MoinQ: DNS/実装/unbound/ChangeLog

DNS/unboundについて、ここに記述してください。

https://github.com/jedisct1/unbound/blob/master/doc/Changelog

1. serve-expired

主旨： https://github.com/opnsense/core/issues/1405

example.confから

  # Serve expired reponses from cache, with TTL 0 in the response,
  # and then attempt to fetch the data afresh.
  # serve-expired: no

CNAME の扱いに慎重なのはDNSSECが関係しているようです。

2. Changelog から

29 October 2012: Matthijs
        - Fix validation for responses with both CNAME and wildcard
          expanded CNAME records in answer section.

22 August 2011: Wouter
        - Fix validation of qtype ANY responses with CNAMEs (thanks Cathy
          Zhang and Luo Ce).  Unbound responds with the RR types that are
          available at the name for qtype ANY and validates those RR types.
          It does not test for completeness (i.e. with NSEC or NSEC3 query),
          and it does not follow the CNAME or DNAME to another name (with
          even more data for the already large response).
        - Fix that internally, CNAMEs with NXDOMAIN have that as rcode.

11 January 2011: Wouter
        - Fix insecure CNAME sequence marked as secure, reported by Bert
          Hubert.

27 October 2010: Wouter
        - Fix uninit value in dump_infra print.
        - Fix validation failure for parent and child on same server with an
          insecure childzone and a CNAME from parent to child.


5 August 2010: Wouter
        - Return NXDOMAIN after chain of CNAMEs ends at name-not-found.

3 April 2009: Wouter
        - Fixed a bug that caused messages to be stored in the cache too
          long.  Hard to trigger, but NXDOMAINs for nameservers or CNAME
          targets have been more vulnerable to the TTL miscalculation bug.

7 August 2008: Wouter
        - Scrubber more strict. CNAME chains, DNAMEs from cache, other
          irrelevant rrsets removed.

8 June 2008: Wouter
        - if multiple CNAMEs, use the first one. Fixup akamai CNAME bug.
          Reported by Robert Edmonds.

28 November 2007: Wouter
        - Changeup plan for 0.8 - no complication needed, a simple solution
          has been chosen for authoritative features.
        - you can use single quotes in the config file, so it is possible
          to specify TXT records in local data.
        - fixup small memory problem in implicit transparent zone creation.
        - test for implicit zone creation and multiple RR RRsets local data.
        - local-zone nodefault test.
        - show testbound testlist on commit.
        - iterator normalizer changes CNAME chains ending in NXDOMAIN where
          the packet got rcode NXDOMAIN into rcode NOERROR. (since the initial
          domain exists).

3 October 2007: Wouter
        - fix for multiple empty nonterminals, after multiple DSes in the
          chain of trust.
        - mesh checks if modules are looping, and stops them.
        - refetch with CNAMEd nameserver address regression test added.

1 October 2007: Wouter
        - skip F77, CXX, objC tests in configure step.
        - fixup crash in refetch glue after a CNAME.
          and protection against similar failures (with error print).

20 July 2007: Wouter
        - Check CNAME chain before returning cache entry with CNAMEs.

...

}}}