Lines Matching full:for
2 - Fix spelling for the cache-min-negative-ttl entry in the
11 - Set version number to 1.21.0 for release.
12 - Fix that for windows the module startup is called and sets up
18 - Fix testbound for alloc stats strdup in util/alloc.c.
21 cookie secrets for EDNS COOKIE secret rollover. The remote control
23 commands can be used for rollover, the command print_cookie_secrets
25 - Fix that alloc stats for forwards and hints are printed, and when
26 alloc stats is enabled, the unit test for unbound control waits for
31 for tap_data_free, does not delete NULL items. Also it does not try
33 picked up the next item in the list for its loop causing invalid
34 free. Added internal unit test to unbound-dnstap-socket for that.
40 - Fix for #1114: Fix that cache fill for forward-host names is
43 delegation point cache fill routines use CDflag for AAAA message
45 cache uses the bit for disambiguation for dns64 but the recursion
46 uses CDflag for the AAAA target lookups, so the check correctly
53 - Add root key 38696 from 2024 for DNSSEC validation. It is added
60 - For #935 and #1104, clarify RPZ order and semantics.
63 - Merge #1110: Make fallthrough explicit for libworker.c.
64 - For #1110: Test for fallthrough attribute in configure and add
68 - Fix to have empty definition when not supported for weak attribute.
74 - Add dnstap-sample-rate that logs only 1/N messages, for high volume
83 - For #1103: Fix to drop mesh state reference for the http2 stream
86 h2_stream is NULL when not in use, for more initialisation.
89 - For #1103: fix to also drop mesh state reference when the discard
95 - For #1102: clearer text for using interface-* options for the
100 - For #1103: fix to also drop mesh state reference when a h2 reply is
104 - For #773: In contrib/unbound.service.in set unbound to start after
105 network-online.target. Also for contrib/unbound_portable.service.in.
117 - Don't check for message TTL changes if the RRsets remain the same.
120 - Fix for neater printout for error for missing DS response.
123 - Fix for #1099: Fix to check for deleted RRset when the contents
124 is updated and fetched after it is stored, and also check for a
129 when validation fails due to the missing DNSKEY. Also for key prime
133 - Fix for repeated use of a DNAME record: first overallocate and then
153 - Explicitly set the RD bit for the mesh query flags when prefetching.
163 adding helpful text for the Python interpreter version and allowing
171 - Add unit test for validation of repeated use of a DNAME record.
175 - Fix typos for 'the the' in text.
176 - Fix validation for repeated use of a DNAME record.
183 - Fix memory leak on exit for unbound-dnstap-socket; creates false
188 that the tcp read errors are labeled as initial for the first calls.
193 - Fix for #1079: fix RPZ taglist in iterator callback that no client
200 - Fix to enable that SERVFAIL is cached, for a short period, for more
222 - Fix to print a parse error when config is read with no name for
224 - Fix for parse end of forward-zone, stub-zone and view.
225 - Fix for #1064: Fix that cachedb expired messages are considered
229 - Merge #1069: Fix unbound-control stdin commands for multi-process
240 - Merge #1070: Fix rtt assignement for low values of
257 invalid argument for IPv6 link local addresses.
262 - Fix for #1062: declaration before statement, avoid print of null,
263 and redundant check for array size.
266 - Fix for the DNSBomb vulnerability CVE-2024-33655. Thanks to Xiang Li
268 for reporting it.
269 - Set version number to 1.20.0 for release. This became the release
273 - Cleanup unnecessary strdup calls for EDE strings.
276 - Fix doxygen comment for errinf_to_str_bogus.
284 - Add unit tests for cachedb and subnet cache expired data.
285 - Man page entry for unbound-checkconf -q.
292 - Fix configure flto check error, by finding grep for it.
294 for them and fixes #1038: fatal error: Could not initialize
297 with a nonzero value for the socket option argument.
298 - Fix doc unit test for out of directory build.
301 - Fix ci workflow for macos for moved install locations.
314 - Fix configure, autoconf for #1048.
321 - Fix cachedb for serve-expired with serve-expired-client-timeout.
322 - Fixup unit test for cachedb server expired client timeout with
332 - Add test for cachedb serve expired.
333 - Extended test for cachedb serve expired.
334 - Fix makefile dependencies for fake_event.c.
335 - Fix cachedb for serve-expired with serve-expired-reply-ttl.
336 - Fix to not reply serve expired unless enabled for cachedb.
346 like Unbound already does for auto-trust-anchor-file.
349 - Fix comment syntax for view function views_find_view.
357 - For #1040: adjust error text and disallow negative ports in other
364 - Fix #369: dnstap showing extra responses; for client responses
370 - Fix for crypto related failures to have a better error string.
373 - Fix name of unit test for subnet cache response.
376 - Fix for #1032, add safeguard to make table space positive.
378 - Fix to add unit test for lruhash space that exercises the routines.
386 - For #831: Format text, use exclamation icon and explicit label
397 - Fix rpz, it follows iterator CNAMEs for nsip and nsdname and sets
398 the reply query_info values, that is better for debug logging.
401 - Add rpz unit test for nsip action override.
402 - Fix rpz for qtype CNAME after nameserver trigger.
405 - Merge #1030: Persist the openssl and expat directories for repeated
418 for the clientip trigger.
419 - Fix to unify codepath for local alias for rpz cname action override.
420 - Fix rpz for cname override action after nsdname and nsip triggers.
423 - Merge #1028: Clearer documentation for tcp-idle-timeout and
432 are long enough for newer OpenSSL versions. This fix is included
437 - Fix validator classification of qtype DNAME for positive and
438 redirection answers, and fix validator signature routine for dealing
439 with the synthesized CNAME for a DNAME without previously
440 encountering it and also for when the qtype is DNAME.
441 - Fix qname minimisation for reply with a DNAME for qtype CNAME that
452 - Version set to 1.19.3 for release. After 1.19.2 point release with
453 security fix for CVE-2024-1931, Denial of service when trimming
455 is for version 1.19.3. The code repo continues for version 1.19.4,
459 - Fix for #1022: Fix ede prohibited in access control refused answers.
462 - Fix edns subnet replies for scope zero answers to not get stored
470 - Document the suspend argument for process_ds_response().
490 - Fix documentation for access-control in the unbound.conf man page.
496 - Merge #999: Search for protobuf-c with pkg-config.
504 - Update error printout for duplicate trust anchors to include the
508 - Fix for #997: Print details for SSL certificate failure.
511 - Update workflow for ports to use newer openssl on windows compile.
512 - Fix warning for windres on resource files due to redefinition.
515 - Fix to link with libssp for libcrypto and getaddrinfo check for
516 only header. Also update crosscompile to remove ssp for 32bit.
520 - Fix to link with -lcrypt32 for OpenSSL 3.2.0 on Windows.
528 - Fix unit test for #987 change in udp1xxx retry packet send.
536 for non-HTTP/2 DoH clients.
544 - Merge PR #973: Use the origin (DNAME) TTL for synthesized CNAMEs as
558 - Updated IPv4 and IPv6 address for b.root-servers.net in root hints.
584 - Tag for 1.19.0rc1 release. It became 1.19.0 release on 8 nov 2023.
592 - Fix SSL compile failure for definition in log_crypto_err_io_code_arg.
593 - Fix SSL compile failure for other missing definitions in
609 - Clearer configure text for missing protobuf-c development libraries.
622 - Mailing list patches from Daniel Gröber for DNS64 fallback to plain
623 AAAA when no A record exists for synthesis, and minor DNS64 code
624 refactoring for better readability.
625 - Fixes for the DNS64 patches.
626 - Update the dns64_lookup.rpl test for the DNS64 fallback patch.
628 - Update testdata/ipset.tdir test for ipset fix.
631 - Fix #954: Inconsistent RPZ handling for A record returned along with
641 - For multi Python module setups, clean previously parsed module
646 - Better fix for infinite loop when reading multiple lines of input on
653 for devices that cannot handle DNSSEC information. But it should not
655 DNSSEC validation would not work for Unbound itself, and also not
656 for downstream users. Default is no. The option
667 - Fix for #949: Fix pythonmod/ubmodule-tst.py for Python 3.x.
697 - Merge #936: Check for c99 with autoconf versions prior to 2.70.
701 - Fix authority zone answers for obscured DNAMEs and delegations.
705 and also waits for the condition to go away. Reported by Florian
713 - Fix to set ede match in unit test for rr length removal.
724 - Fix for WKS call to getservbyname that creates allocation on exit
729 - Fix for version generation race condition that ignored changes.
735 - Tag for 1.18.0rc1 release. This became the 1.18.0 release on
745 - Fix for #925: unbound.service: Main process exited, code=killed,
749 - Fix unit test for unbound-control to work when threads are disabled,
753 - Fix for iter_dec_attempts that could cause a hang, part of
760 RFC9018. Create server cookies for clients that send client cookies.
762 `answer-cookie: yes`. A `cookie-secret:` can be configured for
768 value determines a rate limit for queries with cookies, if desired.
769 - Fix regional_alloc_init for potential unaligned source of the copy.
779 - For #911: Try to trim EXTRA-TEXT (and LDNS_EDE_OTHER options
781 - More braces and formatting for Fix for EDNS EDE size calculation to
783 - Fix to use the now cached EDE, if any, for CD_bit queries.
786 - Fix for EDNS EDE size calculation.
789 - Merge #790 from Tom Carpay: Add support for EDE caching in cachedb
799 - Fix unused variable compile warning for kernel timestamps in
805 - For #857: fix mixed declarations and code.
806 - Merge #118 from mibere: Changed verbosity level for Redis init &
810 - Cleaner failure code for callback functions in interface.i.
813 - For #889: use netcat-openbsd instead of netcat-traditional.
814 - For #889: Account for num_detached_states before possible
820 - For #909: Fix return values.
825 - For #909: Fix RR class comparison.
836 - Merge #664 from tilan7763: Add prefetch support for subnet cache
838 - For #664: Easier code flow for subnetcache prefetching.
839 - For #664: Add testcase.
840 - For #664: Rename subnet_prefetch tests to subnet_global_prefetch to
845 - Code cleanup for sldns_str2wire_svcparam_key_lookup.
847 - For #802: Cleanup comments and add RCODE check for CD bit test case.
857 - More fixes for reference counting for python module and clean up
875 - Fix for issue #887 (Timeouts to forward servers on BSD based
889 - Fix for uncertain unit test for doh buffer size events.
893 - Fix unbound-dnstap-socket time fraction conversion for printout.
900 - Fix #888: [FR] Use kernel timestamps for dnstap.
901 - Fix to print debug log for ancillary data with correct IP address.
914 - For #722: minor fixes, formatting, refactoring.
926 socket queue for too long. Added statistics num.queries_timed_out
928 - Fix for #882: small changes, date updated in Copyright for
931 - Fix for #882: document variable to stop doxygen warning.
934 - Fix for #878: Invalid IP address in unbound.conf causes Segmentation
945 - Fix for #870: Add test case for the qname minimisation and CNAME.
948 - Fix #870: NXDOMAIN instead of NOERROR rcode when asked for existing
975 - Fix for #852: Completion of error handling.
982 - Clean up iterator/iterator.c::error_response_cache() and allow for
988 - Add testcase for refreshing expired error responses.
995 - Fix unit tests for spurious empty messages.
996 - Fix consistency of unit test without roundrobin answers for the
1004 - Add duration variable for speed_local.test.
1007 - Fix acx_nlnetlabs.m4 for -Wstrict-prototypes.
1017 queries for specific zones.
1021 the default value for edns-buffer-size. It restricts client edns
1029 - Set default for harden-unknown-additional to no. So that it does
1031 - Fix test for new default.
1042 - Improve documentation for #826, describe the large collisions amount.
1049 - Fix #823: Response change to NODATA for some ANY queries since
1057 - Tag for 1.17.1 release.
1060 - Fix windows compile for libunbound subprocess reap comm point closes.
1078 - Fix to wrap Makefile scripts directory in quotes for uninstall.
1086 - Clear documentation for interactivity between the subnet module and
1093 - Fix for the ignore of tcp events for closed comm points, preserve
1104 - Fix #779: [doc] Missing documention in ub_resolve_event() for
1108 - Complementary fix for distutils.sysconfig deprecation in Python 3.10
1112 - Fix to ignore tcp events for closed comm points.
1137 - Tag for 1.17.0 release. The code repository continues with 1.17.1.
1140 - Fix PROXYv2 header read for TCP connections when no proxied addresses
1144 - Tag for 1.17.0rc1 release.
1159 - Fix dnscrypt compile for proxy protocol code changes.
1162 - Use DEBUG_TDIR from environment in mini_tdir.sh for debugging.
1165 - Fix checkconf test for dnscrypt and proxy port.
1168 - Merge #764: Leniency for target discovery when under load (for
1188 - Better output for skipped tdir tests.
1191 - Patch for CVE-2022-3204 Non-Responsive Delegation Attack.
1193 with the previous features and fixes for 1.17.0.
1205 - Remove include that was there for debug purposes.
1223 - Fix to wait for blocked write on UDP sockets, with a timeout if it
1225 - Fix for wait for udp send to stop when packet is successfully sent.
1239 - Fix ratelimit inconsistency, for ip-ratelimits the value is the
1240 amount allowed, like for ratelimits.
1244 queries for answers from cache if from a query with sourcemask 0.
1245 - Fix unittest for edns subnet change.
1251 - Tests for ghost domain fixes.
1252 - Tag for 1.16.2 release. The code repo continues with 1.16.3.
1257 - Update documentation for 'outbound-msg-retry:'.
1269 - For windows crosscompile, fix setting the IPV6_MTU socket option
1274 - Fix dname count in sldns parse type descriptor for SVCB and HTTPS.
