Unbound 1.3.0

Features

• Major features are Windows port, and Python contribution. Previous releases accidentally enabled experimental rsasha256 algorithms, fixed, see below. There are minor features and bug fixes too.
• initgroups(3) is called to drop secondary group permissions, if this OS functionality is available.
• daemon(3) posix call is used when available
• configure option --with-ldns-builtin forces the use of the inluded ldns package with the unbound source. The -I include is put before the others, so it avoids bad include files from an older ldns install.
• --enable-sha2 option for rsasha256 and rsasha512 support (experimental because it is still in working group draft stage). Default is off. Previous releases accidentally enabled this feature when lib openssl supported SHA256. It then used algorithms 8, 9 for RSASHA256 and 10, 11 for RSASHA512 (using four numbers as was according to the draft spec at that time). The earlier versions support NSEC and NSEC3 for all these algorithm numbers. People with these earlier versions may also have earlier openssl versions (0.9.7), and therefore the experimental feature is disabled. As long as these signing algorithm code points are not allocated, there is no problem. You are advised to upgrade to the current version to avoid surprises.
• new option log-time-ascii: yes if you enable it prints timestamps in the log file as Feb 06 13:45:26 (like syslog does).
• verbosity level 5 logs customer IP for new requestlist entries.
• contrib contains specfile for fedora 1.2.1 (from Paul Wouters).
• call setusercontext() if available (on BSD)
• Added stats_noreset feature for unbound-control.
• Added flush_requestlist feature for unbound-control.
• unbound-control status shows if root forwarding is in use.
• Added forward command for unbound control to change forwarders to use on the fly.
• unbound-checkconf and unbound server print warnings when trust anchors have unsupported algorithms.
• Added contrib/update-itar.sh This script is similar to update-anchor.sh, and updates from the IANA ITAR repository. You can provide your own PGP key and trust repo, or can use the builtin. The program uses wget and gpg to work.
• Support spaces and backslashes in configure default paths
• register and deregister util programs for unbound.exe into the windows service control manager. Works on XP and with Vista UAC.
• unbound can work as a service on windows, for the registry settings and default program location and so on, see the windows manual.
• installer for unbound on windows. uninstalls too. Menu entries optional. Can install DLV anchor with updater application (anchor-update.exe, works a bit like update-anchor.sh) to enable DNSSEC easily. Uses the NSIS open source installer system.
• Added contrib/unbound_cacti for statistics support in cacti, contributed by Dmitriy Demidov.
• domain-insecure: "example.com" statement added. Sets domain insecure regardless of chain of trust DSs or DLVs. The inverse of a trust-anchor.
• use _beginthreadex() when available (performs stack alignment on mingw)
• added launchd plist example file for MacOSX to contrib.
• reworked configure scripts to be neater.
• python contribution from Zdenek Vasicek and Marek Vavrusa. (Sponsored by cz.nic for 'summer of code' development). This contains support to use libunbound from python code. And support to create unbound modules written in python that perform custom processing of queries. The code is disabled by default and needs to be enabled by passing options to configure. Installs the following files: /usr/lib/python2.x/site-packages/ unboundmodule.py unbound.py and _unbound.so*. The script examples are not installed. Sphinx docs can be built with make doc (if sphinx-build is available).
• new libunbound calls to manage local data more easily
• read /dev/random before chroot
• suppress errors when trying to contact authority servers that gave ipv6 AAAA records for their nameservers with ipv4 mapped contents. Still tries to do so, higher verbosity shows the error.
• clock skew checks in unbound, config statements.
• Added cache-min-ttl option.
• [bugzilla: 226 ]
  Added dump_requestlist feature for unbound-control.
• [bugzilla: 227 ]
  Added flush_stats feature for unbound-control.
• [bugzilla: 231 ]
  Added unbound-checkconf -o option, that prints that value from config file. Useful for scripting in management scripts and the like.

