dns/unbound: Update to 1.13.2


dns/unbound: Update to 1.13.2

Added a new option DEP-RSA1024 to enable --with-deprecate-rsa-1024


  • Merge PR #317: ZONEMD Zone Verification, with RFC 8976 support. ZONEMD records are checked for zones loaded as auth-zone, with DNSSEC if available. There is an added option zonemd-permissive-mode that makes it log but not fail wrong zones. With zonemd-reject-absence for an auth-zone the presence of a zonemd can be mandated for specific zones.
  • Fix: Resolve interface names on control-interface too.
  • Merge #470 from edevil: Allow configuration of persistent TCP connections.
  • Fix #474: always_null and others inside view.
  • Add that log-servfail prints an IP address and more information about one of the last failures for that query.
  • Merge #478: Allow configuration of TCP timeout while waiting for response.
  • Add ./configure --with-deprecate-rsa-1024 that turns off RSA 1024.
  • Move the NSEC3 max iterations count in line with the 150 value used by BIND, Knot and PowerDNS. This sets the default value for it in the configuration to 150 for all key sizes.
  • zonemd-check: yesno option, default no, enables the processing of ZONEMD records for that zone.
  • Merge #486 by fobster: Make VAL_MAX_RESTART_COUNT configurable.
  • Merge PR #491: Add SVCB and HTTPS types and handling according to draft-ietf-dnsop-svcb-https.
  • Introduce 'http-user-agent:' and 'hide-http-user-agent:' options.

PR: 257809
Sponsored by: Rubicon Communications, LLC ("Netgate")


Jaap Akkerhuis <jaap@NLnetLabs.nl>Authored on Aug 16 2021, 11:18 PM
gargaCommitted on Aug 16 2021, 11:18 PM
R11:d96d63795d04: graphics/vapoursynth-fmtconv: update description after 90f0a32e4c72