Unbound 1.9.0rc1 pre-release

Hi,

Unbound 1.9.0rc1 pre-release is available:
https://www.nlnetlabs.nl/downloads/unbound/unbound-1.9.0rc1.tar.gz
sha256 f3536f75b30a3bfdc434bc9489415b52c5a86652412de8cacde5a25913984c30
pgp https://www.nlnetlabs.nl/downloads/unbound/unbound-1.9.0rc1.tar.gz.asc

This is the maintainers pre-release, the actual release follows later.

This release contains the DNS Flag Day changes for Unbound. See the
reference here, https://dnsflagday.net/ . Or this presentation:
https://indico.dns-oarc.net/event/29/contributions/662/attachments/634/1063/EDNS_Flag_Day_-_OARC29.pdf
. The EDNS timeouts are not used to fallback to nonEDNS queries.

Out of order processing is implemented, for TCP and TLS. It can be
configured with a maximum amount of memory to use to store pending
answers, and the current memory usage is in the statistics output. This
is with stream-wait-size in unbound.conf and mem.streamwait in
unbound-control stats output. Streams that cause the total memory
counted to exceed the maximum are dropped, but it is possible to get a
number of responses with little memory used.

There is also TLS session resumption support, that can be enabled with
the tls-session-ticket-keys option. Together with the already existing
TCP fast open, enabled with --enable-tfo-server --enable-tfo-client,
that enables zero RTT stream reconnections to the server. Make sure to
also increase incoming-num-tcp if you expect a lot of TCP and TLS users.

Options are added to set the TLS ciphers and TLS ciphersuites from
unbound.conf. This can be done with the tls-chiphers and
tls-ciphersuites options.

TLS can be used from libunbound, with the ub_ctx_set_tls config call,
use that together with ub_ctx_set_fwd to select DNS over TLS transport.

Features
- log-tag-queryreply: yes in unbound.conf tags the log-queries and
  log-replies in the log file for easier log filter maintenance.
- ip-ratelimit-factor of 1 allows all traffic through, instead of the
  previous blocking everything.
- Fix #4206: support openssl 1.0.2 for TLS hostname verification,
  alongside the 1.1.0 and later support that is already there.
- Add contrib/unbound-fuzzme.patch from Jacob Hoffman-Andrews,
  the patch adds a program used for fuzzing.
- streamtcp option -a send queries consecutively and prints answers
  as they arrive.
- out-of-order processing for TCP and TLS.
- Add stream-wait-size: 4m config option to limit the maximum
  memory used by waiting tcp and tls stream replies. This avoids
  a denial of service where these replies use up all of the memory.
- unbound-control stats has mem.streamwait that counts TCP and TLS
  waiting result buffers.
- Patch from Manabu Sonoda with tls-ciphers and tls-ciphersuites
  options for unbound.conf.
- Patch for TLS session resumption from Manabu Sonoda,
  enable with tls-session-ticket-keys in unbound.conf.
- ub_ctx_set_tls call for libunbound that enables DoT for the machines
  set with ub_ctx_set_fwd. Patch from Florian Obser.