Bug Fixes

• fix for threadsafety in solaris thr_key_create() in tests.
• fixes for porting the python code to BSD and Darwin
• fix for openssl-1.0.0beta, use of STRING #define, libdl linking.
• Fix reentrant in minievent handler for unix. Could have resulted in spurious event callbacks.
• [bugzilla: 245 ]
  fix munin plugin, perform cleanup of stale lockfiles.
• Fix for removal of RSASHA256_NSEC3 protonumber from ldns. Also new rsasha512 (interim) algorithm number.
• Detect FreeBSD jail without ipv6 addresses assigned.
• Fixed a bug that caused messages to be stored in the cache too long. Hard to trigger, but NXDOMAINs for nameservers or CNAME targets have been more vulnerable to the TTL miscalculation bug.
• fixed bug in unbound-control flush_zone where it would not flush every message in the target domain. This especially impacted NXDOMAIN messages which could remain in the cache regardless.
• Fixup so no non-absolute rpaths are added.
• Fixup validation of RRSIG queries, they are let through.
• fix util/configlexer.c and solaris -std=c99 flag.
• deprecation test for daemon(3) (on MacOSX).
• [bugzilla: 239 ]
  module-config entries order is important. Documented.
• Fix for and test for unknown algorithms in a trust anchor definition. Trust anchors with no supported algos are ignored. This means a (higher)DS or DLV entry for them could succeed, and otherwise they are treated as insecure.
• Added tests, unknown algorithms become insecure. fallback works.
• fixed so queries do not fail on opportunistic target queries.
• munin plugin fix benign locking error printout.
• fixup --export-symbols to be -export-symbls for libtool. This should fix extraneous symbols exported from libunbound. Thanks to Ondrej Sury and Robert Edmonds for finding it.
• document FAQ entry on stub/forward zones and default blocking.
• Remove fwrite warning on Ubuntu
• Added more cycle detection. Also for target queries.
• Fixup bug where during deletion of the mesh queries the callbacks that were reentrant caused assertion failures. Keep the mesh in a reentrant safe state. Affected libunbound, reload of server, on quit and flush_requestlist.
• documented that unbound-host reads no config file by default.
• slightly nicer memory management in iter-fwd code.
• small refactor of stats clearing.
• fixup EOL in include directive (reported by Paul Wouters).
• config parser changed. Gives some syntax errors closer to where they occurred. Does not enforce a space after keyword anymore. Does not allow literal newlines inside quoted strings anymore.
• detect event_base_new() in libevent-1.4.1 and later and use it.
• MacOSX Leopard cleaner text output from configure.
• change in libunbound API: ub_cancel can return an error, that the async_id did not exist, or that it was already delivered. The result could have been delivered just before the cancel routine managed to acquire the lock, so a caller may get the result at the same time they call cancel. For this case, ub_cancel tries to return an error code. Fixes race condition in use of ub_cancel() libunbound function.
• Fixup assertion failure (thanks to Brett Carr).
• Fix detection of no ipv6 on XP (with different error code).
• Fixup a crash-on-exit which was triggered by a very long queue.
• Fixed bug that could cause a crash if root prime failed when there were message backlogs.
• fixup documentation-bug in README reported by Matthew Dempsky.
• Fixup bad free() when wrongly encoded DSA signature is seen. Reported by Paul Wouters.
• updated ldns tarball to latest
• updated iana portlist

Unbound 1.2.1

Features

• negative caching for failed queries. Queries that failed (because the entire domain is down) are cached for a very short time (seconds), this lowers the load generated by the failed queries. If the failure is local, like out of memory, it is not cached.
• stop resolving AAAAs promiscuously when they are in the negative cache, together with the negative caching feature (just above) this dampens the spikiness of the requestlist size.
• unbound-host -4 and -6 options. Stops annoying ipv6 errors when debugging with unbound-host -4 -d ...
• honor QUIET=no on make commandline (or QUIET=yes ).

