Unbound 1.5.1rc1 prerelease

Wouter · November 27, 2014, 8:58am

Hi,

This is the unbound-1.5.1rc1 prerelease.
http://unbound.net/downloads/unbound-1.5.1rc1.tar.gz
sha1 aef2fd7d2410b6fa96b3509dbaf10d15447f7c10
sha256 f188760b74b6ad7eaf403c9a96a546c937f547024df691f7e4eb064c0ebf0d37

Also http://unbound.net/downloads/unbound_setup_1.5.1rc1.exe and
http://unbound.net/downloads/unbound-1.5.1rc1.zip for windows.

This is the release candidate, and is released for package
maintainers. Please report port and build issues.

This release has crash fixes on the new randomness code from 1.5.0.
And DNS64 CD flag support.

Features
- - Patch from Stephanie Lapie that implements aaaa-filter, added to
contrib/aaaa-filter-iterator.patch.

Bug Fixes
- - Fix that CD flag disables DNS64 processing, returning the DNSSEC
signed AAAA denial.
- - Fix compat/getentropy_win.c check if CryptGenRandom works and no
immediate exit on windows.
- - Fix crash on multiple thread random usage on systems without arc4random.
- - Fix log at high verbosity and memory allocation failure.
- - Fix libunbound undefined symbol errors for main.
- - Patch from Robert Edmonds to build pyunbound python module
differently. No versioninfo, with -shared and without $(LIBS).
- - Patch from Robert Edmonds fixes hyphens in unbound-anchor man page.
- - Removed 'increased limit open files' log message that is written to
console. It is only written on verbosity 4 and higher. This keeps
system bootup console cleaner.
- - Patch from James Raftery, always print stats for rcodes 0..5.
- - Fix #627: SSL_CTX_load_verify_locations return code not properly
checked.

Best regards,
Wouter

PaulWouters · November 27, 2014, 6:25pm

I can confirm the main symbol issue is fixed with libreswan and unbound
1.5.1rc1

Paul

Mees_de_Roo · November 28, 2014, 5:18pm

Hi,

This is the unbound-1.5.1rc1 prerelease.

Also http://unbound.net/downloads/unbound_setup_1.5.1rc1.exe and

Hi Wouter,
This release functions normally on windows7 and windows xp.
while testing it with icsi netalizr i got a warning on both that i never got before.
could this be unbound or is it coincidence further on yhe line:

2 popular names have a significant anomaly. The ownership suggested by the reverse name lookup does not match our understanding of the original name. This could be caused by an error somewhere in the domain information, deliberate blocking or redirection of a site using DNS, or it could be that your ISP's DNS Server is acting as a DNS "Man-in-the-Middle".

We attempted to download HTTP content from the IP addresses that your ISP's DNS server returned to you for these names. Where the download succeeded, you can click on the IP address in the table below to download a compressed file containing an HTTP session transcript.

Note! The session content is potentially harmful to your computer when viewed in a browser, so use caution when examining it.

      Name IP Address Reverse Name/SOA
      www.microsoft.com 172.229.191.138 a172-229-191-13[...]echnologies.com
      www.wamu.com 159.53.64.61 specialcdc2.firstusa.com

the downloaded pages are:

===================== REQUEST TO 172.229.191.138 =====================

GET / HTTP/1.1

Host: www.microsoft.com

User-Agent: Mozilla/4.0 (Windows XP 5.1) Java/1.8.0_25

Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5

Accept-Language: en-us,en;q=0.5

Accept-Encoding: gzip,deflate

Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7

Connection: close

============================== RESPONSE ==============================

HTTP/1.1 302 Moved Temporarily

Content-Length: 140

Content-Type: text/html; charset=utf-8

Location: /en-us/default.aspx

Server: Microsoft-IIS/8.5

P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"

X-AspNet-Version: 2.0.50727

VTag: 791725256700000000

X-Powered-By: ASP.NET

X-Powered-By: ARR/2.5

X-Powered-By: ASP.NET

Expires: Fri, 28 Nov 2014 16:59:20 GMT

Cache-Control: max-age=0, no-cache, no-store

Pragma: no-cache

Mees_de_Roo · November 28, 2014, 10:11pm

Hi,

This is the unbound-1.5.1rc1 prerelease.

Also http://unbound.net/downloads/unbound_setup_1.5.1rc1.exe and

Hi Wouter,

sorry about this confusion.
I tested further and this is just a coincidence.
unbound on windows 7 and windows xp is (again) running fine.
regards,
Mees

Wouter · December 2, 2014, 1:10am

Hi,

This is the unbound-1.5.1rc2 prerelease
http://unbound.net/downloads/unbound-1.5.1rc2.tar.gz
sha1 a8383b37458c8642a08e6cca1b70563143708003
sha256 6f12977d7915db28f7f5dc2f46911c9605e3e2f6c8d0eaa91e1ce7a81f0819ef

Also http://unbound.net/downloads/unbound_setup_1.5.1rc2.exe and
http://unbound.net/downloads/unbound-1.5.1rc2.zip for windows

This RC2 release fixes Linux build errors. It is otherwise identical
to the 1.5.1rc1.

- - Fix makefile for build from noexec source tree.
- - Add include to getentropy_linux.c, hopefully fixing debian build.
- - Fix bug#632: unbound fails to build on AArch64.

Best regards, Wouter

Wouter · December 8, 2014, 4:04pm

Hi,

The unbound-1.5.1 release
http://unbound.net/downloads/unbound-1.5.1.tar.gz
sha 5606c2246e7394bce88cc4f16edbd6b964237ea2
sha256 0ff82709fb2bd7ecbde8dbdcf60fa417d2b43379570a3d460193a76a169900ec

This unbound release consists of 1.5.1rc2 patched for CVE-2014-8602.
The 1.5.1 release date and the cve date conveniently lined up, hence
the fix is included in the 1.5.1 release.

CVE details: http://unbound.net/downloads/CVE-2014-8602.txt

Best regards,
Wouter

Larry_Havemann · December 9, 2014, 11:57pm

Hi Wouter,

I have 2 servers behind a VIP each receiving about 120k queries per second. One server is running 1.4.22 and is reporting “total.recursion.time.avg=1.901364”. The second server I upgraded this morning to 1.5.1 and is reporting “total.recursion.time.avg=4.192130”. Both version were built with the same options(–with-libevent --with-pthreads) on the same build host. Is there a reason the new version is about 2 seconds slower than the last stable release?

Thanks,
Larry

Config is the same on both servers:

server:
verbosity: 1
interface: 0.0.0.0
interface: ::/0
interface-automatic: yes
do-ip4: yes
do-ip6: yes
do-udp: yes
do-tcp: yes
do-daemonize: yes
prefetch: yes

num-threads: 22
num-queries-per-thread: 15360
statistics-interval: 0
extended-statistics: yes
statistics-cumulative: yes
outgoing-range: 30720

slabs

msg-cache-slabs: 16
infra-cache-slabs: 16
key-cache-slabs: 16
rrset-cache-slabs: 16

msg-cache-size: 2g
rrset-cache-size: 4g

so-rcvbuf: 409m
so-sndbuf: 409m

chroot: “”
logfile: “/var/log/unbound.log”
use-syslog: yes
log-time-ascii: yes
log-queries: no
module-config: “validator iterator”