNAME records in answer section.
860 8 October 2012: Wouter
861 - update ldns-testpkts.c to ldns 1.6.14 version.
862 - fix build of pythonmod in objdir, for unbound.py.
863 - make clean and makerealclean remove generated python and docs.
865 5 October 2012: Wouter
866 - fix build of pythonmod in objdir (thanks Jakob Schlyter).
868 3 October 2012: Wouter
869 - fix text in unbound-anchor man page.
871 1 October 2012: Wouter
872 - ignore trusted-keys globs that have no files (from Paul Wouters).
874 27 September 2012: Wouter
875 - include: directive in config file accepts wildcards. Patch from
876 Paul Wouters. Suggested use: include: "/etc/unbound.d/conf.d/*"
877 - unbound-control -q option is quiet, patch from Mariano Absatz.
878 - iana portlist updated.
879 - updated contrib/unbound.spec, patch from Valentin Bud.
881 21 September 2012: Wouter
882 - chdir to / after chroot call (suggested by Camiel Dobbelaar).
884 17 September 2012: Wouter
885 - patch_rsamd5_enable.diff: this patch enables RSAMD5 validation
886 otherwise it is treated as insecure. The RSAMD5 algorithm is
887 deprecated (RFC6725). The MD5 hash is considered weak for some
888 purposes, if you want to sign your zone, then RSASHA256 is an
891 30 August 2012: Wouter
892 - RFC6725 deprecates RSAMD5: this DNSKEY algorithm is disabled.
893 - iana portlist updated.
895 29 August 2012: Wouter
896 - Nicer comments outgoing-port-avoid, thanks Stu (bug #465).
898 22 August 2012: Wouter
899 - Fallback to 1472 and 1232, one fragment size without headers.
901 21 August 2012: Wouter
902 - Fix timeouts so that when a server has been offline for a while
903 and is probed to see it works, it becomes fully available for
904 server selection again.
906 17 August 2012: Wouter
907 - Add documentation to libunbound for default nonuse of resolv.conf.
909 2 August 2012: Wouter
910 - trunk has 1.4.19 under development (fixes from 1 aug and 31 july
912 - iana portlist updated.
914 1 August 2012: Wouter
915 - Fix openssl race condition, initializes openssl locks, reported
916 by Einar Lonn and Patrik Wallstrom.
919 - Improved forward-first and stub-first documentation.
920 - Fix that enables modules to register twice for the same
921 serviced_query, without race conditions or administration issues.
922 This should not happen with the current codebase, but it is robust.
923 - Fix forward-first option where it sets the RD flag wrongly.
924 - added manpage links for libunbound calls (Thanks Paul Wouters).
927 - tag 1.4.18rc2 (became 1.4.18 release at 2 august 2012).
930 - unbound-host works with libNSS
931 - fix bogus nodata cname chain not reported as bogus by validator,
932 (Thanks Peter van Dijk).
935 - iana portlist updated.
939 - review fix for libnss, check hash prefix allocation size.
942 - fix missing break for GOST DS hash function.
943 - implemented forward_first for the root.
946 - Fix bug#452 and another assertion failure in mesh.c, makes
947 assertions in mesh.c resist duplicates. Fixes DS NS search to
948 not generate duplicate sub queries.
951 - Fix bug#454: Remove ACX_CHECK_COMPILER_FLAG from configure.ac,
952 if CFLAGS is specified at configure time then '-g -O2' is not
953 appended to CFLAGS, so that the user can override them.
956 - Fix libunbound report of errors when in background mode.
959 - updated iana ports list.
962 - Add flush_bogus option for unbound-control
965 - Fix validation of qtype DS queries that result in no data for
966 non-optout NSEC3 zones.
969 - compile libunbound with libnss on Suse, passes regression tests.
972 - FIPS_mode openssl does not use arc4random but RAND_pseudo_bytes.
975 - updated iana ports list.
978 - patch for unbound_munin_ script to handle arbitrary thread count by
982 - detect if openssl has FIPS_mode.
983 - code review: return value of cache_store can be ignored for better
984 performance in out of memory conditions.
985 - fix edns-buffer-size and msg-buffer-size manpage documentation.
986 - updated iana ports list.
989 - disable RSAMD5 if in FIPS mode (for openssl and for libnss).
992 - implement DS records, NSEC3 and ECDSA for compile with libnss.
995 - fix error handling of alloc failure during rrsig verification.
996 - nss check for verification failure.
997 - nss crypto works for RSA and DSA.
1000 - work on --with-nss build option (for now, --with-libunbound-only).
1002 19 June 2012: Wouter
1003 - --with-libunbound-only build option, only builds the library and
1004 not the daemon and other tools.
1006 18 June 2012: Wouter
1009 15 June 2012: Wouter
1010 - implement log-time-ascii on windows.
1011 - The key-cache bad key ttl is now 60 seconds.
1012 - updated iana ports list.
1015 11 June 2012: Wouter
1016 - bug #452: fix crash on assert in mesh_state_attachment.
1019 - silence warning from swig-generated code (md set but not used in
1020 swig initmodule, due to ifdefs in swig-generated code).
1023 - Fix debian-bugs-658021: Please enable hardened build flags.
1026 - updated iana ports list.
1029 - tag for 1.4.17 release.
1030 - trunk is 1.4.18 in development.
1033 - Review comments, removed duplicate memset to zero in delegpt.
1036 - Updated doc/FEATURES with RFCs that are implemented but not listed.
1037 - Protect if statements in val_anchor for compile without locks.
1038 - tag for 1.4.17rc1.
1041 - fix configure ECDSA support in ldns detection for windows compile.
1042 - fix possible uninitialised variable in windows pipe implementation.
1045 - Fix alignment problem in util/random on sparc64/freebsd.
1048 - Fix for accept spinning reported by OpenBSD.
1049 - iana portlist updated.
1052 - Fix validation of nodata for DS query in NSEC zones, reported by
1055 13 April 2012: Wouter
1056 - ECDSA support (RFC 6605) by default. Use --disable-ecdsa for older
1059 10 April 2012: Wouter
1060 - Applied patch from Daisuke HIGASHI for rrset-roundrobin and
1061 minimal-responses features.
1062 - iana portlist updated.
1064 5 April 2012: Wouter
1065 - fix bug #443: --with-chroot-dir not honoured by configure.
1066 - fix bug #444: setusercontext was called too late (thanks Bjorn
1069 27 March 2012: Wouter
1070 - fix bug #442: Fix that Makefile depends on pythonmod headers
1071 even using --without-pythonmodule.
1073 22 March 2012: Wouter
1074 - contrib/validation-reporter follows rotated log file (patch from
1077 21 March 2012: Wouter
1078 - new approach to NS fetches for DS lookup that works with
1079 cornercases, and is more robust and considers forwarders.
1081 19 March 2012: Wouter
1082 - iana portlist updated.
1083 - fix to locate nameservers for DS lookup with NS fetches.
1085 16 March 2012: Wouter
1086 - Patch for access to full DNS packet data in unbound python module
1089 9 March 2012: Wouter
1090 - Applied line-buffer patch from Augie Schwer to validation.reporter.sh.
1092 2 March 2012: Wouter
1093 - flush_infra cleans timeouted servers from the cache too.
1094 - removed warning from --enable-ecdsa.
1096 1 March 2012: Wouter
1097 - forward-first option. Tries without forward if a query fails.
1098 Also stub-first option that is similar.
1100 28 February 2012: Wouter
1101 - Fix from code review, if EINPROGRESS not defined chain if statement
1104 27 February 2012: Wouter
1105 - Fix bug#434: on windows check registry for config file location
1106 for unbound-control.exe, and unbound-checkconf.exe.
1108 23 February 2012: Wouter
1109 - Fix to squelch 'network unreachable' errors from tcp connect in
1110 logs, high verbosity will show them.
1112 16 February 2012: Wouter
1113 - iter_hints is now thread-owned in module env, and thus threadsafe.
1114 - Fix prefetch and sticky NS, now the prefetch works. It picks
1115 nameservers that 'would be valid in the future', and if this makes
1116 the NS timeout, it updates that NS by asking delegation from the
1117 parent again. If child NS has longer TTL, that TTL does not get
1118 refreshed from the lookup to the child nameserver.
1120 15 February 2012: Wouter
1121 - Fix forward-zone memory, uses malloc and frees original root dp.
1122 - iter hints (stubs) uses malloc inside for more dynamicity.
1123 - unbound-control forward_add, forward_remove, stub_add, stub_remove
1124 can modify stubs and forwards for running unbound (on mobile computer)
1125 they can also add and remove domain-insecure for the zone.
1127 14 February 2012: Wouter
1128 - Fix sticky NS (ghost domain problem) if prefetch is yes.
1129 - iter forwards uses malloc inside for more dynamicity.
1131 13 February 2012: Wouter
1132 - RT#2955. Fix for cygwin compilation.
1133 - iana portlist updated.
1135 10 February 2012: Wouter
1136 - Slightly smaller critical region in one case in infra cache.
1137 - Fix timeouts to keep track of query type, A, AAAA and other, if
1138 another has caused timeout blacklist, different type can still probe.
1139 - unit test fix for nomem_cnametopos.rpl race condition.
1141 9 February 2012: Wouter
1142 - Fix AHX_BROKEN_MEMCMP for autoheader mess up of #undef in config.h.
1144 8 February 2012: Wouter
1145 - implement draft-ietf-dnsext-ecdsa-04; which is in IETF LC; This
1146 implementation is experimental at this time and not recommended
1147 for use on the public internet (the protocol numbers have not
1148 been assigned). Needs recent ldns with --enable-ecdsa.
1149 - fix memory leak in errorcase for DSA signatures.
1150 - iana portlist updated.
1151 - workaround for openssl 0.9.8 ecdsa sha2 and evp problem.
1153 3 February 2012: Wouter
1154 - fix for windows, rename() is not posix compliant on windows.
1156 2 February 2012: Wouter
1157 - 1.4.16 release tag.
1158 - svn trunk is 1.4.17 in development.
1159 - iana portlist updated.
1161 1 February 2012: Wouter
1162 - Fix validation failures (like: validation failure xx: no NSEC3
1163 closest encloser from yy for DS zz. while building chain of trust,
1164 because of a bug in the TTL-fix in 1.4.15, it picked the wrong rdata
1165 for an NSEC3. Now it does not change rdata, and fixes TTL.
1167 30 January 2012: Wouter
1168 - Fix version-number in libtool to be version-info so it produces
1169 libunbound.so.2 like it should.
1171 26 January 2012: Wouter
1172 - Tag 1.4.15 (same as 1.4.15rc1), for 1.4.15 release.
1173 - trunk 1.4.16; includes changes memset testcode, #424 openindiana,
1174 and keyfile write fixup.
1175 - applied patch to support outgoing-interface with ub_ctx_set_option.
1177 23 January 2012: Wouter
1178 - Fix memset in test code.
1180 20 January 2012: Wouter
1181 - Fix bug #424: compile on OpenIndiana OS with gcc 4.6.2.
1183 19 January 2012: Wouter
1184 - Fix to write key files completely to a temporary file, and if that
1185 succeeds, replace the real key file. So failures leave a useful file.
1187 18 January 2012: Wouter
1188 - tag 1.4.15rc1 created
1189 - updated libunbound/ubsyms.def and remade tag 1.4.15rc1.
1191 17 January 2012: Wouter
1192 - Fix bug where canonical_compare of RRSIG did not downcase the
1193 signer-name. This is mostly harmless because RRSIGs do not have
1194 to be sorted in canonical order, usually.
1196 12 January 2012: Wouter
1197 - bug#428: add ub_version() call to libunbound. API version increase,
1198 with (binary) backwards compatibility for the previous version.
1200 10 January 2012: Wouter
1201 - Fix bug #425: unbound reports wrong TTL in reply, it reports a TTL
1202 that would be permissible by the RFCs but it is not the TTL in the
1204 - iana portlist updated.
1205 - uninitialised variable in reprobe for rtt blocked domains fixed.
1206 - lintfix and new flex output.
1208 2 January 2012: Wouter
1209 - Fix to randomize hash function, based on 28c3 congress, reported
1212 24 December 2011: Wouter
1213 - Fix for memory leak (about 20 bytes when a tcp or udp send operation
1214 towards authority servers failed, takes about 50.000 such failures to
1215 leak one Mb, such failures are also usually logged), reported by
1217 - iana portlist updated.
1219 19 December 2011: Wouter
1220 - Fix for VU#209659 CVE-2011-4528: Unbound denial of service
1221 vulnerabilities from nonstandard redirection and denial of existence
1222 http://www.unbound.net/downloads/CVE-2011-4528.txt
1223 - robust checks for next-closer NSEC3s.
1224 - tag 1.4.14 created.
1225 - trunk has 1.4.15 in development.
1227 15 December 2011: Wouter
1228 - remove uninit warning from cachedump code.
1229 - Fix parse error on negative SOA RRSIGs if badly ordered in the packet.
1231 13 December 2011: Wouter
1232 - iana portlist updated.
1234 - fix infra cache comparison.
1235 - Fix to constrain signer_name to be a parent of the lookupname.
1237 5 December 2011: Wouter
1238 - Fix getaddrinfowithincludes on windows with fedora16 mingw32-gcc.
1239 - Fix warnings with gcc 4.6 in compat/inet_ntop.c.
1240 - Fix warning unused in compat/strptime.c.
1241 - Fix malloc detection and double defintion.
1243 2 December 2011: Wouter
1244 - configure generated with autoconf 2.68.
1246 30 November 2011: Wouter
1247 - Fix for tcp-upstream and ssl-upstream for if a laptop sleeps, causes
1248 SERVFAILs. Also fixed for UDP (but less likely).
1250 28 November 2011: Wouter
1251 - Fix quartile time estimate, it was too low, (thanks Jan Komissar).
1252 - iana ports updated.
1254 11 November 2011: Wouter
1255 - Makefile compat with SunOS make, BSD make and GNU make.
1256 - iana ports updated.
1258 10 November 2011: Wouter
1259 - Makefile changed for BSD make compatibility.
1261 9 November 2011: Wouter
1262 - added unit test for SSL service and SSL-upstream.
1264 8 November 2011: Wouter
1265 - can configure ssl service to one port number, and not on others.
1266 - fixup windows compile with ssl support.
1267 - Fix double free in unbound-host, reported by Steve Grubb.
1268 - iana portlist updated.
1270 1 November 2011: Wouter
1271 - dns over ssl support as a client, ssl-upstream yes turns it on.
1272 It performs an SSL transaction for every DNS query (250 msec).
1273 - documentation for new options: ssl-upstream, ssl-service-key and
1275 - iana portlist updated.
1276 - fix -flto detection on Lion for llvm-gcc.
1278 31 October 2011: Wouter
1279 - dns over ssl support, ssl-service-pem and ssl-service-key files
1280 can be given and then TCP queries are serviced wrapped in SSL.
1282 27 October 2011: Wouter
1283 - lame-ttl and lame-size options no longer exist, it is integrated
1284 with the host info. They are ignored (with verbose warning) if
1285 encountered to keep the config file backwards compatible.
1286 - fix iana-update for changing gzip compression of results.
1287 - fix export-all-symbols on OSX.
1289 26 October 2011: Wouter
1290 - iana portlist updated.
1291 - Infra cache stores information about ping and lameness per IP, zone.
1292 This fixes bug #416.
1293 - fix iana_update target for gzipped file on iana site.
1295 24 October 2011: Wouter
1296 - Fix resolve of partners.extranet.microsoft.com with a fix for the
1297 server selection for choosing out of a (particular) list of bad
1299 - Fix make_new_space function so that the incoming query is not
1300 overwritten if a jostled out query causes a waiting query to be
1301 resumed that then fails and sends an error message. (Thanks to
1304 21 October 2011: Wouter
1305 - fix --enable-allsymbols, fptr wlist is disabled on windows with this
1306 option enabled because of memory layout exe vs dll.
1308 19 October 2011: Wouter
1309 - fix unbound-anchor for broken strptime on OSX lion, detected
1311 - Detect if GOST really works, openssl1.0 on OSX fails.
1312 - Implement ipv6%interface notation for scope_id usage.
1314 17 October 2011: Wouter
1315 - better documentation for inform_super (Thanks Yang Zhe).
1317 14 October 2011: Wouter
1318 - Fix for out-of-memory condition in libunbound (thanks
1321 13 October 2011: Wouter
1322 - Fix --enable-allsymbols, it depended on link specifics of the
1323 target platform, or fptr_wlist assertion failures could occur.
1325 12 October 2011: Wouter
1326 - updated contrib/unbound_munin_ to family=auto so that it works with
1327 munin-node-configure automatically (if installed as
1328 /usr/local/share/munin/plugins/unbound_munin_ ).
1330 27 September 2011: Wouter
1331 - unbound.exe -w windows option for start and stop service.
1333 23 September 2011: Wouter
1334 - TCP-upstream calculates tcp-ping so server selection works if there
1337 20 September 2011: Wouter
1338 - Fix classification of NS set in answer section, where there is a
1339 parent-child server, and the answer has the AA flag for dir.slb.com.
1340 Thanks to Amanda Constant from Secure64.
1342 16 September 2011: Wouter
1343 - fix bug #408: accept patch from Steve Snyder that comments out
1344 unused functions in lookup3.c.
1345 - iana portlist updated.
1346 - fix EDNS1480 change memleak and TCP fallback.
1347 - fix various compiler warnings (reported by Paul Wouters).
1348 - max sent count. EDNS1480 only for rtt < 5000. No promiscuous
1349 fetch if sentcount > 3, stop query if sentcount > 16. Count is
1350 reset when referral or CNAME happens. This makes unbound better
1351 at managing large NS sets, they are explored when there is continued
1352 interest (in the form of queries).
1354 15 September 2011: Wouter
1356 - trunk contains 1.4.14 in development.
1357 - Unbound probes at EDNS1480 if there an EDNS0 timeout.
1359 12 September 2011: Wouter
1360 - Reverted dns EDNS backoff fix, it did not help and needs
1361 fragmentation fixes instead.
1364 7 September 2011: Wouter
1365 - Fix operation in ipv6 only (do-ip4: no) mode.
1367 6 September 2011: Wouter
1368 - fedora specfile updated.
1370 5 September 2011: Wouter
1373 2 September 2011: Wouter
1374 - iana portlist updated.
1376 26 August 2011: Wouter
1377 - Fix num-threads 0 does not segfault, reported by Simon Deziel.
1378 - Fix validation failures due to EDNS backoff retries, the retry
1379 for fetch of data has want_dnssec because the iter_indicate_dnssec
1380 function returns true when validation failure retry happens, and
1381 then the serviced query code does not fallback to noEDNS, even if
1382 the cache says it has this. This helps for DLV deployment when
1383 the DNSSEC status is not known for sure before the lookup concludes.
1385 24 August 2011: Wouter
1386 - Applied patch from Karel Slany that fixes a memory leak in the
1387 unbound python module, in string conversions.
1389 22 August 2011: Wouter
1390 - Fix validation of qtype ANY responses with CNAMEs (thanks Cathy
1391 Zhang and Luo Ce). Unbound responds with the RR types that are
1392 available at the name for qtype ANY and validates those RR types.
1393 It does not test for completeness (i.e. with NSEC or NSEC3 query),
1394 and it does not follow the CNAME or DNAME to another name (with
1395 even more data for the already large response).
1396 - Fix that internally, CNAMEs with NXDOMAIN have that as rcode.
1397 - Documented the options that work with control set_option command.
1398 - tcp-upstream yes/no option (works with set_option) for tunnels.
1400 18 August 2011: Wouter
1401 - fix autoconf call in makedist crosscompile to RC or snapshot.
1403 17 August 2011: Wouter
1404 - Fix validation of . DS query.
1405 - new xml format at IANA, new awk for iana_update.
1406 - iana portlist updated.
1408 10 August 2011: Wouter
1409 - Fix python site-packages path to /usr/lib64.
1410 - updated patch from Tom.
1411 - fix memory and fd leak after out-of-memory condition.
1413 9 August 2011: Wouter
1414 - patch from Tom Hendrikx fixes load of python modules.
1416 8 August 2011: Wouter
1417 - make clean had ldns-src reference, removed.
1419 1 August 2011: Wouter
1420 - Fix autoconf 2.68 warnings
1422 14 July 2011: Wouter
1423 - Unbound implements RFC6303 (since version 1.4.7).
1424 - tag 1.4.12rc1 is released as 1.4.12 (without the other fixes in the
1425 meantime, those are for 1.4.13).
1426 - iana portlist updated.
1428 13 July 2011: Wouter
1429 - Quick fix for contrib/unbound.spec example, no ldns-builtin any more.
1431 11 July 2011: Wouter
1432 - Fix wildcard expansion no-data reply under an optout NSEC3 zone is
1433 validated as insecure, reported by Jia Li (lijia@cnnic.cn).
1436 - 1.4.12rc1 tag created.
1439 - version number in example config file.
1440 - fix that --enable-static-exe does not complain about it unknown.
1442 30 June 2011: Wouter
1443 - tag relase 1.4.11, trunk is 1.4.12 development.
1444 - iana portlist updated.
1445 - fix bug#395: id bits of other query may leak out under conditions
1446 - fix replyaddr count wrong after jostled queries, which leads to
1447 eventual starvation where the daemon has no replyaddrs left to use.
1448 - fix comment about rndc port, that referred to the old port number.
1449 - fix that the listening socket is not closed when too many remote
1450 control connections are made at the same time.
1451 - removed ldns-src tarball inside the unbound tarball.
1453 23 June 2011: Wouter
1454 - Changed -flto check to support clang compiler.
1455 - tag 1.4.11rc3 created.
1457 17 June 2011: Wouter
1458 - tag 1.4.11rc1 created.
1459 - remove warning about signed/unsigned from flex (other flex version).
1460 - updated aclocal.m4 and libtool to match.
1461 - tag 1.4.11rc2 created.
1463 16 June 2011: Wouter
1464 - log-queries: yesno option, default is no, prints querylog.
1465 - version is 1.4.11.
1467 14 June 2011: Wouter
1468 - Use -flto compiler flag for link time optimization, if supported.
1469 - iana portlist updated.
1471 12 June 2011: Wouter
1472 - IPv6 service address for d.root-servers.net (2001:500:2D::D).
1474 10 June 2011: Wouter
1475 - unbound-control has version number in the header,
1476 UBCT[version]_space_ is the header sent by the client now.
1477 - Unbound control port number is registered with IANA:
1478 ub-dns-control 8953/tcp unbound dns nameserver control
1479 This is the new default for the control-port config setting.
1480 - statistics-interval prints the number of jostled queries to log.
1483 - Fix Makefile for U in environment, since wrong U is more common than
1484 deansification necessity.
1485 - iana portlist updated.
1486 - updated ldns tarball to 1.6.10rc2 snapshot of today.
1489 - Fix assertion failure when unbound generates an empty error reply
1490 in response to a query, CVE-2011-1922 VU#531342.
1491 - This fix is in tag 1.4.10.
1492 - defense in depth against the above bug, an error is printed to log
1493 instead of an assertion failure.
1496 - bug#386: --enable-allsymbols option links all binaries to libunbound
1497 and reduces install size significantly.
1498 - feature, ignore-cd-flag: yesno to provide dnssec to legacy servers.
1499 - iana portlist updated.
1500 - Fix TTL of SOA so negative TTL is separately cached from normal TTL.
1502 14 April 2011: Wouter
1503 - configure created with newer autoconf 2.66.
1505 12 April 2011: Wouter
1506 - bug#378: Fix that configure checks for ldns_get_random presence.
1508 8 April 2011: Wouter
1509 - iana portlist updated.
1510 - queries with CD flag set cause DNSSEC validation, but the answer is
1511 not withheld if it is bogus. Thus, unbound will retry if it is bad
1512 and curb the TTL if it is bad, thus protecting the cache for use by
1513 downstream validators.
1514 - val-override-date: -1 ignores dates entirely, for NTP usage.
1516 29 March 2011: Wouter
1517 - harden-below-nxdomain: changed so that it activates when the
1518 cached nxdomain is dnssec secure. This avoids backwards
1519 incompatibility because those old servers do not have dnssec.
1521 24 March 2011: Wouter
1522 - iana portlist updated.
1526 17 March 2011: Wouter
1527 - bug#370: new unbound.spec for CentOS 5.x from Harold Jones.
1528 Applied but did not do the --disable-gost.
1530 10 March 2011: Wouter
1531 - tag 1.4.9 release candidate 1 created.
1533 3 March 2011: Wouter
1534 - updated ldns to today.
1536 1 March 2011: Wouter
1537 - Fix no ADflag for NXDOMAIN in NSEC3 optout. And wildcard in optout.
1538 - give config parse error for multiple names on a stub or forward zone.
1539 - updated ldns tarball to 1.6.9(todays snapshot).
1541 24 February 2011: Wouter
1542 - bug #361: Fix, time.elapsed variable not reset with stats_noreset.