Bug Fixes

• Fixed server deadlock. Added cycle detection for NS-check, addr-check, root-prime and stub-prime queries in the iterator.
• [bugzilla: 229 ]
  fixup configure checks for compilation with Solaris sun studio cc compiler, ./configure CC=/opt/SUNWspro/bin/cc
• fixup warnings emitted by sun studio compiler.
• the TTL comparison for the cache used different comparisons, causing many cache responses that used the iterator and validator state machines unnecessarily. Fixed.
• Fixed occasional SERVFAIL response when EDNS traffic is dropped for a domain. Set retry from 4 to 5 so that EDNS drop retry is part of the first query resolve attempt, and cached error does not stop EDNS fallback.
• removed debug prints in code that protects against bad referrals.
• fix bug where unbound could crash using libevent 1.3 and older.
• more quiet about ipv6 network failures, i.e. when ipv6 is not available (network unreachable). Debug still printed on high verbosity.
• printout more detailed errors on ssl certificate loading failures.
• builtin IANA allocated portlist updated (these ports are avoided).

Unbound 1.2.0

Features

• Wildcard support for trusted-keys-file: "/etc/keys/*.key"
• unbound-control status command.
• extended statistics has a number of ipv6 queries counter. contrib/unbound_munin_ was updated to draw ipv6 in the hits graph.
• SElinux policy files in contrib/selinux for the unbound daemon, by Paul Wouters and Adam Tkac.

Bug Fixes

• The long standing bug with libevent use is fixed. It turns out to be a race condition in the calls to libevent. The builtin mini-event did not have a problem being called like this, but libevent and libev usage is now fixed. Libevent 1.1 is reported to still give problems, but 1.4.5 and 1.4.8 seem fine.
• Certain packets could cause an assertion failure. Resulting in a denial-of-service vector if the server was compiled with --enable-debug (assertions enabled). This is fixed.
• fixed bug reported by Duane Wessels: error in DLV lookup, would make some zones that had correct DLV keys as insecure.
• [bugzilla: 228 ]
  fix lame marking. security fix that resolves denial of service that could be triggered by an unusual configuration. Thanks to Mark Zealey for reporting.
• [bugzilla: 224 ]
  no more race condition in makefile during built with high -j inside included libldns version.
• iana portlist updated to most recent, avoids allocated ports.
• L root server AAAA record added to builtin root hints.
• removed possible race condition in unit test for race conditions.
• fixup reported problem with transparent local-zone data where queries with different type could get nxdomain. Now queries with a different name get resolved normally, with different type get a correct NOERROR/NODATA answer.
• HINFO no longer downcased for validation, making unbound compatible with bind and ldns.
• fix reading included config files when chrooted. Give full path names for include files. Relative path names work if the start dir equals the working dir.
• fix libunbound message transport when no packet buffer is available.
• fixup getaddrinfo failure handling for remote control port.
• fixup so it works with libev-3.51 from http://dist.schmorp.de/libev/
• ldns tarball updated with 1.4.1rc for DLV unit test.
• fixup BSD port for infra host storage. It hashed wrongly.
• follow ldns rc makedist name generation.
• snapshot version uses _ not - to help rpm distinguish the version number.
• do not reopen syslog to avoid dev/log dependency. This makes chroot environments easier.
• [bugzilla: 219 ]
  better fix for bug #219: use LOG_NDELAY with openlog() call. Thanks to Tamas Tevesz.
• [bugzilla: 221 ]
  fixed: unbound checkconf checks if key files exist if remote control is enabled. Also fixed NULL printf when not chrooted.
• Fix problem reported by Jaco Engelbrecht where unbound-control stats freezes up unbound if this was compiled without threading, and was using multiple processes.
• test for remote control with interprocess communication.
• created command distribution mechanism so that remote control commands other than 'stats' work on all processes in a nonthreaded compiled version. dump/load cache work, on the first process.
• fixup remote control local_data addition memory corruption bug.
• [bugzilla: 220 ]
  configure complains when --without-ssl is given, fixed.
• blacklisted servers are polled at a low rate (1%) to see if they come back up. But not if there is some other working server.
• documented that the user of the server daemon needs read privileges on the keys and certificates generated by unbound-control-setup. This is different per system or distribution, usually, running the script under the same username as the server uses suffices. i.e. sudo -u unbound unbound-control-setup
• unbound-control-setup.sh removes read/write permissions other from the keys it creates (as suggested by Dmitriy Demidov).
• fixed tcp accept, errors were printed when they should not.
• fixup fatal error due to faulty error checking after tcp accept.
• add check in rlimit code to avoid integer underflow.
• rlimit check with new formula; better estimate for number interfaces.

