We are pleased to announce the release of version 1.16.3 of the Unbound recursive DNS resolver.
This release fixes CVE-2022-3204 'Non-Responsive Delegation Attack'. It was reported by Yehuda Afek from Tel-Aviv University and Anat Bremler-Barr and Shani Stajnrod from Reichman University.
This fixes for better performance when under load, by cutting opportunistic queries for nameserver discovery and DNSKEY prefetching, and limiting the number of times a delegation point can look in the cache for missing records.
For a full list of changes and binary and source packages, see the download page.