Update Unbound from 1.5.1 to 1.6.3 #405
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Use HTTPS to securely download the source archive.
* 1.6.0 (Date: 15 Dec, 2016) > Features > * Added generic EDNS code for registering known EDNS option codes, > bypassing the cache response stage and uniquifying mesh states. Four > EDNS option lists were added to module_qstate > (module_qstate.edns_opts_*) to store EDNS options from/to front/back > side. > * Added two flags to module_qstate (no_cache_lookup, no_cache_store) > that control the modules' cache interactions. > * Added code for registering inplace callback functions. The > registered functions can be called just before replying with local data > or Chaos, replying from cache, replying with SERVFAIL, replying with a > resolved query, sending a query to a nameserver. The functions can > inspect the available data and maybe change response/query related data > (i.e. append EDNS options). > * Updated Python module for the above. > * Updated Python documentation. > * Added views functionality. > * Added qname-minimisation-strict config option. > * Patch that resolves CNAMEs entered in local-data conf statements > that point to data on the internet, from Jinmei Tatuya (Infoblox). > * serve-expired config option: serve expired responses with TTL 0. > * .gitattributes line for githubs code language display. > * log-identity: config option to set sys log identity, patch from > "Robin H. Johnson" (robbat2@gentoo.org). > * Added stub-ssl-upstream and forward-ssl-upstream options. > * Added local-zones and local-data bulk addition and removal > functionality in unbound-control (local_zones, local_zones_remove, > local_datas and local_datas_remove). * 1.6.3 (13 Jun, 2017) > Fix #1280: Unbound fails assert when response from authoritative > contains malformed qname. When 0x20 caps-for-id is enabled, when > assertions are not enabled the malformed qname is handled correctly. [1] https://www.unbound.net/download.html
This reverts commit 5876741. Unbound expects at least systemd 209 with libsystemd. Currently systemd 27 is installed, so the check fails. ``` checking for SYSTEMD... no checking for SYSTEMD_DAEMON... no ```
Currently, there is a bug in the test suite, when building out of the
source tree. Making the test data available, in this case with a
symbolic link, works around the problem.
> When doing an out of source build of Unbound, the test suite fails
> with the error below.
>
> ```
> test signature verify functions
> testpkts error: could not open file testdata/test_signatures.1: No such
> file or directory
> Makefile:304: recipe for target 'test' failed
> make: *** [test] Error 1
> ```
>
> The reason is, that `testcode/unitverify.c` references files in a
> relative way.
>
> ```
> […]
> void
> verify_test(void)
> {
> unit_show_feature("signature verify");
> #ifdef USE_SHA1
> verifytest_file("testdata/test_signatures.1", "20070818005004");
> #endif
> #if defined(USE_DSA) && defined(USE_SHA1)
> verifytest_file("testdata/test_signatures.2", "20080414005004");
> […]
> ```
>
> Unfortunately, I don’t know what the recommended way in that case is.
> Copy the test data to the build directory, link to it, or use absolute
> paths.
> --with-rootkey-file=filename set default pathname to root key file > (default run-dir/root.key). This file is read and written.
> --with-pidfile=filename set default pathname to unbound pidfile > (default run-dir/unbound.pid)
In our environment, the configuration file is adapted, and distributed from our distmaster. So don’t override it in the package.
|
Strange messages in syslog after restarting unbound.service: 2017-07-06T13:37:17+02:00 theinternet unbound: [2341:0] notice: init module 0: validator 2017-07-06T13:37:17+02:00 theinternet unbound: [2341:0] notice: init module 1: iterator 2017-07-06T13:37:17.394976+02:00 theinternet kernel: [5527388.745182] warning: process `unbound' used the deprecated sysctl system call with 2017-07-06T13:37:17.394984+02:00 theinternet kernel: [5527388.745184] 1. 2017-07-06T13:37:17.394986+02:00 theinternet kernel: [5527388.745185] 40. 2017-07-06T13:37:17.394987+02:00 theinternet kernel: [5527388.745185] 6. 2017-07-06T13:37:17.394989+02:00 theinternet kernel: [5527388.745185] 2017-07-06T13:37:17+02:00 theinternet unbound: [2341:0] info: start of service (unbound 1.6.3). ? |
|
Oh yes, "bee update" does remove /etc/unbound/unbound.conf :-) Restored from deinemuddah. DO NOT just "bee update" on deinemuddah! |
|
This used to work before the update: root@theinternet:~# unbound-control lookup molgen.mpg.de [1499341345] unbound-control[2556:0] error: connect: Connection refused for 127.0.0.1 |
|
Install instruction: |
|
installed on distmaster.... |
Sign in
to join this conversation on GitHub.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Update the version from 1.5.1 to 1.6.3
The configuration file is renamed, to
/etc/unbound/unbound.conf.sample. Hopefully,bee updatewill not remove the present file, which is currently part of the package.Pass the MarIuX64 pathnames for the pidfile and root key during build time.
The systemd service unit, currently not part of the package, should also be updated.
Tested on keineahnung.