Unbound /
http://unbound.net/download.html
高速でBINDに比べても安全と言われているDNSキャッシュサーバ、unboundの1.4.22が公開されました。
更新内容は以下のとおりです。
Features
- separate ldns into core ldns inside ldns/ subdirectory. No more configure –with-ldns is needed and unbound does not rely on libldns.
- Accept ip-address: as an alternative for interface: for consistency with nsd.conf syntax.
- [bugzilla: 536 ]
- acl_deny_non_local and refuse_non_local added.
- so-reuseport: yesno option to distribute queries evenly over threads on Linux (Thanks Robert Edmonds). Reuseport is attempted, then fallback to without on failure.
- delay-close: msec option that delays closing ports for which the UDP reply has timed out. Keeps the port open, only accepts the correct reply. This correct reply is not used, but the port is open so that no port-denied ICMPs are generated.
Bug Fixes
- [bugzilla: 528 ]
- Fix if very high logging (4 or more) segfault on allow_snoop.
- [bugzilla: 531 ]
- Fix Set SO_REUSEADDR so that the wildcard interface and a more specific interface port 53 can be used at the same time, and one of the daemons is unbound.
- if configured –with-libunbound-only fix make install.
- Patch from Neel Goyal to fix callback in libunbound.
- Patch from Neel Goyal to fix async id assignment if callback is called by libunbound in the mesh attach.
- [bugzilla: 537 ]
- Fix compile python plugin without ldns library.
- Windows port, adjust %lld to %I64d, and warning in win_event.c.
- [bugzilla: 544 ]
- Fixed +i causes segfault when running with module conf “iterator”.
- [bugzilla: 547 ]
- Fix no trustanchor written if filesystem full, fclose checked.
- unbound-event.h is installed if you configure –enable-event-api. It contains low-level library calls, that use libevent’s event_base and a wireformat return packet in a buffer to perform async resolution in the client’s eventloop.
- speed up unbound, by reducing lock contention on localzones.lock.
- Fix parse (in ldns) of quoted parenthesized text strings.
- Detect libevent2 install automatically by configure and fixup link with lib/event2 subdir.
- [bugzilla: 551 ]
- License change “Regents” to “Copyright holder”, matching the BSD license on opensource.org.
- [bugzilla: 553 ]
- Fix parse of #553(NSD) string in sldns, quotes without spaces.
- Be lenient when a NSEC NameError response with RCODE=NXDOMAIN is received. This is okay according 4035, but not after revising existence in 4592. NSEC empty non-terminals exist and thus the RCODE should have been NOERROR. If this occurs, and the RRsets are secure, we set the RCODE to NOERROR and the security status of the response is also considered secure.
- iana portlist updated.
- [bugzilla: 561 ]
- contrib/cacti plugin did not report SERVFAIL rcodes because of spelling. Patch from Chris Coates.
いくつかの新機能の追加と、多めのバグフィックスが行われているので、内容を検討した上で導入を検討してみてはいかがでしょうか?
実践DNS DNSSEC時代のDNSの設定と運用 (アスキー書籍)
posted with AZlink at 2014.3.13
民田 雅人,坂口 智哉,森下 泰宏,株式会社日本レジストリサービス(JPRS)
KADOKAWA / アスキー・メディアワークス
売り上げランキング: 3596
KADOKAWA / アスキー・メディアワークス
売り上げランキング: 3596