Unbound 1.1.1

Bug Fixes

• [bugzilla: 219 ]
  Fixed syslog with chroot, glibc syslog opens only on demand so a log line has to be printed before chroot.
• fixup fatal error due to faulty error checking after tcp accept.
• rlimit check on startup integer underflow fixup, also makes a more accurate estimate

Unbound 1.1.0

Features

• DLV support
• contrib update-anchor.sh neatly updates keys for DLV or root or others and only restarts the nameserver when keys have changed. exits 0 when a restart is needed, other values if not. So, update-anchor.sh -d mydir && /etc/rc.d/unbound restart can restart unbound exactly when needed. Use -b for BIND mode.
• Negative caching for NSEC, NSEC3 for DLV lookups, as well as for securely insecure delegations.
• Filter out overreaching NSEC records
• dev/log(syslog) opened before chroot
• use setresuid/setresgid, more secure.
• logfile message classification as notice, info, debug.
• harden-referral-path option implements draft-wijngaards-dnsext-resolver-side-mitigation-00, protects against many Kaminsky variations. Default is off, because of added load it generates, and experimental status.
• disallow nonrecursive queries for cache snooping by default. You can allow it using access-control: subnet allow_snoop. The defaults do allow access to authoritative data without RD bit.
• DoS resistance implementation. Half of queries run-to-completion. Other half are a lifo where old entries are overwritten if 200 msec old.
• Block DNS rebinding attacks. This disallows domains from the public internet from pretending to have internet addresses in your own netblock. Use the private-address and private-domain statements (see unbound.conf(5) man page for details). We may consider turning this on by default for rfc1918 (local subnet) addresses.
• remote control feature, unbound-control. Remotely (using SSL) stop, change redirections, flush cache, load cache, store cache, or get statistics
• extended statistics (off by default). Put Howto documentation on website.
• munin example plugin to draw statistics added to contrib
• hosts that drop EDNS packets are detected, eventually.
• fixed recursion servers deployed as authoritative detection, so that as a last resort, a +RD query is sent there to get the correct answer.
• RSASHA256 and RSASHA512 support, using experimental protocol numbers from draft.
• stubs work much more intuitively, but can be configure for old and new behaviour with new option stub-prime. This makes stubs on localhost on a different port number work.
• dns-0x20 fallback code implemented
• IPv4 and IPv6 PTR shorthand local-data-ptr: "1.2.3.4 www.ex.com"
• code refactored for domain, address tree lookups.
• unbound-control-setup.sh script to set up (selfsigned) certificates.
• spoof nearmiss indicator, when extended statistics are enabled, unbound-control stats prints out unwanted_replies count.
• if server selection is faced with only bad choices, it will attempt to get more options to be fetched.
• changed bogus-ttl default value from 900 to 60 seconds. In anticipation that operator caused failures are more likely than actual attacks at this time. And thus repeated validation helps the operators get the problem fixed sooner. It makes validation failures go away sooner (60 seconds after the zone is fixed). Also it is likely to try different nameserver targets every minute, so that if a zone is bad on one server but not another, it is likely to pick up the 'correct' one after a couple minutes, and if the TTL is big enough that solves validation for the zone.
• do not query bogus nameservers. It is as-if nameservers that have the NS or A or AAAA record bogus are listed as donotquery.
• CFLAGS are picked up by configure from the environment.
• silenced EHOSTDOWN, verbosity 2 and higher show it.
• configure check for ldns version 1.4.0 or later
• Fix for problem reported on mailing list, If a delegation point has no A but only AAAA and do-ip6 is no, resolution would fail. Fixed to ask for the A and AAAA records. It has to ask for both always, so that it can fail quietly, from TLD perspective, when a zone is only reachable on one transport.

