Unbound 1.6.7rc1 pre-release

Hi,

This is the unbound 1.6.7rc1 prerelease.
https://www.unbound.net/downloads/unbound-1.6.7rc1.tar.gz
sha256 a92b673d66b57f3fd3d2e21da2174ec21ab76500ba2e07545287e206c52504a1
pgp https://www.unbound.net/downloads/unbound-1.6.7rc1.tar.gz.asc

This release sets the default for trust anchor signaling to yes. This
makes a query with the key tags of the validation keys when the trust
anchor DNSKEY is retrieved.

Features:
- Set trust-anchor-signaling default to yes
- Fix #1440: [dnscrypt] client nonce cache.
- Fix #1435: Please allow UDP to be disabled separately upstream and
  downstream.

Bug fixes:
- Fix that looping modules always stop the query, and don't pass
  control.
- Fix unbound-host to report error for DNSSEC state of failed lookups.
- Spelling fixes, from Josh Soref.
- Fix #1400: allowing use of global cache on ECS-forwarding unless
  always-forward.
- use a cachedb answer even if it's "expired" when serve-expired is yes
  (patch from Jinmei Tatuya).
- trigger refetching of the answer in that case (this will bypass
  cachedb lookup)
- allow storing a 0-TTL answer from cachedb in the in-memory message
  cache when serve-expired is yes
- Fix DNSCACHE_STORE_ZEROTTL to be bigger than 0xffff.
- Log name of looping module
- Fix #1450: Generate again patch contrib/aaaa-filter-iterator.patch
   (by Danilo G. Baio).
- Fix param unused warning for windows exportsymbol compile.
- Use RCODE from A query on DNS64 synthesized answer.
- Fix trust-anchor-signaling works in libunbound.

Best regards, Wouter

Seems to work fine on fedora.

Paul

Debian lintian suggest:
  doc/unbound-control.8.in: sucessfully -> successfully
  doc/unbound-control.8.in: allow to -> allow one to

and these two warnings...

libtool: compile: gcc -I. -Wdate-time -D_FORTIFY_SOURCE=2 -I/usr/include/python2.7 -g -O2 "-fdebug-prefix-map=/<<PKGBUILDDIR>>=."
-fstack-protector-strong -Wformat -Werror=format-security -pthread -I/usr/include/google -c util/configparser.c -fPIE -o configparser.o
util/configparser.c: In function 'ub_c_parse':
./util/configparser.y:2307:3: warning: ignoring return value of 'asprintf', declared with attribute warn_unused_result [-Wunused-result]
   asprintf(&new_cstr, "%s\nzone %s", old_cstr?old_cstr:"", $2);
   ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
./util/configparser.y:2320:3: warning: ignoring return value of 'asprintf', declared with attribute warn_unused_result [-Wunused-result]
   asprintf(&new_cstr, "%s\n%s", old_cstr ? old_cstr : "", $2);
   ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

just installed here and seems to work fine also on Debian.

Andreas

Hi,

This is the unbound 1.6.7 release.
https://www.unbound.net/downloads/unbound-1.6.7.tar.gz
sha256 4e7bd43d827004c6d51bef73adf941798e4588bdb40de5e79d89034d69751c9f
pgp https://www.unbound.net/downloads/unbound-1.6.7.tar.gz.asc

This release sets the default for trust anchor signaling to yes. This
makes a query with the key tags of the validation keys when the trust
anchor DNSKEY is retrieved.

Features:
- Set trust-anchor-signaling default to yes
- Fix #1440: [dnscrypt] client nonce cache.
- Fix #1435: Please allow UDP to be disabled separately upstream and
  downstream.

Bug fixes:
- Fix that looping modules always stop the query, and don't pass
  control.
- Fix unbound-host to report error for DNSSEC state of failed lookups.
- Spelling fixes, from Josh Soref.
- Fix #1400: allowing use of global cache on ECS-forwarding unless
  always-forward.
- use a cachedb answer even if it's "expired" when serve-expired is yes
  (patch from Jinmei Tatuya).
- trigger refetching of the answer in that case (this will bypass
  cachedb lookup)
- allow storing a 0-TTL answer from cachedb in the in-memory message
  cache when serve-expired is yes
- Fix DNSCACHE_STORE_ZEROTTL to be bigger than 0xffff.
- Log name of looping module
- Fix #1450: Generate again patch contrib/aaaa-filter-iterator.patch
   (by Danilo G. Baio).
- Fix param unused warning for windows exportsymbol compile.
- Use RCODE from A query on DNS64 synthesized answer.
- Fix trust-anchor-signaling works in libunbound.
- Fix spelling in unbound-control man page.

Best regards, Wouter