1544 23 February 2011: Wouter
1545 - iana portlist updated.
1546 - common.sh to version 3.
1548 18 February 2011: Wouter
1549 - common.sh in testdata updated to version 2.
1551 15 February 2011: Wouter
1552 - Added explicit note on unbound-anchor usage:
1553 Please note usage of unbound-anchor root anchor is at your own risk
1554 and under the terms of our LICENSE (see that file in the source).
1556 11 February 2011: Wouter
1557 - iana portlist updated.
1558 - tpkg updated with common.sh for common functionality.
1560 7 February 2011: Wouter
1561 - Added regression test for addition of a .net DS to the root, and
1562 cache effects with different TTL for glue and DNSKEY.
1563 - iana portlist updated.
1565 28 January 2011: Wouter
1566 - Fix remove private address does not throw away entire response.
1568 24 January 2011: Wouter
1571 19 January 2011: Wouter
1572 - fix bug#349: no -L/usr for ldns.
1574 18 January 2011: Wouter
1575 - ldns 1.6.8 tarball included.
1578 17 January 2011: Wouter
1579 - add get and set option for harden-below-nxdomain feature.
1580 - iana portlist updated.
1582 14 January 2011: Wouter
1583 - Fix so a changed NS RRset does not get moved name stuck on old
1584 server, for type NS the TTL is not increased.
1586 13 January 2011: Wouter
1587 - Fix prefetch so it does not get stuck on old server for moved names.
1589 12 January 2011: Wouter
1590 - iana portlist updated.
1592 11 January 2011: Wouter
1593 - Fix insecure CNAME sequence marked as secure, reported by Bert
1596 10 January 2011: Wouter
1597 - faster lruhash get_mem routine.
1599 4 January 2011: Wouter
1600 - bug#346: remove ITAR scripts from contrib, the service is discontinued, use the root.
1601 - iana portlist updated.
1603 23 December 2010: Wouter
1604 - Fix in infra cache that could cause rto larger than TOP_TIMEOUT kept.
1606 21 December 2010: Wouter
1607 - algorithm compromise protection using the algorithms signalled in
1608 the DS record. Also, trust anchors, DLV, and RFC5011 receive this,
1609 and thus, if you have multiple algorithms in your trust-anchor-file
1610 then it will now behave different than before. Also, 5011 rollover
1611 for algorithms needs to be double-signature until the old algorithm
1613 It is not an option, because I see no use to turn the security off.
1614 - iana portlist updated.
1616 17 December 2010: Wouter
1617 - squelch 'tcp connect: bla' in logfile, (set verbosity 2 to see them).
1618 - fix validation in this case: CNAME to nodata for co-hosted opt-in
1619 NSEC3 insecure delegation, was bogus, fixed to be insecure.
1621 16 December 2010: Wouter
1622 - Fix our 'BDS' license (typo reported by Xavier Belanger).
1624 10 December 2010: Wouter
1625 - iana portlist updated.
1626 - review changes for unbound-anchor.
1628 2 December 2010: Wouter
1629 - feature typetransparent localzone, does not block other RR types.
1631 1 December 2010: Wouter
1632 - Fix bug#338: print address when socket creation fails.
1634 30 November 2010: Wouter
1635 - Fix storage of EDNS failures in the infra cache.
1636 - iana portlist updated.
1638 18 November 2010: Wouter
1639 - harden-below-nxdomain option, default off (because very old
1640 software may be incompatible). We could enable it by default in
1643 17 November 2010: Wouter
1644 - implement draft-vixie-dnsext-resimprove-00, we stop on NXDOMAIN.
1645 - make test output nicer.
1647 15 November 2010: Wouter
1648 - silence 'tcp connect: broken pipe' and 'net down' at low verbosity.
1649 - iana portlist updated.
1650 - so-sndbuf option for very busy servers, a bit like so-rcvbuf.
1652 9 November 2010: Wouter
1653 - unbound-anchor compiles with openssl 0.9.7.
1655 8 November 2010: Wouter
1656 - release tag 1.4.7.
1657 - trunk is version 1.4.8.
1658 - Be lenient and accept imgw.pl malformed packet (like BIND).
1660 5 November 2010: Wouter
1661 - do not synthesize a CNAME message from cache for qtype DS.
1663 4 November 2010: Wouter
1664 - Use central entropy to seed threads.
1666 3 November 2010: Wouter
1667 - Change the rtt used to probe EDNS-timeout hosts to 1000 msec.
1669 2 November 2010: Wouter
1673 1 November 2010: Wouter
1674 - GOST code enabled by default (RFC 5933).
1676 27 October 2010: Wouter
1677 - Fix uninit value in dump_infra print.
1678 - Fix validation failure for parent and child on same server with an
1679 insecure childzone and a CNAME from parent to child.
1680 - Configure detects libev-4.00.
1682 26 October 2010: Wouter
1683 - dump_infra and flush_infra commands for unbound-control.
1684 - no timeout backoff if meanwhile a query succeeded.
1685 - Change of timeout code. No more lost and backoff in blockage.
1686 At 12sec timeout (and at least 2x lost before) one probe per IP
1687 is allowed only. At 120sec, the IP is blocked. After 15min, a
1688 120sec entry has a single retry packet.
1690 25 October 2010: Wouter
1691 - Configure errors if ldns is not found.
1693 22 October 2010: Wouter
1694 - Windows 7 fix for the installer.
1696 21 October 2010: Wouter
1697 - Fix bug where fallback_tcp causes wrong roundtrip and edns
1698 observation to be noted in cache. Fix bug where EDNSprobe halted
1699 exponential backoff if EDNS status unknown.
1700 - new unresponsive host method, exponentially increasing block backoff.
1701 - iana portlist updated.
1703 20 October 2010: Wouter
1704 - interface automatic works for some people with ip6 disabled.
1705 Therefore the error check is removed, so they can use the option.
1707 19 October 2010: Wouter
1708 - Fix for request list growth, if a server has long timeout but the
1709 lost counter is low, then its effective rtt is the one without
1710 exponential backoff applied. Because the backoff is not working.
1711 The lost counter can then increase and the server is blacklisted,
1712 or the lost counter does not increase and the server is working
1715 18 October 2010: Wouter
1716 - iana portlist updated.
1718 13 October 2010: Wouter
1719 - Fix TCP so it uses a random outgoing-interface.
1720 - unbound-anchor handles ADDPEND keystate.
1722 11 October 2010: Wouter
1723 - Fix bug when DLV below a trust-anchor that uses NSEC3 optout where
1724 the zone has a secure delegation hosted on the same server did not
1725 verify as secure (it was insecure by mistake).
1726 - iana portlist updated.
1727 - ldns tarball updated (for reading cachedumps with bad RR data).
1729 1 October 2010: Wouter
1730 - test for unbound-anchor. fix for reading certs.
1731 - Fix alloc_reg_release for longer uptime in out of memory conditions.
1733 28 September 2010: Wouter
1734 - unbound-anchor working, it creates or updates a root.key file.
1735 Use it before you start the validator (e.g. at system boot time).
1737 27 September 2010: Wouter
1738 - iana portlist updated.
1740 24 September 2010: Wouter
1741 - bug#329: in example.conf show correct ipv4 link-local 169.254/16.
1743 23 September 2010: Wouter
1744 - unbound-anchor app, unbound requires libexpat (xml parser library).
1746 22 September 2010: Wouter
1747 - compliance with draft-ietf-dnsop-default-local-zones-14, removed
1748 reverse ipv6 orchid prefix from builtin list.
1749 - iana portlist updated.
1751 17 September 2010: Wouter
1752 - DLV has downgrade protection again, because the RFC says so.
1753 - iana portlist updated.
1755 16 September 2010: Wouter
1756 - Algorithm rollover operational reality intrudes, for trust-anchor,
1757 5011-store, and DLV-anchor if one key matches it's good enough.
1758 - iana portlist updated.
1759 - Fix reported validation error in out of memory condition.
1761 15 September 2010: Wouter
1762 - Abide RFC5155 section 9.2: no AD flag for replies with NSEC3 optout.
1764 14 September 2010: Wouter
1765 - increased mesh-max-activation from 1000 to 3000 for crazy domains
1766 like _tcp.slb.com with 262 servers.
1767 - iana portlist updated.
1769 13 September 2010: Wouter
1770 - bug#327: Fix for cannot access stub zones until the root is primed.
1772 9 September 2010: Wouter
1773 - unresponsive servers are not completely blacklisted (because of
1774 firewalls), but also not probed all the time (because of the request
1775 list size it generates). The probe rate is 1%.
1776 - iana portlist updated.
1778 20 August 2010: Wouter
1779 - openbsd-lint fixes: acl_list_get_mem used if debug-alloc enabled.
1780 iterator get_mem includes priv_get_mem. delegpt nodup removed.
1781 listen_pushback, query_info_allocqname, write_socket, send_packet,
1782 comm_point_set_cb_arg and listen_resume removed.
1784 19 August 2010: Wouter
1785 - Fix bug#321: resolution of rs.ripe.net artifacts with 0x20.
1786 Delegpt structures checked for duplicates always.
1787 No more nameserver lookups generated when depth is full anyway.
1788 - example.conf notes how to do DNSSEC validation and track the root.
1789 - iana portlist updated.
1791 18 August 2010: Wouter
1792 - Fix bug#322: configure does not respect CFLAGS on Solaris.
1793 Pass CFLAGS="-xO4 -xtarget=generic" on the configure command line
1794 if use sun-cc, but some systems need different flags.
1796 16 August 2010: Wouter
1797 - Fix acx_nlnetlabs.m4 configure output for autoconf-2.66 AS_TR_CPP
1798 changes, uses m4_bpatsubst now.
1799 - make test (or make check) should be more portable and run the unit
1800 test and testbound scripts. (make longtest has special requirements).
1802 13 August 2010: Wouter
1803 - More pleasant remote control command parsing.
1804 - documentation added for return values reported by doxygen 1.7.1.
1805 - iana portlist updated.
1807 9 August 2010: Wouter
1808 - Fix name of rrset printed that failed validation.
1810 5 August 2010: Wouter
1811 - Return NXDOMAIN after chain of CNAMEs ends at name-not-found.
1813 4 August 2010: Wouter
1814 - Fix validation in case a trust anchor enters into a zone with
1815 unsupported algorithms.
1817 3 August 2010: Wouter
1818 - updated ldns tarball with bugfixes.
1819 - release tag 1.4.6.
1820 - trunk becomes 1.4.7 develop.
1821 - iana portlist updated.
1823 22 July 2010: Wouter
1824 - more error details on failed remote control connection.
1826 15 July 2010: Wouter
1827 - rlimit adjustments for select and ulimit can happen at the same time.
1829 14 July 2010: Wouter
1830 - Donation text added to README.
1831 - Fix integer underflow in prefetch ttl creation from cache. This
1832 fixes a potential negative prefetch ttl.
1834 12 July 2010: Wouter
1835 - Changed the defaults for num-queries-per-thread/outgoing-range.
1836 For builtin-select: 512/960, for libevent 1024/4096 and for
1837 windows 24/48 (because of win api). This makes the ratio this way
1838 to improve resilience under heavy load. For high performance, use
1839 libevent and possibly higher numbers.
1841 10 July 2010: Wouter
1842 - GOST enabled if SSL is recent and ldns has GOST enabled too.
1843 - ldns tarball updated.
1846 - iana portlist updated.
1847 - Fix validation of qtype DNSKEY when a key-cache entry exists but
1848 no rr-cache entry is used (it expired or prefetch), it then goes
1849 back up to the DS or trust-anchor to validate the DNSKEY.
1852 - Neat function prototypes, unshadowed local declarations.
1855 - failure to chown the pidfile is not fatal any more.
1856 - testbound uses UTC timezone.
1857 - ldns tarball updated (ports and works on Minix 3.1.7). On Minix, add
1858 /usr/gnu/bin to PATH, use ./configure AR=/usr/gnu/bin/gar and gmake.
1861 - log if a server is skipped because it is on the donotquery list,
1862 at verbosity 4, to enable diagnosis why no queries to 127.0.0.1.
1863 - added feature to print configure date, target and options with -h.
1864 - added feature to print event backend system details with -h.
1865 - wdiff is not actually required by make test, updated requirements.
1868 - Fix RFC4035 compliance with 2.2 statement that the DNSKEY at apex
1869 must be signed with all algorithms from the DS rrset at the parent.
1870 This is now checked and becomes bogus if not.
1872 28 June 2010: Wouter
1873 - Fix jostle list bug found by Vince (luoce@cnnic), it caused the qps
1874 in overload situations to be about 5 qps for the class of shortly
1876 The capacity of the resolver is then about (numqueriesperthread / 2)
1877 / (average time for such long queries) qps for long queries.
1878 And about (numqueriesperthread / 2)/(jostletimeout in whole seconds)
1879 qps for short queries, per thread.
1880 - Fix the max number of reply-address count to be applied for duplicate
1881 queries, and not for new query list entries. This raises the memory
1882 usage to a max of (16+1)*numqueriesperthread reply addresses.
1884 25 June 2010: Wouter
1885 - Fix handling of corner case reply from lame server, follows rfc2308.
1886 It could lead to a nodata reply getting into the cache if the search
1887 for a non-lame server turned up other misconfigured servers.
1888 - unbound.h has extern "C" statement for easier include in c++.
1890 23 June 2010: Wouter
1891 - iana portlist updated.
1892 - makedist upgraded cross compile openssl option, like this:
1893 ./makedist.sh -s -wssl openssl-1.0.0a.tar.gz -w --enable-gost
1895 22 June 2010: Wouter
1896 - Unbound reports libev or libevent correctly in logs in verbose mode.
1897 - Fix to unload gost dynamic library module for leak testing.
1899 18 June 2010: Wouter
1900 - iana portlist updated.
1902 17 June 2010: Wouter
1903 - Add AAAA to root hints for I.ROOT-SERVERS.NET.
1905 16 June 2010: Wouter
1906 - Fix assertion failure reported by Kai Storbeck from XS4ALL, the
1907 assertion was wrong.
1908 - updated ldns tarball.
1910 15 June 2010: Wouter
1911 - tag 1.4.5 created.
1912 - trunk contains 1.4.6 in development.
1913 - Fix TCPreply on systems with no writev, if just 1 byte could be sent.
1914 - Fix to use one pointer less for iterator query state store_parent_NS.
1915 - makedist crosscompile to windows uses builtin ldns not host ldns.
1916 - Max referral count from 30 to 130, because 128 one character domains
1918 - added documentation for the histogram printout to syslog.
1920 11 June 2010: Wouter
1921 - When retry to parent the retrycount is not wiped, so failed
1922 nameservers are not tried again.
1923 - iana portlist updated.
1925 10 June 2010: Wouter
1926 - Fix bug where a long loop could be entered, now cycle detection
1927 has a loop-counter and maximum search amount.
1930 - iana portlist updated.
1931 - 1.4.5rc1 tag created.
1934 - ldns tarball updated, 1.6.5.
1935 - review comments, split dependency cycle tracking for parentside
1936 last resort lookups for A and AAAA so there are more lookup options.
1939 - Fix compile warning if compiled without threads.
1940 - updated ldns-tarball with current ldns svn (pre 1.6.5).
1941 - GOST disabled-by-default, the algorithm number is allocated but the
1942 RFC is still has to pass AUTH48 at the IETF.
1945 - Ignore Z flag in incoming messages too.
1946 - Fix storage of negative parent glue if that last resort fails.
1947 - libtoolize 2.2.6b, autoconf 2.65 applied to configure.
1948 - new splint flags for newer splint install.
1951 - Fix AD flag handling, it could in some cases mistakenly copy the AD
1952 flag from upstream servers.
1953 - alloc_special_obtain out of memory is not a fatal error any more,
1954 enabling unbound to continue longer in out of memory conditions.
1955 - parentside names are dispreferred but not said to be dnssec-lame.
1956 - parentside check for cached newname glue.
1957 - fix parentside and querytargets modulestate, for dump_requestlist.
1958 - unbound-control-setup makes keys -rw-r--- so not all users permitted.
1959 - fix parentside from cache to be marked dispreferred for bad names.
1962 - iana portlist updated.
1963 - parent-child disagreement approach altered. Older fixes are
1964 removed in place of a more exhaustive search for misconfigured data
1965 available via the parent of a delegation.
1966 This is designed to be throttled by cache entries, with TTL from the
1967 parent if possible. Additionally the loop-counter is used.
1968 It also tests for NS RRset differences between parent and child.
1969 The fetch of misconfigured data should be more reliable and thorough.
1970 It should work reliably even with no or only partial data in cache.
1971 Data received from the child (as always) is deemed more
1972 authoritative than information received from the delegation parent.
1973 The search for misconfigured data is not performed normally.
1976 - Contribution from Migiel de Vos (Surfnet): nagios patch for
1977 unbound-host, in contrib/ (in the source tarball). Makes
1978 unbound-host suitable for monitoring dnssec(-chain) status.
1981 - EDNS timeout code will not fire if EDNS status already known.
1982 - EDNS failure not stored if EDNS status known to work.
1985 - Fix resolution for domains like safesvc.com.cn. If the iterator
1986 can not recurse further and it finds the delegation in a state
1987 where it would otherwise have rejected it outhand if so received
1988 from a cache lookup, then it can try to ask higherup (with loop
1990 - Fix comments in iter_utils:dp_is_useless.
1993 - Fix various compiler warnings from the clang llvm compiler.
1994 - iana portlist updated.
1997 - Fix bug#308: spelling error in variable name in parser and lexer.
2000 - Fix dnssec-missing detection that was turned off by server selection.
2001 - Conforms to draft-ietf-dnsop-default-local-zones-13. Added default
2002 reverse lookup blocks for IPv4 test nets 100.51.198.in-addr.arpa,
2003 113.0.203.in-addr.arpa and Orchid prefix 0.1.1.0.0.2.ip6.arpa.
2005 29 April 2010: Wouter
2006 - Fix for dnssec lameness detection to use the key cache.
2007 - infra cache entries that are expired are wiped clean. Previously
2008 it was possible to not expire host data (if accessed often).
2010 28 April 2010: Wouter
2011 - ldns tarball updated and GOST support is detected and then enabled.
2012 - iana portlist updated.
2013 - Fix detection of gost support in ldns (reported by Chris Smith).
2015 27 April 2010: Wouter
2016 - unbound-control get_option domain-insecure shows config file items.
2017 - fix retry sequence if prime hints are recursion-lame.
2018 - autotrust anchor file can be initialized with a ZSK key as well.
2019 - harden-referral-path does not result in failures due to max-depth.
2020 You can increase the max-depth by adding numbers (' 0') after the
2021 target-fetch-policy, this increases the depth to which is checked.
2023 26 April 2010: Wouter
2024 - Compile fix using Sun Studio 12 compiler on Solaris 5.9, use
2025 CPPFLAGS during configure process.
2026 - if libev is installed on the base system (not libevent), detect
2027 it from the event.h header file and link with -lev.
2028 - configlexer.lex gets config.h, and configyyrename.h added by make,
2029 no more double include.
2030 - More strict scrubber (Thanks to George Barwood for the idea):
2031 NS set must be pertinent to the query (qname subdomain nsname).
2032 - Fix bug#307: In 0x20 backoff fix fallback so the number of
2033 outstanding queries does not become -1 and block the request.
2034 Fixed handling of recursion-lame in combination with 0x20 fallback.
2035 Fix so RRsets are compared canonicalized and sorted if the immediate
2036 comparison fails, this makes it work around round-robin sites.
2038 23 April 2010: Wouter
2039 - Squelch log message: sendto failed permission denied for
2040 255.255.255.255, it is visible in VERB_DETAIL (verbosity 2).
2041 - Fix to fetch data as last resort more tenaciously. When cycle
2042 targets cause the server selection to believe there are more options
2043 when they really are not there, the server selection is reinitiated.
2044 - Fix fetch from blacklisted dnssec lame servers as last resort. The
2045 server's IP address is then given in validator errors as well.
2046 - Fix local-zone type redirect that did not use the query name for
2049 22 April 2010: Wouter
2051 - trunk contains 1.4.5 in development.
2052 - Fix validation failure for qtype ANY caused by a RRSIG parse failure.
2053 The validator error message was 'no signatures from ...'.
2055 16 April 2010: Wouter
2056 - more portability defines for CMSG_SPACE, CMSG_ALIGN, CMSG_LEN.
2059 15 April 2010: Wouter
2060 - ECC-GOST algorithm number 12 that is assigned by IANA. New test
2061 example key and signatures for GOST. GOST requires openssl-1.0.0.
2062 GOST is still disabled by default.
2064 9 April 2010: Wouter
2065 - Fix bug#305: pkt_dname_tolower could read beyond end of buffer or
2066 get into an endless loop, if 0x20 was enabled, and buffers are small
2067 or particular broken packets are received.
2068 - Fix chain of trust with CNAME at an intermediate step, for the DS
2071 8 April 2010: Wouter
2072 - Fix validation of queries with wildcard names (*.example).
2074 6 April 2010: Wouter
2075 - Fix EDNS probe for .de DNSSEC testbed failure, where the infra
2076 cache timeout coincided with a server update, the current EDNS
2077 backoff is less sensitive, and does not cache the backoff unless
2078 the backoff actually works and the domain is not expecting DNSSEC.
2079 - GOST support with correct algorithm numbers.
2081 1 April 2010: Wouter
2082 - iana portlist updated.
2084 24 March 2010: Wouter
2085 - unbound control flushed items are not counted when flushed again.
2087 23 March 2010: Wouter
2088 - iana portlist updated.
2090 22 March 2010: Wouter
2091 - unbound-host disables use-syslog from config file so that the
2092 config file for the main server can be used more easily.
2093 - fix bug#301: unbound-checkconf could not parse interface
2094 '0.0.0.0@5353', even though unbound itself worked fine.
2096 19 March 2010: Wouter
2097 - fix fwd_ancil test to pass if the socket options are not supported.
2099 18 March 2010: Wouter
2100 - Fixed random numbers for port, interface and server selection.
2101 Removed very small bias.
2102 - Refer to the listing in unbound-control man page in the extended
2103 statistics entry in the unbound.conf man page.
2105 16 March 2010: Wouter
2106 - Fix interface-automatic for OpenBSD: msg.controllen was too small,
2107 also assertions on ancillary data buffer.
2108 - check for IP_SENDSRCADDR for interface-automatic or IP_PKTINFO.
2109 - for NSEC3 check if signatures are cached.
2111 15 March 2010: Wouter
2112 - unit test for util/regional.c.
2114 12 March 2010: Wouter
2115 - Reordered configure checks so fork and -lnsl -lsocket checks are
2116 earlier, and thus later checks benefit from and do not hinder them.
2117 - iana portlist updated.
2118 - ldns tarball updated.
2119 - Fix python use when multithreaded.
2120 - Fix solaris python compile.
2121 - Include less in config.h and include per code file for ldns, ssl.
2123 11 March 2010: Wouter
2124 - another memory allocation option: --enable-alloc-nonregional.
2125 exposes the regional allocations to other memory purifiers.
2126 - fix for memory alignment in struct sock_list allocation.
2127 - Fix for MacPorts ldns without ssl default, unbound checks if ldns
2128 has dnssec functionality and uses the builtin if not.
2129 - Fix daemonize on Solaris 10, it did not detach from terminal.
2130 - tag 1.4.3 created.
2131 - trunk is 1.4.4 in development.
2132 - spelling fix in validation error involving cnames.
2134 10 March 2010: Wouter
2135 - --enable-alloc-lite works with test set.
2136 - portability in the testset: printf format conversions, prototypes.
2138 9 March 2010: Wouter
2139 - tag 1.4.2 created.
2140 - trunk is 1.4.3 in development.
2141 - --enable-alloc-lite debug option.
2143 8 March 2010: Wouter
2144 - iana portlist updated.
2146 4 March 2010: Wouter
2147 - Fix crash in control channel code.
2149 3 March 2010: Wouter
2150 - better casts in pipe code, brackets placed wrongly.
2151 - iana portlist updated.
2153 1 March 2010: Wouter
2154 - make install depends on make all.
2155 - Fix 5011 auto-trust-anchor-file initial read to skip RRSIGs.
2156 - --enable-checking: enables assertions but does not look nonproduction.
2157 - nicer VERB_DETAIL (verbosity 2, unbound-host -d) output, with
2158 nxdomain and nodata distinguished.
2159 - ldns tarball updated.
2160 - --disable-rpath fixed for libtool not found errors.
2161 - new fedora specfile from Fedora13 in contrib from Paul Wouters.
2163 26 February 2010: Wouter
2164 - Fixup prototype for lexer cleanup in daemon code.
2165 - unbound-control list_stubs, list_forwards, list_local_zones and
2168 24 February 2010: Wouter
2169 - Fix scrubber bug that potentially let NS records through. Reported
2171 - Also delete potential poison references from additional.
