When you perform a DNS lookup, a recursor initially starts by asking the lookup query to a DNS root server. It can then redirect to other servers, from where it can redirect to other servers and so on, until finally a server is reached that knows the answer or knows that the look-up is not possible. The latter can be the case if the name does not exist or the servers do not respond. The process of traversing several authoritative servers is called recursion. Unbound is a dns recursor with support for modern standards such as Query Name Minimization, Aggressive Use of Dnssec-Validated Cache and authority zones. The developers have released version 1.16.2 with the following changes and improvements:
features
- merge #718: Introduce infra-cache-max-rtt option to config max retransmit timeout.
Bug fixes
- Fix the novel ghost domain issues CVE-2022-30698 and CVE-2022-30699.
- Fix bug introduced in ‘improve val_sigcrypt.c::algo_needs_missing for one loop pass’.
- Merge PR #668 from Cristian Rodríguez: Set IP_BIND_ADDRESS_NO_PORT on outbound tcp sockets.
- Fix verbose EDE error printout.
- Fix dname count in sldns parse type descriptor for SVCB and HTTPS.
- For windows crosscompile, fix setting the IPV6_MTU socket option equivalent (IPV6_USER_MTU); allows cross compiling with latest cross-compiler versions.
- Merge PR 714: Avoid treating normal hosts as unresponsive servers. And fix up the lock code.
- iana port list update.
- Update documentation for ‘outbound-msg-retry:’.
- Tests for ghost domain fixes.
| Version number | 1.16.2 |
| Release status | Final |
| Operating systems | Windows 7, Linux, BSD, macOS, Solaris, Windows Server 2008, Windows Server 2012, Windows 8, Windows 10, Windows Server 2016, Windows Server 2019, Windows 11 |
| Website | Unbound |
| Download | |
| License type | Prerequisites (GNU/BSD/etc.) |