1280 - Fix bug introduced in 'improve val_sigcrypt.c::algo_needs_missing for
1286 - Tag for 1.16.1rc1 release. This became 1.16.1 on 11 July 2022.
1293 - For #660: formatting, less verbose logging, add EDE information.
1294 - Fix for correct openssl error when adding windows CA certificates to
1296 - Improve val_sigcrypt.c::algo_needs_missing for one loop pass.
1297 - Reintroduce documentation and more EDE support for
1312 - Fix compile warning for windows compile.
1316 - Fix #704: [FR] Statistics counter for number of outgoing UDP queries
1319 - Fix to not count cached NXDOMAIN for MAX_TARGET_NX.
1325 - Fix for cached 0 TTL records to not trigger prefetching when
1338 - Fix for loading locally stored zones that have lines with blanks or
1342 - Remove unused LDNS function check for GOST Engine unloading.
1347 addresses for auth and rpz zones.
1350 - Fix for edns client subnet to respect not looking in its cache when
1358 - Version is set to 1.16.0 for release. Release tag 1.16.0rc1. This
1363 - Fix to silence test for ede error output to the console from the
1369 - Fix typos in config_set_option for the 'num-threads' and
1383 - For #677: Added tls-system-cert to config parser and documentation.
1394 - Merge PR #604: Add basic support for EDE (RFC8914).
1407 and check for success for debug printout.
1418 - Fix #651: [FR] Better logging for refused queries.
1426 configuration option, to allow for more broadly view of the options.
1436 - Fix configure for python to use sysutils, because distutils is
1441 - Fix for #637: fix integer overflow checks in sldns_str2period.
1445 - Various fixes for #632: variable initialisation, convert the qinfo
1449 - Fix compile warnings for printf ll format on mingw compile.
1452 - Fix pythonmod for change in iter_dp_is_useless function prototype.
1459 - Fix #633: Document unix domain socket support for unbound-control.
1460 - Fix for #633: updated fix with new text.
1462 so that it is not state dependent, after the state fix of #605 for
1464 - Fix for edns client subnet option add fix in removal code, from review.
1468 useless for delegation point lookups.
1470 - Fix check interface existence for support detection in remote lookup.
1473 - Fix that address not available is squelched from the logs for
1479 - Fix for #628: fix rpz-passthru for qname trigger by localzone type.
1498 - Fix for #611: Integer overflow in sldns_wire2str_pkt_scan.
1499 - Tag for 1.15.0rc1 created. That became 1.15.0 on 10 feb 2022.
1513 - Update version number in repo to 1.15.0 for upcoming release,
1515 - Fix header comment for doxygen for authextstrtoaddr.
1516 - please clang analyzer for loop in test code.
1518 - Update contrib/aaaa-filter-iterator.patch with diff for current
1526 - Fix review comment for use-after-free when failing to send UDP out.
1541 - Test for NSID in SERVFAIL response due to DNSSEC bogus.
1552 - For dnstap, do not wakeupnow right there. Instead zero the timer to
1559 - Add a region to serviced_query for allocations.
1562 - Add rpz: for-downstream: yesno option, where the RPZ zone is
1563 authoritatively answered for, so the RPZ zone contents can be
1565 - For #602: Allow the module-config "subnetcache validator cachedb
1576 - Fix for #596: fix that rpz return message is returned and not just
1579 - Fix unit tests for rpz now that the AA flag returns successfully from
1581 - Fix for #596: add unit test for nsdname trigger and signal unset RA.
1582 - Fix for #596: add unit test for nsip trigger and signal unset RA.
1585 - Fix for #596: Fix rpz-signal-nxdomain-ra to work for clientip
1593 - Fix to add test for rpz-signal-nxdomain-ra.
1600 apply cleanly to the current coderepo for the current code version.
1606 - Add missing configure flags for optional features in the
1614 - Allow local-data for classes other than IN to inherit a configured
1619 - Add code similar to fix for ldns for tab between strings, for
1628 - Fix compile warning for if_nametoindex on windows 64bit.
1645 - Fix #574: Review fixes for size allocation.
1653 - Fix for #570: regen aclocal.m4, fix configure.ac for spelling.
1656 are used as value for interfaces:
1657 - Fix #574: Review fixes for it.
1659 - Fix #574: Review fix for spelling.
1662 - Improve EDNS option handling, now also works for synthesised
1666 - Fix for #558: fix loop in comm_point->tcp_free when a comm_point is
1668 - Fix for #558: clear the UB_EV_TIMEOUT bit before adding an event.
1683 - Fix chaos replies to have truncation for short message lengths,
1688 - Fix to add example.conf note for outbound-msg-retry.
1694 - For crosscompile on windows, detect 64bit stackprotector library.
1697 - For the windows compile script disable gost.
1700 - Fix crosscompile script for the shared build flags.
1704 link with ws2_32 needs -l:libssp.a for __strcpy_chk.
1709 - Fix lock debug code for gcc sanitizer reports.
1715 - Small fixes for #41: changelog, conflicts resolved,
1717 functions in the iterator, no colon in string for set_option,
1719 - Fix for #41: change outbound retry to int to fix signed comparison
1744 for ipbased triggers. Unlock the nsdname zone lock when done.
1747 - Fix compile warning in libunbound for listen desetup routine.
1748 - Fix asynclook unit test for setup of lockchecks before log.
1766 - Fix to support harden-algo-downgrade for ZONEMD dnssec checks.
1770 - Fix for #431: Squelch permission denied errors for udp connect,
1777 - Merge PR #514, from ziollek: Docker environment for run tests.
1778 - For #514: generate configure.
1781 - And 1.13.2rc1 became the 1.13.2 with the fix for the python module
1786 - Merge #519: Support for selective enabling tcp-upstream for
1788 - For #519: note stub-tcp-upstream and forward-tcp-upstream in
1790 - For #519: yacc and lex. And fix python bindings, and test program
1792 - For #519: fix comments for doxygen.
1793 - Fix to print error from unbound-anchor for writing to the key
1797 - Tag for 1.13.2rc1 release.
1814 - Fix unit test zonemd_reload for use in run_vm.
1828 - Prepare for OpenSSL 3.0.0 provider API usage, move the sldns
1838 - For #515: Fix compilation with openssl 3.0.0 beta2, lib64 dir and
1844 introduces a couple of fixes for the stream reuse functionality
1850 - Fix readzone unknown type print for memory resize.
1853 - Fix that ldns_zone_new_frm_fp_l counts the line number for an empty
1862 - Fix for #510: in depth, use ifdefs for windows api event calls.
1869 - Fix from lint for ignored return value.
1870 - Fix for older parsers for function call in serve expired get cached.
1876 - Fix compiler warnings for #491.
1877 - Fix clang-analysis warnings for testcode/readzone.c.
1893 - Fix configure grep for reuseport default for failure.
1896 - Fix unit test in the ctime_r calls for autotrust and in testbound.
1925 - Generated lexer and parser for #486; updated example.conf.
1928 - Use host_os instead of target_os in configure for Darwin8 build.
1940 - Fix test for zonemd-check option.
1946 of ZONEMD records for that zone.
1951 for it in the configuration to 150 for all key sizes.
1954 - For #492: Fix font highlighting for the man page on emacs.
1957 - Test code has -q option for quiet output.
1960 - Fix for #411, #439, #469: Reset the DNS message ID when moving queries
1962 - Refactor for uniform way to produce random DNS message IDs.
1979 - Fix for #367: only attempt to get the interface for queries that are no
1981 - Add more logging for out-of-memory cases.
1984 - Merge #478: Allow configuration of TCP timeout while waiting for
1994 about one of the last failures for that query.
1997 - Fix compiler warning for signed/unsigned comparison for
2011 - Further fix for #468: detect SSL_CTX_set_alpn_protos for build with
2016 - Fix documentation comment for files previously residing in checkconf/.
2024 - Fix (increase) verbosity level for iterator error log in
2032 - rebuild configure to set EXTRALINK to libunbound.la for #460.
2035 - Fix for #411: Depth protect for crash on deleted element timeout.
2048 - Disable the use of stack-protector for cross compiled 32-bit windows
2052 - Fix #429: Also fix end of transfer for http download of auth zones.
2055 - Fix deprecation test to work for iOS TVOS and WatchOS, it uses
2073 - Fix for #367: fix memory leak when cannot bind to listening port.
2084 - Fix for #447: squelch connection refused tcp connection failures
2088 - Fix #441: Minimal NSEC range not accepted for top level domains.
2091 - Fix parse of LOC RR type for decimetres.
2094 - Workaround for #439: prevent loops in the reuse rbtree.
2095 - Debug output for #411 and #439: printout internal error and details.
2104 - Fix for #367: rc_ports don't have ub_sock; skip cleaning up.
2111 and fixes #368 : dnstap does not log the DNS message ID for
2118 - ipsecmod: Better logging for detecting a cycle when attaching the
2123 sufficient for the configured cache size, and logs warning if not.
2125 - Fix unit test for added ulimit checks.
2129 - Fix for zonemd, that domain-insecure zones work without dnssec.
2130 - Fix for zonemd, do not reject insecure result from trust anchor
2134 - Fix #431: Squelch permission denied errors for tcp connect
2136 - Fix for zonemd, that nxdomain for the chain of trust is allowed
2137 for island zones, it is treated as an insecure zone for verification.
2141 ZONEMD records are checked for zones loaded as auth-zone,
2144 With zonemd-reject-absence for an auth-zone the presence of a
2145 zonemd can be mandated for specific zones.
2148 - rpz skip nsec3param records, and nicer log for unsupported actions.
2153 - Fix to make tests work with support indicators set for iterator.
2161 - Fix for Python 3.9, no longer use deprecated functions of
2172 - Fix dynlibmod link on rhel8 for -ldl inclusion.
2175 - Fix indentation of root anchor for use by windows install script.
2181 - Fix for doxygen 1.8.20 compatibility.
2185 - Fix to use correct type for label count in rpz routine.
2187 - Fix to use correct type for label count in ipdnametoaddr rpz routine.
2188 - Fix empty clause warning in edns pass for padding.
2208 - Fix TTL of SOA record for negative answers (localzone and
2212 - Support for RFC5001: DNS Name Server Identifier (NSID) Option
2225 - Fix for #93: dynlibmodule import library is named libunbound.dll.a.
2230 - Fix for #93: dynlibmodule link fix for Windows.
2241 - For #391: use struct timeval* start_time for callback information.
2242 - For #391: fix indentation.
2243 - For #391: more double casts in python start time calculation.
2259 - For #376: Fix that comm point event is not double removed or double
2282 - Fix #360: for the additionally reported TCP Fast Open makes TCP
2289 - Fix for #283: fix stream reuse and tcp fast open.
2299 not kept for reuse.
2300 - tag for the 1.13.0rc4 release. This also became the 1.13.0
2302 fix from 2 dec 2020. The code repo continues for 1.13.1 in
2306 - Fix compile warning for type cast in http2_submit_dns_response.
2307 - Fix when use free buffer to initialize rbtree for stream reuse.
2308 - Fix compile warnings for windows.
2310 - Fix contrib/metrics.awk for FreeBSD awk compatibility.
2311 - tag for the 1.13.0rc3 release.
2316 - For #352: contrib/metrics.awk for Prometheus style metrics output.
2323 - Better fix for reuse tree comparison for is-tls sockets. Where
2326 - Fix memory leak for edns client tag opcode config element.
2327 - Attempt fix for libevent state in tcp reuse cases after a packet
2329 - Fix readagain and writeagain callback functions for comm point
2331 - tag for the 1.13.0rc2 release.
2335 reuse for performing several queries over the same TCP or TLS
2337 - set version of main branch to 1.13.0 for upcoming release.
2339 - Fix one port unit test for udp-connect.
2340 - tag for the 1.13.0rc1 release.
2343 - Fix padding of struct regional for 32bit systems.
2357 - Fix for #303 CVE-2020-28935 : Fix that symlink does not interfere
2359 - Further fix for it and retvalue 0 fix for it.
2364 - Retry for interfaces with unused ports if possible.
2368 - Fix memory leak after fix for possible memory leak failure.
2394 traffic keeps up for the domain. It probes with one at a time, eg.
2401 - Fix for PR #324 to attach the x509v3 extensions to the client
2408 - Fix that http settings have colon in set_option, for
2416 - Fix dnstap test to wait for log timer to see if queries are logged.
2420 - Clean the fix for out of order TCP processing limits on number
2428 - Fix that if there are reply callbacks for the given rcode, those
2441 - Fix for python reply callback to see mesh state reply_list member,
2442 it only removes it briefly for the commpoint call so that it does
2446 - Free up auth zone parse region after use for lookup of host
2458 - Tag for 1.12.0 release.
2463 - Current repo is version 1.12.0 for release. Tag for 1.12.0rc1.
2468 - Fix stream_ssl, ssl_req_order and ssl_req_timeout tests for
2472 - Fix double loopexit for unbound-dnstap-socket after sigterm.
2478 - Fix unit test for dnstap changes, so that it waits for the timer.
2484 - Fix to ifdef fptr wlist item for dnstap.
2496 - Error message is logged for dynlibmod malloc failures.
2506 - Introduce test for statistics.
2527 uses the IP addresses for that named interface.
2538 - Change configure to use EVP_sha256 instead of HMAC_Update for
2545 - Create and init edns tags data for libunbound.
2563 apply cleanly to the current coderepo for the current code version.
2577 - Fix doxygen comment for no ssl for tls session ticket key callback
2595 - Fix contrib/fastrpz.patch to apply cleanly. It fixes for changes
2601 - Fix libnettle compile for session ticket key callback function
2611 - Fix check conf test for referencing installation paths.