Bug Fixes

• Fixed rrset security updated overwriting rfc2181 trust status. This makes validated to be insecure data just as worthless as nonvalidated data, and 2181 rules prevent cache overwrites to them.
• [bugzilla: 217 ]
  Fixed setreuid on MacOSX 10.4
• Fixed so make realclean works better, by Rober Edmonds
• [bugzilla: 208 ]
  extra rc.d unbound flexibility for freebsd/nanobsd.
• [bugzilla: 203 ]
  nicer do-auto log message when user sets incompatible options. DLV implemented.
• [bugzilla: 204 ]
  variable name ameliorated in log.c.
• [bugzilla: 206 ]
  in iana_update, no egrep, but awk use.
• [bugzilla: 199 ]
  fixed, pidfile can be outside chroot. openlog is done before chroot and drop permissions. logfile is created with correct permissions again. Some errors are not written to logfile (pidfile writing, forking), and these are only visible by using the -d commandline flag.
• Fix update-anchor.sh to work both in BSD shell and bash.
• Fix so unsigned additionals are not marked bogus, they are left unchecked, since signatures may have fallen off due to message size. Unchecked items are removed from the additional just like bogus is for that message. Defers validation for those rrsets.
• Fix assertion fail on bogus key handling
• Fix so dnssec lameness detection works on first query at trust apex.
• Fix compilation without pthreads on linux.
• builtin iana assigned portlist updated
• ldns snapshot inside source tarball updated to 1.4.0
• Fix NSEC_AT_APEX classification for short typemaps.
• Fix nonblocking and timeouts on TCP sockets
• Fix for multiple simultaneous timeout back offs. Could cause trouble for forwarders
• Fix SHA256 DS downgrade, no longer possible to downgrade to SHA1.
• Fix negative TTL values appearing (reported by Attila Nagy)
• detect if libssl needs libdl. For static linking with libssl.
• Fix build process for Mac OSX linker
• Fix possible memory leak in key_entry_key deletion. Would leak a couple bytes when trust anchors were replaced.
• DNAMEs used from cache have their synthesized CNAMEs initialized properly.
• Fix file descriptor leak for localzone type deny (for TCP).
• Fix memleak for the keyword 'nodefault' when reading config. Would leak bytes per reload command received.
• Fix listen to closed fd, would log a message with "bad file descriptor"

Unbound 1.0.2

Features

• Stricter filtering of messages. This means that CNAMEs and DNAMEs are handled with more paranoia, as well as the removal of more irrelevant rrsets. More discussion at patch 1.0.2 announcement.

Bug Fixes

• Fixup qtype DS validation code
• [bugzilla: 198 ]
  Fix for nicer entropy warning message, OS hints in manpage.
• [bugzilla: 201 ]
  Fix segfault on exit cleanup of the app if packets were still waiting for udp port numbers.