2172 - Fix: no classification of a forwarder as lame, throw away instead.
2174 23 February 2010: Wouter
2175 - libunbound ub_ctx_get_option() added.
2176 - unbound-control set_option and get_option commands.
2177 - iana portlist updated.
2179 18 February 2010: Wouter
2180 - A little more strict DS scrubbing.
2181 - No more blacklisting of unresponsive servers, a 2 minute timeout
2183 - RD flag not enabled for dnssec-blacklisted tries, unless necessary.
2184 - pickup ldns compile fix, libdl for libcrypto.
2185 - log 'tcp connect: connection timed out' only in high verbosity.
2186 - unbound-control log_reopen command.
2187 - moved get_option code from unbound-checkconf to util/config_file.c
2189 17 February 2010: Wouter
2190 - Disregard DNSKEY from authority section for chain of trust.
2191 DS records that are irrelevant to a referral scrubbed. Anti-poison.
2192 - iana portlist updated.
2194 16 February 2010: Wouter
2195 - Check for 'no space left on device' (or other errors) when
2196 writing updated autotrust anchors and print errno to log.
2198 15 February 2010: Wouter
2199 - Fixed the requery protection, the TTL was 0, it is now 900 seconds,
2200 hardcoded. We made the choice to send out more conservatively,
2201 protecting against an aggregate effect more than protecting a
2202 single user (from their own folly, perhaps in case of misconfig).
2204 12 February 2010: Wouter
2205 - Re-query pattern changed on validation failure. To protect troubled
2206 authority servers, unbound caches a failure for the DNSKEY or DS
2207 records for the entire zone, and only retries that 900 seconds later.
2208 This implies that only a handful of packets are sent extra to the
2209 authority if the zone fails.
2211 11 February 2010: Wouter
2212 - ldns tarball update for long label length syntax error fix.
2213 - iana portlist updated.
2215 9 February 2010: Wouter
2216 - Fixup in compat snprintf routine, %f 1.02 and %g support.
2217 - include math.h for testbound test compile portability.
2219 2 February 2010: Wouter
2220 - Updated url of IANA itar, interim trust anchor repository, in script.
2222 1 February 2010: Wouter
2223 - iana portlist updated.
2224 - configure test for memcmp portability.
2226 27 January 2010: Wouter
2227 - removed warning on format string in validator error log statement.
2228 - iana portlist updated.
2230 22 January 2010: Wouter
2231 - libtool finish the install of unbound python dynamic library.
2233 21 January 2010: Wouter
2234 - acx_nlnetlabs.m4 synchronised with nsd's version.
2236 20 January 2010: Wouter
2237 - Fixup lookup trouble for parent-child domains on the first query.
2239 14 January 2010: Wouter
2240 - Fixup ldns detection to also check for header files.
2242 13 January 2010: Wouter
2243 - prefetch-key option that performs DNSKEY queries earlier in the
2244 validation process, and that could halve the latency on DNSSEC
2245 queries. It takes some extra processing (CPU, a cache is needed).
2247 12 January 2010: Wouter
2248 - Fix unbound-checkconf for auto-trust-anchor-file present checks.
2250 8 January 2010: Wouter
2251 - Fix for parent-child disagreement code which could have trouble
2252 when (a) ipv6 was disabled and (b) the TTL for parent and child
2253 were different. There were two bugs, the parent-side information
2254 is fixed to no longer block lookup of child side information and
2255 the iterator is fixed to no longer attempt to get ipv6 when it is
2256 not enabled and then give up in failure.
2257 - test and fixes to make prefetch actually store the answer in the
2258 cache. Considers some rrsets 'already expired' but does not allow
2259 overwriting of rrsets considered more secure.
2261 7 January 2010: Wouter
2262 - Fixup python documentation (thanks Leo Vandewoestijne).
2263 - Work on cache prefetch feature.
2264 - Stats for prefetch, in log print stats, unbound-control stats
2265 and in unbound_munin plugin.
2267 6 January 2010: Wouter
2268 - iana portlist updated.
2269 - bug#291: DNS wireformat max is 255. dname_valid allowed 256 length.
2270 - verbose output includes parent-side-address notion for lameness.
2271 - documented val-log-level: 2 setting in example.conf and man page.
2272 - change unbound-control-setup from 1024(sha1) to 1536(sha256).
2274 1 January 2010: Wouter
2275 - iana portlist updated.
2277 22 December 2009: Wouter
2278 - configure with newer libtool 2.2.6b.
2280 17 December 2009: Wouter
2283 - trunk to version 1.4.2.
2285 15 December 2009: Wouter
2286 - Answer to qclass=ANY queries, with class IN contents.
2287 Test that validation also works.
2288 - updated ldns snapshot tarball with latest fixes (parsing records).
2290 11 December 2009: Wouter
2291 - on IPv4 UDP turn off DF flag.
2293 10 December 2009: Wouter
2294 - requirements.txt updated with design choice explanations.
2295 - Reading fixes: fix to set unlame when child confirms parent glue,
2296 and fix to avoid duplicate addresses in delegation point.
2297 - verify_rrsig routine checks expiration last.
2299 9 December 2009: Wouter
2300 - Fix Bug#287(reopened): update of ldns tarball with fix for parse
2301 errors generated for domain names like '.example.com'.
2302 - Fix SOA excluded from negative DS responses. Reported by Hauke
2303 Lampe. The negative cache did not include proper SOA records for
2304 negative qtype DS responses which makes BIND barf on it, such
2305 responses are now only used internally.
2306 - Fix negative cache lookup of closestencloser check of DS type bit.
2308 8 December 2009: Wouter
2309 - Fix for lookup of parent-child disagreement domains, where the
2310 parent-side glue works but it does not provide proper NS, A or AAAA
2311 for itself, fixing domains such as motorcaravanners.eu.
2312 - Feature: you can specify a port number in the interface: line, so
2313 you can bind the same interface multiple times at different ports.
2315 7 December 2009: Wouter
2316 - Bug#287: Fix segfault when unbound-control remove nonexistent local
2317 data. Added check to tests.
2319 1 December 2009: Wouter
2320 - Fix crash with module-config "iterator".
2321 - Added unit test that has "iterator" module-config.
2323 30 November 2009: Wouter
2324 - bug#284: fix parse of # without end-of-line at end-of-file.
2326 26 November 2009: Wouter
2327 - updated ldns with release candidate for version 1.6.3.
2328 - tag for 1.4.0 release.
2329 - 1.4.1 version in trunk.
2330 - Fixup major libtool version to 2 because of why_bogus change.
2331 It was 1:5:0 but should have been 2:0:0.
2333 23 November 2009: Wouter
2334 - Patch from David Hubbard for libunbound manual page.
2335 - Fixup endless spinning in unbound-control stats reported by
2336 Attila Nagy. Probably caused by clock reversal.
2338 20 November 2009: Wouter
2339 - contrib/split-itar.sh contributed by Tom Hendrikx.
2341 19 November 2009: Wouter
2342 - better argument help for unbound-control.
2343 - iana portlist updated.
2345 17 November 2009: Wouter
2346 - noted multiple entries for multiple domain names in example.conf.
2347 - iana portlist updated.
2349 16 November 2009: Wouter
2350 - Fixed signer detection of CNAME responses without signatures.
2351 - Fix#282 libunbound memleak on error condition by Eric Sesterhenn.
2352 - Tests for CNAMEs to deeper trust anchors, secure and bogus.
2353 - svn tag 1.4.0rc1 made.
2355 13 November 2009: Wouter
2356 - Fixed validation failure for CNAME to optout NSEC3 nodata answer.
2357 - unbound-host does not fail on type ANY.
2358 - Fixed wireparse failure to put RRSIGs together with data in some
2359 long ANY mix cases, which fixes validation failures.
2361 12 November 2009: Wouter
2362 - iana portlist updated.
2363 - fix manpage errors reported by debian lintian.
2365 - fixup very long vallog2 level error strings.
2367 11 November 2009: Wouter
2368 - ldns tarball updated (to 1.6.2).
2371 10 November 2009: Wouter
2372 - Thanks to Surfnet found bug in new dnssec-retry code that failed
2373 to combine well when combined with DLV and a particular failure.
2374 - Fixed unbound-control -h output about argument optionality.
2377 5 November 2009: Wouter
2378 - lint fixes and portability tests.
2379 - better error text for multiple domain keys in one autotrust file.
2381 2 November 2009: Wouter
2382 - Fix bug where autotrust does not work when started with a DS.
2383 - Updated GOST unit tests for unofficial algorithm number 249
2384 and DNSKEY-format changes in draft version -01.
2386 29 October 2009: Wouter
2387 - iana portlist updated.
2388 - edns-buffer-size option, default 4096.
2391 28 October 2009: Wouter
2392 - removed abort on prealloc failure, error still printed but softfail.
2393 - iana portlist updated.
2394 - RFC 5702: RSASHA256 and RSASHA512 support enabled by default.
2395 - ldns tarball updated (which also enables rsasha256 support).
2397 27 October 2009: Wouter
2398 - iana portlist updated.
2400 8 October 2009: Wouter
2402 - add val-log-level print to corner case (nameserver.epost.bg).
2403 - more detail to errors from insecure delegation checks.
2404 - Fix double time subtraction in negative cache reported by
2405 Amanda Constant and Hugh Mahon.
2406 - Made new validator error string available from libunbound for
2407 applications. It is in result->why_bogus, a zero-terminated string.
2408 unbound-host prints it by default if a result is bogus.
2409 Also the errinf is public in module_qstate (for other modules).
2411 7 October 2009: Wouter
2412 - retry for validation failure in DS and prime results. Less mem use.
2413 unit test. Provisioning in other tests for requeries.
2414 - retry for validation failure in DNSKEY in middle of chain of trust.
2416 - retry for empty non terminals in chain of trust and unit test.
2417 - Fixed security bug where the signatures for NSEC3 records were not
2418 checked when checking for absence of DS records. This could have
2419 enabled the substitution of an insecure delegation.
2420 - moved version number to 1.4.0 because of 1.3.4 release with only
2421 the NSEC3 patch from the entry above.
2422 - val-log-level: 2 shows extended error information for validation
2423 failures, but still one (longish) line per failure. For example:
2424 validation failure <example.com. DNSKEY IN>: signature expired from
2425 192.0.2.4 for trust anchor example.com. while building chain of trust
2426 validation failure <www.example.com. A IN>: no signatures from
2427 192.0.2.6 for key example.com. while building chain of trust
2429 6 October 2009: Wouter
2430 - Test set updated to provide additional ns lookup result.
2431 The retry would attempt to fetch the data from other nameservers
2432 for bogus data, and this needed to be provisioned in the tests.
2434 5 October 2009: Wouter
2435 - first validation failure retry code. Retries for data failures.
2438 2 October 2009: Wouter
2439 - improve 5011 modularization.
2440 - fix unbound-host so -d can be given before -C.
2441 - iana portlist updated.
2443 28 September 2009: Wouter
2444 - autotrust-anchor-file can read multiline input and $ORIGIN.
2445 - prevent integer overflow in holddown calculation. review fixes.
2446 - fixed race condition in trust point revocation. review fix.
2447 - review fixes to comments, removed unused code.
2449 25 September 2009: Wouter
2450 - so-rcvbuf: 4m option added. Set this on large busy servers to not
2451 drop the occasional packet in spikes due to full socket buffers.
2452 netstat -su keeps a counter of UDP dropped due to full buffers.
2453 - review of validator/autotrust.c, small fixes and comments.
2455 23 September 2009: Wouter
2456 - 5011 query failed counts verification failures, not lookup failures.
2457 - 5011 probe failure handling fixup.
2458 - test unbound reading of original autotrust data.
2459 The metadata per-key, such as key state (PENDING, MISSING, VALID) is
2460 picked up, otherwise performs initial probe like usual.
2462 22 September 2009: Wouter
2463 - autotrust test with algorithm rollover, new ordering of checks
2464 assists in orderly rollover.
2465 - autotrust test with algorithm rollover to unknown algorithm.
2466 checks if new keys are supported before adding them.
2467 - autotrust test with trust point revocation, becomes unsigned.
2468 - fix DNSSEC-missing-signature detection for minimal responses
2469 for qtype DNSKEY (assumes DNSKEY occurs at zone apex).
2471 18 September 2009: Wouter
2472 - autotrust tests, fix trustpoint timer deletion code.
2473 fix count of valid anchors during missing remove.
2474 - autotrust: pick up REVOKE even if not signed with known other keys.
2476 17 September 2009: Wouter
2477 - fix compile of unbound-host when --enable-alloc-checks.
2478 - Fix lookup problem reported by Koh-ichi Ito and Jaap Akkerhuis.
2479 - Manual page fixes reported by Tony Finch.
2481 16 September 2009: Wouter
2482 - Fix memory leak reported by Tao Ma.
2483 - Fix memstats test tool for log-time-ascii log format.
2485 15 September 2009: Wouter
2486 - iana portlist updated.
2488 10 September 2009: Wouter
2489 - increased MAXSYSLOGLEN so .bg key can be printed in debug output.
2490 - use linebuffering for log-file: output, this can be significantly
2491 faster than the previous fflush method and enable some class of
2492 resolvers to use high verbosity (for short periods).
2493 Not on windows, because line buffering does not work there.
2495 9 September 2009: Wouter
2496 - Fix bug where DNSSEC-bogus messages were marked with too high TTL.
2497 The RRsets would still expire at the normal time, but this would
2498 keep messages bogus in the cache for too long.
2499 - regression test for that bug.
2500 - documented that load_cache is meant for debugging.
2502 8 September 2009: Wouter
2503 - fixup printing errors when load_cache, they were printed to the
2504 SSL connection which broke, now to the log.
2505 - new ldns - with fixed parse of large SOA values.
2507 7 September 2009: Wouter
2508 - autotrust testbound scenarios.
2509 - autotrust fix that failure count is written to file.
2510 - autotrust fix that keys may become valid after add holddown time
2511 alone, before the probe returns.
2513 4 September 2009: Wouter
2514 - Changes to make unbound work with libevent-2.0.3 alpha. (in
2515 configure detection due to new ssl dependency in libevent)
2516 - do not call sphinx for documentation when python is disabled.
2517 - remove EV_PERSIST from libevent timeout code to make the code
2518 compatible with the libevent-2.0. Works with older libevent too.
2519 - fix memory leak in python code.
2521 3 September 2009: Wouter
2522 - Got a patch from Luca Bruno for libunbound support on windows to
2523 pick up the system resolvconf nameservers and hosts there.
2524 - included ldns updated (enum warning fixed).
2525 - makefile fix for parallel makes.
2526 - Patch from Zdenek Vasicek and Attila Nagy for using the source IP
2527 from python scripts. See pythonmod/examples/resip.py.
2528 - doxygen comment fixes.
2530 2 September 2009: Wouter
2531 - TRAFFIC keyword for testbound. Simplifies test generation.
2532 ${range lower val upper} to check probe timeout values.
2533 - test with 5011-prepublish rollover and revocation.
2534 - fix revocation of RR for autotrust, stray exclamation mark.
2536 1 September 2009: Wouter
2537 - testbound variable arithmetic.
2538 - autotrust probe time is randomised.
2539 - autotrust: the probe is active and does not fetch from cache.
2541 31 August 2009: Wouter
2542 - testbound variable processing.
2544 28 August 2009: Wouter
2545 - fixup unbound-control lookup to print forward and stub servers.
2547 27 August 2009: Wouter
2548 - autotrust: mesh answer callback is empty.
2550 26 August 2009: Wouter
2551 - autotrust probing.
2552 - iana portlist updated.
2554 25 August 2009: Wouter
2555 - fixup memleak in trust anchor unsupported algorithm check.
2556 - iana portlist updated.
2557 - autotrust options: add-holddown, del-holddown, keep-missing.
2558 - autotrust store revoked status of trust points.
2559 - ctime_r compat definition.
2560 - detect yylex_destroy() in configure.
2561 - detect SSL_get_compression_methods declaration in configure.
2562 - fixup DS lookup at anchor point with unsigned parent.
2563 - fixup DLV lookup for DS queries to unsigned domains.
2565 24 August 2009: Wouter
2566 - cleaner memory allocation on exit. autotrust test routines.
2567 - free all memory on program exit, fix for ssl and flex.
2569 21 August 2009: Wouter
2570 - autotrust: debug routines. Read,write and conversions work.
2572 20 August 2009: Wouter
2573 - autotrust: save and read trustpoint variables.
2575 19 August 2009: Wouter
2576 - autotrust: state table updates.
2577 - iana portlist updated.
2579 17 August 2009: Wouter
2580 - autotrust: process events.
2582 17 August 2009: Wouter
2583 - Fix so that servers are only blacklisted if they fail to reply
2584 to 16 queries in a row and the timeout gets above 2 minutes.
2585 - autotrust work, split up DS verification of DNSKEYs.
2587 14 August 2009: Wouter
2588 - unbound-control lookup prints out infra cache information, like RTT.
2589 - Fix bug in DLV lookup reported by Amanda from Secure64.
2590 It could sometimes wrongly classify a domain as unsigned, which
2591 does not give the AD bit on replies.
2593 13 August 2009: Wouter
2594 - autotrust read anchor files. locked trust anchors.
2596 12 August 2009: Wouter
2597 - autotrust import work.
2599 11 August 2009: Wouter
2600 - Check for openssl compatible with gost if enabled.
2601 - updated unit test for GOST=211 code.
2602 Nicer naming of test files.
2603 - iana portlist updated.
2605 7 August 2009: Wouter
2606 - call OPENSSL_config() in unbound and unit test so that the
2607 operator can use openssl.cnf for configuration options.
2608 - removed small memory leak from config file reader.
2610 6 August 2009: Wouter
2611 - configure --enable-gost for GOST support, experimental
2612 implementation of draft-dolmatov-dnsext-dnssec-gost-01.
2613 - iana portlist updated.
2614 - ldns tarball updated (with GOST support).
2616 5 August 2009: Wouter
2617 - trunk moved to 1.3.4.
2619 4 August 2009: Wouter
2620 - Added test that the examples from draft rsasha256-14 verify.
2621 - iana portlist updated.
2624 3 August 2009: Wouter
2625 - nicer warning when algorithm not supported, tells you to upgrade.
2626 - iana portlist updated.
2628 27 July 2009: Wouter
2629 - Updated unbound-cacti contribution from Dmitriy Demidov, with
2630 the queue statistics displayed in its own graph.
2631 - iana portlist updated.
2633 22 July 2009: Wouter
2634 - Fix bug found by Michael Tokarev where unbound would try to
2635 prime the root servers even though forwarders are configured for
2639 21 July 2009: Wouter
2640 - Fix server selection, so that it waits for open target queries when
2641 faced with lameness.
2643 20 July 2009: Wouter
2644 - Ignore transient sendto errors, no route to host, and host, net down.
2645 - contrib/update-anchor.sh has -r option for root-hints.
2646 - feature val-log-level: 1 prints validation failures so you can
2647 keep track of them during dnssec deployment.
2649 16 July 2009: Wouter
2650 - fix replacement malloc code. Used in crosscompile.
2651 - makedist -w creates crosscompiled setup.exe on fedora11.
2653 15 July 2009: Wouter
2654 - dependencies for compat items, for crosscompile.
2655 - mingw32 crosscompile changes, dependencies and zipfile creation.
2656 and with System.dll from the windows NSIS you can make setup.exe.
2657 - package libgcc_s_sjlj exception handler for NSISdl.dll.
2659 14 July 2009: Wouter
2660 - updated ldns tarball for solaris x64 compile assistance.
2661 - no need to define RAND_MAX from config.h.
2662 - iana portlist updated.
2663 - configure changes and ldns update for mingw32 crosscompile.
2665 13 July 2009: Wouter
2666 - Fix for crash at start on windows.
2667 - tag for release 1.3.2.
2668 - trunk has version 1.3.3.
2669 - Fix for ID bits on windows to use all 16. RAND_MAX was not
2670 defined like you'd expect on mingw. Reported by Mees de Roo.
2673 - tag for release 1.3.1.
2674 - trunk has version 1.3.2.
2677 - iana portlist updated.
2680 - prettier error handling in SSL setup.
2681 - makedist.sh uname fix (same as ldns).
2682 - updated fedora spec file.
2685 - fixup linking when ldnsdir is "".
2687 30 June 2009: Wouter
2688 - more lenient truncation checks.
2690 29 June 2009: Wouter
2691 - ldns trunk r2959 imported as tarball, because of solaris cc compile
2692 support for c99. r2960 for better configure.
2693 - better wrongly_truncated check.
2694 - On Linux, fragment IPv6 datagrams to the IPv6 minimum MTU, to
2695 avoid dropped packets at routers.
2697 26 June 2009: Wouter
2698 - Fix EDNS fallback when EDNS works for short answers but long answers
2701 22 June 2009: Wouter
2702 - fixup iter priv strict aliasing while preserving size of sockaddr.
2703 - iana portlist updated. (one less port allocated, one more fraction
2704 of a bit for security!)
2705 - updated fedora specfile in contrib from Paul Wouters.
2707 19 June 2009: Wouter
2708 - Fixup strict aliasing warning in iter priv code.
2709 and config_file code.
2710 - iana portlist updated.
2711 - harden-referral-path: handle cases where NS is in answer section.
2713 18 June 2009: Wouter
2714 - Fix of message parse bug where (specifically) an NSEC and RRSIG
2715 in the wrong order would be parsed, but put wrongly into internal
2716 structures so that later validation would fail.
2717 - Extreme lenience for wrongly truncated replies where a positive
2718 reply has an NS in the authority but no signatures. They are
2719 turned into minimal responses with only the (secure) answer.
2720 - autoconf 2.63 for configure.
2721 - python warnings suppress. Keep python API away from header files.
2723 17 June 2009: Wouter
2724 - CREDITS entry for cz.nic, sponsoring a 'summer of code' that was
2725 used for the python code in unbound. (http://www.nic.cz/vip/ in cz).
2727 16 June 2009: Wouter
2728 - Fixup opportunistic target query generation to it does not
2729 generate queries that are known to fail.
2730 - Touchup on munin total memory report.
2731 - messages picked out of the cache by the iterator are checked
2732 if their cname chain is still correct and if validation status
2733 has to be reexamined.
2735 15 June 2009: Wouter
2736 - iana portlist updated.
2738 14 June 2009: Wouter
2739 - Fixed bug where cached responses would lose their security
2740 status on second validation, which especially impacted dlv
2741 lookups. Reported by Hauke Lampe.
2743 13 June 2009: Wouter
2744 - bug #254. removed random whitespace from example.conf.
2746 12 June 2009: Wouter
2747 - Fixup potential wrong NSEC picked out of the cache.
2748 - If unfulfilled callbacks are deleted they are called with an error.
2749 - fptr wlist checks for mesh callbacks.
2750 - fwd above stub in configuration works.
2752 11 June 2009: Wouter
2753 - Fix queries for type DS when forward or stub zones are there.
2754 They are performed to higherup domains, and thus treated as if
2755 going to higher zones when looking up the right forward or stub
2756 server. This makes a stub pointing to a local server that has
2757 a local view of example.com signed with the same keys as are
2758 publicly used work. Reported by Johan Ihren.
2759 - Added build-unbound-localzone-from-hosts.pl to contrib, from
2760 Dennis DeDonatis. It converts /etc/hosts into config statements.
2761 - same thing fixed for forward-zone and DS, chain of trust from
2762 public internet into the forward-zone works now. Added unit test.
2765 - openssl key files are opened apache-style, when user is root and
2766 before chrooting. This makes permissions on remote-control key
2767 files easier to set up. Fixes bug #251.
2768 - flush_type and flush_name remove msg cache entries.
2769 - codereview - dp copy bogus setting fix.
2772 - Removed RFC5011 REVOKE flag support. Partial 5011 support may cause
2773 inadvertant behaviour.
2774 - 1.3.0 tarball for release created.
2775 - 1.3.1 development in svn trunk.
2776 - iana portlist updated.
2777 - fix lint from complaining on ldns/sha.h.
2778 - help compiler figure out aliasing in priv_rrset_bad() routine.
2779 - fail to configure with python if swig is not found.
2780 - unbound_munin_ in contrib uses ps to show rss if sbrk does not work.
2783 - fixup bad free() when wrongly encoded DSA signature is seen.
2784 Reported by Paul Wouters.
2785 - review comments from Matthijs.
2788 - --enable-sha2 option. The draft rsasha256 changed its algorithm
2789 numbers too often. Therefore it is more prudent to disable the
2790 RSASHA256 and RSASHA512 support by default.
2791 - ldns trunk included as new tarball.
2792 - recreated the 1.3.0 tag in svn. rc1 tarball generated at this point.
2795 - fixup doc bug in README reported by Matthew Dempsky.
2798 - update iana port list
2799 - update ldns lib tarball
2802 - detect lack of IPv6 support on XP (with a different error code).