Bug Fixes
- Fix that unbound-checkconf does not complains if the config file
  is not placed inside the chroot.
- Refuse to start with no ports.
- Remove clang analysis warnings.
- Patch for typo in unbound.conf man page.
- Fix icon, no ragged edges and nicer resolutions available, for eg.
  Win 7 and Windows 10 display.
- cache-max-ttl also defines upperbound of initial TTL in response.
- Fix config parser memory leaks.
- Fix for FreeBSD port make with dnscrypt and dnstap enabled.
- Fixup openssl 1.0.2 compile
- Fix for crash in dns64 module if response is null.
- On FreeBSD warn if systcl settings do not allow server TCP FASTOPEN,
  and server tcp fastopen is enabled at compile time.
- Document interaction between the tls-upstream option in the server
  section and forward-tls-upstream option in the forward-zone sections.
- Fix syntax in comment of local alias processing.
- Fix NSEC3 record that is returned in wildcard replies from
  auth-zone zones with NSEC3 and wildcards.
- Log query name for looping module errors.
- For caps-for-id fallback, use the whitelist to avoid timeout
  starting a fallback sequence for it.
- increase mesh max activation count for capsforid long fetches.
- Fix for #4219: secondaries not updated after serial change, unbound
  falls back to AXFR after IXFR gives several timeout failures.
- Fix that auth zone after IXFR fallback tries the same master.
- Fix for IXFR fallback to reset counter when IXFR does not timeout.
- Newer aclocal and libtoolize used for generating configure scripts,
  aclocal 1.16.1 and libtoolize 2.4.6.
- Fix unit test for python 3.7 new keyword 'async'.
- clang analysis fixes, assert arc4random buffer in init,
  no check for already checked delegation pointer in iterator,
  in testcode check for NULL packet matches, in perf do not copy
  from NULL start list when growing capacity. Adjust host and file
  only when present in test header read to please checker. In
  testcode for unknown macro operand give zero result. Initialise the
  passed argv array in test code. In test code add EDNS data
  segment copy only when nonempty.
- Patch from Florian Obser fixes some compiler warnings:
  include mini_event.h to have a prototype for mini_ev_cmp
  include edns.h to have a prototype for apply_edns_options
  sldns_wire2str_edns_keepalive_print is only called in the wire2str,
  module declare it static to get rid of compiler warning:
  no previous prototype for function
  infra_find_ip_ratedata() is only called in the infra module,
  declare it static to get rid of compiler warning:
  no previous prototype for function
  do not shadow local variable buf in authzone
  auth_chunks_delete and az_nsec3_findnode are only called in the
  authzone module, declare them static to get rid of compiler warning:
  no previous prototype for function...
  copy_rrset() is only called in the respip module, declare it
  static to get rid of compiler warning:
  no previous prototype for function 'copy_rrset'
  no need for another variable "r"; gets rid of compiler warning:
  declaration shadows a local variable in libunbound.c
  no need for another variable "ns"; gets rid of compiler warning:
  declaration shadows a local variable in iterator.c
- Moved includes and make depend.
- updated contrib/fastrpz.patch to cleanly diff.
- remove compile warnings from libnettle compile.
- output of newer lex 2.6.1 and bison 3.0.5.
- Set build system for added call in the libunbound API.
- List example config for root zone copy locally hosted with auth-zone
  as suggested from draft-ietf-dnsop-7706-bis-02. But with updated
  B root address.

Best regards, Wouter

Running ok on my test server.

29.01.2019 15:22, Wouter Wijngaards via Unbound-users пишет:

Hello,

some points I noticed while diffing against 1.8.3:
  * doc/example.conf.in
      tls-chiphers and tls-ciphersuites suggest ciphersuites in an uncommon order
      tls-chiphers prefer DHE over ECDHE while DHE is slower
      tls-ciphersuites prefer CCM over GCM and Chacha

      -> without deeper knowledge I feel, this list is not a good suggestion.

      tls-session-ticket-keys: "requires restart to take effect."
      2017 I had a conversation with Filippo Valsorda regarding session ticket keys
      (context: webservers)
      He suggested to rotate them in terms of hours. OK, that's supported but require unbound
      to restart? is not a value.

      I would love to see unbound (as well as any other TLS server)
      handle that job in a housekeeping thread without administrative interaction.

      https://blog.cloudflare.com/tls-1-3-overview-and-q-and-a/
      https://blog.filippo.io/we-need-to-talk-about-session-tickets/

many build time scripts use #!/usr/bin/sh instead of #!/bin/sh
/usr/bin/sh does not exist on any system I use.
Just wondering, it's not a problem for compilation...

finally: 2 compile time warnings:
./util/configparser.y:2736:3: warning: ignoring return value of 'asprintf', declared with attribute warn_unused_result [-Wunused-result]
   (void)asprintf(&new_cstr, "%s\nzone %s", old_cstr?old_cstr:"", $2);
   ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
./util/configparser.y:2749:3: warning: ignoring return value of 'asprintf', declared with attribute warn_unused_result [-Wunused-result]
   (void)asprintf(&new_cstr, "%s\n%s", old_cstr ? old_cstr : "", $2);
   ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

will install on some lab servers...