2612 - Fix unused variable warning for clang analyzer.
2621 - Fix add missing DSA header, for compilation without deprecated
2625 - Longer keys for the test set, this avoids weak crypto errors.
2631 - Fix offset of error printout for access-control-tag-datas.
2632 - Review fixes for checkconf #259 change.
2638 - Move reply list clean for serve expired mesh callback to after
2640 - Also move reply list clean for mesh callbacks to the scrip callback
2642 - Fix for mesh accounting if the reply list already empty to begin
2644 - Fix for mesh accounting when rpz decides to drop a reply with a
2645 tcp stream waiting for it.
2646 - Review fix for number of detached states due to use of variable
2653 - doxygen file comments for dynlibmodule.
2656 - Fix default explanation in man page for qname-minimisation-strict.
2660 - Mention tls name possible when tls is enabled for stub-addr in the
2668 - Update contrib/aaaa-filter-iterator.patch for the recent
2672 - Fix for integer overflow when printing RDF_TYPE_TIME.
2682 - For PR #93: windows compile warnings removal
2683 - windows compile warnings removal for ip dscp option code.
2684 - For PR #93: unit test for dynlib module.
2687 - For PR #93: dynlibmod can handle reloads and deinit and inits again,
2688 with dlclose and dlopen of the library again. Also for multiple
2691 - For PR #93: checkconf allows multiple dynlib in module-config, for
2693 - For PR #93: checkconf allows python dynlib in module-config, for
2695 - For PR #93: man page spelling reference fix.
2696 - For PR #93: fix link of other executables for dynlibmod dependency.
2700 - Fixed conflicts for PR #93 and make configure, yacc, lex.
2701 - For PR #93: Fix warnings for dynlibmodule.
2707 - Explicitly use 'rrset-roundrobin: no' for test cases.
2716 - Change default value for 'rrset-roundrobin' to yes.
2717 - Fix tests for new rrset-roundrobin default.
2721 - Fix for count of reply states in the mesh.
2729 - Add doxygen documentation for DSCP.
2733 - Fix for posix shell syntax for trap in nsd-control-setup.
2734 - Fix for posix shell syntax for trap in run_msg.sh test script.
2749 - More documentation for redis-expire-records option.
2776 tag for outgoing packets.
2778 - Travis fix for ios by omitting tools from install.
2781 - Fix compile on Solaris for unbound-checkconf.
2793 - Fix #158: open tls-session-ticket-keys as binary, for Windows. By
2817 - Changelog entry for (Fix #189, Merge PR #190).
2855 - Merge PR #172: Add IBM s390x arch for testing, by noloader.
2858 - Merge PR #173: updated makedist.sh for config.guess and
2859 config.sub and sha256 digest for gpg, by noloader.
2875 to use TCP and TLS for connecting to the log server. There
2878 address of server for TCP or TLS use. dnstap-tls to turn
2881 to configure the certificates for server authentication and
2889 - Fix #169: Fix warning for daemon/remote.c output may be truncated
2894 dname, and in the client_info_compare routine for null memcmp.
2900 - Fix #165: Add prefer-ip4: yesno config option to prefer ipv4 for
2908 - Updated contrib/unbound_smf23.tar.gz with Solaris SMF service for
2913 - protect X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS with ifdef for
2917 - changelog point where the tag for 1.10.0rc2 release is. And with
2936 - tag for 1.10.0rc1 release.
2940 - Fix contrib/fastrpz.patch to apply cleanly. Fix for serve-stale
2973 - Added missing default values for redis cachedb backend.
2991 - Fix subnet tests for disabled DSA algorithm by default.
2992 - Update contrib/fastrpz.patch for clean diff with current code.
2993 - Merge PR#151: Fixes for systemd units, by Maryse47, Edmonds
2996 - updated .gitignore for added contrib file.
2997 - Add build rule for ipset to Makefile
3008 - Merge PR#147; change rfc reference for reserved top level dns names.
3012 - Fix to silence the tls handshake errors for broken pipe and reset
3022 to Libs/Requires for crypto library dependencies.
3023 - Fix #153: Disable validation for DSA algorithms. RFC 8624
3028 contrib/unbound_nochroot.service.in, a systemd file for use with
3039 - Fix for memory leak when edns subnet config options are read when
3041 - Fix auth zone support for NSEC3 records without salt.
3053 - Fix 'make test' to work for --disable-sha1 configure option.
3056 - Updated sldns_bget_token_par fix for also space for the zero
3057 delimiter after the character. And update for more spare space.
3063 - Changes to compat/getentropy_solaris.c for,
3064 ifdef stdint.h inclusion for older systems.
3065 ifdef sha2.h inclusion for older systems.
3086 - Fix Makefile.in for ipset module compile, from Adi Prasaja.
3090 - unbound-fuzzers.tar.bz2: three programs for fuzzing, that are 1:1
3091 replacements for unbound-fuzzme.c that gets created after applying
3094 - tag for 1.9.6rc1.
3097 - Fix lock type for memory purify log lock deletion.
3098 - Fix testbound for alloccheck runs, memory purify and lock checks.
3106 - Fix text around serial arithmatic used for RRSIG times to refer
3131 - Fix Client NONCE Generation used for Server NONCE,
3159 - Fix Weak Entropy Used For Nettle,
3176 - Changes to compat/getentropy files for,
3177 no link to openssl if using nettle, and hence config.h for
3179 compat definition of MAP_ANON, for older systems.
3180 ifdef stdint.h inclusion for older systems.
3181 ifdef sha2.h inclusion for older systems.
3191 - Fix python examples/calc.py for eval, reported by X41 D-Sec.
3192 - Fix comments for doxygen in dns64.
3215 - In unbound-host use separate variable for get_option to please
3218 - Provide a prototype for compat malloc to remove compile warning.
3219 - Portable grep usage for reuseport configure test.
3220 - Check return type of HMAC_Init_ex for openssl 0.9.8.
3221 - gitignore .source tempfile used for compatible make.
3225 - contrib/fastrpz.patch updated to apply for current code.
3226 - fixes for splint cleanliness, long vs int in SSL set_mode.
3229 - Fix #109: check number of arguments for stdin-pipes in
3231 - Merge #102 from jrtc27: Add getentropy emulation for FreeBSD.
3249 will drop DNSKEY and DS lookups for tlds and hence break DNSSEC
3250 lookups for downstream clients.
3257 - Merge 1.9.4 release with fix for vulnerability CVE-2019-16866.
3264 Drop CAP_KILL, use + prefix for ExecReload= instead.
3267 - The unbound.conf includes are sorted ascending, for include
3271 - Merge #85 for #84 from sam-lunt: Add kill capability to systemd
3284 - Merge pull request #76 from Maryse47: Improvements and fixes for
3287 - Fix fix for #78 to also free service callback struct.
3288 - Fix for oss-fuzz build warning.
3289 - Fix wrong response ttl for prepended short CNAME ttls, this would
3294 - Use explicit bzero for wiping clear buffer of hash in cachedb,
3308 there is a high volume and the operator cannot do anything for the
3333 issues an uninitialised value for the token buffer at the str2wire.c
3338 - Please doxygen's parser for "@" occurrence in doxygen comment.
3345 - avoid warning about upcast on 32bit systems for autotrust.
3346 - escape commandline contents for -V.
3357 - Fix warning for unused variable for compilation without systemd.
3362 are now moved from `-h` to `-V` as well for consistency.
3366 - For #52 #53, second context does not close logfile override.
3367 - Fix #52 #53, fix for example fail program.
3369 - Fix to remove unused test for task_probe existance.
3370 - Fix to timeval_add for remaining second in microseconds.
3376 name to make it unique, for libunbound created multiple contexts.
3387 if minimal-responses is enabled, also the additional for negative
3396 - Fix for possible assertion failure when answering respip CNAME from
3400 - For #45, check that 127.0.0.1 and ::1 are not used in unbound.conf
3417 - Added documentation to the ipset files (for doxygen output).
3427 - Fix for #24: Fix abort due to scan of auth zone masters using old
3470 They can be enabled with verbosity at higher values for diagnosing
3475 - Revert fix for oss-fuzz, error is in that build script that
3493 checkable, and is better for security. It is fixed to be slower,
3497 - contrib/fastrpz.patch updated for code changes, and with git diff.
3502 - Update makedist for git.
3503 - Nicer travis output for clang analysis.
3513 - Scrub RRs from answer section when reusing NXDOMAIN message for
3515 - For harden-below-nxdomain: do not consider a name to be non-exitent
3526 - Fix tls write event for read state change to re-call SSL_write and
3530 - Update python documentation for init_standard().
3534 - Fix that auth zone uses correct network type for sockets for
3537 - Fix that auth zone fails over to next master for timeout in tcp.
3542 - Fix to use event_assign with libevent for thread-safety.
3546 plugin for the Unbound DNS resolver to resolve DNS records in
3554 - Fix to reinit event structure for accepted TCP (and TLS) sockets.
3557 - Fix spelling error in log output for event method.
3562 - Fix auth-zone NSEC3 response for wildcard nodata answers,
3566 - Fix auth-zone NSEC3 response for empty nonterminals with exact
3568 - Fix for out of bounds integers, thanks to OSTIF audit. It is in
3570 - Fix for auth zone nsec3 ent fix for wildcard nodata.
3585 with TLS, if that is enabled for the query.
3586 - Fix #4239: set NOTIMPL when deny-any is enabled, for RFC8482.
3589 - Fix for #4233: guard use of NDEBUG, so that it can be passed in
3609 - Fix for python module on Windows, fix fopen.
3612 - Fix #4227: pair event del and add for libevent for tcp_req_info.
3615 - Fix the error for unknown module in module-config is understandable,
3622 - Fix pythonmod include and sockaddr_un ifdefs for compile on
3623 Windows, and for libunbound.
3634 - Note default for module-config in man page.
3635 - Fix recursion lame test for qname minimisation asked queries,
3637 - Fix #13: Remove left-over requirements on OpenSSL >= 1.1.0 for
3642 - Fix #4206: OpenSSL 1.0.2 hostname verification for FreeBSD 11.2.
3649 - Fix that log-replies prints the correct name for local-alias
3650 names, for names that have a CNAME in local-data configuration.
3654 - Perform canonical sort for 0x20 capsforid compare of replies,
3659 - Set ub_ctx_set_tls call signature in ltrace config file for
3661 - improve documentation for tls-service-key and forward-first.
3664 - #9: For openssl 1.0.2 use the CRYPTO_THREADID locking callbacks,
3665 still supports the set_id_callback previous API. And for 1.1.0
3677 - Fix locking for libunbound context setup with broken port config.
3680 - ub_ctx_set_tls call for libunbound that enables DoT for the machines
3682 - Set build system for added call in the libunbound API.
3683 - List example config for root zone copy locally hosted with auth-zone
3686 - set version to 1.9.0 for release. And this was released with the
3687 spelling for tls-ciphers fix as 1.9.0 on Feb 5. Trunk has 1.9.1 in
3691 - Fix that tcp for auth zone and outgoing does not remove and
3699 - Newer aclocal and libtoolize used for generating configure scripts,
3701 - Fix unit test for python 3.7 new keyword 'async'.
3703 no check for already checked delegation pointer in iterator,
3704 in testcode check for NULL packet matches, in perf do not copy
3707 testcode for unknown macro operand give zero result. Initialise the
3711 include mini_event.h to have a prototype for mini_ev_cmp
3712 include edns.h to have a prototype for apply_edns_options
3715 no previous prototype for function
3718 no previous prototype for function
3722 no previous prototype for function...
3725 no previous prototype for function 'copy_rrset'
3726 no need for another variable "r"; gets rid of compiler warning:
3728 no need for another variable "ns"; gets rid of compiler warning:
3734 options for unbound.conf.
3735 - Fixes for the patch, and man page entry.
3736 - Fix configure to detect SSL_CTX_set_ciphersuites, for better
3738 - Patch for TLS session resumption from Manabu Sonoda,
3740 - Fixes for patch (includes, declarations, warnings). Free at end
3743 - Fix for IXFR fallback to reset counter when IXFR does not timeout.
3746 - Fix space calculation for tcp req buffer size.
3747 - Doc for stream-wait-size and unit test.
3750 - Fix for #4219: secondaries not updated after serial change, unbound
3755 - Fix tcp idle timeout test, for difference in the tcp reply code.
3756 - Unit test for tcp request reorder and timeouts.
3757 - Unit tests for ssl out of order processing.
3764 - For caps-for-id fallback, use the whitelist to avoid timeout
3765 starting a fallback sequence for it.
3766 - increase mesh max activation count for capsforid long fetches.
3769 - Get ready for the DNS flag day: remove EDNS lame procedure, do not
3773 - In the out of order processing, reset byte count for (potential)
3780 - Fix for out of order processing administration quit cleanup.
3781 - unit test for tcp out of order processing.
3784 - Initial commit for out-of-order processing for TCP and TLS.
3787 - Log query name for looping module errors.
3800 the patch adds a program used for fuzzing.
3803 - Fix for crash in dns64 module if response is null.
3809 - Fix for FreeBSD port make with dnscrypt and dnstap enabled.
3810 - Fix #4206: support openssl 1.0.2 for TLS hostname verification,
3815 - Fix dns64 allocation in wrong region for returned internal queries.
3818 - Fix icon, no ragged edges and nicer resolutions available, for eg.
3823 - Patch for typo in unbound.conf man page.
3825 log-replies in the log file for easier log filter maintenance.
3830 - tag for 1.8.2rc1, which became 1.8.2 on 4 dec 2018, with icon
3840 - Fix leak in chroot fix for auth-zone.
