For details see: https://nlnetlabs.nl/svn/unbound/tags/release-1.9.0/doc/Changelog
Best, Matthias
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org --- config/rootfiles/common/unbound | 2 +- lfs/unbound | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/config/rootfiles/common/unbound b/config/rootfiles/common/unbound index 9a8126c15..843e0eeca 100644 --- a/config/rootfiles/common/unbound +++ b/config/rootfiles/common/unbound @@ -11,7 +11,7 @@ etc/unbound/unbound.conf #usr/lib/libunbound.la #usr/lib/libunbound.so usr/lib/libunbound.so.8 -usr/lib/libunbound.so.8.0.3 +usr/lib/libunbound.so.8.1.0 #usr/lib/pkgconfig/libunbound.pc usr/sbin/unbound usr/sbin/unbound-anchor diff --git a/lfs/unbound b/lfs/unbound index 07501d1d6..b090010d4 100644 --- a/lfs/unbound +++ b/lfs/unbound @@ -24,7 +24,7 @@
include Config
-VER = 1.8.3 +VER = 1.9.0
THISAPP = unbound-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 4646203343d3b8f5aeb1b57753c27ead +$(DL_FILE)_MD5 = 1026159991a3883518525bc18e25582f
install : $(TARGET)
Hi,
I did *not* merge this one, yet.
The change log that you linked wasn’t very helpful, but there was an announcement email with some more details:
https://nlnetlabs.nl/pipermail/unbound-users/2019-February/011353.html
This release contains all the EDNS Flag Day changes and that might cause some trouble. I would prefer to merge this with the next Core Update because Core 128 should already have been closed and I do not want to risk re-opening it.
So, please remind me to merge this next week in case I forgot.
Best, -Michael
On 9 Feb 2019, at 09:40, Matthias Fischer matthias.fischer@ipfire.org wrote:
For details see: https://nlnetlabs.nl/svn/unbound/tags/release-1.9.0/doc/Changelog
Best, Matthias
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org
config/rootfiles/common/unbound | 2 +- lfs/unbound | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/config/rootfiles/common/unbound b/config/rootfiles/common/unbound index 9a8126c15..843e0eeca 100644 --- a/config/rootfiles/common/unbound +++ b/config/rootfiles/common/unbound @@ -11,7 +11,7 @@ etc/unbound/unbound.conf #usr/lib/libunbound.la #usr/lib/libunbound.so usr/lib/libunbound.so.8 -usr/lib/libunbound.so.8.0.3 +usr/lib/libunbound.so.8.1.0 #usr/lib/pkgconfig/libunbound.pc usr/sbin/unbound usr/sbin/unbound-anchor diff --git a/lfs/unbound b/lfs/unbound index 07501d1d6..b090010d4 100644 --- a/lfs/unbound +++ b/lfs/unbound @@ -24,7 +24,7 @@
include Config
-VER = 1.8.3 +VER = 1.9.0
THISAPP = unbound-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 4646203343d3b8f5aeb1b57753c27ead +$(DL_FILE)_MD5 = 1026159991a3883518525bc18e25582f
install : $(TARGET)
-- 2.18.0
Hi Michael,
On 13.02.2019 18:32, Michael Tremer wrote:
Hi,
I did *not* merge this one, yet.
No problem - I'm in touch with Erik trying to help testing TFO and DoT.
Its a bit weird...
The change log that you linked wasn’t very helpful, but there was an announcement email with some more details:
https://nlnetlabs.nl/pipermail/unbound-users/2019-February/011353.html
This release contains all the EDNS Flag Day changes and that might cause some trouble. I would prefer to merge this with the next Core Update because Core 128 should already have been closed and I do not want to risk re-opening it.
So, please remind me to merge this next week in case I forgot.
No hurry - I'll do. ;-)
Best, Matthias
...
Hi,
On 14 Feb 2019, at 07:05, Matthias Fischer matthias.fischer@ipfire.org wrote:
Hi Michael,
On 13.02.2019 18:32, Michael Tremer wrote:
Hi,
I did *not* merge this one, yet.
No problem - I'm in touch with Erik trying to help testing TFO and DoT.
Please don’t forget to share what you are doing on this list :)
Its a bit weird...
The change log that you linked wasn’t very helpful, but there was an announcement email with some more details:
https://nlnetlabs.nl/pipermail/unbound-users/2019-February/011353.html
This release contains all the EDNS Flag Day changes and that might cause some trouble. I would prefer to merge this with the next Core Update because Core 128 should already have been closed and I do not want to risk re-opening it.
So, please remind me to merge this next week in case I forgot.
No hurry - I'll do. ;-)
Best, Matthias
...
-Michael
Hi Michael,
On 14.02.2019 12:01, Michael Tremer wrote:
I did *not* merge this one, yet.
No problem - I'm in touch with Erik trying to help testing TFO and DoT.
Please don’t forget to share what you are doing on this list
Of course. ;-)
So far, I got the same results as Erik. But my test environment is not as extensive as his.
One important result for me: the iptables rules to prevent dns hijacking are still working.
Best, Matthias
On 14 Feb 2019, at 17:26, Matthias Fischer matthias.fischer@ipfire.org wrote:
Hi Michael,
On 14.02.2019 12:01, Michael Tremer wrote:
I did *not* merge this one, yet.