2803 - Fixup a crash-on-exit which was triggered by a very long queue.
2804 Unbound would try to re-use ports that came free, but this is
2805 of course not really possible because everything is deleted.
2806 Most easily triggered on XP (not Vista), maybe because of the
2807 network stack encouraging large messages backlogs.
2808 - change in debug statements.
2809 - Fixed bug that could cause a crash if root prime failed when there
2810 were message backlogs.
2813 - Thanks again to Brett Carr, found an assertion that was not true.
2814 Assertion checked if recursion parent query still existed.
2816 29 April 2009: Wouter
2817 - Thanks to Brett Carr, caught windows resource leak, use
2818 closesocket() and not close() on sockets or else the network stack
2819 starts to leak handles.
2820 - Removed usage of windows Mutex because windows cannot handle enough
2821 mutexes open. Provide own mutex implementation using primitives.
2823 28 April 2009: Wouter
2824 - created svn tag for 1.3.0.
2826 27 April 2009: Wouter
2827 - optimised cname from cache.
2828 - ifdef windows functions in testbound.
2830 23 April 2009: Wouter
2831 - fix for threadsafety in solaris thr_key_create() in tests.
2832 - iana portlist updated.
2833 - fix pylib test for Darwin.
2834 - fix pymod test for Darwin and a python threading bug in pymod init.
2835 - check python >= 2.4 in configure.
2836 - -ldl check for libcrypto 1.0.0beta.
2838 21 April 2009: Wouter
2839 - fix for build outside sourcedir.
2840 - fix for configure script swig detection.
2842 17 April 2009: Wouter
2843 - Fix reentrant in minievent handler for unix. Could have resulted
2844 in spurious event callbacks.
2845 - timers do not take up a fd slot for winsock handler.
2846 - faster fix for winsock reentrant check.
2847 - fix rsasha512 unit test for new (interim) algorithm number.
2848 - fix test:ldns doesn't like DOS line endings in keyfiles on unix.
2849 - fix compile warning on ubuntu (configlexer fwrite return value).
2850 - move python include directives into CPPFLAGS instead of CFLAGS.
2852 16 April 2009: Wouter
2853 - winsock event handler exit very quickly on signal, even if
2855 - iana portlist updated.
2856 - fixup windows winsock handler reentrant problem.
2858 14 April 2009: Wouter
2859 - bug #245: fix munin plugin, perform cleanup of stale lockfiles.
2860 - makedist.sh; better help text.
2861 - cache-min-ttl option and tests.
2862 - mingw detect error condition on TCP sockets (NOTCONN).
2864 9 April 2009: Wouter
2865 - Fix for removal of RSASHA256_NSEC3 protonumber from ldns.
2866 - ldns tarball updated.
2867 - iana portlist update.
2868 - detect GOST support in openssl-1.0.0-beta1, and fix compile problem
2869 because that openssl defines the name STRING for itself.
2871 6 April 2009: Wouter
2872 - windows compile fix.
2873 - Detect FreeBSD jail without ipv6 addresses assigned.
2874 - python libunbound wrapper unit test.
2875 - installs the following files. Default is to not build them.
2876 from configure --with-pythonmodule:
2877 /usr/lib/python2.x/site-packages/unboundmodule.py
2878 from configure --with-pyunbound:
2879 /usr/lib/python2.x/site-packages/unbound.py
2880 /usr/lib/python2.x/site-packages/_unbound.so*
2881 The example python scripts (pythonmod/examples and
2882 libunbound/python/examples) are not installed.
2883 - python invalidate routine respects packed rrset ids and locks.
2884 - clock skew checks in unbound, config statements.
2885 - nxdomain ttl considerations in requirements.txt
2887 3 April 2009: Wouter
2888 - Fixed a bug that caused messages to be stored in the cache too
2889 long. Hard to trigger, but NXDOMAINs for nameservers or CNAME
2890 targets have been more vulnerable to the TTL miscalculation bug.
2891 - documentation test fixed for python addition.
2893 2 April 2009: Wouter
2894 - pyunbound (libunbound python plugin) compiles using libtool.
2895 - documentation for pythonmod and pyunbound is generated in doc/html.
2896 - iana portlist updated.
2897 - fixed bug in unbound-control flush_zone where it would not flush
2898 every message in the target domain. This especially impacted
2899 NXDOMAIN messages which could remain in the cache regardless.
2900 - python module test package.
2902 1 April 2009: Wouter
2903 - suppress errors when trying to contact authority servers that gave
2904 ipv6 AAAA records for their nameservers with ipv4 mapped contents.
2905 Still tries to do so, could work when deployed in intranet.
2906 Higher verbosity shows the error.
2907 - new libunbound calls documented.
2908 - pyunbound in libunbound/python. Removed compile warnings.
2909 Makefile to make it.
2911 30 March 2009: Wouter
2912 - Fixup LDFLAGS from libevent sourcedir compile configure restore.
2913 - Fixup so no non-absolute rpaths are added.
2914 - Fixup validation of RRSIG queries, they are let through.
2915 - read /dev/random before chroot
2916 - checkconf fix no python checks when no python module enabled.
2917 - fix configure, pthread first, so other libs do not change outcome.
2919 27 March 2009: Wouter
2920 - nicer -h output. report linked libraries and modules.
2921 - prints modules in intuitive order (config file friendly).
2922 - python compiles easily on BSD.
2924 26 March 2009: Wouter
2925 - ignore swig varargs warnings with gcc.
2926 - remove duplicate example.conf text from python example configs.
2927 - outofdir compile fix for python.
2929 - print modules compiled in on -h. manpage.
2931 25 March 2009: Wouter
2932 - initial import of the python contribution from Zdenek Vasicek and
2934 - pythonmod in Makefile; changes to remove warnings/errors for 1.3.0.
2936 24 March 2009: Wouter
2937 - more neat configure.ac. Removed duplicate config.h includes.
2938 - neater config.h.in.
2939 - iana portlist updated.
2940 - fix util/configlexer.c and solaris -std=c99 flag.
2941 - fix postcommit aclocal errors.
2942 - spaces stripped. Makefile cleaner, /usr omitted from -I, -L, -R.
2943 - swap order of host detect and libtool generation.
2945 23 March 2009: Wouter
2946 - added launchd plist example file for MacOSX to contrib.
2947 - deprecation test for daemon(3).
2948 - moved common configure actions to m4 include, prettier Makefile.
2950 20 March 2009: Wouter
2951 - bug #239: module-config entries order is important. Documented.
2952 - build fix for test asynclook.
2954 19 March 2009: Wouter
2955 - winrc/README.txt dos-format text file.
2956 - iana portlist updated.
2957 - use _beginthreadex() when available (performs stack alignment).
2958 - defaults for windows baked into configure.ac (used if on mingw).
2960 18 March 2009: Wouter
2961 - Added tests, unknown algorithms become insecure. fallback works.
2962 - Fix for and test for unknown algorithms in a trust anchor
2963 definition. Trust anchors with no supported algos are ignored.
2964 This means a (higher)DS or DLV entry for them could succeed, and
2965 otherwise they are treated as insecure.
2966 - domain-insecure: "example.com" statement added. Sets domain
2967 insecure regardless of chain of trust DSs or DLVs. The inverse
2970 17 March 2009: Wouter
2971 - unit test for unsupported algorithm in anchor warning.
2972 - fixed so queries do not fail on opportunistic target queries.
2974 16 March 2009: Wouter
2975 - fixup diff error printout in contrib/update-itar.sh.
2976 - added contrib/unbound_cacti for statistics support in cacti,
2977 contributed by Dmitriy Demidov.
2979 13 March 2009: Wouter
2980 - doxygen and lex/yacc on linux.
2981 - strip update-anchor on makedist -w.
2982 - fix testbound on windows.
2983 - default log to syslog for windows.
2984 - uninstaller can stop unbound - changed text on it to reflect that.
2985 - remove debugging from windows 'cron' actions.
2987 12 March 2009: Wouter
2988 - log to App.logs on windows prints executable identity.
2990 - munin plugin fix benign locking error printout.
2991 - anchor-update for windows, called every 24 hours; unbound reloads.
2993 11 March 2009: Wouter
2994 - winsock event handler resets WSAevents after signalled.
2995 - winsock event handler tests if signals are really signalled.
2996 - install and service with log to file works on XP and Vista on
2997 default install location.
2998 - on windows logging to the Application logbook works (as a service).
2999 - fix RUN_DIR on windows compile setting in makedist.
3000 - windows registry has Software\Unbound\ConfigFile element.
3001 If does not exist, the default is used. The -c switch overrides it.
3002 - fix makedist version cleanup function.
3004 10 March 2009: Wouter
3005 - makedist -w strips out old rc.. and snapshot info from version.
3006 - setup.exe starts and stops unbound after install, before uninstall.
3007 - unbound-checkconf recognizes absolute pathnames on windows (C:...).
3009 9 March 2009: Wouter
3010 - Nullsoft NSIS installer creation script.
3012 5 March 2009: Wouter
3013 - fixup memory leak introduced on 18feb in mesh reentrant fix.
3015 3 March 2009: Wouter
3016 - combined icon with 16x16(4) 32x32(4) 48x48(8) 64x64(8).
3017 - service works on xp/vista, no config necessary (using defaults).
3018 - windows registry settings.
3020 2 March 2009: Wouter
3021 - fixup --export-symbols to be -export-symbls for libtool.
3022 This should fix extraneous symbols exported from libunbound.
3023 Thanks to Ondrej Sury and Robert Edmonds for finding it.
3024 - iana portlist updated.
3025 - document FAQ entry on stub/forward zones and default blocking.
3026 - fix asynclook test app for libunbound not exporting symbols.
3027 - service install and remove utils that work with vista UAC.
3029 27 February 2009: Wouter
3030 - Fixup lexer, to not give warnings about fwrite. Appeared in
3032 - makedistro functionality for mingw. Has RC support.
3033 - support spaces and backslashes in configured defaults paths.
3034 - register, deregister in service control manager.
3036 25 February 2009: Wouter
3037 - windres usage for application resources.
3039 24 February 2009: Wouter
3040 - isc moved their dlv key download location.
3041 - fixup warning on vista/mingw.
3042 - makedist -w for window zip distribution first version.
3044 20 February 2009: Wouter
3045 - Fixup contrib/update-itar.sh, the exit codes 1 and 0 were swapped.
3046 Nicer script layout. Added url to site in -h output.
3048 19 February 2009: Wouter
3049 - unbound-checkconf and unbound print warnings when trust anchors
3050 have unsupported algorithms.
3051 - added contrib/update-itar.sh This script is similar to
3052 update-anchor.sh, and updates from the IANA ITAR repository.
3053 You can provide your own PGP key and trust repo, or can use the
3054 builtin. The program uses wget and gpg to work.
3055 - iana portlist updated.
3056 - update-itar.sh: using ftp:// urls because https godaddy certificate
3057 is not available everywhere and then gives fatal errors. The
3058 security is provided by pgp signature.
3060 18 February 2009: Wouter
3061 - more cycle detection. Also for target queries.
3062 - fixup bug where during deletion of the mesh queries the callbacks
3063 that were reentrant caused assertion failures. Keep the mesh in
3064 a reentrant safe state. Affects libunbound, reload of server,
3065 on quit and flush_requestlist.
3066 - iana portlist updated.
3068 13 February 2009: Wouter
3069 - forwarder information now per-thread duplicated.
3070 This keeps it read only for speed, with no locking necessary.
3071 - forward command for unbound control to change forwarders to use
3073 - document that unbound-host reads no config file by default.
3074 - updated iana portlist.
3076 12 February 2009: Wouter
3077 - call setusercontext if available (on BSD).
3078 - small refactor of stats clearing.
3079 - #227: flush_stats feature for unbound-control.
3080 - stats_noreset feature for unbound-control.
3081 - flush_requestlist feature for unbound-control.
3082 - libunbound version upped API (was changed 5 feb).
3083 - unbound-control status shows if root forwarding is in use.
3084 - slightly nicer memory management in iter-fwd code.
3086 10 February 2009: Wouter
3087 - keys with rfc5011 REVOKE flag are skipped and not considered when
3089 - iana portlist updated
3090 - #226: dump_requestlist feature for unbound-control.
3092 6 February 2009: Wouter
3093 - contrib contains specfile for fedora 1.2.1 (from Paul Wouters).
3094 - iana portlist updated.
3095 - fixup EOL in include directive (reported by Paul Wouters).
3096 You can no longer specify newlines in the names of included files.
3097 - config parser changed. Gives some syntax errors closer to where they
3098 occurred. Does not enforce a space after keyword anymore.
3099 Does not allow literal newlines inside quoted strings anymore.
3100 - verbosity level 5 logs customer IP for new requestlist entries.
3101 - test fix, lexer and cancel test.
3102 - new option log-time-ascii: yes if you enable it prints timestamps
3103 in the log file as Feb 06 13:45:26 (like syslog does).
3104 - detect event_base_new in libevent-1.4.1 and later and use it.
3105 - #231 unbound-checkconf -o option prints that value from config file.
3106 Useful for scripting in management scripts and the like.
3108 5 February 2009: Wouter
3109 - ldns 1.5.0 rc as tarball included.
3110 - 1.3.0 development continues:
3111 change in libunbound API: ub_cancel can return an error, that
3112 the async_id did not exist, or that it was already delivered.
3113 The result could have been delivered just before the cancel
3114 routine managed to acquire the lock, so a caller may get the
3115 result at the same time they call cancel. For this case,
3116 ub_cancel tries to return an error code.
3117 Fixes race condition in ub_cancel() libunbound function.
3118 - MacOSX Leopard cleaner text output from configure.
3119 - initgroups(3) is called to drop secondary group permissions, if
3121 - configure option --with-ldns-builtin forces the use of the
3122 inluded ldns package with the unbound source. The -I include
3123 is put before the others, so it avoids bad include files from
3124 an older ldns install.
3125 - daemon(3) posix call is used when available.
3126 - testbound test for older fix added.
3128 4 February 2009: Wouter
3129 - tag for release 1.2.1.
3130 - trunk setup for 1.3.0 development.
3132 3 February 2009: Wouter
3133 - noted feature requests in doc/TODO.
3134 - printout more detailed errors on ssl certificate loading failures.
3135 - updated IANA portlist.
3137 16 January 2009: Wouter
3138 - more quiet about ipv6 network failures, i.e. when ipv6 is not
3139 available (network unreachable). Debug still printed on high
3141 - unbound-host -4 and -6 options. Stops annoying ipv6 errors when
3142 debugging with unbound-host -4 -d ...
3143 - more cycle detection for NS-check, addr-check, root-prime and
3144 stub-prime queries in the iterator. Avoids possible deadlock
3147 15 January 2009: Wouter
3148 - bug #229: fixup configure checks for compilation with Solaris
3149 Sun cc compiler, ./configure CC=/opt/SUNWspro/bin/cc
3150 - fixup suncc warnings.
3151 - fix bug where unbound could crash using libevent 1.3 and older.
3152 - update testset for recent retry change.
3154 14 January 2009: Wouter
3155 - 1.2.1 feature: negative caching for failed queries.
3156 Queries that failed are cached for 5 seconds (NORR_TTL).
3157 If the failure is local, like out of memory, it is not cached.
3158 - the TTL comparison for the cache used different comparisons,
3159 causing many cache responses that used the iterator and validator
3160 state machines unnecessarily.
3161 - retry from 4 to 5 so that EDNS drop retry is part of the first
3162 query resolve attempt, and cached error does not stop EDNS fallback.
3163 - remove debug prints that protect against bad referrals.
3164 - honor QUIET=no on make commandline (or QUIET=yes ).
3166 13 January 2009: Wouter
3167 - fixed bug in lameness marking, removed printouts.
3168 - find NS rrset more cleanly for qtype NS.
3169 - Moved changes to 1.2.0 for release. Thanks to Mark Zealey for
3171 - 1.2.1 feature: stops resolving AAAAs promiscuously when they
3172 are in the negative cache.
3174 12 January 2009: Wouter
3175 - fixed bug in infrastructure lameness cache, did not lowercase
3176 name of zone to hash when setting lame.
3177 - lameness debugging printouts.
3179 9 January 2009: Wouter
3180 - created svn tag for 1.2.0 release.
3181 - svn trunk contains 1.2.1 version number.
3182 - iana portlist updated for todays list.
3183 - removed debug print.
3185 8 January 2009: Wouter
3186 - new version of ldns-trunk (today) included as tarball, fixed
3187 bug #224, building with -j race condition.
3188 - remove possible race condition in the test for race conditions.
3190 7 January 2009: Wouter
3191 - version 1.2.0 in preparation.
3192 - feature to allow wildcards (*, ?, [], {}. ~) in trusted-keys-file
3193 statements. (Adapted from patch by Paul Wouters).
3194 - typo fix and iana portlist updated.
3195 - porting testsuite; unused var warning, and type fixup.
3197 6 January 2009: Wouter
3198 - fixup packet-of-death when compiled with --enable-debug.
3199 A malformed packet could cause an internal assertion failure.
3200 - added test for HINFO canonicalisation behaviour.
3201 - fixup reported problem with transparent local-zone data where
3202 queries with different type could get nxdomain. Now queries
3203 with a different name get resolved normally, with different type
3204 get a correct NOERROR/NODATA answer.
3205 - HINFO no longer downcased for validation, making unbound compatible
3207 - fix reading included config files when chrooted.
3208 Give full path names for include files.
3209 Relative path names work if the start dir equals the working dir.
3210 - fix libunbound message transport when no packet buffer is available.
3212 5 January 2009: Wouter
3213 - fixup getaddrinfo failure handling for remote control port.
3214 - added L.ROOT-SERVERS.NET. AAAA 2001:500:3::42 to builtin root hints.
3215 - fixup so it works with libev-3.51 from http://dist.schmorp.de/libev/
3216 - comm_timer_set performs base_set operation after event_add.
3218 18 December 2008: Wouter
3219 - fixed bug reported by Duane Wessels: error in DLV lookup, would make
3220 some zones that had correct DLV keys as insecure.
3221 - follows -rc makedist from ldns changes (no _rc).
3222 - ldns tarball updated with 1.4.1rc for DLV unit test.
3223 - verbose prints about recursion lame detection and server selection.
3224 - fixup BSD port for infra host storage. It hashed wrongly.
3225 - fixup makedist snapshot name generation.
3226 - do not reopen syslog to avoid dev/log dependency.
3228 17 December 2008: Wouter
3229 - follows ldns makedist.sh. -rc option. autom4te dir removed.
3230 - unbound-control status command.
3231 - extended statistics has a number of ipv6 queries counter.
3232 contrib/unbound_munin_ was updated to draw ipv6 in the hits graph.
3234 16 December 2008: Wouter
3235 - follow makedist improvements from ldns, for maintainers prereleases.
3236 - snapshot version uses _ not - to help rpm distinguish the
3239 11 December 2008: Wouter
3240 - better fix for bug #219: use LOG_NDELAY with openlog() call.
3241 Thanks to Tamas Tevesz.
3243 9 December 2008: Wouter
3244 - bug #221 fixed: unbound checkconf checks if key files exist if
3245 remote control is enabled. Also fixed NULL printf when not chrooted.
3246 - iana portlist updated.
3248 3 December 2008: Wouter
3249 - Fix problem reported by Jaco Engelbrecht where unbound-control stats
3250 freezes up unbound if this was compiled without threading, and
3251 was using multiple processes.
3252 - iana portlist updated.
3253 - test for remote control with interprocess communication.
3254 - created command distribution mechanism so that remote control
3255 commands other than 'stats' work on all processes in a nonthreaded
3256 compiled version. dump/load cache work, on the first process.
3257 - fixup remote control local_data addition memory corruption bug.
3259 1 December 2008: Wouter
3260 - SElinux policy files in contrib/selinux for the unbound daemon,
3261 by Paul Wouters and Adam Tkac.
3263 25 November 2008: Wouter
3264 - configure complains when --without-ssl is given (bug #220).
3265 - skip unsupported feature tests on vista/mingw.
3266 - fixup testcode/streamtcp to work on vista/mingw.
3267 - root-hints test checks version of dig required.
3268 - blacklisted servers are polled at a low rate (1%) to see if they
3269 come back up. But not if there is some other working server.
3271 24 November 2008: Wouter
3272 - document that the user of the server daemon needs read privileges
3273 on the keys and certificates generated by unbound-control-setup.
3274 This is different per system or distribution, usually, running the
3275 script under the same username as the server uses suffices.
3276 i.e. sudo -u unbound unbound-control-setup
3277 - testset port to vista/mingw.
3278 - tcp_sigpipe to freebsd port.
3280 21 November 2008: Wouter
3281 - fixed tcp accept, errors were printed when they should not.
3282 - unbound-control-setup.sh removes read/write permissions other
3283 from the keys it creates (as suggested by Dmitriy Demidov).
3285 20 November 2008: Wouter
3286 - fixup fatal error due to faulty error checking after tcp accept.
3287 - add check in rlimit to avoid integer underflow.
3288 - rlimit check with new formula; better estimate for number interfaces
3289 - nicer comments in rlimit check.
3290 - tag 1.1.1 created in svn.
3291 - trunk label is 1.1.2
3293 19 November 2008: Wouter
3294 - bug #219: fixed so that syslog which delays opening until the first
3295 log line is written, gets a log line while not chroot'ed yet.
3297 18 November 2008: Wouter
3298 - iana portlist updated.
3299 - removed cast in unit test debug print that was not 64bit safe.
3300 - trunk back to 1.1.0; copied to tags 1.1.0 release.
3301 - trunk to has version number 1.1.1 again.
3302 - in 1.1.1; make clean nicer. grammar in manpage.
3304 17 November 2008: Wouter
3305 - theoretical fix for problems reported on mailing list.
3306 If a delegation point has no A but only AAAA and do-ip6 is no,
3307 resolution would fail. Fixed to ask for the A and AAAA records.
3308 It has to ask for both always, so that it can fail quietly, from
3309 TLD perspective, when a zone is only reachable on one transport.
3310 - test for above, only AAAA and doip6 is no. Fix causes A record
3311 for nameserver to be fetched.
3312 - fixup address duplication on cache fillup for delegation points.
3313 - testset updated for new query answer requirements.
3315 14 November 2008: Wouter
3316 - created 1.1.0 release tag in svn.
3317 - trunk moved to 1.1.1
3318 - fixup unittest-neg for locking.
3320 13 November 2008: Wouter
3321 - added fedora init and specfile to contrib (by Paul Wouters).
3322 - added configure check for ldns 1.4.0 (using its compat funcs).
3323 - neater comments in worker.h.
3324 - removed doc/plan and updated doc/TODO.
3325 - silenced EHOSTDOWN (verbosity 2 or higher to see it).
3326 - review comments from Jelte, Matthijs. Neater code.
3328 12 November 2008: Wouter
3329 - add unbound-control manpage to makedist replace list.
3331 11 November 2008: Wouter
3332 - unit test for negative cache, stress tests the refcounting.
3333 - fix for refcounting error that could cause fptr_wlist fatal exit
3334 in the negative cache rbtree (upcoming 1.1 feature). (Thanks to
3335 Attila Nagy for testing).
3336 - nicer comments in cachedump about failed RR to string conversion.
3337 - fix 32bit wrap around when printing large (4G and more) mem usage
3338 for extended statistics.
3340 10 November 2008: Wouter
3341 - fixup the getaddrinfo compat code rename.
3343 8 November 2008: Wouter
3344 - added configure check for eee build warning.
3346 7 November 2008: Wouter
3347 - fix bug 217: fixed, setreuid and setregid do not work on MacOSX10.4.
3348 - detect nonblocking problems in network stack in configure script.
3350 6 November 2008: Wouter
3351 - dname_priv must decompress the name before comparison.
3352 - iana portlist updated.
3354 5 November 2008: Wouter
3355 - fixed possible memory leak in key_entry_key deletion.
3356 Would leak a couple bytes when trust anchors were replaced.
3357 - if query and reply qname overlap, the bytes are skipped not copied.
3358 - fixed file descriptor leak when messages were jostled out that
3359 had outstanding (TCP) replies.
3360 - DNAMEs used from cache have their synthesized CNAMEs initialized
3362 - fixed file descriptor leak for localzone type deny (for TCP).
3363 - fixed memleak at exit for nsec3 negative cached zones.
3364 - fixed memleak for the keyword 'nodefault' when reading config.
3365 - made verbosity of 'edns incapable peer' warning higher, so you
3366 do not get spammed by it.
3367 - caught elusive Bad file descriptor error bug, that would print the
3368 error while unnecessarily try to listen to a closed fd. Fixed.
3370 4 November 2008: Wouter
3371 - fixed -Wwrite-strings warnings that result in better code.
3373 3 November 2008: Wouter
3374 - fixup build process for Mac OSX linker, use ldns b32 compat funcs.
3375 - generated configure with autoconf-2.61.
3376 - iana portlist updated.