Andreas

Unbound 1.9.0rc1 pre-release is available

Hello,

some points I noticed while diffing against 1.8.3:
  * doc/example.conf.in
      tls-chiphers and tls-ciphersuites suggest ciphersuites in an uncommon order
      tls-chiphers prefer DHE over ECDHE while DHE is slower
      tls-ciphersuites prefer CCM over GCM and Chacha

      -> without deeper knowledge I feel, this list is not a good suggestion.

thanks for bringing this up,
I just wanted to add this list of recommended ciphers from RFC7525 [1]
(even though this RFC is from before TLS 1.3 was published)

   o TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
   o TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
   o TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
   o TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

[1] https://tools.ietf.org/html/rfc7525#section-4.2

Hi,

Unbound 1.9.0 is available:
https://www.nlnetlabs.nl/downloads/unbound/unbound-1.9.0.tar.gz
sha256 415af94b8392bc6b2c52e44ac8f17935cc6ddf2cc81edfb47c5be4ad205ab917
pgp https://www.nlnetlabs.nl/downloads/unbound/unbound-1.9.0.tar.gz.asc

This release contains the DNS Flag Day changes for Unbound. See the
reference here, https://dnsflagday.net/ . Or this presentation:
https://indico.dns-oarc.net/event/29/contributions/662/attachments/634/1063/EDNS_Flag_Day_-_OARC29.pdf
. The EDNS timeouts are not used to fallback to nonEDNS queries.

Out of order processing is implemented, for TCP and TLS. It can be
configured with a maximum amount of memory to use to store pending
answers, and the current memory usage is in the statistics output. This
is with stream-wait-size in unbound.conf and mem.streamwait in
unbound-control stats output. Streams that cause the total memory
counted to exceed the maximum are dropped, but it is possible to get a
number of responses with little memory used.

There is also TLS session resumption support, that can be enabled with
the tls-session-ticket-keys option. Together with the already existing
TCP fast open, enabled with --enable-tfo-server --enable-tfo-client,
that enables zero RTT stream reconnections to the server. Make sure to
also increase incoming-num-tcp if you expect a lot of TCP and TLS users.

Options are added to set the TLS ciphers and TLS ciphersuites from
unbound.conf. This can be done with the tls-chiphers and
tls-ciphersuites options.

TLS can be used from libunbound, with the ub_ctx_set_tls config call,
use that together with ub_ctx_set_fwd to select DNS over TLS transport.

Features
- log-tag-queryreply: yes in unbound.conf tags the log-queries and
  log-replies in the log file for easier log filter maintenance.
- ip-ratelimit-factor of 1 allows all traffic through, instead of the
  previous blocking everything.
- Fix #4206: support openssl 1.0.2 for TLS hostname verification,
  alongside the 1.1.0 and later support that is already there.
- Add contrib/unbound-fuzzme.patch from Jacob Hoffman-Andrews,
  the patch adds a program used for fuzzing.
- streamtcp option -a send queries consecutively and prints answers
  as they arrive.
- out-of-order processing for TCP and TLS.
- Add stream-wait-size: 4m config option to limit the maximum
  memory used by waiting tcp and tls stream replies. This avoids
  a denial of service where these replies use up all of the memory.
- unbound-control stats has mem.streamwait that counts TCP and TLS
  waiting result buffers.
- Patch from Manabu Sonoda with tls-ciphers and tls-ciphersuites
  options for unbound.conf.
- Patch for TLS session resumption from Manabu Sonoda,
  enable with tls-session-ticket-keys in unbound.conf.
- ub_ctx_set_tls call for libunbound that enables DoT for the machines
  set with ub_ctx_set_fwd. Patch from Florian Obser.

