From mboxrd@z Thu Jan  1 00:00:00 1970
From: Peter =?utf-8?q?M=C3=BCller?= <peter.mueller@ipfire.org>
To: development@lists.ipfire.org
Subject: Core Update 154 (testing) report
Date: Mon, 01 Mar 2021 19:22:49 +0100
Message-ID: <9b8079d5-aaf2-982e-8f8f-8b94ce069f5d@ipfire.org>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============6868937178323241481=="
List-Id: <development.lists.ipfire.org>

--===============6868937178323241481==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

Hello *,

Core Update 154 (testing, see: https://blog.ipfire.org/post/ipfire-2-25-core-=
update-154-available-for-testing)
is running here for a couple of weeks by now without any known issues so far =
- sorry for my tardy report.

As expected, Unbound is now reusing TCP and TLS connections, making huge impr=
ovements of resolution times for
machines using something else than UDP for querying DNS resolvers. Except for=
 a initial delay, DoT does not
introduce any significant performance impact anymore. Upcoming Unbound versio=
n will support padding of DNS over
TLS traffic, making guessing queried FQDNs even harder to passive adversaries.

In a rather gloomy world in terms of privacy, I guess that is good news. :-)

Tested IPFire functionalities in detail:
- IPsec (N2N connections only)
- Squid (authentication enabled, using an upstream proxy)
- OpenVPN (RW connections only)
- IPS/Suricata (with Emerging Threats community ruleset enabled)
- Guardian
- Quality of Service
- DNS (using DNS over TLS and strict QNAME minimisation)
- Dynamic DNS
- Tor (relay mode)

I look forward to the release of Core Update 154.

Thanks, and best regards,
Peter M=C3=BCller

--===============6868937178323241481==--