3377 - detect if libssl needs libdl. For static linking with libssl.
3378 - changed to use new algorithm identifiers for sha256/sha512
3379 from ldns 1.4.0 (need very latest version).
3380 - updated the included ldns tarball.
3381 - proper detection of SHA256 and SHA512 functions (not just sizes).
3383 23 October 2008: Wouter
3384 - a little more debug info for failure on signer names. prints names.
3386 22 October 2008: Wouter
3387 - CFLAGS are picked up by configure from the environment.
3388 - iana portlist updated.
3389 - updated ldns to use 1.4.0-pre20081022 so it picks up CFLAGS too.
3390 - new stub-prime: yesno option. Default is off, so it does not prime.
3391 can be turned on to get same behaviour as previous unbound release.
3392 - made automated test that checks if builtin root hints are uptodate.
3393 - finished draft-wijngaards-dnsext-resolver-side-mitigation
3394 implementation. The unwanted-reply-threshold can be set.
3395 - fixup so fptr_whitelist test in alloc.c works.
3397 21 October 2008: Wouter
3398 - fix update-anchors.sh, so it does not report different RR order
3399 as an update. Sorts the keys in the file. Updated copyright.
3400 - fixup testbound on windows, the command control pipe doesn't exist.
3401 - skip 08hostlib test on windows, no fork() available.
3402 - made unbound-remote work on windows.
3404 20 October 2008: Wouter
3405 - quench a log message that is debug only.
3406 - iana portlist updated.
3407 - do not query bogus nameservers. It is like nameservers that have
3408 the NS or A or AAAA record bogus are listed as donotquery.
3409 - if server selection is faced with only bad choices, it will
3410 attempt to get more options to be fetched.
3411 - changed bogus-ttl default value from 900 to 60 seconds.
3412 In anticipation that operator caused failures are more likely than
3413 actual attacks at this time. And thus repeated validation helps
3414 the operators get the problem fixed sooner. It makes validation
3415 failures go away sooner (60 seconds after the zone is fixed).
3416 Also it is likely to try different nameserver targets every minute,
3417 so that if a zone is bad on one server but not another, it is
3418 likely to pick up the 'correct' one after a couple minutes,
3419 and if the TTL is big enough that solves validation for the zone.
3420 - fixup unbound-control compilation on windows.
3422 17 October 2008: Wouter
3423 - port Leopard/G5: fixup type conversion size_t/uint32.
3424 please ranlib, stop file without symbols warning.
3425 - harden referral path now also validates the root after priming.
3426 It looks up the root NS authoritatively as well as the root servers
3427 and attemps to validate the entries.
3429 16 October 2008: Wouter
3430 - Fixup negative TTL values appearing (reported by Attila Nagy).
3432 15 October 2008: Wouter
3433 - better documentation for 0x20; remove fallback TODO, it is done.
3434 - harden-referral-path feature includes A, AAAA queries for glue,
3435 as well as very careful NS caching (only when doing NS query).
3436 A, AAAA use the delegation from the NS-query.
3438 14 October 2008: Wouter
3439 - fwd_three.tpkg test was flaky. If the three requests hit the
3440 wrong threads by chance (or bad OS) then the test would fail.
3441 Made less flaky by increasing number of retries.
3442 - stub_udp.tpkg changed to work, give root hints. fixed ldns_dname_abs.
3443 - ldns tarball is snapshot of ldns r2759 (1.4.0-pre-20081014).
3444 Which includes the ldns_dname_absolute fix.
3445 - fwd_three test remains flaky now that unbound does not stop
3446 listening when full. Thus, removed timeout problem.
3447 It may be serviced by three threads, or maybe by one.
3448 Mostly only useful for lock-check testing now.
3450 13 October 2008: Wouter
3451 - fixed recursion servers deployed as authoritative detection, so
3452 that as a last resort, a +RD query is sent there to get the
3454 - iana port list update.
3455 - ldns tarball is snapshot of ldns r2759 (1.4.0-pre-20081013).
3457 10 October 2008: Wouter
3458 - fixup tests - the negative cache contained the correct NSEC3s for
3459 two tests that are supposed to fail to validate.
3461 9 October 2008: Wouter
3462 - negative cache caps max iterations of NSEC3 done.
3463 - NSEC3 negative cache for qtype DS works.
3465 8 October 2008: Wouter
3466 - NSEC negative cache for DS.
3468 6 October 2008: Wouter
3469 - jostle-timeout option, so you can config for slow links.
3470 - 0x20 fallback code. Tries 3xnumber of nameserver addresses
3471 queries that must all be the same. Sent to random nameservers.
3472 - documented choices for DoS, EDNS, 0x20.
3474 2 October 2008: Wouter
3475 - fixup unlink of pidfile.
3476 - fixup SHA256 algorithm collation code.
3477 - contrib/update-anchor.sh does not overwrite anchors if not needed.
3478 exits 0 when a restart is needed, other values if not.
3479 so, update-anchor.sh -d mydir && /etc/rc.d/unbound restart
3480 can restart unbound exactly when needed.
3482 30 September 2008: Wouter
3483 - fixup SHA256 DS downgrade, no longer possible to downgrade to SHA1.
3484 - tests for sha256 support and downgrade resistance.
3485 - RSASHA256 and RSASHA512 support (using the draft in dnsext),
3486 using the drafted protocol numbers.
3487 - when using stub on localhost (127.0.0.1@10053) unbound works.
3488 Like when running NSD to host a local zone, on the same machine.
3489 The noprime feature. manpages more explanation. Added a test for it.
3490 - shorthand for reverse PTR, local-data-ptr: "1.2.3.4 www.ex.com"
3492 29 September 2008: Wouter
3493 - EDNS lameness detection, if EDNS packets are dropped this is
3494 detected, eventually.
3495 - multiple query timeout rtt backoff does not backoff too much.
3497 26 September 2008: Wouter
3498 - tests for remote-control.
3499 - small memory leak in exception during remote control fixed.
3500 - fixup for lock checking but not unchecking in remote control.
3501 - iana portlist updated.
3503 23 September 2008: Wouter
3504 - Msg cache is loaded. A cache load enables cache responses.
3505 - unbound-control flush [name], flush_type and flush_zone.
3507 22 September 2008: Wouter
3508 - dump_cache and load_cache statements in unbound-control.
3509 RRsets are dumped and loaded correctly.
3510 Msg cache is dumped.
3512 19 September 2008: Wouter
3513 - locking on the localdata structure.
3514 - add and remove local zone and data with unbound-control.
3515 - ldns trunk snapshot updated, make tests work again.
3517 18 September 2008: Wouter
3518 - fixup error in time calculation.
3519 - munin plugin improvements.
3520 - nicer abbreviations for high query types values (ixfr, axfr, any...)
3521 - documented the statistics output in unbound-control man page.
3522 - extended statistics prints out histogram, over unbound-control.
3524 17 September 2008: Wouter
3525 - locking for threadsafe bogus rrset counter.
3526 - ldns trunk no longer exports b32 functions, provide compat.
3527 - ldns tarball updated.
3528 - testcode/ldns-testpkts.c const fixups.
3529 - fixed rcode stat printout.
3530 - munin plugin in contrib.
3531 - stats always printout uptime, because stats plugins need it.
3533 16 September 2008: Wouter
3534 - extended-statistics: yesno config option.
3535 - unwanted replies spoof nearmiss detector.
3536 - iana portlist updated.
3538 15 September 2008: Wouter
3539 - working start, stop, reload commands for unbound-control.
3540 - test for unbound-control working; better exit value for control.
3541 - verbosity control via unbound-control.
3542 - unbound-control stats.
3544 12 September 2008: Wouter
3545 - removed browser control mentions. Proto speccy.
3547 11 September 2008: Wouter
3548 - set nonblocking on new TCP streams, because linux does not inherit
3549 the socket options to the accepted socket.
3551 - SSL protected connection between server and unbound-control.
3553 10 September 2008: Wouter
3554 - remove memleak in privacy addresses on reloads and quits.
3555 - remote control work.
3557 9 September 2008: Wouter
3558 - smallapp/unbound-control-setup.sh script to set up certificates.
3560 4 September 2008: Wouter
3561 - scrubber scrubs away private addresses.
3562 - test for private addresses. man page entry.
3563 - code refactored for name and address tree lookups.
3565 3 September 2008: Wouter
3566 - options for 'DNS Rebinding' protection: private-address and
3568 - dnstree for reuse of routines that help with domain, addr lookups.
3569 - private-address and private-domain config option read, stored.
3571 2 September 2008: Wouter
3572 - DoS protection features. Queries are jostled out to make room.
3573 - testbound can pass time, increasing the internal timer.
3574 - do not mark unsigned additionals bogus, leave unchecked, which
3577 1 September 2008: Wouter
3578 - disallow nonrecursive queries for cache snooping by default.
3579 You can allow is using access-control: <subnet> allow_snoop.
3580 The defaults do allow access no authoritative data without RD bit.
3581 - two tests for it and fixups of tests for nonrec refused.
3583 29 August 2008: Wouter
3584 - version 1.1 number in trunk.
3585 - harden-referral-path option for query for NS records.
3586 Default turns off expensive, experimental option.
3588 28 August 2008: Wouter
3589 - fixup logfile handling; it is created with correct permissions
3590 again. (from bugfix#199).
3591 Some errors are not written to logfile (pidfile writing, forking),
3592 and these are only visible by using the -d commandline flag.
3594 27 August 2008: Wouter
3595 - daemon(3) is causing problems for people. Reverting the patch.
3596 bug#200, and 199 and 203 contain sideline discussion on it.
3597 - bug#199 fixed: pidfile can be outside chroot. openlog is done before
3598 chroot and drop permissions.
3599 - config option to set size of aggressive negative cache,
3601 - bug#203 fixed: dlv has been implemented.
3603 26 August 2008: Wouter
3604 - test for insecure zone when DLV is in use, also does negative cache.
3605 - test for trustanchor when DLV is in use (the anchor works).
3606 - test for DLV used for a zone below a trustanchor.
3607 - added scrub filter for overreaching NSEC records and unit test.
3608 - iana portlist update
3609 - use of setresuid or setreuid when available.
3610 - use daemon(3) if available.
3612 25 August 2008: Wouter
3613 - realclean patch from Robert Edmonds.
3615 22 August 2008: Wouter
3616 - nicer debuglogging of DLV.
3617 - test with secure delegation inside the DLV repository.
3619 21 August 2008: Wouter
3620 - negative cache code linked into validator, for DLV use.
3621 negative cache works for DLV.
3622 - iana portlist update.
3623 - dlv-anchor option for unit tests.
3624 - fixup NSEC_AT_APEX classification for short typemaps.
3625 - ldns-testns has subdomain checks, for unit tests.
3627 20 August 2008: Wouter
3628 - negative cache code, reviewed.
3630 18 August 2008: Wouter
3631 - changes info: in logfile to notice: info: or debug: depending on
3632 the verbosity of the statements. Better logfile message
3634 - bug #208: extra rc.d unbound flexibility for freebsd/nanobsd.
3636 15 August 2008: Wouter
3637 - DLV nsec code fixed for better detection of closest existing
3638 enclosers from NSEC responses.
3639 - DLV works, straight to the dlv repository, so not for production.
3642 14 August 2008: Wouter
3643 - synthesize DLV messages from the rrset cache, like done for DS.
3645 13 August 2008: Wouter
3646 - bug #203: nicer do-auto log message when user sets incompatible
3648 - bug #204: variable name ameliorated in log.c.
3649 - bug #206: in iana_update, no egrep, but awk use.
3650 - ldns snapshot r2699 taken (includes DLV type).
3651 - DLV work, config file element, trust anchor read in.
3653 12 August 2008: Wouter
3654 - finished adjusting testset to provide qtype NS answers.
3656 11 August 2008: Wouter
3657 - Fixup rrset security updates overwriting 2181 trust status.
3658 This makes validated to be insecure data just as worthless as
3659 nonvalidated data, and 2181 rules prevent cache overwrites to them.
3660 - Fix assertion fail on bogus key handling.
3661 - dnssec lameness detection works on first query at trust apex.
3662 - NS queries get proper cache and dnssec lameness treatment.
3663 - fixup compilation without pthreads on linux.
3665 8 August 2008: Wouter
3666 - NS queries are done after every referral.
3667 validator is used on those NS records (if anchors enabled).
3669 7 August 2008: Wouter
3670 - Scrubber more strict. CNAME chains, DNAMEs from cache, other
3671 irrelevant rrsets removed.
3672 - 1.0.2 released from 1.0 support branch.
3673 - fixup update-anchor.sh to work both in BSD shell and bash.
3675 5 August 2008: Wouter
3676 - fixup DS test so apex nodata works again.
3678 4 August 2008: Wouter
3681 - fix bug 201: null ptr deref on cleanup while udp pkts wait for port.
3682 - added explanatory text for outgoing-port-permit in manpage.
3684 30 July 2008: Wouter
3685 - fixup bug qtype DS for unsigned zone and signed parent validation.
3687 25 July 2008: Wouter
3688 - added original copyright statement of OpenBSD arc4random code.
3689 - created tube signaling solution on windows, as a pipe replacement.
3690 this makes background asynchronous resolution work on windows.
3691 - removed very insecure socketpair compat code. It also did not
3692 work with event_waiting. Solved by pipe replacement.
3693 - unbound -h prints openssl version number as well.
3695 22 July 2008: Wouter
3696 - moved pipe actions to util/tube.c. easier porting and shared code.
3697 - check _raw() commpoint callbacks with fptr_wlist.
3700 21 July 2008: Wouter
3701 - #198: nicer entropy warning message. manpage OS hints.
3703 19 July 2008: Wouter
3704 - #198: fixup man page to suggest chroot entropy fix.
3706 18 July 2008: Wouter
3707 - branch for 1.0 support.
3708 - trunk work on tube.c.
3710 17 July 2008: Wouter
3711 - fix bug #196, compile outside source tree.
3712 - fix bug #195, add --with-username=user configure option.
3713 - print error and exit if started with config that requires more
3714 fds than the builtin minievent can handle.
3716 16 July 2008: Wouter
3717 - made svn tag 1.0.1, trunk now 1.0.2
3718 - sha256 checksums enabled in makedist.sh
3720 15 July 2008: Wouter
3721 - Follow draft-ietf-dnsop-default-local-zones-06 added reverse
3722 IPv6 example prefix to AS112 default blocklist.
3723 - fixup lookup of DS records by client with trustanchor for same.
3724 - libunbound ub_resolve, fix handling of error condition during setup.
3725 - lowered log_hex blocksize to fit through BSD syslog linesize.
3726 - no useless initialisation if getpwnam not available.
3727 - iana, ldns snapshot updated.
3730 - Matthijs fixed memory leaks in root hints file reading.
3732 26 June 2008: Wouter
3733 - fixup streamtcp bounds setting for udp mode, in the test framework.
3734 - contrib item for updating trust anchors.
3736 25 June 2008: Wouter
3737 - fixup fwd_ancil test typos.
3738 - Fix for newegg lameness : ok for qtype=A, but lame for others.
3739 - fixup unit test for infra cache, test lame merging.
3740 - porting to mingw, bind, listen, getsockopt and setsockopt error
3743 24 June 2008: Wouter
3744 - removed testcode/checklocks from production code compilation path.
3745 - streamtcp can use UDP mode (connected UDP socket), for testing IPv6
3747 - fwd_ancil test fails if platform support is lacking.
3749 23 June 2008: Wouter
3750 - fixup minitpkg to cleanup on windows with its file locking troubles.
3751 - minitpkg shows skipped tests in report.
3752 - skip ipv6 tests on ipv4 only hosts (requires only ipv6 localhost not
3754 - winsock event handler keeps track of sticky TCP events, that have
3755 not been fully handled yet. when interest in the event(s) resumes,
3756 they are sent again. When WOULDBLOCK is returned events are cleared.
3757 - skip tests that need signals when testing on mingw.
3759 18 June 2008: Wouter
3760 - open testbound replay files in binary mode, because fseek/ftell
3761 do not work in ascii-mode on windows. The b does nothing on unix.
3762 unittest and testbound tests work on windows (xp too).
3763 - ioctlsocket prints nicer error message.
3764 - fixed up some TCP porting for winsock.
3765 - lack of IPv6 gives a warning, no fatal error.
3766 - use WSAGetLastError() on windows instead of errno for some errors.
3768 17 June 2008: Wouter
3769 - outgoing num fds 32 by default on windows ; it supports less
3770 fds for waiting on than unixes.
3771 - winsock_event minievent handler for windows. (you could also
3772 attempt to link with libevent/libev ports for windows).
3773 - neater crypto check and gdi32 detection.
3774 - unbound.exe works to resolve and validate www.nlnetlabs.nl on vista.
3776 16 June 2008: Wouter
3777 - on windows, use windows threads, mutex and thread-local-storage(Tls).
3778 - detect if openssl needs gdi32.
3779 - if no threading, THREADS_DISABLED is defined for use in the code.
3780 - sets USE_WINSOCK if using ws2_32 on windows.
3781 - wsa_strerror() function for more readable errors.
3782 - WSA Startup and Cleanup called in unbound.exe.
3784 13 June 2008: Wouter
3785 - port mingw32, more signal ifdefs, detect sleep, usleep,
3786 random, srandom (used inside the tests).
3787 - signed or unsigned FD_SET is cast.
3789 10 June 2008: Wouter
3790 - fixup warnings compiling on eeepc xandros linux.
3793 - in iteration response type code
3794 * first check for SOA record (negative answer) before NS record
3796 * check if no AA bit for non-forwarder, and thus lame zone.
3797 In response to error report by Richard Doty for mail.opusnet.com.
3798 - fixup unput warning from lexer on freeBSD.
3799 - bug#183. pidfile, rundir, and chroot configure options. Also the
3800 example.conf and manual pages get the configured defaults.
3801 You can use: (or accept the defaults to /usr/local/etc/unbound/)
3802 --with-conf-file=filename
3803 --with-pidfile=filename
3805 --with-chroot-dir=path
3808 - if multiple CNAMEs, use the first one. Fixup akamai CNAME bug.
3809 Reported by Robert Edmonds.
3810 - iana port updated.
3813 - updated libtool files with newer version.
3814 - iana portlist updated.
3817 - fixup local-zone: "30.172.in-addr.arpa." nodefault, so that the
3818 trailing dot is not used during comparison.
3821 - Jelte fixed bugs in my absence
3822 - bug 178: fixed unportable shell usage in configure (relied on
3824 - bug 180: fixed buffer overflow in unbound-checkconf use of strncat.
3825 - bug 181: fixed buffer overflow in ldns (called by unbound to parse
3828 - bug 177: fixed compilation failure on opensuse, the
3829 --disable-static configure flag caused problems. (Patch from
3831 - bug 179: same fix as 177.
3832 - bug 185: --disable-shared not passed along to ldns included with
3833 unbound. Fixed so that configure parameters are passed to the
3834 subdir configure script.
3835 fixed that ./libtool is used always, you can still override
3836 manually with ./configure libtool=mylibtool or set $libtool in
3838 - update of the ldns tarball to current ldns svn version (fix 181).
3839 - bug 184: -r option for unbound-host, read resolv.conf for
3840 forwarder. (Note that forwarder must support DNSSEC for validation
3845 - test for sys/wait.h
3846 - WSAEWOULDBLOCK test after nonblocking TCP connect.
3847 - write_iov_buffer removed: unused and no struct iov on windows.
3848 - signed/unsigned warning fixup mini_event.
3849 - use ioctlsocket to set nonblocking I/O if fnctl is unavailable.
3850 - skip signals that are not defined
3852 - detect getpwnam, getrlimit, setsid, sbrk, chroot.
3853 - default config has no chroot if chroot() unavailable.
3854 - if no kill() then no pidfile is read or written.
3855 - gmtime_r is replaced by nonthreadsafe alternative if unavail.
3856 used in rrsig time validation errors.
3859 - contrib unbound.spec from Patrick Vande Walle.
3860 - fixup bug#175: call tzset before chroot to have correct timestamps
3862 - do not generate lex input and lex unput functions.
3863 - mingw port. replacement functions labelled _unbound.
3864 - fix bug 174 - check for tcp_sigpipe that ldns-testns is installed.
3867 - fedora 9, check in6_pktinfo define in configure.
3868 - CREDITS fixup of history.
3869 - ignore ldns-1.2.2 if installed, use builtin 1.3.0-pre alternative.
3872 - fixup for MacOSX hosts file reading (reported by John Dickinson).
3873 - created 1.0.0 svn tag.
3874 - trunk version 1.0.1.
3877 - accepted patch from Ondrej Sury for library version libtool option.
3878 - configure --disable-rpath fixes up libtool for rpath trouble.
3879 Adapted from debian package patch file.
3882 - Added root ipv6 addresses to builtin root hints.
3883 - TODO modified for post 1.0 plans.
3884 - trunk version set to 1.0.0.
3885 - no unnecessary linking with librt (only when libevent/libev used).
3888 - fixup no-ip4 problem with error callback in outside network.
3890 25 April 2008: Wouter
3891 - DESTDIR is honored by the Makefile for rpms.
3892 - contrib files unbound.spec and unbound.init, builds working RPM
3893 on FC7 Linux, a chrooted caching resolver, and libunbound.
3894 - iana ports update.
3896 24 April 2008: Wouter
3897 - chroot checks improved. working directory relative to chroot.
3898 checks if config file path is inside chroot. Documentation on it.
3899 - nicer example.conf text.
3902 23 April 2008: Wouter
3903 - parseunbound.pl contrib update from Kai Storbeck for threads.
3906 22 April 2008: Wouter
3908 - unit test for SIGPIPE ignore.
3910 21 April 2008: Wouter
3911 - FEATURES document.
3912 - fixup reread of config file if it was given as a full path
3913 and chroot was used.
3915 16 April 2008: Wouter
3916 - requirements doc, updated clean query returns.
3917 - parseunbound.pl update from Kai Storbeck.
3918 - sunos4 porting changes.
3920 15 April 2008: Wouter
3921 - fixup default rc.d pidfile location to /usr/local/etc.
3922 - iana ports updated.
3923 - copyright updated in ldns-testpkts to keep same as in ldns.
3924 - fixup checkconf chroot tests a bit more, chdir must be inside
3926 - documented 'gcc: unrecognized -KPIC option' errors on Solaris.
3927 - example.conf values changed to /usr/local/etc/unbound
3929 - DSA signatures: unbound is compatible with both encodings found.
3930 It will detect and convert when necessary.
3932 14 April 2008: Wouter
3933 - got update for parseunbound.pl statistics script from Kai Storbeck.
3934 - tpkg tests for udp wait list.
3935 - documented 0x20 status.
3936 - fixup chroot and checkconf, it is much smarter now.
3937 - fixup DSA EVP signature decoding. Solution that Jelte found copied.
3938 - and check first sig byte for the encoding type.
3940 11 April 2008: Wouter
3941 - random port selection out of the configged ports.
3942 - fixup threadsafety for libevent-1.4.3+ (event_base_get_method).
3943 - removed base_port.
3944 - created 256-port ephemeral space for the OS, 59802 available.
3945 - fixup consistency of port_if out array during heavy use.
3947 10 April 2008: Wouter
3948 - --with-libevent works with latest libevent 1.4.99-trunk.
3949 - added log file statistics perl script to contrib.
3950 - automatic iana ports update from makefile. 60058 available.
3952 9 April 2008: Wouter
3953 - configure can detect libev(from its build directory) when passed
3954 --with-libevent=/home/wouter/libev-3.2
3955 libev-3.2 is a little faster than libevent-1.4.3-stable (about 5%).
3956 - unused commpoints not listed in epoll list.
3957 - statistics-cumulative option so that the values are not reset.
3958 - config creates array of available ports, 61841 available,
3959 it excludes <1024 and iana assigned numbers.
3960 config statements to modify the available port numbers.
3962 8 April 2008: Wouter
3963 - unbound tries to set the ulimit fds when started as server.
3964 if that does not work, it will scale back its requirements.
3966 27 March 2008: Wouter
3967 - documented /dev/random symlink from chrootdir as FAQ entry.
3969 26 March 2008: Wouter
3970 - implemented AD bit signaling. If a query sets AD bit (but not DO)
3971 then the AD bit is set in the reply if the answer validated.
3972 Without including DNSSEC signatures. Useful if you have a trusted
3973 path from the client to the resolver. Follows dnssec-updates draft.
3975 25 March 2008: Wouter
3976 - implemented check that for NXDOMAIN and NOERROR answers a query
3977 section must be present in the reply (by the scrubber). And it must
3978 be equal to the question sent, at least lowercase folded.
3979 Previously this feature happened because the cache code refused
3980 to store such messages. However blocking by the scrubber makes
3981 sure nothing gets into the RRset cache. Also, this looks like a
3982 timeout (instead of an allocation failure) and this retries are
3983 done (which is useful in a spoofing situation).