3841 - Fix clang analysis for outside directory build test.
3848 - New and better fix for Fix #4193: Fix that prefetch failure does
3852 - stat count SERVFAIL downstream auth-zone queries for expired zones.
3854 - Fix windows compile for new rrset roundrobin fix.
3855 - Update contrib fastrpz patch for latest release.
3863 - Fix that unbound-control can send file for view_local_datas.
3868 succeed for the python module.
3870 - ignore debug python module for test in doxygen output.
3871 - review fixes for python module.
3884 - Add patch from Jan Vcelak for pythonmod,
3885 add sockaddr_storage getters, add support for query callbacks,
3914 - Limit ECS scope returned to client to the scope used for caching.
3939 - Set default for so-reuseport to no for FreeBSD. It is enabled
3940 by default for Linux and DragonFlyBSD. The setting can
3945 - updated contrib/fastrpz.patch to apply for this version
3953 - tag for release 1.8.1rc1. Became release 1.8.1 on 8 oct, with
3963 for DNS over TLS service. It sets the configured tls auth name.
3964 This is useful for hosts that apart from the DNS over TLS services
3966 - Fix #4149: Add SSL cleanup for tcp timeout.
3969 - Fix compile on Mac for unbound, provide explicit_bzero when libc
3971 - Fix unbound for openssl in FIPS mode, it uses the digests with
3974 some iterator states for nonresponsive domains can get into a
3975 state where they waited for an empty list.
3977 to be reset by the TCP time measurement (that exists for TLS),
3982 - Fix seed for random backup code to use explicit zero when wiped.
3987 - in testcode, free async ids, initialise array, and check for null
3988 pointer during test of the test. And use exit for return to note
3994 - check for null in delegation point during iterator refetch
3997 - initialize statistics totals for printout.
4007 - Fixed unused return value warnings in contrib/fastrpz.patch for
4026 - Tag for 1.8.0rc1 release, became 1.8.0 release on 10 Sep 2018.
4033 in a view with view-first, makes queries check for answers from the
4041 - Set defaults to yes for a number of options to increase speed and
4052 - Fix lintflags for lint on FreeBSD.
4056 gives access to reply information for the client's communication
4062 - log-local-actions: yes option for unbound.conf that logs all the
4069 - Fix classification for QTYPE=CNAME queries when QNAME minimisation is
4089 - Fix that printout of error for cycle targets is a verbosity 4
4101 - Patch for stub-no-cache and forward-no-cache options that disable
4102 caching for the contents of that stub or forward, for when you
4123 - Fix for #4136: Fix to unconditionally call destroy in daemon.c.
4133 - Revert previous change for #4136: because it introduces build
4135 - New fix for #4136: This one ignores lex without without
4145 - Patches from Jim Hague (Sinodun) for EDNS KeepAlive.
4154 - Correct and expand manual page entries for keepalive and idle timeout.
4184 - Fix #4131: for solaris, error YY_CURRENT_BUFFER undeclared.
4202 verbosity is 4 or higher, for UDP outgoing sockets.
4207 - Fix for 4126 that the #define for UNKNOWN_SERVER_NICENESS can be more
4215 - Fix documentation ambiguity for tls-win-cert in tls-upstream and
4220 - Fix round robin for failed addresses with prefer-ip6: yes
4228 - Better documentation for unblock-lan-zones and insecure-lan-zones
4230 - Fix permission denied printed for auth zone probe random port nrs.
4233 - Fix checking for libhiredis printout in configure output.
4236 also set the 20326 trust anchor for the root in the example code.
4239 - dns64-ignore-aaaa: config option to list domain names for which the
4244 - num.queries.tls counter for queries over TLS.
4252 - Partial fix for permission denied on IPv6 address on FreeBSD.
4254 stop scan of masters for an updated zone.
4260 - Fix usage printout for unbound-host, hostname has to be last
4264 - Fix for unbound-control on Windows and set TCP socket parameters
4273 - Fix that control-use-cert: no works for 127.0.0.1 to disable certs.
4275 - Fix unbound-checkconf for control-use-cert.
4279 - tag for 1.7.3rc1.
4283 sequence for a master to transfer the zone from and transfers when
4288 file for url downloads.
4298 - #4102 for NSD, but for Unbound. Named unix pipes do not use
4308 - Patch to fix openwrt for mac os build darwin detection in configure.
4315 - Fix deadlock caused by incoming notify for auth-zone.
4316 - tag for 1.7.2rc1, became 1.7.2 release on 11 June 2018,
4322 The older name is accepted for backwards compatibility.
4331 - Fix that fallback for windows port.
4336 - tls-win-cert option that adds the system certificate store for
4341 - For TCP and TLS connections that don't establish, perform address
4343 - Fix that tcp sticky events are removed for closed fd on windows.
4344 - Fix close events for tcp only.
4349 - unbound-host initializes ssl (for potential DNS-over-TLS usage
4363 - Fix contrib/libunbound.pc for libssl libcrypto references,
4367 - Fix windows to not have sticky TLS events for TCP.
4388 - Fix for crash in daemon_cleanup with dnstap during reload,
4390 - Also that for dnscrypt.
4391 - tag for 1.7.1rc1 release. Became 1.7.1 release on 3 May, trunk
4395 - Fix memory leak when caching wildcard records for aggressive NSEC use
4398 - Fix contrib/fastrpz.patch for this release.
4399 - Fix auth https for libev.
4405 - makedist uses bz2 for expat code, instead of tar.gz.
4406 - Fix #4092: libunbound: use-caps-for-id lacks colon in
4410 - Fix sldns parse failure for CDS alternate delete syntax empty hex.
4411 - Attempt for auth zone fix; add of callback in mesh gets from
4417 - man page documentation for dns-over-tls forward-addr '#' notation.
4430 - For addr with #authname and no @port notation, the default is 853.
4438 - allow-notify: config statement for auth-zones.
4439 - unit test for allow-notify
4447 - Fix for max include depth for authzones.
4448 - Fix memory free on fail for $INCLUDE in authzone.
4449 - Fix that an internal error to look up the wrong rr type for
4458 - documentation for low-rtt and low-rtt-pct.
4467 - Accept both option names with and without colon for get_option
4470 of fast servers for some percentage of the time.
4473 - Combine write of tcp length and tcp query for dns over tls.
4475 - Fix above stub queries for type NS and useless delegation point.
4477 tls_choose_sigalg routine does not allow the ciphers for the pipe,
4484 failing with a forwarder set. Now, auth-zone is only used for
4494 - Do not use cached NSEC records to generate negative answers for
4505 - Add --with-libhiredis, unbound support for a new cachedb backend
4522 - Added documentation for aggressive-nsec: yes.
4538 cleanly for me, now also for others.
4545 - Reverted fix for #3512, this may not be the best way forward;
4548 - svn trunk contains 1.7.0, this is the number for the next release.
4549 - Fix for windows compile.
4553 - Fix to check define of DSA for when openssl is without deprecated.
4556 causes same port to be used twice for tcp connections.
4565 - Save wildcard RRset from answer with original owner for use in
4569 - Fix #3512: unbound incorrectly reports SERVFAIL for CAA query
4571 - Fix validation for CNAME loops. When it detects a cname loop,
4577 - Fix #3505: Documentation for default local zones references
4580 to the global local zone contents, for queries for that zone.
4581 - Fix for more maintainable code in localzone.
4584 - Fixes for clang static analyzer, the missing ; in
4596 - Unit test for auth zone https url download.
4614 eg. with auth-zone: name: "." for-downstream: no for-upstream: yes
4633 - ltrace.conf file for libunbound in contrib.
4637 for startup scripts to get the full pathname(s) of anchor file(s).
4643 also recognized and means the same. Also for tls-port,
4652 - tag 1.6.8 for release with CVE fix.
4654 - patch for CVE-2017-15105: vulnerability in the processing of
4678 - Also disable -flto for clang, to make incep-expi signature check
4702 set for stub zone. It no longer searches for DNSSEC information.
4716 - Fix #2141 - for libsodium detect lack of entropy in chroot, print
4741 - lint for recent authzone commit.
4760 - Better documentation for cache-max-negative-ttl.
4772 - Fix some more crpls in testdata for different signaling default.
4780 - Fix param unused warning for windows exportsymbol compile.
4811 - Fix unbound-host to report error for DNSSEC state of failed lookups.
4818 - Add dns64 for client-subnet in unbound-checkconf.
4826 - makedist fix for windows binaries, with openssl 1.1.0 windres fix,
4834 - For #1417: escape ; in dnscrypt tests.
4850 - new keys and certs for dnscrypt tests.
4858 - Small fixes for the shared secret cache patch.
4860 entries for udp and tcp.
4877 TCP in this case and is also more robust for cases where connectx()
4878 fails for some reason.
4879 - Fix #1402: squelch invalid argument error for fd_set_block on windows.
4890 - Fix #1397: Recursive DS lookups for AS112 zones names should recurse.
4895 - Added stats for queries that have been ratelimited by domain
4906 - annotate case statement fallthrough for gcc 7.1.1.
4913 - Fix DSA configure switch (--disable dsa) for libnettle and libnss.
4924 - Redirect all localhost names to localhost address for RFC6761.
4928 - Fix svn hooks for tdir (selected if testcode/mini_tdir.sh exists)..
4934 - Fix for unbound-checkconf, check ipsecmod-hook if ipsecmod is turned
4942 - Fix python example0 return module wait instead of error for pass.
4944 - enhancement for hardened-tls for DNS over TLS. Removed duplicated
4954 - (for 1.6.5)
4955 Better fixup of dnscrypt_cert_chacha test for different escapes.
4956 - First fix for zero b64 and hex text zone format in sldns.
4957 - unbound-control dump_infra prints port number for address if not 53.
4960 - (for 1.6.5): fixup of dnscrypt_cert_chacha test (from Manu Bretelle).
4990 - Fix stub zone queries leaking to the internet for
4992 - Fix query for refetch_glue of stub leaking to internet.
4997 contains malformed qname. When 0x20 caps-for-id is enabled, when
5000 - More fixes in depth for buffer checks in 0x20 qname checks.
5009 - Detect chacha for dnscrypt at configure time.
5017 - Add an explicit type cast for TCP FASTOPEN fix.
5039 - Add defaults for new local-zone trees added to views using
5043 - Support for openssl EVP_DigestVerify.
5044 - Support for the ED25519 algorithm with openssl (from openssl 1.1.1).
5047 - Fix assertion for low buffer size and big edns payload when worker
5057 - printout localzone for duplicate local-zone warnings.
5061 rrsets added for cname chain.
5080 - Use qstate's region for IPSECKEY rrset (ipsecmod).
5090 - better module memory lookup, fix of unbound-control shm names for
5097 - Fix queries for nameservers under a stub leaking to the internet.
5107 can share the same source port (for different destinations).
5111 - Use mesh_add_sub for key tag signaling query.
5114 - Added test for leak of stub information.
5136 Also unbound-control get_option. Also for dnscrypt.
5141 - Fix #1254: clarify ratelimit-{for,below}-domain (from Manu Bretelle).
5154 - tag for 1.6.2rc1
5155 - (for 1.6.3:) unbound.h exports the shm stats structures. They use
5166 - Properly check for allocation failure in local_data_find_tag_datas.
5182 - Use correct identifier for SHM destroy.
5185 - Fix pythonmod for cb changes.
5193 - (de)register inplace callbacks for module id
5194 - No unbound-control set_option for ECS options
5204 - Small fixup for documentation.
5206 - Fix respip for braces when locks arent used.
5207 - Fix pythonmod for cb changes.
5247 - Fix doxygen for dnscrypt files.
5253 - lru_demote and lruhash_insert_or_retrieve functions for getdns.
5254 - fixup for lruhash (whitespace and header file comment).
5258 - Patch for view functionality for local-data-ptr from Björn Ketelaars.
5259 - Fix #1237 - Wrong resolving in chain, for norec queries that get
5287 - make depend for build dependencies.
5292 - Fix #1230: swig version 2.0.0 is required for pythonmod, with
5305 - For #1227: if we have sha256, set the cipher list to have no
5310 - Fix #1226: provide official 32bit binary for windows.
5313 - include sys/time.h for new shm code on NetBSD.
5318 - Patch from Luiz Fernando Softov for Stats Shared Memory.
5331 - sldns updated for vfixed and buffer resize indication from getdns.
5334 - sldns has ED25519 and ED448 algorithm number and name for display.
5340 - Fix autoconf of systemd check for lack of pkg-config.
5343 - Fix pythonmod for typedef changes.
5344 - Fix dnstap for warning of set but not used.
5351 - Fix for type name change and fix warning on windows compile.
5360 - fix root_anchor test for updated icannbundle.pem lower certificates.
5388 - Fix to return formerr for queries for meta-types, to avoid
5399 systemd files for unbound, install them in /usr/lib/systemd/system.
5404 - Fix #1194: Cross build fails when $host isn't `uname` for getentropy.
5419 - 64bit is default for windows builds.
5431 - Fix #1176: stack size too small for Alpine Linux.
5438 - Add DSA support for OpenSSL 1.1.0
5439 - Fix remote control without cert for LibreSSL
5442 - Added generic EDNS code for registering known EDNS option codes,
5448 - Added code for registering inplace callback functions. The registered
5454 - Updated Python module for the above.
5489 - QNAME minimisation uses QTYPE=A, therefore always check cache for
5491 - Added unit test for QNAME minimisation + harden below nxdomain
5496 - Fix unit tests for DS hash processing for fake-dsa test option.
5502 Underneath" for the harden-below-nxdomain option.
5516 - Note that for harden-below-nxdomain the nxdomain must be secure,
5523 - .gitattributes line for githubs code language display.
