We are pleased to announce the release of version 1.17.0 of the Unbound recursive DNS resolver.
This release has new interface acl configuration options. These allow access-control actions, per interface. Also tags, and views can be configured per interface, queries over the interface are answered with these tags and views. It is configured with the options interface-action, interface-tag, interface-tag-action, interface-tag-data and interface-view. If there is also an access-control setting for the query, this overrides the interface settings for that query.
The PROXYv2 protocol is supported. It can be configured with the proxy-protocol-port: portno option. It is used to convey the IP addresses of clients that connect via a proxy to Unbound.
There are also fixes for a number of bugs. In some cases a blocking wait on a socket could happen, and this has been fixed. If the upstream sends a TC flag, erroneously, the reply is ignored and retried. When under load, with the new NRDelegation fixes from the previous release, there are mitigations to continue target discovery. There is also a fix for possible loops in the tcp reuse code.
The release version differs from the RC1, there is a bugfix for the proxy protocol for tcp read when no proxied addresses are provided.
For a full list of changes and binary and source packages, see the download page.