No problem - I'm in touch with Erik trying to help testing TFO and DoT.
Please don’t forget to share what you are doing on this list
Of course. ;-)
So far, I got the same results as Erik. But my test environment is not as extensive as his.
One important result for me: the iptables rules to prevent dns hijacking are still working.
The ones for the captive portal? Or did you have any custom rules?
Best, Matthias
On 15.02.2019 12:34, Michael Tremer wrote:
On 14 Feb 2019, at 17:26, Matthias Fischer matthias.fischer@ipfire.org wrote:
Hi Michael,
On 14.02.2019 12:01, Michael Tremer wrote:
I did *not* merge this one, yet.
No problem - I'm in touch with Erik trying to help testing TFO and DoT.
Please don’t forget to share what you are doing on this list
Of course. ;-)
So far, I got the same results as Erik. But my test environment is not as extensive as his.
One important result for me: the iptables rules to prevent dns hijacking are still working.
The ones for the captive portal? Or did you have any custom rules?
I use custom rules in 'firewall.local' (Inspired by https://blog.ipfire.org/post/use-ipfire-to-protect-you-from-dnschanger):
***SNIP*** sbin/iptables -t nat -A CUSTOMPREROUTING -i green0 -p udp --dport 53 -j DNAT --to 192.168.100.254:53
/sbin/iptables -t nat -A CUSTOMPREROUTING -i green0 -p tcp --dport 53 -j DNAT --to 192.168.100.254:53
/sbin/iptables -t nat -A CUSTOMPREROUTING -i blue0 -p udp --dport 53 -j DNAT --to 192.168.101.254:53
/sbin/iptables -t nat -A CUSTOMPREROUTING -i blue0 -p tcp --dport 53 -j DNAT --to 192.168.101.254:53 ***SNAP***
I'm still testing testing under various conditions.
Best, Matthias
Hi,
I have just merged this patch into next for c129.
-Michael
On 15 Feb 2019, at 16:48, Matthias Fischer matthias.fischer@ipfire.org wrote:
On 15.02.2019 12:34, Michael Tremer wrote:
On 14 Feb 2019, at 17:26, Matthias Fischer matthias.fischer@ipfire.org wrote:
Hi Michael,
On 14.02.2019 12:01, Michael Tremer wrote:
I did *not* merge this one, yet.
No problem - I'm in touch with Erik trying to help testing TFO and DoT.
Please don’t forget to share what you are doing on this list
Of course. ;-)
So far, I got the same results as Erik. But my test environment is not as extensive as his.
One important result for me: the iptables rules to prevent dns hijacking are still working.
The ones for the captive portal? Or did you have any custom rules?
I use custom rules in 'firewall.local' (Inspired by https://blog.ipfire.org/post/use-ipfire-to-protect-you-from-dnschanger):
***SNIP*** sbin/iptables -t nat -A CUSTOMPREROUTING -i green0 -p udp --dport 53 -j DNAT --to 192.168.100.254:53
/sbin/iptables -t nat -A CUSTOMPREROUTING -i green0 -p tcp --dport 53 -j DNAT --to 192.168.100.254:53
/sbin/iptables -t nat -A CUSTOMPREROUTING -i blue0 -p udp --dport 53 -j DNAT --to 192.168.101.254:53
/sbin/iptables -t nat -A CUSTOMPREROUTING -i blue0 -p tcp --dport 53 -j DNAT --to 192.168.101.254:53 ***SNAP***
I'm still testing testing under various conditions.
Best, Matthias
Hi Michael, another point was TFO for DoT whereby Matthis found an interessting mailinglist entry --> https://www.mail-archive.com/unbound-users@nlnetlabs.nl/msg00523.html . So it appears that DoT currently do not benefits from TFO which reflects also my testings. There has been longer time ago also some requests on OpenSSL causing this topic --> https://github.com/openssl/openssl/issues/4783 (there ist more).
In general, after some faster tests with curl, TFO seems to work --> https://forum.ipfire.org/viewtopic.php?f=50&t=21954&start=15#p122372 .
Best,
Erik
On Do, 2019-02-14 at 11:01 +0000, Michael Tremer wrote:
Hi,
On 14 Feb 2019, at 07:05, Matthias Fischer < matthias.fischer@ipfire.org> wrote:
Hi Michael,
On 13.02.2019 18:32, Michael Tremer wrote:
Hi,
I did *not* merge this one, yet.
No problem - I'm in touch with Erik trying to help testing TFO and DoT.
Please don’t forget to share what you are doing on this list :)
Its a bit weird...
The change log that you linked wasn’t very helpful, but there was an announcement email with some more details:
https://nlnetlabs.nl/pipermail/unbound-users/2019-February/011353.html
This release contains all the EDNS Flag Day changes and that might cause some trouble. I would prefer to merge this with the next Core Update because Core 128 should already have been closed and I do not want to risk re-opening it.
So, please remind me to merge this next week in case I forgot.
No hurry - I'll do. ;-)
Best, Matthias
...
-Michael
-
Matthias Fischer -
Michael Tremer -
ummeegge