5535 - Patch for server.num.zero_ttl stats for count of expired replies,
5539 - Fix unit tests for openssl 1.1, with no DSA, by faking DSA, enabled
5552 - Ported tests for local_cname unit test to testbound framework.
5556 - init lzt variable, for older gcc compiler warnings.
5570 - Fix #1125: unbound could reuse an answer packet incorrectly for
5593 - Fix Nits for 1.5.10 reported by Dag-Erling Smorgrav.
5602 - tag for 1.5.10 release
5611 - tag for 1.5.10rc1 release.
5614 - Fix 883: error for duplicate local zone entry.
5615 - Test for openssl init_crypto and init_ssl functions.
5625 - Fix for new splint on FreeBSD. Fix cast for sockaddr_un.sun_len.
5628 - Fix #831: workaround for spurious fread_chk warning against petal.c
5645 - RFC 7958 is now out, updated docs for unbound-anchor.
5646 - Fix for compile without warnings with openssl 1.1.0.
5653 - Add default root hints for IPv6 E.ROOT-SERVERS.NET, 2001:500:a8::e.
5659 - 64bit build option for makedist windows compile, -w64.
5664 - unbound.conf.5 entries for define-tag, access-control-tag,
5670 that attempt to wait for an empty list of subqueries.
5671 - Fix #804: lower num_target_queries for iterator also for failed
5678 - Fix #807: workaround for possible some "unused" function parameters
5682 - use sendmsg instead of sendto for TFO.
5693 - Fix #802: workaround for function parameters that are "unused"
5705 - Fixed unbound.doxygen for 1.8.11.
5712 - Fix detect of mingw for MXE package build.
5713 - Fixes for 64bit windows compile.
5714 - Fix #788 for nettle 3.0: Failed to build with Nettle >= 3.0 and
5718 - For #787: prefer-ip6 option for unbound.conf prefers to send
5721 freebind to use 64bits of entropy for every query with random local
5731 - Create a pkg-config file for libunbound in contrib.
5739 - Possibility to specify local-zone type for an acl/tag pair
5740 - Possibility to specify (override) local-zone type for a source address
5751 is used (200 msec, vs 2 minutes) to pressure tcp for new connects.
5754 - QNAME minimisation unit test for dropped QTYPE=A queries.
5758 null delete for wsaevent.
5766 - Use QTYPE=A for QNAME minimisation.
5768 Stop minimising when number of time-outs for a QNAME/QTYPE pair is
5773 - Fix directory: fix for unbound-checkconf, it restores cwd.
5788 - Revert fix for NetworkService account on windows due to breakage
5800 - Improve threadsafety for openssl 0.9.8 ecdsa dnssec signatures.
5809 initialisation to free up memory for more entries.
5815 - Fix libubound for edns optlist feature.
5819 - tag for release 1.5.9rc1.
5821 - Fix (for 1.5.10): Fix unbound-anchor.exe file location defaults to
5830 - and also generic edns options for upstream messages (and replies).
5837 - Attempted fix for #765: _unboundmodule missing for python3.
5859 - No QNAME minimisation fall-back for NXDOMAIN answers from DNSSEC
5879 - Fix #759: 0x20 capsforid no longer checks type PTR, for
5893 - Fix #753: document dump_requestlist is for first thread.
5896 - Document permit-small-holddown for 5011 debug.
5904 - Fix compile of getentropy_linux for SLES11 servicepack 4.
5906 - Fix test for openssl to use HMAC_Update for 1.1.0.
5908 - acx_nlnetlabs.m4 to v34, with -ldl -pthread test for libcrypto.
5914 - If QNAME minimisation is enabled, do cache lookup for QTYPE NS in
5928 - Fix ip-transparent for ipv6 on FreeBSD, thanks to Nick Hibma.
5929 - Fix ip-transparent for tcp on freebsd.
5932 - ip_freebind: yesno option in unbound.conf sets IP_FREEBIND for
5937 - Fix compile for ub_event code with older libev.
5943 - For test put free in pluggable api in parenthesis.
5946 - Fixup backend2str for libev.
5949 - User defined pluggable event API for libunbound
5950 - Fixup of compile fix for pluggable event API from P.Y. Adi
5963 - configure tests for the weak attribute support by the compiler.
5977 - ub_ctx_set_stub() function for libunbound to config stub zones.
5989 - Set IPPROTO_IP6 for ipv6 sockets otherwise invalid argument error.
5992 - ip-transparent option for FreeBSD with IP_BINDANY socket option.
5993 - wait for sendto to drain socket buffers when they are full.
5996 - Test for type OPENPGPKEY.
6001 - Fix patch typo in prevuous commit for 734 from Adi Prasaja.
6010 - Fix #741: log message for dnstap socket connection is more clear.
6016 - Fix cmsg alignment for argument to sendmsg on NetBSD.
6017 - Fix that unbound complains about unimplemented IP_PKTINFO for
6018 sendmsg on NetBSD (for interface-automatic).
6036 - Fix test if -pthreads unused to use better grep for portability.
6039 - Fix mingw crosscompile for recent mingw.
6043 - #731: tcp-mss, outgoing-tcp-mss options for unbound.conf, patch
6050 for Linux glibc 2.20.
6051 - Fixup contrib/aaaa-filter-iterator.patch for moved contents in the
6072 - Fixup 724 for unbound-control.
6082 - Committed fix to qname minimisation and unit test case for it.
6089 - Fixup 724: Fix PCA prompt for unbound-service-install.exe.
6091 - For 724: Add Changelog to windows binary dist.
6097 - Fixup 724 fix for fname_after_chroot() calls.
6098 - Remove stdout printout for unbound-service-install.exe
6099 - .gitignore for git users.
6105 - Fix for #724: conf syntax to read files from run dir (on Windows).
6108 - Fix for #720, fix unbound-control-setup windows batch file.
6123 - Fix #594. libunbound: optionally use libnettle for crypto.
6124 Contributed by Luca Bruno. Added --with-nettle for use with
6128 - Fixup DER encoded DSA signatures for libnettle.
6131 - Fix for lenient accept of reverse order DNAME and CNAME.
6140 - Fix #718: Fix unbound-control-setup with support for env
6144 - patch from Doug Hogan for SSL_OP_NO_SSLvx options.
6148 - Fix checklock testcode for linux threads on exit.
6157 - Fix #714: Document config to block private-address for IPv4
6169 - Fix sldns_wire2str_rdata_scan for malformed RRs.
6170 - tag for 1.5.6rc1 release.
6178 - Default for ssl-port is port 853, the temporary port assignment
6179 for secure domain name system traffic.
6181 to put a clause in unbound.conf for that. The new value is likely
6182 going to be the standardised port number for this traffic.
6192 - tag for 1.5.5rc1 release.
6202 - Fix #702: New IPs for for h.root-servers.net.
6207 - Fix unbound.conf(5) access-control description for precedence
6214 - Fix #697: Get PY_MAJOR_VERSION failure at configure for python
6221 - Fix deadlock for local data add and zone add when unbound-control
6225 for algorithm rollover.
6246 - please afl-gcc (llvm) for uninitialised variable warning.
6259 - Enable ECDHE for servers. Where available, use
6260 SSL_CTX_set_ecdh_auto() for TLS-wrapped server configurations to
6266 - Allow certificate chain files to allow for intermediate certificates.
6270 - makedist produces sha1 and sha256 files for created binaries too.
6280 - Fix alloc with log for allocation size checks.
6315 - Change syntax of particular validator error to be easier for
6318 failed from 2001:DB8:7:bba4::53 for <*.example.nl. NSEC IN>
6322 that cannot work with caps-for-id or its fallback.
6325 - Unit test for type ANY synthesis.
6343 Use print_function also for Python2.
6352 For particular names you can configure exceptions in unbound.conf.
6353 - Fix that get_option for cache-sizes does not print double newline.
6392 - Add ip-transparent config option for bind to non-local addresses.
6395 - Use reallocarray for integer overflow protection, patch submitted
6420 - Document that incoming-num-tcp increase is good for large servers.
6446 - Fix #646 Portability to Solaris, -lrt for getentropy_solaris.
6473 - infra-cache-min-rtt patch from Florian Riehm, for expected long
6479 - Portability fix for Solaris ('sun' is not usable for a variable).
6482 - Fix pyunbound byte string representation for python3.
6485 - Fix unintended use of gcc extension for incomplete enum types,
6492 - unit test for local unix connection. Documentation and log_addr
6493 does not inspect port for AF_LOCAL.
6501 - Fix pyunbound ord call, portable for python 2 and 3.
6508 - patch for remote control over local sockets, from Dag-Erling
6511 - Fixup that patch and uid lookup (only for daemon).
6515 - getauxval test for ppc64 linux compatibility.
6516 - make strip works for unbound-host and unbound-anchor.
6521 unbound-control-setup for installs where config is not in
6539 client IP for queries in that zone. Eg. for finding infected hosts.
6553 - Fix makefile for build from noexec source tree.
6556 - Fix libunbound undefined symbol errors for main.
6557 Referencing main does not seem to be possible for libunbound.
6587 - Patch from Stephane Lapie for ASAHI Net that implements aaaa-filter,
6598 - Patch from James Raftery, always print stats for rcodes 0..5.
6635 - Fix unbound-checkconf check for module config with dns64 module.
6650 - Fix for mingw compile openssl ranlib.
6656 - Fix swig and python examples for Python 3.x.
6657 - Fix for mingw compile with openssl-1.0.1i.
6672 - Fix unit test for CDS typecode.
6678 - Fixup checklock code for log lock and its mutual initialization
6681 - Removed necessity for pkg-config from the dnstap.m4, new are
6712 This adds a module (for module-config in unbound.conf) dns64 that
6718 time_t is now used for ttl in unbound (since the patch's version).
6719 - testdata/dns64_lookup.rpl for unit test for dns64 functionality.
6726 - Fix endian.h include for OpenBSD.
6742 - Fix to check openssl version number only for OpenSSL.
6743 - LibreSSL provides compat items, check for that in configure.
6744 - Fix bug in fix for log locks that caused deadlock in signal handler.
6751 - arc4random in compat/ and getentropy, explicit_bzero, chacha for
6756 - arc4random, getentropy and explicit_bzero compat for Windows.
6763 - signit tool fixup for compile with libldns library.
6774 - Fix caps-for-id fallback, and added fallback attempt when servers
6776 - Fixup testsetup for VM tests (run testcode/run_vm.sh).
6782 - Add AAAA for B root server to default root hints.
6808 generated files. The prototype for libworker_event_done_cb()
6820 perform 10.0.0.0/8 and other reverse lookups normally, for use if
6821 unbound is running service for localhost on localhost.
6849 and errors from the cache. For dnssec-trigger and NetworkManager,
6862 but it stops the use of the ipv6 transport layer for DNS traffic.
6867 - Patch from Hannes Frederic Sowa for Linux 3.15 fragmentation
6868 option for DNS fragmentation defense.
6873 +i annotation in output of list_forwards, also for list_stubs
6874 (for NetworkManager integration.)
6890 - Fix #572: Fix unit test failure for systems with different
6950 - unit test for ldns wire to str and back with zones, root, nlnetlabs
6952 - Fix for hex to string in unknown, atma and nsap.
6956 are not portable; they cannot be read (for sure) on other computers.
6968 - delay-close: msec option that delays closing ports for which
7003 - update pythonmod for ldns_ to sldns_ name change.
7006 - Fix sldns to use sldns_ prefix for all ldns_ variables.
7022 - Accept ip-address: as an alternative for interface: for
7038 - portability fixes for new USE_SLDNS ldns subdir codebase.
7052 and an ldns_buffer for the wire return packet to perform async
7070 - More fixes for bug#519: for the threaded case test if the bg
7081 - Fix for 2038, with time_t instead of uint32_t.
7090 - Fix#516 dnssec lameness detection for answers that are improper.
7096 - Fix#512 memleak in testcode for testbound (if it fails).
7115 - Fix for const string literals in C++ for libunbound, from Karel
7123 - get_option and set_option support for log-time-ascii, python-script
7125 immediately. The others are mostly useful for libunbound users.
7158 - add unbound-control insecure_add and insecure_remove for the
7164 - Robust checks on dname validity from rdata for dname compare.
7175 - Fix so that for a configuration line of include: "*.conf" it is not
7181 - Fix queries leaking up for stubs and forwards, if the configured
7185 - code improve for minimal responses, small speed increase.
7202 And add detection for machine/endian.h to it.
7207 - Fix makedist for new svn for -d option.
7209 - Fix windows RSRC version for long version numbers.
7214 - committed libunbound version 4:1:2 for binary API updated in 1.4.20
7215 - install copy of unbound-control.8 man page for unbound-control-setup
7222 - Fixup makedist.sh for windows compile.
7226 - testcode/ldns-testpkts.c check for makedist is informational.
7229 - fix defines in lookup3 for bigendian bsd alpha
7236 - add libunbound.ttl at end of result structure, version bump for
7242 - includes and have_ssl fixes for nss.
7248 - updated fwd_zero for newer nc. Updated common.sh for newer netstat.
7253 the signer has the correct key usage for a digital signature.
7271 - Fix unbound-anchor xml parse of entity declarations for safety.
7287 - note support for AAAA RR type RFC.
7310 - Fix validation for responses with both CNAME and wildcard
7315 - fix build of pythonmod in objdir, for unbound.py.
7340 deprecated (RFC6725). The MD5 hash is considered weak for some
7355 - Fix timeouts so that when a server has been offline for a while
7356 and is probed to see it works, it becomes fully available for
7360 - Add documentation to libunbound for default nonuse of resolv.conf.