Unbound 1.0.1

Features

• This version features bugfixes to compile on various distributions, some options necessary to assist packaging and distribution of unbound, a couple of fixes for looking up corner cases (badly operated domains), and a cleanup of code for config file reading.
• contrib unbound.spec from Patrick Vande Walle
• mingw port with basic functionality on Windows XP and Windows Vista (single threaded, UDP, TCP, IPv4, IPv6, validation)
• Added IPv6 example prefix to AS112 default blocklist

Bug Fixes

• fixup fedora 9 compilation (in6_pktinfo definition)
• CREDITS fixup of history
• ldns-1.2.2 is ignored if installed, and builtin 1.3.0 ldns used
• lex input and unput functions not generated (compile warnings)
• update of ldns tarball to latest ldns svn.
• update of avoided ports to latest IANA allocated portlist
• fixed up statements of the form local-zone: "30.172.in-addr.arpa." nodefault, so that the trailing dot is not required.
• reported by Robert Edmonds (akamai zones), fixed so that if multiple CNAME records for a name are returned, the first is used.
• reported by Richard Doty for mail.opusnet.com, check lameness more cautiously, first check SOA record, before looking at NS record, then, additionally, check the AA bit.
• reported for newegg.com, more detailed lameness checking to distinguish AAAA lameness from qtype A lameness.
• fixup compiling on eeepc xandros linux
• fixup memory leak in root hints file reading
• fixup validation for qtype DS queries with trust anchor for the same name
• libunbound ub_resolve, fix handling of error condition during setup.
• lowered log_hex blocksize to fit through BSD syslog linesize.
• [bugzilla: 174 ]
  make test checks for ldns-testns requirement of tcp_sigpipe test
• [bugzilla: 175 ]
  call tzset before chroot to have correct timestamps in system log
• [bugzilla: 177 ]
  fixed compilation failure on opensuse, the --disable-static configure flag caused problems. Patch from Klaus Singvogel
• [bugzilla: 178 ]
  fixed unportable shell usage in configure (relied on bash)
• [bugzilla: 179 ]
  same fix as 177.
• [bugzilla: 180 ]
  fixed buffer overflow in unbound-checkconf use of strncat
• [bugzilla: 181 ]
  fixed buffer overflow in ldns (called by unbound to parse config file parts)
• [bugzilla: 183 ]
  pidfile, rundir, and chroot configure options. Also the example.conf and manual pages get the configured defaults. You can use: (or accept the defaults to /usr/local/etc/unbound/) --with-conf-file=filename --with-pidfile=filename --with-run-dir=path --with-chroot-dir=path
• [bugzilla: 184 ]
  -r option for unbound-host, read resolv.conf.
• [bugzilla: 185 ]
  --disable-shared not passed along to ldns included with unbound. Fixed so that configure parameters are passed to the subdir configure script. Fixed that ./libtool is used always, you can still override manually with ./configure libtool=mylibtool or set $libtool in the environment.

Unbound 1.0.0

Features

• This code is the public release
• Honors $DESTDIR during make install and make uninstall, useful for rpm and deb packaging.
• contrib .spec file to build RPMs with
• iana port list updated
• added IPv6 addresses for builtin root hints

Bug Fixes

• Fixup no-IPv4 problem in error callback
• No linking with -lrt if not needed
• library version now has proper version-info (Thanks Ondrej Sury)
• configure --disable-rpath performs libtool fixup
• MacOSX 10.5 /etc/hosts lines ending in %lo0 are skipped (Thanks John Dickinson)

Unbound 0.11

Features

• This code is public beta and ready for deployment.
• Default file locations changed to /usr/local/etc/unbound
• RTT banding (draft-forgery-resilience)
• query name checks (draft-forgery-resilience)
• random ports improved (draft-forgery-resilience)
• AD bit signaling (AD bit in query requests AD bit in reply)
• unbound tries to set ulimit(fds) if it needs to
• stats to rrdtool script in contrib (Thanks Kai Storbeck)
• FEATURES document

Bug Fixes

• Fixed so works with libevent-1.4.3+
• iterator logs spelling fixed (Thanks Koji Kobayashi)
• RFC2181 compliance improved (Thanks Jinmei Tatuya)
• DSA EVP signature decoding fixed
• chroot functionality better documented and checked (Thanks Randy Bush)
• ignore SIGPIPE from dns clients (Thanks Kai Storbeck)