3984 - RTT banding. Band size 400 msec, this makes band around zero (fast)
3985 include unknown servers. This makes unbound explore unknown servers.
3987 7 March 2008: Wouter
3988 - -C config feature for harvest program.
3989 - harvest handles CNAMEs too.
3991 5 March 2008: Wouter
3992 - patch from Hugo Koji Kobayashi for iterator logs spelling.
3994 4 March 2008: Wouter
3995 - From report by Jinmei Tatuya, rfc2181 trust value for remainder
3996 of a cname trust chain is lower; not full answer_AA.
3997 - test for this fix.
3998 - default config file location is /usr/local/etc/unbound.
3999 Thus prefix is used to determine the location. This is also the
4000 chroot and pidfile default location.
4002 3 March 2008: Wouter
4003 - Create 0.10 svn tag.
4004 - 0.11 version in trunk.
4005 - indentation nicer.
4007 29 February 2008: Wouter
4008 - documentation update.
4009 - fixup port to Solaris of perf test tool.
4010 - updated ldns-tarball with decl-after-statement fixes.
4012 28 February 2008: Wouter
4013 - fixed memory leaks in libunbound (during cancellation and wait).
4014 - libunbound returns the answer packet in full.
4015 - snprintf compat update.
4016 - harvest performs lookup.
4017 - ldns-tarball update with fix for ldns_dname_label.
4018 - installs to sbin by default.
4019 - install all manual pages (unbound-host and libunbound too).
4021 27 February 2008: Wouter
4022 - option to use caps for id randomness.
4023 - config file option use-caps-for-id: yes
4024 - harvest debug tool
4026 26 February 2008: Wouter
4027 - delay utility delays TCP as well. If the server that is forwarded
4028 to has a TCP error, the delay utility closes the connection.
4029 - delay does REUSE_ADDR, and can handle a server that closes its end.
4030 - answers use casing from query.
4032 25 February 2008: Wouter
4033 - delay utility works. Gets decent thoughput too (>20000).
4035 22 February 2008: Wouter
4036 - +2% for recursions, if identical queries (except for destination
4037 and query ID) in the reply list, avoid re-encoding the answer.
4038 - removed TODO items for optimizations that do not show up in
4040 - default is now minievent - not libevent. As its faster and
4041 not needed for regular installs, only for very large port ranges.
4042 - loop check different speedup pkt-dname-reading, 1% faster for
4043 nocache-recursion check.
4044 - less hashing during msg parse, 4% for recursion.
4045 - small speed fix for dname_count_size_labels, +1 or +2% recursion.
4046 - some speed results noted:
4047 optimization resulted in +40% for recursion (cache miss) and
4048 +70 to +80 for cache hits, and +96% for version.bind.
4049 zone nsec3 example, 100 NXDOMAIN queries, NSD 35182.8 Ub 36048.4
4050 www.nlnetlabs.nl from cache: BIND 8987.99 Ub 31218.3
4051 www with DO bit set : BIND 8269.31 Ub 28735.6 qps.
4052 So, unbound can be about equal qps to NSD in cache hits.
4053 And about 3.4x faster than BIND in cache performance.
4054 - delay utility for testing.
4056 21 February 2008: Wouter
4057 - speedup of root-delegation message encoding by 15%.
4058 - minor speedup of compress tree_lookup, maybe 1%.
4059 - speedup of dname_lab_cmp and memlowercmp - the top functions in
4060 profiler output, maybe a couple percent when it matters.
4062 20 February 2008: Wouter
4063 - setup speec_cache for need-ldns-testns in dotests.
4064 - check number of queued replies on incoming queries to avoid overload
4066 - fptr whitelist checks are not disabled in optimize mode.
4067 - do-daemonize config file option.
4068 - minievent time share initializes time at start.
4069 - updated testdata for nsec3 new algorithm numbers (6, 7).
4070 - small performance test of packet encoding (root delegation).
4072 19 February 2008: Wouter
4073 - applied patch to unbound-host man page from Jan-Piet Mens.
4074 - fix donotquery-localhost: yes default (it erroneously was switched
4076 - time is only gotten once and the value is shared across unbound.
4077 - unittest cleans up crypto, so that it has no memory leaks.
4078 - mini_event shares the time value with unbound this results in
4079 +3% speed for cache responses and +9% for recursions.
4080 - ldns tarball update with new NSEC3 sign code numbers.
4081 - perform several reads per UDP operation. This improves performance
4082 in DoS conditions, and costs very little in normal conditions.
4083 improves cache response +50%, and recursions +10%.
4084 - modified asynclook test. because the callback from async is not
4085 in any sort of lock (and thus can use all library functions freely),
4086 this causes a tiny race condition window when the last lock is
4087 released for a callback and a new cancel() for that callback.
4088 The only way to remove this is by putting callbacks into some
4089 lock window. I'd rather have the small possibility of a callback
4090 for a cancelled function then no use of library functions in
4091 callbacks. Could be possible to only outlaw process(), wait(),
4092 cancel() from callbacks, by adding another lock, but I'd rather not.
4094 18 February 2008: Wouter
4095 - patch to unbound-host from Jan-Piet Mens.
4096 - unbound host prints errors if fails to configure context.
4097 - fixup perf to resend faster, so that long waiting requests do
4098 not hold up the queue, they become lost packets or SERVFAILs,
4099 or can be sent a little while later (i.e. processing time may
4100 take long, but throughput has to be high).
4101 - fixup iterator operating in no cache conditions (RD flag unset
4103 - streamlined code for RD flag setting.
4104 - profiled code and changed dname compares to be faster.
4105 The speedup is about +3% to +8% (depending on the test).
4106 - minievent tests for eintr and eagain.
4108 15 February 2008: Wouter
4109 - added FreeBSD rc.d script to contrib.
4110 - --prefix option for configure also changes directory: pidfile:
4111 and chroot: defaults in config file.
4112 - added cache speed test, for cache size OK and cache too small.
4114 14 February 2008: Wouter
4115 - start without a config file (will complain, but start with
4117 - perf test program works.
4119 13 February 2008: Wouter
4121 - 1.0 development. Printout ldns version on unbound -h.
4122 - start of perf tool.
4123 - bugfix to read empty lines from /etc/hosts.
4125 12 February 2008: Wouter
4126 - fixup problem with configure calling itself if ldns-src tarball
4129 11 February 2008: Wouter
4130 - changed library to use ub_ instead of ub_val_ as prefix.
4131 - statistics output text nice.
4132 - etc/hosts handling.
4133 - library function to put logging to a stream.
4134 - set any option interface.
4136 8 February 2008: Wouter
4137 - test program for multiple queries over a TCP channel.
4138 - tpkg test for stream tcp queries.
4139 - unbound replies to multiple TCP queries on a TCP channel.
4140 - fixup misclassification of root referral with NS in answer
4141 when validating a nonrec query.
4143 - layout of manpages, spelling fix in header, manpages process by
4144 makedist, list asynclook and tcpstream tests as ldns-testns
4147 7 February 2008: Wouter
4148 - moved up all current level 2 to be level 3. And 3 to 4.
4149 to make room for new debug level 2 for detailed information
4151 - verbosity level 2. Describes recursion and validation.
4152 - cleaner configure script and fixes for libevent solaris.
4153 - signedness for log output memory sizes in high verbosity.
4155 6 February 2008: Wouter
4156 - clearer explanation of threading configure options.
4157 - fixup asynclook test for nothreading (it creates only one process
4158 to do the extended test).
4159 - changed name of ub_val_result_free to ub_val_resolve_free.
4160 - removes warning message during library linking, renamed
4161 libunbound/unbound.c -> libunbound.c and worker to libworker.
4162 - fallback without EDNS if result is NOTIMPL as well as on FORMERR.
4164 5 February 2008: Wouter
4165 - statistics-interval: seconds option added.
4166 - test for statistics option
4167 - ignore errors making directories, these can occur in parallel builds
4168 - fixup Makefile strip command and libunbound docs typo.
4170 31 January 2008: Wouter
4171 - bg thread/process reads and writes the pipe nonblocking all the time
4172 so that even if the pipe is buffered or so, the bg thread does not
4173 block, and services both pipes and queries.
4175 30 January 2008: Wouter
4176 - check trailing / on chrootdir in checkconf.
4177 - check if root hints and anchor files are in chrootdir.
4178 - no route to host tcp error is verbosity level 2.
4179 - removed unused send_reply_iov. and its configure check.
4180 - added prints of 'remote address is 1.2.3.4 port 53' to errors
4181 from netevent; the basic socket errors.
4183 28 January 2008: Wouter
4184 - fixup uninit use of buffer by libunbound (query id, flags) for
4186 - fixup uninit warning from random.c; also seems to fix sporadic
4187 sigFPE coming out of openssl.
4188 - made openssl entropy warning more silent for library use. Needs
4190 - fixup forgotten locks for rbtree_searches on ctx->query tree.
4191 - random generator cleanup - RND_STATE_SIZE removed, and instead
4192 a super-rnd can be passed at init to chain init random states.
4193 - test also does lock checks if available.
4194 - protect config access in libworker_setup().
4195 - libevent doesn't like comm_base_exit outside of runloop.
4196 - close fds after removing commpoints only (for epoll, kqueue).
4198 25 January 2008: Wouter
4199 - added tpkg for asynclook and library use.
4200 - allows localhost to be queried when as a library.
4201 - fixup race condition between cancel and answer (in case of
4202 really fast answers that beat the cancel).
4203 - please doxygen, put doxygen comment in one place.
4204 - asynclook -b blocking mode and test.
4205 - refactor asynclook, nicer code.
4206 - fixup race problems from opensll in rand init from library, with
4207 a mutex around the rand init.
4208 - fix pass async_id=NULL to _async resolve().
4209 - rewrote _wait() routine, so that it is threadsafe.
4210 - cancelation is threadsafe.
4211 - asynclook extended test in tpkg.
4212 - fixed two races where forked bg process waits for (somehow shared?)
4213 locks, so does not service the query pipe on the bg side.
4214 Now those locks are only held for fg_threads and for bg_as_a_thread.
4216 24 January 2008: Wouter
4217 - tested the cancel() function.
4218 - asynclook -c (cancel) feature.
4219 - fix fail to allocate context actions.
4220 - make pipe nonblocking at start.
4221 - update plane for retry mode with caution to limit bandwidth.
4222 - fix Makefile for concurrent make of unbound-host.
4223 - renamed ub_val_ctx_wait/poll/process/fd to ub_val*.
4224 - new calls to set forwarding added to header and docs.
4226 23 January 2008: Wouter
4227 - removed debug prints from if-auto, verb-algo enables some.
4228 - libunbound QUIT setup, remove memory leaks, when using threads
4229 will share memory for passing results instead of writing it over
4230 the pipe, only writes ID number over the pipe (towards the handler
4231 thread that does process() ).
4233 22 January 2008: Wouter
4234 - library code for async in libunbound/unbound.c.
4235 - fix link testbound.
4236 - fixup exit bug in mini_event.
4237 - background worker query enter and result functions.
4238 - bg query test application asynclook, it looks up multiple
4239 hostaddresses (A records) at the same time.
4241 21 January 2008: Wouter
4242 - libworker work, netevent raw commpoints, write_msg, serialize.
4244 18 January 2008: Wouter
4245 - touch up of manpage for libunbound.
4246 - support for IP_RECVDSTADDR (for *BSD ip4).
4247 - fix for BSD, do not use ip4to6 mapping, make two sockets, once
4248 ip6 and once ip4, uses socket options.
4249 - goodbye ip4to6 mapping.
4250 - update ldns-testpkts with latest version from ldns-trunk.
4251 - updated makedist for relative ldns pathnames.
4252 - library API with more information inside the result structure.
4253 - work on background resolves.
4255 17 January 2008: Wouter
4256 - fixup configure in case -lldns is installed.
4257 - fixup a couple of doxygen warnings, about enum variables.
4258 - interface-automatic now copies the interface address from the
4259 PKT_INFO structure as well.
4260 - manual page with library API, all on one page 'man libunbound'.
4261 - rewrite of PKTINFO structure, it also captures IP4 PKTINFO.
4263 16 January 2008: Wouter
4264 - incoming queries to the server with TC bit on are replied FORMERR.
4265 - interface-automatic replied the wrong source address on localhost
4266 queries. Seems to be due to ifnum=0 in recvmsg PKTINFO. Trying
4267 to use ifnum=-1 to mean 'no interface, use kernel route'.
4269 15 January 2008: Wouter
4270 - interface-automatic feature. experimental. Nice for anycast.
4271 - tpkg test for ip6 ancillary data.
4272 - removed debug prints.
4273 - porting experience, define for Solaris, test refined for BSD
4274 compatibility. The feature probably will not work on OpenBSD.
4275 - makedist fixup for ldns-src in build-dir.
4277 14 January 2008: Wouter
4278 - in no debug sets NDEBUG to remove asserts.
4279 - configure --enable-debug is needed for dependency generation
4280 for assertions and for compiler warnings.
4281 - ldns.tgz updated with ldns-trunk (where buffer.h is updated).
4282 - fix lint, unit test in optimize mode.
4283 - default access control allows ::ffff:127.0.0.1 v6mapped localhost.
4285 11 January 2008: Wouter
4286 - man page, warning removed.
4287 - added text describing the use of stub zones for private zones.
4288 - checkconf tests for bad hostnames (IP address), and for doubled
4290 - memory sizes can be given with 'k', 'Kb', or M or G appended.
4292 10 January 2008: Wouter
4293 - typo in example.conf.
4294 - made using ldns-src that is included the package more portable
4295 by linking with .lo instead of .o files in the ldns package.
4296 - nicer do-ip6: yes/no documentation.
4297 - nicer linking of libevent .o files.
4298 - man pages render correctly on solaris.
4300 9 January 2008: Wouter
4301 - fixup openssl RAND problem, when the system is not configured to
4302 give entropy, and the rng needs to be seeded.
4304 8 January 2008: Wouter
4305 - print median and quartiles with extensive logging.
4307 4 January 2008: Wouter
4308 - document misconfiguration in private network.
4310 2 January 2008: Wouter
4311 - fixup typo in requirements.
4312 - document that 'refused' is a better choice than 'drop' for
4313 the access control list, as refused will stop retries.
4315 7 December 2007: Wouter
4316 - unbound-host has a -d option to show what happens. This can help
4317 with debugging (why do I get this answer).
4318 - fixup CNAME handling, on nodata, sets and display canonname.
4319 - dot removed from CNAME display.
4320 - respect -v for NXDOMAINs.
4321 - updated ldns-src.tar.gz with ldns-trunk today (1.2.2 fixes).
4322 - size_t to int for portability of the header file.
4323 - fixup bogus handling.
4324 - dependencies and lint for unbound-host.
4326 6 December 2007: Wouter
4327 - library resolution works in foreground mode, unbound-host app
4329 - unbound-host prints rdata using ldns.
4330 - unbound-host accepts trust anchors, and prints validation
4331 information when you give -v.
4333 5 December 2007: Wouter
4334 - locking in context_new() inside the function.
4335 - setup of libworker.
4337 4 December 2007: Wouter
4338 - minor Makefile fixup.
4339 - moved module-stack code out of daemon/daemon into services/modstack,
4340 preparing for code-reuse.
4341 - move context into own header file.
4342 - context query structure.
4343 - removed unused variable pwd from checkconf.
4344 - removed unused assignment from outside netw.
4345 - check timeval length of string.
4346 - fixup error in val_utils getsigner.
4347 - fixup same (*var) error in netblocktostr.
4348 - fixup memleak on parse error in localzone.
4349 - fixup memleak on packet parse error.
4350 - put ; after union in parser.y.
4351 - small hardening in iter_operate against iq==NULL.
4352 - hardening, if error reply with rcode=0 (noerror) send servfail.
4353 - fixup same (*var) error in find_rrset in msgparse, was harmless.
4354 - check return value of evtimer_add().
4355 - fixup lockorder in lruhash_reclaim(), building up a list of locked
4356 entries one at a time. Instead they are removed and unlocked.
4357 - fptr_wlist for markdelfunc.
4358 - removed is_locked param from lruhash delkeyfunc.
4359 - moved bin_unlock during bin_split purely to please.
4361 3 December 2007: Wouter
4362 - changed checkconf/ to smallapp/ to make room for more support tools.
4363 (such as unbound-host).
4364 - install dirs created with -m 755 because they need to be accessible.
4365 - library extensive featurelist added to TODO.
4366 - please doxygen, lint.
4367 - library test application, with basic functionality.
4368 - fix for building in a subdirectory.
4369 - link lib fix for Leopard.
4371 30 November 2007: Wouter
4372 - makefile that creates libunbound.la, basic file or libunbound.a
4373 when creating static executables (no libtool).
4376 29 November 2007: Wouter
4377 - 0.9 public API start.
4379 28 November 2007: Wouter
4380 - Changeup plan for 0.8 - no complication needed, a simple solution
4381 has been chosen for authoritative features.
4382 - you can use single quotes in the config file, so it is possible
4383 to specify TXT records in local data.
4384 - fixup small memory problem in implicit transparent zone creation.
4385 - test for implicit zone creation and multiple RR RRsets local data.
4386 - local-zone nodefault test.
4387 - show testbound testlist on commit.
4388 - iterator normalizer changes CNAME chains ending in NXDOMAIN where
4389 the packet got rcode NXDOMAIN into rcode NOERROR. (since the initial
4391 - nicer verbosity: 0 and 1 levels.
4392 - lower nonRDquery chance of eliciting wrongly typed validation
4393 requiring message from the cache.
4394 - fix for nonRDquery validation typing; nodata is detected when
4395 SOA record in auth section (all validation-requiring nodata messages
4396 have a SOA record in authority, so this is OK for the validator),
4397 and NS record is needed to be a referral.
4398 - duplicate checking when adding NSECs for a CNAME, and test.
4399 - created svn tag 0.8, after completing testbed tests.
4401 27 November 2007: Wouter
4402 - per suggestion in rfc2308, replaced default max-ttl value with 1 day.
4403 - set size of msgparse lookup table to 32, from 1024, so that its size
4404 is below the 2048 regional large size threshold, and does not cause
4405 a call to malloc when a message is parsed.
4406 - update of memstats tool to print number of allocation calls.
4407 This is what is taking time (not space) and indicates the avg size
4408 of the allocations as well. region_alloc stat is removed.
4410 22 November 2007: Wouter
4411 - noted EDNS in-the-middle dropping trouble as a TODO.
4412 At this point theoretical, no user trouble has been reported.
4413 - added all default AS112 zones.
4414 - answers from local zone content.
4415 * positive answer, the rrset in question
4416 * nodata answer (exist, but not that type).
4417 * nxdomain answer (domain does not exist).
4418 * empty-nonterminal answer.
4419 * But not: wildcard, nsec, referral, rrsig, cname/dname,
4420 or additional section processing, NS put in auth.
4421 - test for correct working of static and transparent and couple
4422 of important defaults (localhost, as112, reverses).
4423 Also checks deny and refuse settings.
4424 - fixup implicit zone generation and AA bit for NXDOMAIN on localdata.
4426 21 November 2007: Wouter
4427 - local zone internal data setup.
4429 20 November 2007: Wouter
4430 - 0.8 - str2list config support for double string config options.
4431 - local-zone and local-data options, config storage and documentation.
4433 19 November 2007: Wouter
4434 - do not downcase NSEC and RRSIG for verification. Follows
4435 draft-ietf-dnsext-dnssec-bis-updates-06.txt.
4436 - fixup leaking unbound daemons at end of tests.
4437 - README file updated.
4438 - nice libevent not found error.
4439 - README talks about gnu make.
4440 - 0.8: unit test for addr_mask and fixups for it.
4441 and unit test for addr_in_common().
4442 - 0.8: access-control config file element.
4443 and unit test rpl replay file.
4444 - 0.8: fixup address reporting from netevent.
4446 16 November 2007: Wouter
4447 - privilege separation is not needed in unbound at this time.
4448 TODO item marked as such.
4449 - created beta-0.7 branch for support.
4450 - tagged 0.7 for beta release.
4451 - moved trunk to 0.8 for 0.8(auth features) development.
4452 - 0.8: access control list setup.
4454 15 November 2007: Wouter
4455 - review fixups from Jelte.
4457 14 November 2007: Wouter
4458 - testbed script does not recreate configure, since its in svn now.
4459 - fixup checkconf test so that it does not test
4460 /etc/unbound/unbound.conf.
4463 13 November 2007: Wouter
4464 - remove debug print.
4465 - fixup testbound exit when LIBEVENT_SIGNAL_PROBLEM exists.
4467 12 November 2007: Wouter
4468 - fixup signal handling where SIGTERM could be ignored if a SIGHUP
4470 - bugreports to unbound-bugs@nlnetlabs.nl
4471 - fixup testbound so it exits cleanly.
4472 - cleanup the caches on a reload, so that rrsetID numbers won't clash.
4474 9 November 2007: Wouter
4475 - took ldns snapshot in repo.
4476 - default config file is /etc/unbound/unbound.conf.
4477 If it doesn't exist, it is installed with the doc/example.conf file.
4478 The file is not deleted on uninstall.
4479 - default listening is not all, but localhost interfaces.
4481 8 November 2007: Wouter
4482 - Fixup chroot and drop user privileges.
4483 - new L root ip address in default hints.
4485 1 November 2007: Wouter
4486 - Fixup of crash on reload, due to anchors in env not NULLed after
4487 dealloc during deinit.
4488 - Fixup of chroot call. Happens after privileges are dropped, so
4489 that checking the passwd entry still works.
4490 - minor touch up of clear() hashtable function.
4491 - VERB_DETAIL prints out what chdir, username, chroot is being done.
4492 - when id numbers run out, caches are cleared, as in design notes.
4493 Tested with a mock setup with very few bits in id, it worked.
4494 - harden-dnssec-stripped: yes is now default. It insists on dnssec
4495 data for trust anchors. Included tests for the feature.
4497 31 October 2007: Wouter
4498 - cache-max-ttl config option.
4499 - building outside sourcedir works again.
4500 - defaults more secure:
4502 chroot: "/etc/unbound"
4503 The operator can override them to be less secure ("") if necessary.
4504 - fix horrible oversight in sorting rrset references in a message,
4505 sort per reference key pointer, not on referencepointer itself.
4506 - pidfile: "/etc/unbound/unbound.pid" is now the default.
4507 - tests changed to reflect the updated default.
4508 - created hashtable clear() function that respects locks.
4510 30 October 2007: Wouter
4511 - fixup assertion failure that relied on compressed names to be
4512 smaller than uncompressed names. A packet from comrite.com was seen
4513 to be compressed to a larger size. Added it as unit test.
4514 - quieter logging at low verbosity level for common tcp messages.
4515 - no greedy TTL update.
4517 23 October 2007: Wouter
4518 - fixup (grand-)parent problem for dnssec-lameness detection.
4519 - fixup tests to do additional section processing for lame replies,
4520 since the detection needs that.
4521 - no longer trust in query section in reply during dnssec lame detect.
4522 - dnssec lameness does not make the server never ever queried, but
4523 non-preferred. If no other servers exist or answer, the dnssec lame
4524 server is used; the fastest dnssec lame server is chosen.
4525 - added test then when trust anchor cannot be primed (nodata), the
4526 insecure mode from unbound works.
4527 - Fixup max queries per thread, any more are dropped.
4529 22 October 2007: Wouter
4530 - added donotquerylocalhost config option. Can be turned off for
4532 - ISO C compat changes.
4533 - detect RA-no-AA lameness, as LAME.
4534 - DNSSEC-lameness detection, as LAME.
4535 See notes in requirements.txt for choices made.
4536 - tests for lameness detection.
4537 - added all to make test target; need unbound for fwd tests.
4538 - testbound does not pollute /etc/unbound.
4540 19 October 2007: Wouter
4541 - added configure (and its files) to svn, so that the trunk is easier
4542 to use. ./configure, config.guess, config.sub, ltmain.sh,
4544 - added yacc/lex generated files, util/configlexer.c,
4545 util/configparser.c util/configparser.h, to svn.
4546 - without lex no attempt to use it.
4547 - unsecure response validation collated into one block.
4548 - remove warning about const cast of cfgfile name.
4549 - outgoing-interfaces can be different from service interfaces.
4550 - ldns-src configure is done during unbound configure and
4551 ldns-src make is done during unbound make, and so inherits the
4552 make arguments from the unbound make invocation.
4553 - nicer error when libevent problem causes instant exit on signal.
4554 - read root hints from a root hint file (like BIND does).
4556 18 October 2007: Wouter
4557 - addresses are logged with errors.
4558 - fixup testcode fake event to remove pending before callback
4559 since the callback may create new pending items.
4560 - tests updated because retries are now in iterator module.
4561 - ldns-testpkts code is checked for differences between unbound
4562 and ldns by makedist.sh.
4563 - ldns trunk from today added in svn repo for fallback in case
4564 no ldns is installed on the system.