7364 are for 1.4.19).
7373 - Fix that enables modules to register twice for the same
7377 - added manpage links for libunbound calls (Thanks Paul Wouters).
7392 - review fix for libnss, check hash prefix allocation size.
7395 - fix missing break for GOST DS hash function.
7396 - implemented forward_first for the root.
7415 - Add flush_bogus option for unbound-control
7418 - Fix validation of qtype DS queries that result in no data for
7431 - patch for unbound_munin_ script to handle arbitrary thread count by
7436 - code review: return value of cache_store can be ignored for better
7442 - disable RSAMD5 if in FIPS mode (for openssl and for libnss).
7445 - implement DS records, NSEC3 and ECDSA for compile with libnss.
7449 - nss check for verification failure.
7450 - nss crypto works for RSA and DSA.
7453 - work on --with-nss build option (for now, --with-libunbound-only).
7482 - tag for 1.4.17 release.
7490 - Protect if statements in val_anchor for compile without locks.
7491 - tag for 1.4.17rc1.
7494 - fix configure ECDSA support in ldns detection for windows compile.
7501 - Fix for accept spinning reported by OpenBSD.
7505 - Fix validation of nodata for DS query in NSEC zones, reported by
7509 - ECDSA support (RFC 6605) by default. Use --disable-ecdsa for older
7513 - Applied patch from Daisuke HIGASHI for rrset-roundrobin and
7531 - new approach to NS fetches for DS lookup that works with
7536 - fix to locate nameservers for DS lookup with NS fetches.
7539 - Patch for access to full DNS packet data in unbound python module
7558 - Fix bug#434: on windows check registry for config file location
7559 for unbound-control.exe, and unbound-checkconf.exe.
7575 - iter hints (stubs) uses malloc inside for more dynamicity.
7577 can modify stubs and forwards for running unbound (on mobile computer)
7578 they can also add and remove domain-insecure for the zone.
7582 - iter forwards uses malloc inside for more dynamicity.
7585 - RT#2955. Fix for cygwin compilation.
7592 - unit test fix for nomem_cnametopos.rpl race condition.
7595 - Fix AHX_BROKEN_MEMCMP for autoheader mess up of #undef in config.h.
7600 for use on the public internet (the protocol numbers have not
7602 - fix memory leak in errorcase for DSA signatures.
7604 - workaround for openssl 0.9.8 ecdsa sha2 and evp problem.
7607 - fix for windows, rename() is not posix compliant on windows.
7616 closest encloser from yy for DS zz. while building chain of trust,
7618 for an NSEC3. Now it does not change rdata, and fixes TTL.
7625 - Tag 1.4.15 (same as 1.4.15rc1), for 1.4.15 release.
7651 with (binary) backwards compatibility for the previous version.
7658 - uninitialised variable in reprobe for rtt blocked domains fixed.
7666 - Fix for memory leak (about 20 bytes when a tcp or udp send operation
7673 - Fix for VU#209659 CVE-2011-4528: Unbound denial of service
7676 - robust checks for next-closer NSEC3s.
7700 - Fix for tcp-upstream and ssl-upstream for if a laptop sleeps, causes
7701 SERVFAILs. Also fixed for UDP (but less likely).
7712 - Makefile changed for BSD make compatibility.
7715 - added unit test for SSL service and SSL-upstream.
7725 It performs an SSL transaction for every DNS query (250 msec).
7726 - documentation for new options: ssl-upstream, ssl-service-key and
7729 - fix -flto detection on Lion for llvm-gcc.
7739 - fix iana-update for changing gzip compression of results.
7746 - fix iana_update target for gzipped file on iana site.
7749 - Fix resolve of partners.extranet.microsoft.com with a fix for the
7750 server selection for choosing out of a (particular) list of bad
7762 - fix unbound-anchor for broken strptime on OSX lion, detected
7765 - Implement ipv6%interface notation for scope_id usage.
7768 - better documentation for inform_super (Thanks Yang Zhe).
7771 - Fix for out-of-memory condition in libunbound (thanks
7784 - unbound.exe -w windows option for start and stop service.
7792 parent-child server, and the answer has the AA flag for dir.slb.com.
7801 - max sent count. EDNS1480 only for rtt < 5000. No promiscuous
7832 for fetch of data has want_dnssec because the iter_indicate_dnssec
7835 the cache says it has this. This helps for DLV deployment when
7836 the DNSSEC status is not known for sure before the lookup concludes.
7845 available at the name for qtype ANY and validates those RR types.
7846 It does not test for completeness (i.e. with NSEC or NSEC3 query),
7848 even more data for the already large response).
7851 - tcp-upstream yes/no option (works with set_option) for tunnels.
7858 - new xml format at IANA, new awk for iana_update.
7878 meantime, those are for 1.4.13).
7882 - Quick fix for contrib/unbound.spec example, no ldns-builtin any more.
7921 - Use -flto compiler flag for link time optimization, if supported.
7925 - IPv6 service address for d.root-servers.net (2001:500:2D::D).
7932 This is the new default for the control-port config setting.
7936 - Fix Makefile for U in environment, since wrong U is more common than
7959 - bug#378: Fix that configure checks for ldns_get_random presence.
7965 and curb the TTL if it is bad, thus protecting the cache for use by
7967 - val-override-date: -1 ignores dates entirely, for NTP usage.
7980 - bug#370: new unbound.spec for CentOS 5.x from Harold Jones.
7990 - Fix no ADflag for NXDOMAIN in NSEC3 optout. And wildcard in optout.
7991 - give config parse error for multiple names on a stub or forward zone.
8011 - tpkg updated with common.sh for common functionality.
8014 - Added regression test for addition of a .net DS to the root, and
8015 cache effects with different TTL for glue and DNSKEY.
8025 - fix bug#349: no -L/usr for ldns.
8032 - add get and set option for harden-below-nxdomain feature.
8037 server, for type NS the TTL is not increased.
8040 - Fix prefetch so it does not get stuck on old server for moved names.
8064 for algorithms needs to be double-signature until the old algorithm
8071 - fix validation in this case: CNAME to nodata for co-hosted opt-in
8079 - review changes for unbound-anchor.
8103 - so-sndbuf option for very busy servers, a bit like so-rcvbuf.
8114 - do not synthesize a CNAME message from cache for qtype DS.
8131 - Fix validation failure for parent and child on same server with an
8136 - dump_infra and flush_infra commands for unbound-control.
8147 - Windows 7 fix for the installer.
8157 - interface automatic works for some people with ip6 disabled.
8161 - Fix for request list growth, if a server has long timeout but the
8166 for some queries.
8180 - ldns tarball updated (for reading cachedumps with bad RR data).
8183 - test for unbound-anchor. fix for reading certs.
8184 - Fix alloc_reg_release for longer uptime in out of memory conditions.
8209 - Algorithm rollover operational reality intrudes, for trust-anchor,
8215 - Abide RFC5155 section 9.2: no AD flag for replies with NSEC3 optout.
8218 - increased mesh-max-activation from 1000 to 3000 for crazy domains
8223 - bug#327: Fix for cannot access stub zones until the root is primed.
8239 Delegpt structures checked for duplicates always.
8250 - Fix acx_nlnetlabs.m4 configure output for autoconf-2.66 AS_TR_CPP
8257 - documentation added for return values reported by doxygen 1.7.1.
8280 - rlimit adjustments for select and ulimit can happen at the same time.
8288 - Changed the defaults for num-queries-per-thread/outgoing-range.
8289 For builtin-select: 512/960, for libevent 1024/4096 and for
8291 to improve resilience under heavy load. For high performance, use
8327 in overload situations to be about 5 qps for the class of shortly
8330 / (average time for such long queries) qps for long queries.
8332 qps for short queries, per thread.
8333 - Fix the max number of reply-address count to be applied for duplicate
8334 queries, and not for new query list entries. This raises the memory
8340 for a non-lame server turned up other misconfigured servers.
8341 - unbound.h has extern "C" statement for easier include in c++.
8350 - Fix to unload gost dynamic library module for leak testing.
8356 - Add AAAA to root hints for I.ROOT-SERVERS.NET.
8367 - Fix to use one pointer less for iterator query state store_parent_NS.
8371 - added documentation for the histogram printout to syslog.
8388 - review comments, split dependency cycle tracking for parentside
8389 last resort lookups for A and AAAA so there are more lookup options.
8401 - new splint flags for newer splint install.
8409 - parentside check for cached newname glue.
8410 - fix parentside and querytargets modulestate, for dump_requestlist.
8412 - fix parentside from cache to be marked dispreferred for bad names.
8417 removed in place of a more exhaustive search for misconfigured data
8421 It also tests for NS RRset differences between parent and child.
8426 The search for misconfigured data is not performed normally.
8429 - Contribution from Migiel de Vos (Surfnet): nagios patch for
8431 unbound-host suitable for monitoring dnssec(-chain) status.
8438 - Fix resolution for domains like safesvc.com.cn. If the iterator
8455 reverse lookup blocks for IPv4 test nets 100.51.198.in-addr.arpa,
8459 - Fix for dnssec lameness detection to use the key cache.
8483 - More strict scrubber (Thanks to George Barwood for the idea):
8492 - Squelch log message: sendto failed permission denied for
8499 - Fix local-zone type redirect that did not use the query name for
8505 - Fix validation failure for qtype ANY caused by a RRSIG parse failure.
8509 - more portability defines for CMSG_SPACE, CMSG_ALIGN, CMSG_LEN.
8514 example key and signatures for GOST. GOST requires openssl-1.0.0.
8521 - Fix chain of trust with CNAME at an intermediate step, for the DS
8528 - Fix EDNS probe for .de DNSSEC testbed failure, where the infra
8545 config file for the main server can be used more easily.
8553 - Fixed random numbers for port, interface and server selection.
8559 - Fix interface-automatic for OpenBSD: msg.controllen was too small,
8561 - check for IP_SENDSRCADDR for interface-automatic or IP_PKTINFO.
8562 - for NSEC3 check if signatures are cached.
8565 - unit test for util/regional.c.
8574 - Include less in config.h and include per code file for ldns, ssl.
8579 - fix for memory alignment in struct sock_list allocation.
8580 - Fix for MacPorts ldns without ssl default, unbound checks if ldns
8613 - --disable-rpath fixed for libtool not found errors.
8617 - Fixup prototype for lexer cleanup in daemon code.
8636 - RD flag not enabled for dnssec-blacklisted tries, unless necessary.
8637 - pickup ldns compile fix, libdl for libcrypto.
8643 - Disregard DNSKEY from authority section for chain of trust.
8648 - Check for 'no space left on device' (or other errors) when
8659 authority servers, unbound caches a failure for the DNSKEY or DS
8660 records for the entire zone, and only retries that 900 seconds later.
8665 - ldns tarball update for long label length syntax error fix.
8670 - include math.h for testbound test compile portability.
8677 - configure test for memcmp portability.
8690 - Fixup lookup trouble for parent-child domains on the first query.
8693 - Fixup ldns detection to also check for header files.
8701 - Fix unbound-checkconf for auto-trust-anchor-file present checks.
8704 - Fix for parent-child disagreement code which could have trouble
8705 when (a) ipv6 was disabled and (b) the TTL for parent and child
8717 - Stats for prefetch, in log print stats, unbound-control stats
8723 - verbose output includes parent-side-address notion for lameness.
8753 - Fix Bug#287(reopened): update of ldns tarball with fix for parse
8754 errors generated for domain names like '.example.com'.
8756 Lampe. The negative cache did not include proper SOA records for
8762 - Fix for lookup of parent-child disagreement domains, where the
8764 for itself, fixing domains such as motorcaravanners.eu.
8780 - updated ldns with release candidate for version 1.6.3.
8781 - tag for 1.4.0 release.
8787 - Patch from David Hubbard for libunbound manual page.
8795 - better argument help for unbound-control.
8799 - noted multiple entries for multiple domain names in example.conf.
8805 - Tests for CNAMEs to deeper trust anchors, secure and bogus.
8809 - Fixed validation failure for CNAME to optout NSEC3 nodata answer.
8832 - better error text for multiple domain keys in one autotrust file.
8836 - Updated GOST unit tests for unofficial algorithm number 249
8859 - Made new validator error string available from libunbound for
8862 Also the errinf is public in module_qstate (for other modules).
8865 - retry for validation failure in DS and prime results. Less mem use.
8866 unit test. Provisioning in other tests for requeries.
8867 - retry for validation failure in DNSKEY in middle of chain of trust.
8869 - retry for empty non terminals in chain of trust and unit test.
8870 - Fixed security bug where the signatures for NSEC3 records were not
8871 checked when checking for absence of DS records. This could have
8875 - val-log-level: 2 shows extended error information for validation
8876 failures, but still one (longish) line per failure. For example:
8878 192.0.2.4 for trust anchor example.com. while building chain of trust
8880 192.0.2.6 for key example.com. while building chain of trust
8885 for bogus data, and this needed to be provisioned in the tests.
8888 - first validation failure retry code. Retries for data failures.
8921 - fix DNSSEC-missing-signature detection for minimal responses
8922 for qtype DNSKEY (assumes DNSKEY occurs at zone apex).
8936 - Fix memstats test tool for log-time-ascii log format.
8943 - use linebuffering for log-file: output, this can be significantly
8945 resolvers to use high verbosity (for short periods).
8951 keep messages bogus in the cache for too long.
8952 - regression test for that bug.
8953 - documented that load_cache is meant for debugging.
8969 - do not call sphinx for documentation when python is disabled.
8975 - Got a patch from Luca Bruno for libunbound support on windows to
8978 - makefile fix for parallel makes.