Bug Fixes
- Fix that unbound-checkconf does not complains if the config file
  is not placed inside the chroot.
- Refuse to start with no ports.
- Remove clang analysis warnings.
- Patch for typo in unbound.conf man page.
- Fix icon, no ragged edges and nicer resolutions available, for eg.
  Win 7 and Windows 10 display.
- cache-max-ttl also defines upperbound of initial TTL in response.
- Fix config parser memory leaks.
- Fix for FreeBSD port make with dnscrypt and dnstap enabled.
- Fixup openssl 1.0.2 compile
- Fix for crash in dns64 module if response is null.
- On FreeBSD warn if systcl settings do not allow server TCP FASTOPEN,
  and server tcp fastopen is enabled at compile time.
- Document interaction between the tls-upstream option in the server
  section and forward-tls-upstream option in the forward-zone sections.
- Fix syntax in comment of local alias processing.
- Fix NSEC3 record that is returned in wildcard replies from
  auth-zone zones with NSEC3 and wildcards.
- Log query name for looping module errors.
- For caps-for-id fallback, use the whitelist to avoid timeout
  starting a fallback sequence for it.
- increase mesh max activation count for capsforid long fetches.
- Fix for #4219: secondaries not updated after serial change, unbound
  falls back to AXFR after IXFR gives several timeout failures.
- Fix that auth zone after IXFR fallback tries the same master.
- Fix for IXFR fallback to reset counter when IXFR does not timeout.
- Newer aclocal and libtoolize used for generating configure scripts,
  aclocal 1.16.1 and libtoolize 2.4.6.
- Fix unit test for python 3.7 new keyword 'async'.
- clang analysis fixes, assert arc4random buffer in init,
  no check for already checked delegation pointer in iterator,
  in testcode check for NULL packet matches, in perf do not copy
  from NULL start list when growing capacity. Adjust host and file
  only when present in test header read to please checker. In
  testcode for unknown macro operand give zero result. Initialise the
  passed argv array in test code. In test code add EDNS data
  segment copy only when nonempty.
- Patch from Florian Obser fixes some compiler warnings:
  include mini_event.h to have a prototype for mini_ev_cmp
  include edns.h to have a prototype for apply_edns_options
  sldns_wire2str_edns_keepalive_print is only called in the wire2str,
  module declare it static to get rid of compiler warning:
  no previous prototype for function
  infra_find_ip_ratedata() is only called in the infra module,
  declare it static to get rid of compiler warning:
  no previous prototype for function
  do not shadow local variable buf in authzone
  auth_chunks_delete and az_nsec3_findnode are only called in the
  authzone module, declare them static to get rid of compiler warning:
  no previous prototype for function...
  copy_rrset() is only called in the respip module, declare it
  static to get rid of compiler warning:
  no previous prototype for function 'copy_rrset'
  no need for another variable "r"; gets rid of compiler warning:
  declaration shadows a local variable in libunbound.c
  no need for another variable "ns"; gets rid of compiler warning:
  declaration shadows a local variable in iterator.c
- Moved includes and make depend.
- updated contrib/fastrpz.patch to cleanly diff.
- remove compile warnings from libnettle compile.
- output of newer lex 2.6.1 and bison 3.0.5.
- Set build system for added call in the libunbound API.
- List example config for root zone copy locally hosted with auth-zone
  as suggested from draft-ietf-dnsop-7706-bis-02. But with updated
  B root address.
- Fixed spelling of tls-ciphers option in example.conf.

Best regards, Wouter

Wouter Wijngaards via Unbound-users:

There is also TLS session resumption support, that can be enabled with
the tls-session-ticket-keys option.

According to a scan of a unbound DoT endpoint running 1.9.1
unbound enables TLS session resumption based on
- Session ID
and
- Session Tickets
by default, without specifying tls-session-ticket-keys.

from the man page:

       tls-session-ticket-keys: <file>
              If not "", [...]

unbound will not start when setting:

tls-session-ticket-keys: ""

error: could not read tls-session-ticket-key : No such file or directory

Questions:

- What key is used to encrypt session tickets if tls-session-ticket-keys is not set?
- How can I disable TLS session resumption based on session tickets?
- What is the default timeout for session resumption based on session IDs?
- How can I configure that timeout?
- How can I disable TLS session resumption based on session IDs?

thanks,
nusenu

Wouter Wijngaards via Unbound-users:

There is also TLS session resumption support, that can be enabled with
the tls-session-ticket-keys option. Together with the already existing
TCP fast open, enabled with --enable-tfo-server --enable-tfo-client,
that enables zero RTT stream reconnections to the server.

Since session ticket based TLS resumption is obsoleted
in TLS 1.3 [1] and 0-RTT (on the TLS layer) has been introduced in TLS 1.3.

Does unbound support TLS 1.3 0-RTT aka "early data"? [2]
(downstream and upstream?)

[1] https://tools.ietf.org/html/rfc8446#section-2.2
[2] https://tools.ietf.org/html/rfc8446#section-2.3

nusenu via Unbound-users:

Wouter Wijngaards via Unbound-users:

There is also TLS session resumption support, that can be enabled with
the tls-session-ticket-keys option. Together with the already existing
TCP fast open, enabled with --enable-tfo-server --enable-tfo-client,
that enables zero RTT stream reconnections to the server.

Since session ticket based TLS resumption is obsoleted
in TLS 1.3 [1] and 0-RTT (on the TLS layer) has been introduced in TLS 1.3.

Does unbound support TLS 1.3 0-RTT aka "early data"? [2]
(downstream and upstream?)

[1] https://tools.ietf.org/html/rfc8446#section-2.2
[2] https://tools.ietf.org/html/rfc8446#section-2.3

this appears to fit well here:

(an early I-D)
https://datatracker.ietf.org/doc/draft-ghedini-dprive-early-data/