4565 make download_ldns refreshes the tarball with ldns svn trunk.
4566 - ldns-src.tar.gz is used if no ldns is found on the system, and
4567 statically linked into unbound.
4568 - start of regional allocator code.
4569 - regional uses less memory and variables, simplified code.
4570 - remove of region-allocator.
4571 - alloc cache keeps a cache of recently released regional blocks,
4573 - make unit test cleanly free memory.
4575 17 October 2007: Wouter
4576 - fixup another cycle detect and ns-addr timeout resolution bug.
4577 This time by refusing delegations from the cache without addresses
4578 when resolving a mandatory-glue nameserver-address for that zone.
4579 We're going to have to ask a TLD server anyway; might as well be
4580 the TLD server for this name. And this resolves a lot of cases where
4581 the other nameserver names lead to cycles or are not available.
4582 - changed random generator from random(3) clone to arc4random wrapped
4583 for thread safety. The random generator is initialised with
4584 entropy from the system.
4585 - fix crash where failure to prime DNSKEY tried to print null pointer
4587 - removed some debug prints, only verb_algo (4) enables them.
4588 - fixup test; new random generator took new paths; such as one
4589 where no scripted answer was available.
4590 - mark insecure RRs as insecure.
4591 - fixup removal of nonsecure items from the additional.
4592 - reduced timeout values to more realistic, 376 msec (262 msec has
4593 90% of roundtrip times, 512 msec has 99% of roundtrip times.)
4594 - server selection failover to next server after timeout (376 msec).
4596 16 October 2007: Wouter
4597 - no malloc in log_hex.
4598 - assertions around system calls.
4599 - protect against gethostname without ending zero.
4600 - ntop output is null terminated by unbound.
4601 - pidfile content null termination
4602 - various snprintf use sizeof(stringbuf) instead of fixed constant.
4603 - changed loopdetect % 8 with & 0x7 since % can become negative for
4604 weird negative input and particular interpretation of integer math.
4605 - dname_pkt_copy checks length of result, to protect result buffers.
4606 prints an error, this should not happen. Bad strings should have
4607 been rejected earlier in the program.
4608 - remove a size_t underflow from msgreply size func.
4610 15 October 2007: Wouter
4612 - fix IP6 TCP, wrong definition check. With test package.
4613 - fixup the fact that the query section was not compressed to,
4614 the code was there but was called by value instead of by reference.
4615 And test for the case, uses xxd and nc.
4616 - more portable ip6 check for sockaddr types.
4618 8 October 2007: Wouter
4619 - --disable-rpath option in configure for 64bit systems with
4620 several dynamic lib dirs.
4622 7 October 2007: Wouter
4623 - fixup tests for no AD bit in non-DO queries.
4624 - test that makes sure AD bit is not set on non-DO query.
4626 6 October 2007: Wouter
4627 - removed logfile open early. It did not have the proper permissions;
4628 it was opened as root instead of the user. And we cannot change user
4629 id yet, since chroot and bind ports need to be done.
4630 - callback checks for event callbacks done from mini_event. Because
4631 of deletions cannot do this from netevent. This means when using
4632 libevent the protection does not work on event-callbacks.
4633 - fixup too small reply (did not zero counts).
4634 - fixup reply no longer AD bit when query without DO bit.
4636 5 October 2007: Wouter
4637 - function pointer whitelist.
4639 4 October 2007: Wouter
4640 - overwrite sensitive random seed value after use.
4641 - switch to logfile very soon if not -d (console attached).
4642 - error messages do not reveal the trustanchor contents.
4643 - start work on function pointer whitelists.
4645 3 October 2007: Wouter
4646 - fix for multiple empty nonterminals, after multiple DSes in the
4648 - mesh checks if modules are looping, and stops them.
4649 - refetch with CNAMEd nameserver address regression test added.
4650 - fixup line count bug in testcode, so testbound prints correct line
4651 number with parse errors.
4652 - unit test for multiple ENT case.
4653 - fix for cname out of validated unsec zone.
4654 - fixup nasty id=0 reuse. Also added assertions to detect its
4655 return (the assertion catches in the existing test cases).
4657 1 October 2007: Wouter
4658 - skip F77, CXX, objC tests in configure step.
4659 - fixup crash in refetch glue after a CNAME.
4660 and protection against similar failures (with error print).
4662 28 September 2007: Wouter
4663 - test case for unbound-checkconf, fixed so it also checks the
4664 interface: statements.
4666 26 September 2007: Wouter
4667 - SIGHUP will reopen the log file.
4668 - Option to log to syslog.
4669 - please lint, fixup tests (that went to syslog on open, oops).
4670 - config check program.
4672 25 September 2007: Wouter
4673 - tests for NSEC3. Fixup bitmap checks for NSEC3.
4674 - positive ANY response needs to check if wildcard expansion, and
4675 check that original data did not exist.
4676 - tests for NSEC3 that wrong use of OPTOUT is bad. For insecure
4677 delegation, for abuse of child zone apex nsec3.
4678 - create 0.5 release tag.
4680 24 September 2007: Wouter
4681 - do not make test programs by default.
4682 - But 'make test' will perform all of the tests.
4683 - Advertise builtin select libevent alternative when no libevent
4685 - signit can generate NSEC3 hashes, for generating tests.
4686 - multiple nsec3 paramaters in message test.
4687 - too high nsec3 iterations becomes insecure test.
4689 21 September 2007: Wouter
4690 - fixup empty_DS_name allocated in wrong region (port DEC Alpha).
4691 - fixup testcode lock safety (port FreeBSD).
4692 - removes subscript has type char warnings (port Solaris 9).
4693 - fixup of field with format type to int (port MacOS/X intel).
4694 - added test for infinite loop case in nonRD answer validation.
4695 It was a more general problem, but hard to reproduce. When an
4696 unsigned rrset is being validated and the key fetched, the DS
4697 sequence is followed, but if the final name has no DS, then no
4698 proof is possible - the signature has been stripped off.
4700 20 September 2007: Wouter
4701 - fixup and test for NSEC wildcard with empty nonterminals.
4702 - makedist.sh fixup for svn info.
4703 - acl features request in plan.
4704 - improved DS empty nonterminal handling.
4705 - compat with ANS nxdomain for empty nonterminals. Attempts the nodata
4706 proof anyway, which succeeds in ANS failure case.
4707 - striplab protection in case it becomes -1.
4708 - plans for static and blacklist config.
4710 19 September 2007: Wouter
4711 - comments about non-packed usage.
4712 - plan for overload support in 0.6.
4713 - added testbound tests for a failed resolution from the logs
4714 and for failed prime when missing glue.
4715 - fixup so useless delegation points are not returned from the
4716 cache. Also the safety belt is used if priming fails to complete.
4717 - fixup NSEC rdata not to be lowercased, bind compat.
4719 18 September 2007: Wouter
4720 - wildcard nsec3 testcases, and fixup to get correct wildcard name.
4721 - validator prints subtype classification for debug.
4723 17 September 2007: Wouter
4724 - NSEC3 hash cache unit test.
4725 - validator nsec3 nameerror test.
4727 14 September 2007: Wouter
4728 - nsec3 nodata proof, nods proof, wildcard proof.
4729 - nsec3 support for cname chain ending in noerror or nodata.
4730 - validator calls nsec3 proof routines if no NSECs prove anything.
4731 - fixup iterator bug where it stored the answer to a cname under
4732 the wrong qname into the cache. When prepending the cnames, the
4733 qname has to be reset to the original qname.
4735 13 September 2007: Wouter
4736 - nsec3 find matching and covering, ce proof, prove namerror msg.
4738 12 September 2007: Wouter
4739 - fixup of manual page warnings, like for NSD bugreport.
4740 - nsec3 work, config, max iterations, filter, and hash cache.
4742 6 September 2007: Wouter
4743 - fixup to find libevent on mac port install.
4744 - fixup size_t vs unsigned portability in validator/sigcrypt.
4745 - please compiler on different platforms, for unreachable code.
4747 - pthread_rwlock type is optional, in case of old pthread libs.
4749 5 September 2007: Wouter
4750 - cname, name error validator tests.
4751 - logging of qtype ANY works.
4752 - ANY type answers get RRSIG in answer section of replies (but not
4753 in other sections, unless DO bit is on).
4754 - testbound can replay a TCP query (set MATCH TCP in the QUERY).
4755 - DS and noDS referral validation test.
4756 - if you configure many trust anchors, parent trust anchors can
4757 securely deny existance of child trust anchors, if validated.
4758 - not all *.name NSECs are present because a wildcard was matched,
4759 and *.name NSECs can prove nodata for empty nonterminals.
4760 Also, for wildcard name NSECs, check they are not from the parent
4761 zone (for wildcarded zone cuts), and check absence of CNAME bit,
4763 - configure option for memory allocation debugging.
4764 - port configure option for memory allocation to solaris10.
4766 4 September 2007: Wouter
4767 - fixup of Leakage warning when serviced queries processed multiple
4768 callbacks for the same query from the same server.
4769 - testbound removes config file from /tmp on failed exit.
4770 - fixup for referral cleanup of the additional section.
4771 - tests for cname, referral validation.
4772 - neater testbound tpkg output.
4773 - DNAMEs no longer match their apex when synthesized from the cache.
4774 - find correct signer name for DNAME responses.
4775 - wildcarded DNAME test and fixup code to detect.
4776 - prepend NSEC and NSEC3 rrsets in the iterator while chasing CNAMEs.
4777 So that wildcarded CNAMEs get their NSEC with them to the answer.
4778 - test for a CNAME to a DNAME to a CNAME to an answer, all from
4779 different domains, for key fetching and signature checking of
4782 3 September 2007: Wouter
4783 - Fixed error in iterator that would cause assertion failure in
4784 validator. CNAME to a NXDOMAIN response was collated into a response
4785 with both a CNAME and the NXDOMAIN rcode. Added a test that the
4786 rcode is changed to NOERROR (because of the CNAME).
4787 - timeout on tcp does not lead to spurious leakage detect.
4788 - account memory for name of lame zones, so that memory leakages does
4789 not show lame cache growth as a leakage growth.
4790 - config setting for lameness cache expressed in bytes, instead of
4792 - tool too summarize allocations per code line.
4794 31 August 2007: Wouter
4795 - can read bind trusted-keys { ... }; files, in a compatibility mode.
4796 - iterator should not detach target queries that it still could need.
4797 the protection against multiple outstanding queries is moved to a
4798 current_query num check.
4799 - validator nodata, positive, referral tests.
4800 - dname print can print '*' wildcard.
4802 30 August 2007: Wouter
4803 - fixup override date config option.
4804 - config options to control memory usage.
4805 - caught bad free of un-alloced data in worker_send error case.
4806 - memory accounting for key cache (trust anchors and temporary cache).
4807 - memory accounting fixup for outside network tcp pending waits.
4808 - memory accounting fixup for outside network tcp callbacks.
4809 - memory accounting for iterator fixed storage.
4810 - key cache size and slabs config options.
4811 - lib crypto cleanups at exit.
4813 29 August 2007: Wouter
4814 - test tool to sign rrsets for testing validator with.
4815 - added RSA and DSA test keys, public and private pairs, 512 bits.
4816 - default configuration is with validation enabled.
4817 Only a trust-anchor needs to be configured for DNSSEC to work.
4818 - do not convert to DER for DSA signature verification.
4819 - validator replay test file, for a DS to DNSKEY DSA key prime and
4822 28 August 2007: Wouter
4823 - removed double use for udp buffers, that could fail,
4824 instead performs a malloc to do the backup.
4825 - validator validates referral messages, by validating all the rrsets
4826 and stores the rrsets in the cache. Further referral (nonRD queries)
4827 replies are made from the rrset cache directly. Unless unchecked
4828 rrsets are encountered, there are then validated.
4829 - enforce that signing is done by a parent domain (or same domain).
4830 - adjust TTL downwards if rrset TTL bigger than signature allows.
4831 - permissive mode feature, sets AD bit for secure, but bogus does
4832 not give servfail (bogus is changed into indeterminate).
4833 - optimization of rrset verification. rr canonical sorting is reused,
4834 for the same rrset. canonical rrset image in buffer is reused for
4836 - if the rrset is too big (64k exactly + large owner name) the
4837 canonicalization routine will fail if it does not fit in buffer.
4838 - faster verification for large sigsets.
4839 - verb_detail mode reports validation failures, but not the entire
4840 algorithm for validation. Key prime failures are reported as
4843 27 August 2007: Wouter
4844 - do not garble the edns if a cache answer fails.
4845 - answer norecursive from cache if possible.
4846 - honor clean_additional setting when returning secure non-recursive
4848 - do not store referral in msg cache for nonRD queries.
4849 - store verification status in the rrset cache to speed up future
4851 - mark rrsets indeterminate and insecure if they are found to be so.
4852 and store this in the cache.
4854 24 August 2007: Wouter
4855 - message is bogus if unsecure authority rrsets are present.
4856 - val-clean-additional option, so you can turn it off.
4857 - move rrset verification out of the specific proof types into one
4858 routine. This makes the proof routines prettier.
4859 - fixup cname handling in validator, cname-to-positive and cname-to-
4861 - Do not synthesize DNSKEY and DS responses from the rrset cache if
4862 the rrset is from the additional section. Signatures may have
4863 fallen off the packet, and cause validation failure.
4864 - more verbose signature date errors (with the date attached).
4865 - increased default infrastructure cache size. It is important for
4866 performance, and 1000 entries are only 212k (or a 400 k total cache
4867 size). To 10000 entries (for 2M entries, 4M cache size).
4869 23 August 2007: Wouter
4870 - CNAME handling - move needs_validation to before val_new().
4871 val_new() setups the chase-reply to be an edited copy of the msg.
4872 new classification, and find signer can find for it.
4873 removal of unsigned crap from additional, and query restart for
4875 - refuse to follow wildcarded DNAMEs when validating.
4876 But you can query for qtype ANY, or qtype DNAME and validate that.
4878 22 August 2007: Wouter
4880 - review - use val_error().
4882 21 August 2007: Wouter
4883 - ANY response validation.
4884 - store security status in cache.
4885 - check cache security status and either send the query to be
4886 validated, return the query to client, or send servfail to client.
4887 Sets AD bit on validated replies.
4888 - do not examine security status on an error reply in mesh_done.
4889 - construct DS, DNSKEY messages from rrset cache.
4890 - manual page entry for override-date.
4892 20 August 2007: Wouter
4893 - validate and positive validation, positive wildcard NSEC validation.
4894 - nodata validation, nxdomain validation.
4896 18 August 2007: Wouter
4897 - process DNSKEY response in FINDKEY state.
4899 17 August 2007: Wouter
4900 - work on DS2KE routine.
4901 - val_nsec.c for validator NSEC proofs.
4902 - unit test for NSEC bitmap reading.
4903 - dname iswild and canonical_compare with unit tests.
4905 16 August 2007: Wouter
4907 - latest release libevent 1.3c and 1.3d have threading fixed.
4908 - key entry fixup data pointer and ttl absolute.
4909 - This makes a key-prime succeed in validator, with DS or DNSKEY as
4911 - fixup canonical compare byfield routine, fix bug and also neater.
4912 - fixed iterator response type classification for queries of type
4914 dig ANY gives sometimes NS rrset in AN and NS section, and parser
4915 removes the NS section duplicate. dig NS gives sometimes the NS
4916 in the answer section, as referral.
4917 - validator FINDKEY state.
4919 15 August 2007: Wouter
4920 - crypto calls to verify signatures.
4921 - unit test for rrsig verification.
4923 14 August 2007: Wouter
4924 - default outgoing ports changed to avoid port 2049 by default.
4925 This port is widely blocked by firewalls.
4926 - count infra lameness cache in memory size.
4927 - accounting of memory improved
4928 - outbound entries are allocated in the query region they are for.
4929 - extensive debugging for memory allocations.
4930 - --enable-lock-checks can be used to enable lock checking.
4931 - protect undefs in config.h from autoheaders ministrations.
4932 - print all received udp packets. log hex will print on multiple
4934 - fixed error in parser with backwards rrsig references.
4935 - mark cycle targets for iterator did not have CD flag so failed
4938 13 August 2007: Wouter
4939 - fixup makefile, if lexer is missing give nice error and do not
4940 mess up the dependencies.
4941 - canonical compare routine updated.
4942 - canonical hinfo compare.
4943 - printout list of the queries that the mesh is working on.
4945 10 August 2007: Wouter
4946 - malloc and free overrides that track total allocation and frees.
4947 for memory debugging.
4948 - work on canonical sort.
4950 9 August 2007: Wouter
4951 - canonicalization, signature checks
4952 - dname signature label count and unit test.
4953 - added debug heap size print to memory printout.
4954 - typo fixup in worker.c
4955 - -R needed on solaris.
4956 - validator override option for date check testing.
4958 8 August 2007: Wouter
4959 - ldns _raw routines created (in ldns trunk).
4960 - sigcrypt DS digest routines
4961 - val_utils uses sigcrypt to perform signature cryptography.
4962 - sigcrypt keyset processing
4964 7 August 2007: Wouter
4965 - security status type.
4966 - security status is copied when rdata is equal for rrsets.
4967 - rrset id is updated to invalidate all the message cache entries
4968 that refer to NSEC, NSEC3, DNAME rrsets that have changed.
4970 - val_sigcrypt file for validator signature checks.
4972 6 August 2007: Wouter
4973 - key cache for validator.
4974 - moved isroot and dellabel to own dname routines, with unit test.
4976 3 August 2007: Wouter
4978 - scrubber check section of lame NS set.
4979 - trust anchors can be in config file or read from zone file,
4980 DS and DNSKEY entries.
4981 - unit test trust anchor storage.
4982 - trust anchors converted to packed rrsets.
4983 - key entry definition.
4985 2 August 2007: Wouter
4986 - configure change for latest libevent trunk version (needs -lrt).
4987 - query_done and walk_supers are moved out of module interface.
4988 - fixup delegation point duplicates.
4989 - fixup iterator scrubber; lame NS set is let through the scrubber
4990 so that the classification is lame.
4991 - validator module exists, and does nothing but pass through,
4992 with calling of next module and return.
4995 1 August 2007: Wouter
4996 - set version to 0.5
4997 - module work for module to module interconnections.
4998 - config of modules.
4999 - detect cycle takes flags.
5001 31 July 2007: Wouter
5005 30 July 2007: Wouter
5006 - changed random state init, so that sequential process IDs are not
5007 cancelled out by sequential thread-ids in the random number seed.
5008 - the fwd_three test, which sends three queries to unbound, and
5009 unbound is kept waiting by ldns-testns for 3 seconds, failed
5010 because the retry timeout for default by unbound is 3 seconds too,
5011 it would hit that timeout and fail the test. Changed so that unbound
5012 is kept waiting for 2 seconds instead.
5014 27 July 2007: Wouter
5015 - removed useless -C debug option. It did not work.
5016 - text edit of documentation.
5017 - added doc/CREDITS file, referred to by the manpages.
5020 26 July 2007: Wouter
5021 - cycle detection, for query state dependencies. Will attempt to
5022 circumvent the cycle, but if no other targets available fails.
5023 - unit test for AXFR, IXFR response.
5024 - test for cycle detection.
5026 25 July 2007: Wouter
5027 - testbound read ADDRESS and check it.
5028 - test for version.bind and friends.
5029 - test for iterator chaining through several referrals.
5030 - test and fixup for refetch for glue. Refetch fails if glue
5031 is still not provided.
5033 24 July 2007: Wouter
5034 - Example section in config manual.
5035 - Addr stored for range and moment in replay.
5037 20 July 2007: Wouter
5038 - Check CNAME chain before returning cache entry with CNAMEs.
5039 - Option harden-glue, default is on. It will discard out of zone
5040 data. If disabled, performance is faster, but spoofing attempts
5041 become a possibility. Note that still normalize scrubbing is done,
5042 and that the potentially spoofed data is used for infrastructure
5043 and not returned to the client.
5044 - if glue times out, refetch by asking parent of delegation again.
5045 Much like asking for DS at the parent side.
5046 - TODO items from forgery-resilience draft.
5047 and on memory handling improvements.
5048 - renamed module_event_timeout to module_event_noreply.
5049 - memory reporting code; reports on memory usage after handling
5050 a network packet (not on cache replies).
5052 19 July 2007: Wouter
5053 - shuffle NS selection when getting nameserver target addresses.
5054 - fixup of deadlock warnings, yield cpu in checklock code so that
5055 freebsd scheduler selects correct process to run.
5056 - added identity and version config options and replies.
5057 - store cname messages complete answers.
5059 18 July 2007: Wouter
5060 - do not query addresses, 127.0.0.1, and ::1 by default.
5062 17 July 2007: Wouter
5063 - forward zone options in config file.
5064 - forward per zone in iterator. takes precendence over stubs.
5065 - fixup commithooks.
5066 - removed forward-to and forward-to-port features, subsumed by
5068 - fix parser to handle absent server: clause.
5069 - change untrusted rrset test to account for scrubber that is now
5070 applied during the test (which removes the poison, by the way).
5071 - feature, addresses can be specified with @portnumber, like nsd.conf.
5072 - test config files changed over to new forwarder syntax.
5074 27 June 2007: Wouter
5075 - delete of mesh does a postorder traverse of the tree.
5076 - found and fixed a memory leak. For TTL=0 messages, that would
5077 not be cached, instead the msg-replyinfo structure was leaked.
5078 - changed server selection so it will filter out hosts that are
5079 unresponsive. This is defined as a host with the maximum rto value.
5080 This means that unbound tried the host for retries up to 120 secs.
5081 The rto value will time out after host-ttl seconds from the cache.
5082 This keeps such unresolvable queries from taking up resources.
5083 - utility for keeping histogram.
5085 26 June 2007: Wouter
5086 - mesh is called by worker, and iterator uses it.
5087 This removes the hierarchical code.
5088 QueryTargets state and Finished state are merged for iterator.
5089 - forwarder mode no longer sets AA bit on first reply.
5090 - rcode in walk_supers is not needed.
5092 25 June 2007: Wouter
5094 - error encode routine for ease.
5096 22 June 2007: Wouter
5097 - removed unused _node iterator value from rbtree_t. Takes up space.
5098 - iterator can handle querytargets state without a delegation point
5099 set, so that a priming(stub) subquery error can be handled.
5100 - iterator stores if it is priming or not.
5101 - log_query_info() neater logging.
5102 - changed iterator so that it does not alter module_qstate.qinfo
5103 but keeps a chase query info. Also query_flags are not altered,
5104 the iterator uses chase_flags.
5105 - fixup crash in case no ports for the family exist.
5107 21 June 2007: Wouter
5108 - Fixup secondary buffer in case of error callback.
5109 - cleanup slumber list of runnable states.
5110 - module_subreq_depth fails to work in slumber list.
5111 - fixup query release for cached results to sub targets.
5112 - neater error for tcp connection failure, shows addr in verbose.
5113 - rbtree_init so that it can be used with preallocated memory.
5115 20 June 2007: Wouter
5116 - new -C option to enable coredumps after forking away.
5118 - fixup CNAME generation by scrubber, and memory allocation of it.
5119 - fixup deletion of serviced queries when all callbacks delete too.
5120 - set num target queries to 0 when you move them to slumber list.
5121 - typo in check caused subquery errors to be ignored, fixed.
5122 - make lint happy about rlim_t.
5123 - freeup of modules after freeup of module-states.
5124 - duplicate replies work, this uses secondary udp buffer in outnet.
5126 19 June 2007: Wouter
5127 - nicer layout in stats.c, review 0.3 change.
5128 - spelling improvement, review 0.3 change.
5129 - uncapped timeout for server selection, so that very fast or slow
5130 servers will stand out from the rest.
5131 - target-fetch-policy: "3 2 1 0 0" config setting.
5132 - fixup queries answered without RD bit (for root prime results).
5133 - refuse AXFR and IXFR requests.
5134 - fixup RD flag in error reply from iterator. fixup RA flag from
5136 - fixup encoding of very short edns buffer sizes, now sets TC bit.
5137 - config options harden-short-bufsize and harden-large-queries.
5139 18 June 2007: Wouter
5140 - same, move subqueries to slumber list when first has resolved.
5141 - fixup last fix for duplicate callbacks.
5142 - another offbyone in targetcounter. Also in Java prototype by the way.
5144 15 June 2007: Wouter
5145 - if a query asks to be notified of the same serviced query result
5146 multiple times, this will succeed. Only one callback will happen;
5147 multiple outbound-list entries result (but the double cleanup of it
5149 - when iterator moves on due to CNAME or referral, it will remove
5150 the subqueries (for other targets). These are put on the slumber
5152 - state module wait subq is OK with no new subqs, an old one may have
5153 stopped, with an error, and it is still waiting for other ones.
5154 - if a query loops, halt entire query (easy way to clean up properly).
5156 14 June 2007: Wouter
5157 - num query targets was > 0 , not >= 0 compared, so that fetch
5158 policy of 0 did nothing.