8979 - Patch from Zdenek Vasicek and Attila Nagy for using the source IP
8984 - TRAFFIC keyword for testbound. Simplifies test generation.
8987 - fix revocation of RR for autotrust, stray exclamation mark.
9016 - fixup DLV lookup for DS queries to unsigned domains.
9020 - free all memory on program exit, fix for ssl and flex.
9053 - Check for openssl compatible with gost if enabled.
9054 - updated unit test for GOST=211 code.
9060 operator can use openssl.cnf for configuration options.
9064 - configure --enable-gost for GOST support, experimental
9088 prime the root servers even though forwarders are configured for
9093 - Fix server selection, so that it waits for open target queries when
9098 - contrib/update-anchor.sh has -r option for root-hints.
9107 - dependencies for compat items, for crosscompile.
9110 - package libgcc_s_sjlj exception handler for NSISdl.dll.
9113 - updated ldns tarball for solaris x64 compile assistance.
9116 - configure changes and ldns update for mingw32 crosscompile.
9119 - Fix for crash at start on windows.
9120 - tag for release 1.3.2.
9122 - Fix for ID bits on windows to use all 16. RAND_MAX was not
9126 - tag for release 1.3.1.
9145 support for c99. r2960 for better configure.
9151 - Fix EDNS fallback when EDNS works for short answers but long answers
9157 of a bit for security!)
9170 - Extreme lenience for wrongly truncated replies where a positive
9173 - autoconf 2.63 for configure.
9177 - CREDITS entry for cz.nic, sponsoring a 'summer of code' that was
9178 used for the python code in unbound. (http://www.nic.cz/vip/ in cz).
9202 - fptr wlist checks for mesh callbacks.
9206 - Fix queries for type DS when forward or stub zones are there.
9214 - same thing fixed for forward-zone and DS, chain of trust from
9227 - 1.3.0 tarball for release created.
9277 - created svn tag for 1.3.0.
9284 - fix for threadsafety in solaris thr_key_create() in tests.
9286 - fix pylib test for Darwin.
9287 - fix pymod test for Darwin and a python threading bug in pymod init.
9289 - -ldl check for libcrypto 1.0.0beta.
9292 - fix for build outside sourcedir.
9293 - fix for configure script swig detection.
9296 - Fix reentrant in minievent handler for unix. Could have resulted
9298 - timers do not take up a fd slot for winsock handler.
9299 - faster fix for winsock reentrant check.
9300 - fix rsasha512 unit test for new (interim) algorithm number.
9318 - Fix for removal of RSASHA256_NSEC3 protonumber from ldns.
9322 because that openssl defines the name STRING for itself.
9342 long. Hard to trigger, but NXDOMAINs for nameservers or CNAME
9344 - documentation test fixed for python addition.
9348 - documentation for pythonmod and pyunbound is generated in doc/html.
9357 ipv6 AAAA records for their nameservers with ipv4 mapped contents.
9380 - outofdir compile fix for python.
9387 - pythonmod in Makefile; changes to remove warnings/errors for 1.3.0.
9399 - added launchd plist example file for MacOSX to contrib.
9400 - deprecation test for daemon(3).
9405 - build fix for test asynclook.
9411 - defaults for windows baked into configure.ac (used if on mingw).
9415 - Fix for and test for unknown algorithms in a trust anchor
9417 This means a (higher)DS or DLV entry for them could succeed, and
9424 - unit test for unsupported algorithm in anchor warning.
9429 - added contrib/unbound_cacti for statistics support in cacti,
9436 - default log to syslog for windows.
9444 - anchor-update for windows, called every 24 hours; unbound reloads.
9474 - fixup --export-symbols to be -export-symbls for libtool.
9476 Thanks to Ondrej Sury and Robert Edmonds for finding it.
9479 - fix asynclook test app for libunbound not exporting symbols.
9485 - makedistro functionality for mingw. Has RC support.
9490 - windres usage for application resources.
9495 - makedist -w for window zip distribution first version.
9514 - more cycle detection. Also for target queries.
9523 This keeps it read only for speed, with no locking necessary.
9524 - forward command for unbound control to change forwarders to use
9532 - #227: flush_stats feature for unbound-control.
9533 - stats_noreset feature for unbound-control.
9534 - flush_requestlist feature for unbound-control.
9543 - #226: dump_requestlist feature for unbound-control.
9546 - contrib contains specfile for fedora 1.2.1 (from Paul Wouters).
9553 - verbosity level 5 logs customer IP for new requestlist entries.
9559 Useful for scripting in management scripts and the like.
9568 result at the same time they call cancel. For this case,
9579 - testbound test for older fix added.
9582 - tag for release 1.2.1.
9583 - trunk setup for 1.3.0 development.
9596 - more cycle detection for NS-check, addr-check, root-prime and
9601 - bug #229: fixup configure checks for compilation with Solaris
9605 - update testset for recent retry change.
9608 - 1.2.1 feature: negative caching for failed queries.
9609 Queries that failed are cached for 5 seconds (NORR_TTL).
9611 - the TTL comparison for the cache used different comparisons,
9621 - find NS rrset more cleanly for qtype NS.
9622 - Moved changes to 1.2.0 for release. Thanks to Mark Zealey for
9633 - created svn tag for 1.2.0 release.
9635 - iana portlist updated for todays list.
9641 - remove possible race condition in the test for race conditions.
9653 - added test for HINFO canonicalisation behaviour.
9658 - HINFO no longer downcased for validation, making unbound compatible
9661 Give full path names for include files.
9666 - fixup getaddrinfo failure handling for remote control port.
9675 - ldns tarball updated with 1.4.1rc for DLV unit test.
9677 - fixup BSD port for infra host storage. It hashed wrongly.
9688 - follow makedist improvements from ldns, for maintainers prereleases.
9693 - better fix for bug #219: use LOG_NDELAY with openlog() call.
9706 - test for remote control with interprocess communication.
9713 - SElinux policy files in contrib/selinux for the unbound daemon,
9741 - rlimit check with new formula; better estimate for number interfaces
9758 - theoretical fix for problems reported on mailing list.
9760 resolution would fail. Fixed to ask for the A and AAAA records.
9761 It has to ask for both always, so that it can fail quietly, from
9763 - test for above, only AAAA and doip6 is no. Fix causes A record
9764 for nameserver to be fetched.
9765 - fixup address duplication on cache fillup for delegation points.
9766 - testset updated for new query answer requirements.
9771 - fixup unittest-neg for locking.
9775 - added configure check for ldns 1.4.0 (using its compat funcs).
9785 - unit test for negative cache, stress tests the refcounting.
9786 - fix for refcounting error that could cause fptr_wlist fatal exit
9788 Attila Nagy for testing).
9791 for extended statistics.
9797 - added configure check for eee build warning.
9815 - fixed file descriptor leak for localzone type deny (for TCP).
9816 - fixed memleak at exit for nsec3 negative cached zones.
9817 - fixed memleak for the keyword 'nodefault' when reading config.
9827 - fixup build process for Mac OSX linker, use ldns b32 compat funcs.
9830 - detect if libssl needs libdl. For static linking with libssl.
9831 - changed to use new algorithm identifiers for sha256/sha512
9837 - a little more debug info for failure on signer names. prints names.
9872 and if the TTL is big enough that solves validation for the zone.
9886 - better documentation for 0x20; remove fallback TODO, it is done.
9887 - harden-referral-path feature includes A, AAAA queries for glue,
9901 Mostly only useful for lock-check testing now.
9911 - fixup tests - the negative cache contained the correct NSEC3s for
9916 - NSEC3 negative cache for qtype DS works.
9919 - NSEC negative cache for DS.
9922 - jostle-timeout option, so you can config for slow links.
9925 - documented choices for DoS, EDNS, 0x20.
9937 - tests for sha256 support and downgrade resistance.
9942 The noprime feature. manpages more explanation. Added a test for it.
9943 - shorthand for reverse PTR, local-data-ptr: "1.2.3.4 www.ex.com"
9951 - tests for remote-control.
9953 - fixup for lock checking but not unchecking in remote control.
9973 - nicer abbreviations for high query types values (ixfr, axfr, any...)
9978 - locking for threadsafe bogus rrset counter.
9992 - working start, stop, reload commands for unbound-control.
9993 - test for unbound-control working; better exit value for control.
10015 - test for private addresses. man page entry.
10016 - code refactored for name and address tree lookups.
10019 - options for 'DNS Rebinding' protection: private-address and
10021 - dnstree for reuse of routines that help with domain, addr lookups.
10031 - disallow nonrecursive queries for cache snooping by default.
10034 - two tests for it and fixups of tests for nonrec refused.
10038 - harden-referral-path option for query for NS records.
10048 - daemon(3) is causing problems for people. Reverting the patch.
10057 - test for insecure zone when DLV is in use, also does negative cache.
10058 - test for trustanchor when DLV is in use (the anchor works).
10059 - test for DLV used for a zone below a trustanchor.
10060 - added scrub filter for overreaching NSEC records and unit test.
10073 - negative cache code linked into validator, for DLV use.
10074 negative cache works for DLV.
10076 - dlv-anchor option for unit tests.
10077 - fixup NSEC_AT_APEX classification for short typemaps.
10078 - ldns-testns has subdomain checks, for unit tests.
10087 - bug #208: extra rc.d unbound flexibility for freebsd/nanobsd.
10090 - DLV nsec code fixed for better detection of closest existing
10092 - DLV works, straight to the dlv repository, so not for production.
10096 - synthesize DLV messages from the rrset cache, like done for DS.
10134 - fix bug 201: null ptr deref on cleanup while udp pkts wait for port.
10135 - added explanatory text for outgoing-port-permit in manpage.
10138 - fixup bug qtype DS for unsigned zone and signed parent validation.
10160 - branch for 1.0 support.
10176 - fixup lookup of DS records by client with trustanchor for same.
10186 - fixup streamtcp bounds setting for udp mode, in the test framework.
10187 - contrib item for updating trust anchors.
10191 - Fix for newegg lameness : ok for qtype=A, but lame for others.
10192 - fixup unit test for infra cache, test lame merging.
10198 - streamtcp can use UDP mode (connected UDP socket), for testing IPv6
10217 - fixed up some TCP porting for winsock.
10219 - use WSAGetLastError() on windows instead of errno for some errors.
10223 fds for waiting on than unixes.
10224 - winsock_event minievent handler for windows. (you could also
10225 attempt to link with libevent/libev ports for windows).
10232 - if no threading, THREADS_DISABLED is defined for use in the code.
10234 - wsa_strerror() function for more readable errors.
10247 * first check for SOA record (negative answer) before NS record
10249 * check if no AA bit for non-forwarder, and thus lame zone.
10250 In response to error report by Richard Doty for mail.opusnet.com.
10292 - bug 184: -r option for unbound-host, read resolv.conf for
10293 forwarder. (Note that forwarder must support DNSSEC for validation
10298 - test for sys/wait.h
10317 - fix bug 174 - check for tcp_sigpipe that ldns-testns is installed.
10325 - fixup for MacOSX hosts file reading (reported by John Dickinson).
10330 - accepted patch from Ondrej Sury for library version libtool option.
10331 - configure --disable-rpath fixes up libtool for rpath trouble.
10336 - TODO modified for post 1.0 plans.
10344 - DESTDIR is honored by the Makefile for rpms.
10356 - parseunbound.pl contrib update from Kai Storbeck for threads.
10361 - unit test for SIGPIPE ignore.
10386 - got update for parseunbound.pl statistics script from Kai Storbeck.
10387 - tpkg tests for udp wait list.
10391 - and check first sig byte for the encoding type.
10395 - fixup threadsafety for libevent-1.4.3+ (event_base_get_method).
10397 - created 256-port ephemeral space for the OS, 59802 available.
10429 - implemented check that for NXDOMAIN and NOERROR answers a query
10441 - -C config feature for harvest program.
10445 - patch from Hugo Koji Kobayashi for iterator logs spelling.
10448 - From report by Jinmei Tatuya, rfc2181 trust value for remainder
10450 - test for this fix.
10470 - ldns-tarball update with fix for ldns_dname_label.
10475 - option to use caps for id randomness.
10476 - config file option use-caps-for-id: yes
10489 - +2% for recursions, if identical queries (except for destination
10491 - removed TODO items for optimizations that do not show up in
10494 not needed for regular installs, only for very large port ranges.
10495 - loop check different speedup pkt-dname-reading, 1% faster for
10497 - less hashing during msg parse, 4% for recursion.
10498 - small speed fix for dname_count_size_labels, +1 or +2% recursion.
10500 optimization resulted in +40% for recursion (cache miss) and
10501 +70 to +80 for cache hits, and +96% for version.bind.
10507 - delay utility for testing.
10516 - setup speec_cache for need-ldns-testns in dotests.
10522 - updated testdata for nsec3 new algorithm numbers (6, 7).
10532 +3% speed for cache responses and +9% for recursions.
10540 released for a callback and a new cancel() for that callback.
10543 for a cancelled function then no use of library functions in
10556 - streamlined code for RD flag setting.
10559 - minievent tests for eintr and eagain.
10563 - --prefix option for configure also changes directory: pidfile:
10565 - added cache speed test, for cache size OK and cache too small.
10590 - test program for multiple queries over a TCP channel.
10591 - tpkg test for stream tcp queries.
10602 to make room for new debug level 2 for detailed information
10603 for operators.
10605 - cleaner configure script and fixes for libevent solaris.
10606 - signedness for log output memory sizes in high verbosity.
10610 - fixup asynclook test for nothreading (it creates only one process
10619 - test for statistics option
10637 - fixup uninit use of buffer by libunbound (query id, flags) for
10641 - made openssl entropy warning more silent for library use. Needs
10643 - fixup forgotten locks for rbtree_searches on ctx->query tree.
