Unbound 1.8.2 released

Published: Tue 04 December 2018
Last updated: Fri 17 May 2024

We are pleased to announce the release of version 1.8.2 of the Unbound recursive DNS resolver.

The option so-reuseport is by default disabled on FreeBSD, but it has support to work on FreeBSD 12 with the REUSEPORT_LB variant, if enabled in unbound.conf.

The python code in unbound supports python 3.6, but also python 2.7 works. The python module prints the python exceptions to the log, so that compatibility problems are more easy to troubleshoot.

Fast server selection options are added that select from the fastest servers in the available set, with fast-server-num and fast-server-permil this can be turned on. When enabled the fastest servers are selected, instead of a random server. Randomness is good for poisoning prevention, but fast selection can result in faster roundtrips.

The nameserver records in large returned negative responses are scrubbed out of the packet to avoid fragmentation based DNS cache poisoning, from a report from T.Suzuki.

The automated test set now has static code analysis of the source code, this is performed with the clang analyzer.

There is a new option to deny ANY packets, with deny-any: yes in unbound.conf. The option unknown-server-time-limit can be used for cases behind a slow uplink to avoid multiple timeouts on every query to attain the necessary long timeout length for that uplink.

For a full list of changes and binary and source packages, see the download page.

Related links:

software update