Unbound 0.10

Features

• This code is public beta and ready for deployment.
• updated ldns-tarball inside source from trunk for latest NSEC3 type codes
• installation to /usr/local/sbin by default now, like other servers do
• libunbound returns the full answer packet (with signatures, additional data, NSECs ...)
• option 'use-caps-for-id: yesno', experimental implementation of draft-dns-0x20.
• default configure uses builtin event mechanism, since it is faster and usually good enough. Use libevent when you use huge outgoing port ranges.
• Various optimisations
• make test shows an indication of cache speed
• unbound-host patch (from Jan-Piet Mens) to read config file
• added contrib/ dir with an /etc/rc.d script for FreeBSD

Bug Fixes

• --prefix option for configure also changes directory: pidfile: and chroot: defaults in config file.
• fixed so you can start without a config file (will complain, but start with defaults).
• fixed read of empty lines in /etc/hosts by libunbound
• fix to install all manual pages (unbound-host and libunbound pages too)
• fixed memory leaks in libunbound (during cancellation and ub_wait).

Unbound 0.9

Features

• This code is beta and not recommended for operational deployment.
• Remade verbosity levels, new level 2.
• can answer multiple queries over one TCP stream.
• library libunbound offers a validating stub implementation.
• unbound-host uses library to validate and lookup like host
• statistics-interval: seconds option added.
• interface-automatic: option added. Experimental, uses socket options to guarantee correct source address on UDP replies. Useful for multihomed hosts.
• Memory sizes in config can be given with k, m, or g
• Prints approximation of the median from histogram
• unbound-checkconf checks for local-net misconfigurations

Bug Fixes

• Fixed roothints and keyfiles access from chrooted daemon.
• Random generator uses less entropy.

Unbound 0.8

Features

• Local zone data - serve authoritative data
• Access control list - ips that have recursion allowed
• by default blocks AS 112 (reverse local net) queries
• This code is pre-beta and not recommended for operational deployment.
• per rfc2308, replaced default max-ttl value with 1 day.

Bug Fixes

• Validation works now for non RD queries
• duplicate checking for NSECs and NSEC3s after CNAMEs
• do not downcase NSEC and RRSIG for verification. Follows draft-ietf-dnsext-dnssec-bis-updates-06.txt.

Unbound 0.7.2

Features

• bugfixes for closed beta test version, not recommended for widespread deployment

Bug Fixes

• Fixup building the source from another directory.
• Fixup failure on start due to lack of entropy.

Unbound 0.7.1

Features

• bugfixes for closed beta test version, not recommended for widespread deployment

Bug Fixes

• Fixes in make test to kill daemons more thoroughly after test
• NSEC/RRSIG not downcased, from dnssec-bis-updates draft-06
• libevent not found error nicer
• README discusses GNU make needs

Unbound 0.7

Features

• closed beta test version, not recommended for widespread deployment
• support branch for closed beta participants

Unbound 0.6

Features

• Operational features.
• Secured by default (chroot).
• Memory leaks gone, lameness detection, corner cases and various fixes
• config file checker unbound-checkconf
• root hints file supported
• ldns library tarball included in source package for ease of installation
• This code is pre-beta and not recommended for operational deployment.

Unbound 0.5

Features

• Validation.
• Fixes to recursive iterator code.
• This code is pre-beta and not recommended for operational deployment.

Unbound 0.4

Features

• Caching resolver.
• This code is pre-beta and not recommended for operational deployment.

Unbound 0.3

Features

• Forwarder with RRset cache.
• This code is pre-beta and not recommended for operational deployment.

Unbound 0.2

Features

• Basic caching forwarder
• This code is pre-beta and not recommended for operational deployment.

Unbound 0.1

Features

• Threaded non-caching forwarder.
• This code is pre-beta and not recommended for operational deployment.

Unbound 0.0

Features

• Build environment, configure, make and a non-caching DNS forwarder.
• This code is pre-beta and not recommended for operational deployment.