Unbound 1.14.0 released

Published: Thu 09 December 2021

We are pleased to announce the release of version 1.14.0 of the Unbound recursive DNS resolver.

This release contains bug fixes and a full set of RPZ triggers and actions that are supported. This works with RPZ zones, configured with rpz:.

It is possible to selectively enable use of TCP for stub zones and forward zones, without having enable it server wide, by enabling it with the stub-tcp-upstream: yes and forward-tcp-upstream: yes options.

The added contrib/Dockerfile.tests from ziollek can be used to setup a Docker environment to run tests in. The documentation is in the doc/README.tests file.

If openssl it installed with different versions, you can set the location as --with-ssl=/usr/include/openssl11 and it then detects the use of the lib dir split off in /usr/lib64/openssl11 with regex. This is useful if to pass to configure if openssl is installed in such a manner.

The option outbound-msg-retry can be used to select the number of retries when a non-positive response is received. It is best left at default, but when the upstream is known to not need retries, it can be lowered, because in that case the upstream is performing the retry for non-positive responses.

The domain home.arpa. is set by default as blocked, as per RFC8375. If you want to use it, unblock it with a local-zone nodefault statement, or use another type of local-zone to override it with your choice.

In the config it is possible to enter IPv6 scope-id values with interface names, instead of a number, for link-local addresses.

For a full list of changes and binary and source packages, see the download page.

Related links:

software update