5160 13 June 2007: Wouter
5161 - debug option: configure --enable-static-exe for compile where
5162 ldns and libevent are linked statically. Default is off.
5163 - make install and make uninstall. Works with static-exe and without.
5164 installation of unbound binary and manual pages.
5165 - alignement problem fix on solaris 64.
5166 - fixup address in case of TCP error.
5168 12 June 2007: Wouter
5169 - num target queries was set to 0 at a bad time. Default it to 0 and
5170 increase as target queries are done.
5171 - synthesize CNAME and DNAME responses from the cache.
5172 - Updated doxygen config for doxygen 1.5.
5173 - aclocal newer version.
5174 - doxygen 1.5 fixes for comments (for the strict check on docs).
5176 11 June 2007: Wouter
5177 - replies on TCP queries have the address field set in replyinfo,
5178 for serviced queries, because the initiator does not know that
5179 a TCP fallback has occured.
5180 - omit DNSSEC types from nonDO replies, except if qtype is ANY or
5181 if qtype directly queries for the type (and then only show that
5182 'unknown type' in the answer section).
5183 - fixed message parsing where rrsigs on their own would be put
5184 in the signature list over the rrsig type.
5187 - fixup error in double linked list insertion for subqueries and
5188 for outbound list of serviced queries for iterator module.
5189 - nicer printout of outgoing port selection.
5190 - fixup cname target readout.
5191 - nicer debug output.
5192 - fixup rrset counts when prepending CNAMEs to the answer.
5193 - fixup rrset TTL for prepended CNAMEs.
5194 - process better check for looping modules, and which submodule to
5196 - subreq insertion code fixup for slumber list.
5197 - VERB_DETAIL, verbosity: 2 level gives short but readable output.
5198 VERB_ALGO, verbosity: 3 gives extensive output.
5199 - fixup RA bit in cached replies.
5200 - fixup CNAME responses from the cache no longer partial response.
5201 - error in network send handled without leakage.
5202 - enable ip6 from config, and try ip6 addresses if available,
5203 if ip6 is not connected, skips to next server.
5206 - iterator state finished.
5207 - subrequests without parent store in cache and stop.
5208 - worker slumber list for ongoing promiscuous queries.
5209 - subrequest error handling.
5210 - priming failure returns SERVFAIL.
5211 - priming gives LAME result, returns SERVFAIL.
5212 - debug routine to print dns_msg as handled by iterator.
5213 - memleak in config file stubs fixup.
5214 - more small bugs, in scrubber, query compare no ID for lookup,
5215 in dname validation for NS targets.
5216 - sets entry.key for new special allocs.
5217 - lognametypeclass can display unknown types and classes.
5220 - random selection of equally preferred nameserver targets.
5221 - reply info copy routine. Reuses existing code.
5222 - cache lameness in response handling.
5223 - do not touch qstate after worker_process_query because it may have
5224 been deleted by that routine.
5225 - Prime response state.
5226 - Process target response state.
5227 - some memcmp changed to dname_compare for case preservation.
5230 - normalize incoming messages. Like unbound-java, with CNAME chain
5231 checked, DNAME checked, CNAME's synthesized, glue checked.
5232 - sanitize incoming messages.
5233 - split msgreply encode functions into own file msgencode.c.
5234 - msg_parse to queryinfo/replyinfo conversion more versatile.
5235 - process_response, classify response, delegpt_from_message.
5238 - querytargets state.
5239 - dname_subdomain_c() routine.
5240 - server selection, based on RTT. ip6 is filtered out if not available,
5241 and lameness is checked too.
5242 - delegation point copy routine.
5245 - removed FLAG_CD from message and rrset caches. This was useful for
5246 an agnostic forwarder, but not for a sophisticated (trust value per
5247 rrset enabled) cache.
5248 - iterator reponse typing.
5249 - iterator cname handle.
5250 - iterator prime start.
5252 - processInitRequest and processInitRequest2.
5253 - cache synthesizes referral messages, with DS and NSEC.
5254 - processInitRequest3.
5255 - if a request creates multiple subrequests these are all activated.
5258 - routines to lock and unlock array of rrsets moved to cache/rrset.
5259 - lookup message from msg cache (and copy to region).
5260 - fixed cast error in dns msg lookup.
5261 - message with duplicate rrset does not increase its TTLs twice.
5262 - 'qnamesize' changed to 'qname_len' for similar naming scheme.
5265 - Acknowledge use of unbound-java code in iterator. Nicer readme.
5266 - services/cache/dns.c DNS Cache. Hybrid cache uses msgcache and
5267 rrset cache from module environment.
5268 - packed rrset key has type and class as easily accessable struct
5269 members. They are still kept in network format for fast msg encode.
5270 - dns cache find_delegation routine.
5271 - iterator main functions setup.
5272 - dns cache lookup setup.
5275 - small changes to prepare for subqueries.
5276 - iterator forwarder feature separated out.
5277 - iterator hints stub code, config file stub code, so that first
5278 testing can proceed locally.
5279 - replay tests now have config option to enable forwarding mode.
5282 - outside network does precise timers for roundtrip estimates for rtt
5283 and for setting timeout for UDP. Pending_udp takes milliseconds.
5284 - cleaner iterator sockaddr conversion of forwarder address.
5285 - iterator/iter_utils and iter_delegpt setup.
5289 - outbound query list for modules and support to callback with the
5290 outbound entry to the module.
5291 - testbound support for new serviced queries.
5292 - test for retry to TCP cannot use testbound any longer.
5293 - testns test for EDNS fallback, test for TCP fallback already exists.
5294 - fixes for no-locking compile.
5295 - mini_event timer precision and fix for change in timeouts during
5296 timeout callback. Fix for fwd_three tests, performed nonexit query.
5299 - small comment on hash table locking.
5300 - outside network serviced queries, contain edns and tcp fallback,
5301 and udp retries and rtt timing.
5304 - lruhash_touch() would cause locking order problems. Fixup in
5305 lock-verify in case locking cycle is found.
5306 - services/cache/rrset.c for rrset cache code.
5307 - special rrset_cache LRU updating function that uses the rrset id.
5308 - no dependencies calculation when make clean is called.
5309 - config settings for infra cache.
5310 - daemon code slightly cleaner, only creates caches once.
5314 - unit test for host cache.
5317 - Port to OS/X and Dec Alpha. Printf format and alignment fixes.
5318 - extensive lock debug report on join timeout.
5319 - proper RTT calculation, in utility code.
5320 - setup of services/cache/infra, host cache.
5323 - iterator/iterator.c module.
5324 - fixup to pass reply_info in testcode and in netevent.
5327 - created release-0.3 svn tag.
5329 - fixed compression - no longer compresses root name.
5332 - outside network cleans up waiting tcp queries on exit.
5334 - testbound replay with retry in TCP mode.
5335 - tpkg test for retry in TCP mode, against ldns-testns server.
5336 - daemon checks max number of open files and complains if not enough.
5337 - test where data expires in the cache.
5338 - compiletests: fixed empty body ifstatements in alloc.c, in case
5342 - outgoing network keeps list of available tcp buffers for outgoing
5344 - outgoing-num-tcp config option.
5345 - outgoing network keeps waiting list of queries waiting for buffer.
5346 - netevent supports outgoing tcp commpoints, nonblocking connects.
5349 - EDNS read from query, used to make reply smaller.
5350 - advertised edns value constants.
5351 - EDNS BADVERS response, if asked for too high edns version.
5352 - EDNS extended error reponses once the EDNS record from the query
5353 has successfully been parsed.
5356 - msgreply sizefunc is more accurate.
5357 - config settings for rrset cache size and slabs.
5358 - hashtable insert takes argument so that a thread can use its own
5359 alloc cache to store released keys.
5360 - alloc cache special_release() locks if necessary.
5361 - rrset trustworthiness type added.
5362 - thread keeps a scratchpad region for handling messages.
5363 - writev used in netevent to write tcp length and data after another.
5364 This saves a roundtrip on tcp replies.
5365 - test for one rrset updated in the cache.
5366 - test for one rrset which is not updated, as it is not deemed
5368 - test for TTL refreshed in rrset.
5371 - fill refs. Use new parse and encode to answer queries.
5372 - stores rrsets in cache.
5373 - uses new msgreply format in cache.
5376 - dname unit tests in own file and spread out neatly in functions.
5377 - more dname unit tests.
5378 - message encoding creates truncated TC flagged messages if they do
5379 not fit, and will leave out (whole)rrsets from additional if needed.
5382 - decompress query section, extremely lenient acceptance.
5383 But only for answers from other servers, not for plain queries.
5384 - compression and decompression test cases.
5386 - example.conf interface: line is changed from 127.0.0.1 which leads
5387 to problems if used (restricting communication to the localhost),
5388 to a documentation and test address.
5390 27 April 2007: Wouter
5391 - removed iov usage, it is not good for dns message encoding.
5392 - owner name compression more optimal.
5393 - rrsig owner name compression.
5394 - rdata domain name compression.
5396 26 April 2007: Wouter
5397 - floating point exception fix in lock-verify.
5398 - lint uses make dependency
5399 - fixup lint in dname owner domain name compression code.
5400 - define for offset range that can be compressed to.
5402 25 April 2007: Wouter
5403 - prettier code; parse_rrset->type kept in host byte order.
5404 - datatype used for hashvalue of converted rrsig structure.
5405 - unit test compares edns section data too.
5407 24 April 2007: Wouter
5408 - ttl per RR, for RRSIG rrsets and others.
5409 - dname_print debug function.
5410 - if type is not known, size calc will skip DNAME decompression.
5411 - RRSIG parsing and storing and putting in messages.
5412 - dnssec enabled unit tests (from nlnetlabs.nl and se queries).
5413 - EDNS extraction routine.
5415 20 April 2007: Wouter
5416 - code comes through all of the unit tests now.
5417 - disabled warning about spurious extra data.
5418 - documented the RRSIG parse plan in msgparse.h.
5419 - rrsig reading and outputting.
5421 19 April 2007: Wouter
5422 - fix unit test to actually to tests.
5423 - fix write iov helper, and fakevent code.
5424 - extra builtin testcase (small packet).
5425 - ttl converted to network format in packets.
5426 - flags converted correctly
5427 - rdatalen off by 2 error fixup.
5428 - uses less iov space for header.
5430 18 April 2007: Wouter
5431 - review of msgparse code.
5432 - smaller test cases.
5434 17 April 2007: Wouter
5435 - copy and decompress dnames.
5436 - store calculated hash value too.
5437 - routine to create message out of stored information.
5438 - util/data/msgparse.c for message parsing code.
5439 - unit test, and first fixes because of test.
5440 * forgot rrset_count addition.
5441 * did & of ptr on stack for memory position calculation.
5442 * dname_pkt_copy forgot to read next label length.
5443 - test from file and fixes
5444 * double frees fixed in error conditions.
5445 * types with less than full rdata allowed by parser.
5446 Some dynamic update packets seem to use it.
5448 16 April 2007: Wouter
5449 - following a small change in LDNS, parsing code calculates the
5450 memory size to allocate for rrs.
5451 - code to handle ID creation.
5453 13 April 2007: Wouter
5454 - parse routines. Code that parses rrsets, rrs.
5456 12 April 2007: Wouter
5457 - dname compare routine that preserves case, with unit tests.
5459 11 April 2007: Wouter
5460 - parse work - dname packet parse, msgparse, querysection parse,
5461 start of sectionparse.
5463 10 April 2007: Wouter
5464 - Improved alignment of reply_info packet, nice for 32 and 64 bit.
5465 - Put RRset counts in reply_info, because the number of RRs can change
5466 due to RRset updates.
5467 - import of region-allocator code from nsd.
5468 - set alloc special type to ub_packed_rrset_key.
5469 Uses lruhash entry overflow chain next pointer in alloc cache.
5470 - doxygen documentation for region-allocator.
5471 - setup for parse scratch data.
5473 5 April 2007: Wouter
5474 - discussed packed rrset with Jelte.
5476 4 April 2007: Wouter
5477 - moved to version 0.3.
5478 - added util/data/dname.c
5479 - layout of memory for rrsets.
5481 3 April 2007: Wouter
5482 - detect sign of msghdr.msg_iovlen so that the cast to that type
5483 in netevent (which is there to please lint) can be correct.
5484 The type on several OSes ranges from int, int32, uint32, size_t.
5485 Detects unsigned or signed using math trick.
5486 - constants for DNS flags.
5487 - compilation without locks fixup.
5488 - removed include of unportable header from lookup3.c.
5489 - more portable use of struct msghdr.
5490 - casts for printf warning portability.
5491 - tweaks to tests to port them to the testbed.
5494 2 April 2007: Wouter
5495 - check sizes of udp received messages, not too short.
5496 - review changes. Some memmoves can be memcpys: 4byte aligned.
5497 set id correctly on cached answers.
5498 - review changes msgreply.c, memleak on error condition. AA flag
5499 clear on cached reply. Lowercase queries on hashing.
5500 unit test on lowercasing. Test AA bit not set on cached reply.
5501 Note that no TTLs are managed.
5503 29 March 2007: Wouter
5504 - writev or sendmsg used when answering from cache.
5505 This avoids a copy of the data.
5506 - do not do useless byteswap on query id. Store reply flags in uint16
5507 for easier access (and no repeated byteswapping).
5509 - configure detects and config.h includes sys/uio.h for writev decl.
5511 28 March 2007: Wouter
5512 - new config option: num-queries-per-thread.
5513 - added tpkg test for answering three queries at the same time
5514 using one thread (from the query service list).
5516 27 March 2007: Wouter
5517 - added test for cache and not cached answers, in testbound replays.
5518 - testbound can give config file and commandline options from the
5519 replay file to unbound.
5520 - created test that checks if items drop out of the cache.
5521 - added word 'partitioned hash table' to documentation on slab hash.
5522 A slab hash is a partitioned hash table.
5523 - worker can handle multiple queries at a time.
5525 26 March 2007: Wouter
5526 - config settings for slab hash message cache.
5527 - test for cached answer.
5528 - Fixup deleting fake answer from testbound list.
5530 23 March 2007: Wouter
5531 - review of yesterday's commits.
5532 - covered up memory leak of the entry locks.
5533 - answers from the cache correctly. Copies flags correctly.
5534 - sanity check for incoming query replies.
5535 - slabbed hash table. Much nicer contention, need dual cpu to see.
5537 22 March 2007: Wouter
5538 - AIX configure check.
5539 - lock-verify can handle references to locks that are created
5540 in files it has not yet read in.
5541 - threaded hash table test.
5542 - unit test runs lock-verify afterwards and checks result.
5543 - need writelock to update data on hash_insert.
5544 - message cache code, msgreply code.
5546 21 March 2007: Wouter
5547 - unit test of hash table, fixup locking problem in table_grow().
5548 - fixup accounting of sizes for removing items from hashtable.
5549 - unit test for hash table, single threaded test of integrity.
5550 - lock-verify reports errors nicely. More quiet in operation.
5552 16 March 2007: Wouter
5553 - lock-verifier, checks consistent order of locking.
5555 14 March 2007: Wouter
5556 - hash table insert (and subroutines) and lookup implemented.
5557 - hash table remove.
5558 - unit tests for hash internal bin, lru functions.
5560 13 March 2007: Wouter
5561 - lock_unprotect in checklocks.
5562 - util/storage/lruhash.h for LRU hash table structure.
5564 12 March 2007: Wouter
5565 - configure.ac moved to 0.2.
5566 - query_info and replymsg util/data structure.
5568 9 March 2007: Wouter
5569 - added rwlock writelock checking.
5570 So it will keep track of the writelock, and readlocks are enforced
5571 to not change protected memory areas.
5572 - log_hex function to dump hex strings to the logfile.
5573 - checklocks zeroes its destroyed lock after checking memory areas.
5574 - unit test for alloc.
5575 - identifier for union in checklocks to please older compilers.
5578 8 March 2007: Wouter
5579 - Reviewed checklock code.
5581 7 March 2007: Wouter
5582 - created a wrapper around thread calls that performs some basic
5583 checking for data race and deadlock, and basic performance
5584 contention measurement.
5586 6 March 2007: Wouter
5587 - Testbed works with threading (different machines, different options).
5588 - alloc work, does the special type.
5590 2 March 2007: Wouter
5591 - do not compile fork funcs unless needed. Otherwise will give
5592 type errors as their typedefs have not been enabled.
5593 - log shows thread numbers much more nicely (and portably).
5594 - even on systems with nonthreadsafe libevent signal handling,
5595 unbound will exit if given a signal.
5596 Reloads will not work, and exit is not graceful.
5597 - start of alloc framework layout.
5599 1 March 2007: Wouter
5600 - Signals, libevent and threads work well, with libevent patch and
5601 changes to code (close after event_del).
5602 - set ipc pipes nonblocking.
5604 27 February 2007: Wouter
5605 - ub_thread_join portable definition.
5606 - forking is used if no threading is available.
5607 Tested, it works, since pipes work across processes as well.
5608 Thread_join is replaced with waitpid.
5609 - During reloads the daemon will temporarily handle signals,
5610 so that they do not result in problems.
5611 - Also randomize the outgoing port range for tests.
5612 - If query list is full, will stop selecting listening ports for read.
5613 This makes all threads service incoming requests, instead of one.
5614 No memory is leaking during reloads, service of queries, etc.
5615 - test that uses ldns-testns -f to test threading. Have to answer
5616 three queries at the same time.
5617 - with verbose=0 operates quietly.
5619 26 February 2007: Wouter
5620 - ub_random code used to select ID and port.
5621 - log code prints thread id.
5622 - unbound can thread itself, with reload(HUP) and quit working
5624 - don't open pipes for #0, doesn't need it.
5625 - listens to SIGTERM, SIGQUIT, SIGINT (all quit) and SIGHUP (reload).
5627 23 February 2007: Wouter
5628 - Can do reloads on sigHUP. Everything is stopped, and freed,
5629 except the listening ports. Then the config file is reread.
5630 And everything is started again (and listening ports if needed).
5631 - Ports for queries are shared.
5632 - config file added interface:, chroot: and username:.
5633 - config file: directory, logfile, pidfile. And they work too.
5634 - will daemonize by default now. Use -d to stay in the foreground.
5635 - got BSD random[256 state] code, made it threadsafe. util/random.
5637 22 February 2007: Wouter
5638 - Have a config file. Removed commandline options, moved to config.
5639 - tests use config file.
5641 21 February 2007: Wouter
5642 - put -c option in man page.
5643 - minievent fd array capped by FD_SETSIZE.
5645 20 February 2007: Wouter
5646 - Added locks code and pthread spinlock detection.
5647 - can use no locks, or solaris native thread library.
5648 - added yacc and lex configure, and config file parsing code.
5649 also makedist.sh, and manpage.
5650 - put include errno.h in config.h
5652 19 February 2007: Wouter
5653 - Created 0.0 svn tag.
5654 - added acx_pthread.m4 autoconf check for pthreads from
5655 the autoconf archive. It is GPL-with-autoconf-exception Licensed.
5656 You can specify --with-pthreads, or --without-pthreads to configure.
5658 16 February 2007: Wouter
5659 - Updated testbed script, works better by using make on remote end.
5660 - removed check decls, we can compile without them.
5661 - makefile supports LIBOBJ replacements.
5662 - docs checks ignore compat code.
5663 - added util/mini-event.c and .h, a select based alternative used with
5664 ./configure --with-libevent=no
5665 It is limited to 1024 file descriptors, and has less features.
5666 - will not create ip6 sockets if ip6 not on the machine.
5668 15 February 2007: Wouter
5669 - port to FreeBSD 4.11 Dec Alpha. Also works on Solaris 10 sparc64,
5670 Solaris 9, FreeBSD 6, Linux i386 and OSX powerpc.
5671 - malloc rndstate, so that it is aligned for access.
5672 - fixed rbtree cleanup with postorder traverse.
5673 - fixed pending messages are deleted when handled.
5674 - You can control verbosity; default is not verbose, every -v
5675 adds more verbosity.
5677 14 February 2007: Wouter
5678 - Included configure.ac changes from ldns.
5679 - detect (some) headers before the standards check.
5680 - do not use isblank to test c99, since its not available on solaris9.
5681 - review of testcode.
5682 * entries in a RANGE are no longer reversed.
5683 * print name of file with replay entry parse errors.
5684 - port to OSX: cast to int for some prints of sizet.
5685 - Makefile copies ldnstestpkts.c before doing dependencies on it.
5687 13 February 2007: Wouter
5688 - work on fake events, first fwd replay works.
5689 - events can do timeouts and errors on queries to servers.
5690 - test package that runs replay scenarios.
5692 12 February 2007: Wouter
5693 - work on fake events.
5695 9 February 2007: Wouter
5696 - replay file reading.
5697 - fake event setup, it creates fake structures, and teardowns,
5698 added signal callbacks to reply to be able to fake those,
5699 and main structure of event replay routines.
5701 8 February 2007: Wouter
5704 - testcode/fake_event work.
5706 7 February 2007: Wouter
5707 - return answer with the same ID as query was sent with.
5708 - created udp forwarder test. I've done some effort to make it perform
5709 quickly. After servers are created, no big sleep statements but
5710 it checks the logfiles to see if servers have come up. Takes 0.14s.
5711 - set addrlen value when calling recvfrom.
5712 - comparison of addrs more portable.
5713 - LIBEVENT option for testbed to set libevent directory.
5714 - work on tcp input.
5716 6 February 2007: Wouter
5717 - reviewed code and improved in places.
5719 5 February 2007: Wouter
5720 - Picked up stdc99 and other define tests from ldns. Improved
5721 POSIX define test to include getaddrinfo.
5722 - defined constants for netevent callback error code.
5723 - unit test for strisip6.
5725 2 February 2007: Wouter
5726 - Created udp4 and udp6 port arrays to provide service for both
5728 - uses IPV6_USE_MIN_MTU for udp6 ,IPV6_V6ONLY to make ip6 sockets.
5729 - listens on both ip4 and ip6 ports to provide correct return address.
5730 - worker fwder address filled correctly.
5732 - forwards udp queries and sends answer.
5734 1 February 2007: Wouter
5735 - outside network more UDP work.
5736 - moved * closer to type.
5737 - comm_timer object and events.
5739 31 January 2007: Wouter
5740 - Added makedist.sh script to make release tarball.
5741 - Removed listen callback layer, did not add anything.
5742 - Added UDP recv to netevent, worker callback for udp.
5743 - netevent communication reply storage structure.
5744 - minimal query header sanity checking for worker.
5745 - copied over rbtree implementation from NSD (BSD licensed too).
5746 - outgoing network query service work.
5748 30 January 2007: Wouter
5749 - links in example/ldns-testpkts.c and .h for premade packet support.
5750 - added callback argument to listen_dnsport and daemon/worker.
5752 29 January 2007: Wouter
5753 - unbound.8 a short manpage.
5755 26 January 2007: Wouter
5757 - make lint works on BSD and Linux (openssl defines).
5759 - testbound program start.
5761 25 January 2007: Wouter
5762 - fixed lint so it may work on BSD.
5763 - put license into header of every file.
5764 - created verbosity flag.
5765 - fixed libevent configure flag.
5766 - detects event_base_free() in new libevent 1.2 version.
5767 - getopt in daemon. fatal_exit() and verbose() logging funcs.
5768 - created log_assert, that throws assertions to the logfile.
5769 - listen_dnsport service. Binds ports.
5771 24 January 2007: Wouter
5772 - cleaned up configure.ac.
5774 23 January 2007: Wouter
5775 - added libevent to configure to link with.
5776 - util/netevent setup work.
5777 - configure searches for libevent.
5778 - search for libs at end of configure (when other headers and types
5780 - doxygen works with ATTR_UNUSED().
5781 - util/netevent implementation.
5783 22 January 2007: Wouter
5784 - Designed header file for network communication.
5786 16 January 2007: Wouter
5787 - added readme.svn and readme.tests.
5789 4 January 2007: Wouter
5790 - Testbed script (run on multiple platforms the test set).
5791 Works on Sunos9, Sunos10, FreeBSD 6.1, Fedora core 5.
5792 - added unit test tpkg.
5794 3 January 2007: Wouter
5795 - committed first set of files into subversion repository.
5796 svn co svn+ssh://unbound.net/svn/unbound
5797 You need a ssh login. There is no https access yet.
5798 - Added LICENSE, the BSD license.
5799 - Added doc/README with compile help.
5800 - main program stub and quiet makefile.
5801 - minimal logging service (to stderr).
5802 - added postcommit hook that serves emails.
5803 - added first test 00-lint. postcommit also checks if build succeeds.
5804 - 01-doc: doxygen doc target added for html docs. And stringent test
5805 on documented files, functions and parameters.
5807 15 December 2006: Wouter
5808 - Created Makefile.in and configure.ac.
projects / FreeBSD / FreeBSD.git / blob