10649 - close fds after removing commpoints only (for epoll, kqueue).
10652 - added tpkg for asynclook and library use.
10665 - fixed two races where forked bg process waits for (somehow shared?)
10667 Now those locks are only held for fg_threads and for bg_as_a_thread.
10674 - update plane for retry mode with caution to limit bandwidth.
10675 - fix Makefile for concurrent make of unbound-host.
10682 will share memory for passing results instead of writing it over
10687 - library code for async in libunbound/unbound.c.
10698 - touch up of manpage for libunbound.
10699 - support for IP_RECVDSTADDR (for *BSD ip4).
10700 - fix for BSD, do not use ip4to6 mapping, make two sockets, once
10704 - updated makedist for relative ldns pathnames.
10723 - interface-automatic feature. experimental. Nice for anycast.
10724 - tpkg test for ip6 ancillary data.
10726 - porting experience, define for Solaris, test refined for BSD
10728 - makedist fixup for ldns-src in build-dir.
10732 - configure --enable-debug is needed for dependency generation
10733 for assertions and for compiler warnings.
10740 - added text describing the use of stub zones for private zones.
10741 - checkconf tests for bad hostnames (IP address), and for doubled
10765 - document that 'refused' is a better choice than 'drop' for
10773 - respect -v for NXDOMAINs.
10775 - size_t to int for portability of the header file.
10777 - dependencies and lint for unbound-host.
10793 preparing for code-reuse.
10810 - fptr_wlist for markdelfunc.
10815 - changed checkconf/ to smallapp/ to make room for more support tools.
10821 - fix for building in a subdirectory.
10822 - link lib fix for Leopard.
10833 - Changeup plan for 0.8 - no complication needed, a simple solution
10834 has been chosen for authoritative features.
10838 - test for implicit zone creation and multiple RR RRsets local data.
10847 - fix for nonRDquery validation typing; nodata is detected when
10849 have a SOA record in authority, so this is OK for the validator),
10851 - duplicate checking when adding NSECs for a CNAME, and test.
10874 - test for correct working of static and transparent and couple
10877 - fixup implicit zone generation and AA bit for NXDOMAIN on localdata.
10883 - 0.8 - str2list config support for double string config options.
10887 - do not downcase NSEC and RRSIG for verification. Follows
10893 - 0.8: unit test for addr_mask and fixups for it.
10894 and unit test for addr_in_common().
10902 - created beta-0.7 branch for support.
10903 - tagged 0.7 for beta release.
10904 - moved trunk to 0.8 for 0.8(auth features) development.
10948 data for trust anchors. Included tests for the feature.
10967 - quieter logging at low verbosity level for common tcp messages.
10971 - fixup (grand-)parent problem for dnssec-lameness detection.
10972 - fixup tests to do additional section processing for lame replies,
10983 - added donotquerylocalhost config option. Can be turned off for
10988 See notes in requirements.txt for choices made.
10989 - tests for lameness detection.
10990 - added all to make test target; need unbound for fwd tests.
11014 - ldns-testpkts code is checked for differences between unbound
11016 - ldns trunk from today added in svn repo for fallback in case
11031 when resolving a mandatory-glue nameserver-address for that zone.
11033 the TLD server for this name. And this resolves a lot of cases where
11036 for thread safety. The random generator is initialised with
11056 - changed loopdetect % 8 with & 0x7 since % can become negative for
11068 And test for the case, uses xxd and nc.
11069 - more portable ip6 check for sockaddr types.
11072 - --disable-rpath option in configure for 64bit systems with
11076 - fixup tests for no AD bit in non-DO queries.
11083 - callback checks for event callbacks done from mini_event. Because
11099 - fix for multiple empty nonterminals, after multiple DSes in the
11105 - unit test for multiple ENT case.
11106 - fix for cname out of validated unsec zone.
11116 - test case for unbound-checkconf, fixed so it also checks the
11126 - tests for NSEC3. Fixup bitmap checks for NSEC3.
11129 - tests for NSEC3 that wrong use of OPTOUT is bad. For insecure
11130 delegation, for abuse of child zone apex nsec3.
11138 - signit can generate NSEC3 hashes, for generating tests.
11147 - added test for infinite loop case in nonRD answer validation.
11154 - fixup and test for NSEC wildcard with empty nonterminals.
11155 - makedist.sh fixup for svn info.
11158 - compat with ANS nxdomain for empty nonterminals. Attempts the nodata
11161 - plans for static and blacklist config.
11165 - plan for overload support in 0.6.
11166 - added testbound tests for a failed resolution from the logs
11167 and for failed prime when missing glue.
11174 - validator prints subtype classification for debug.
11182 - nsec3 support for cname chain ending in noerror or nodata.
11192 - fixup of manual page warnings, like for NSD bugreport.
11198 - please compiler on different platforms, for unreachable code.
11212 and *.name NSECs can prove nodata for empty nonterminals.
11213 Also, for wildcard name NSECs, check they are not from the parent
11214 zone (for wildcarded zone cuts), and check absence of CNAME bit,
11215 for a nodata proof.
11216 - configure option for memory allocation debugging.
11217 - port configure option for memory allocation to solaris10.
11221 callbacks for the same query from the same server.
11223 - fixup for referral cleanup of the additional section.
11224 - tests for cname, referral validation.
11227 - find correct signer name for DNAME responses.
11231 - test for a CNAME to a DNAME to a CNAME to an answer, all from
11232 different domains, for key fetching and signature checking of
11241 - account memory for name of lame zones, so that memory leakages does
11243 - config setting for lameness cache expressed in bytes, instead of
11259 - memory accounting for key cache (trust anchors and temporary cache).
11260 - memory accounting fixup for outside network tcp pending waits.
11261 - memory accounting fixup for outside network tcp callbacks.
11262 - memory accounting for iterator fixed storage.
11267 - test tool to sign rrsets for testing validator with.
11270 Only a trust-anchor needs to be configured for DNSSEC to work.
11271 - do not convert to DER for DSA signature verification.
11272 - validator replay test file, for a DS to DNSKEY DSA key prime and
11276 - removed double use for udp buffers, that could fail,
11284 - permissive mode feature, sets AD bit for secure, but bogus does
11287 for the same rrset. canonical rrset image in buffer is reused for
11291 - faster verification for large sigsets.
11293 algorithm for validation. Key prime failures are reported as
11301 - do not store referral in msg cache for nonRD queries.
11318 - increased default infrastructure cache size. It is important for
11320 size). To 10000 entries (for 2M entries, 4M cache size).
11325 new classification, and find signer can find for it.
11326 removal of unsigned crap from additional, and query restart for
11329 But you can query for qtype ANY, or qtype DNAME and validate that.
11343 - manual page entry for override-date.
11354 - val_nsec.c for validator NSEC proofs.
11355 - unit test for NSEC bitmap reading.
11365 - fixed iterator response type classification for queries of type
11374 - unit test for rrsig verification.
11381 - outbound entries are allocated in the query region they are for.
11382 - extensive debugging for memory allocations.
11388 - mark cycle targets for iterator did not have CD flag so failed
11400 for memory debugging.
11409 - validator override option for date check testing.
11419 - security status is copied when rdata is equal for rrsets.
11423 - val_sigcrypt file for validator signature checks.
11426 - key cache for validator.
11439 - configure change for latest libevent trunk version (needs -lrt).
11450 - module work for module to module interconnections.
11462 unbound is kept waiting by ldns-testns for 3 seconds, failed
11463 because the retry timeout for default by unbound is 3 seconds too,
11465 is kept waiting for 2 seconds instead.
11474 - cycle detection, for query state dependencies. Will attempt to
11476 - unit test for AXFR, IXFR response.
11477 - test for cycle detection.
11481 - test for version.bind and friends.
11482 - test for iterator chaining through several referrals.
11483 - test and fixup for refetch for glue. Refetch fails if glue
11488 - Addr stored for range and moment in replay.
11495 and that the potentially spoofed data is used for infrastructure
11498 Much like asking for DS at the parent side.
11522 - change untrusted rrset test to account for scrubber that is now
11529 - found and fixed a memory leak. For TTL=0 messages, that would
11533 This means that unbound tried the host for retries up to 120 secs.
11536 - utility for keeping histogram.
11541 QueryTargets state and Finished state are merged for iterator.
11547 - error encode routine for ease.
11558 - fixup crash in case no ports for the family exist.
11564 - fixup query release for cached results to sub targets.
11565 - neater error for tcp connection failure, shows addr in verbose.
11582 - uncapped timeout for server selection, so that very fast or slow
11585 - fixup queries answered without RD bit (for root prime results).
11594 - fixup last fix for duplicate callbacks.
11603 the subqueries (for other targets). These are put on the slumber
11606 stopped, with an error, and it is still waiting for other ones.
11614 - debug option: configure --enable-static-exe for compile where
11625 - Updated doxygen config for doxygen 1.5.
11627 - doxygen 1.5 fixes for comments (for the strict check on docs).
11631 for serviced queries, because the initiator does not know that
11634 if qtype directly queries for the type (and then only show that
11640 - fixup error in double linked list insertion for subqueries and
11641 for outbound list of serviced queries for iterator module.
11646 - fixup rrset TTL for prepended CNAMEs.
11647 - process better check for looping modules, and which submodule to
11649 - subreq insertion code fixup for slumber list.
11661 - worker slumber list for ongoing promiscuous queries.
11667 - more small bugs, in scrubber, query compare no ID for lookup,
11668 in dname validation for NS targets.
11669 - sets entry.key for new special allocs.
11680 - some memcmp changed to dname_compare for case preservation.
11698 - removed FLAG_CD from message and rrset caches. This was useful for
11699 an agnostic forwarder, but not for a sophisticated (trust value per
11715 - 'qnamesize' changed to 'qname_len' for similar naming scheme.
11722 members. They are still kept in network format for fast msg encode.
11728 - small changes to prepare for subqueries.
11735 - outside network does precise timers for roundtrip estimates for rtt
11736 and for setting timeout for UDP. Pending_udp takes milliseconds.
11742 - outbound query list for modules and support to callback with the
11744 - testbound support for new serviced queries.
11745 - test for retry to TCP cannot use testbound any longer.
11746 - testns test for EDNS fallback, test for TCP fallback already exists.
11747 - fixes for no-locking compile.
11748 - mini_event timer precision and fix for change in timeouts during
11749 timeout callback. Fix for fwd_three tests, performed nonexit query.
11759 - services/cache/rrset.c for rrset cache code.
11762 - config settings for infra cache.
11767 - unit test for host cache.
11788 - tpkg test for retry in TCP mode, against ldns-testns server.
11795 - outgoing network keeps list of available tcp buffers for outgoing
11798 - outgoing network keeps waiting list of queries waiting for buffer.
11804 - EDNS BADVERS response, if asked for too high edns version.
11810 - config settings for rrset cache size and slabs.
11815 - thread keeps a scratchpad region for handling messages.
11818 - test for one rrset updated in the cache.
11819 - test for one rrset which is not updated, as it is not deemed
11821 - test for TTL refreshed in rrset.
11836 But only for answers from other servers, not for plain queries.
11844 - removed iov usage, it is not good for dns message encoding.
11853 - define for offset range that can be compressed to.
11857 - datatype used for hashvalue of converted rrsig structure.
11861 - ttl per RR, for RRSIG rrsets and others.
11881 - uses less iov space for header.
11891 - util/data/msgparse.c for message parsing code.
11894 * did & of ptr on stack for memory position calculation.
11903 memory size to allocate for rrs.
11917 - Improved alignment of reply_info packet, nice for 32 and 64 bit.
11923 - doxygen documentation for region-allocator.
11924 - setup for parse scratch data.
11932 - layout of memory for rrsets.
11939 - constants for DNS flags.
11943 - casts for printf warning portability.
11960 for easier access (and no repeated byteswapping).
11962 - configure detects and config.h includes sys/uio.h for writev decl.
11966 - added tpkg test for answering three queries at the same time
11970 - added test for cache and not cached answers, in testbound replays.
11979 - config settings for slab hash message cache.
11980 - test for cached answer.
11987 - sanity check for incoming query replies.
12001 - fixup accounting of sizes for removing items from hashtable.
12002 - unit test for hash table, single threaded test of integrity.
12011 - unit tests for hash internal bin, lru functions.
12015 - util/storage/lruhash.h for LRU hash table structure.
12027 - unit test for alloc.
12028 - identifier for union in checklocks to please older compilers.
12036 checking for data race and deadlock, and basic performance
12064 - Also randomize the outgoing port range for tests.
12065 - If query list is full, will stop selecting listening ports for read.
12077 - don't open pipes for #0, doesn't need it.
12084 - Ports for queries are shared.
12107 - added acx_pthread.m4 autoconf check for pthreads from
12124 - malloc rndstate, so that it is aligned for access.
12137 - port to OSX: cast to int for some prints of sizet.
12166 - LIBEVENT option for testbed to set libevent directory.
12175 - defined constants for netevent callback error code.
12176 - unit test for strisip6.
12179 - Created udp4 and udp6 port arrays to provide service for both
12181 - uses IPV6_USE_MIN_MTU for udp6 ,IPV6_V6ONLY to make ip6 sockets.
12195 - Added UDP recv to netevent, worker callback for udp.
12197 - minimal query header sanity checking for worker.
12202 - links in example/ldns-testpkts.c and .h for premade packet support.
12230 - configure searches for libevent.
12231 - search for libs at end of configure (when other headers and types
12237 - Designed header file for network communication.
12257 - 01-doc: doxygen doc target added for html docs. And stringent test