We are pleased to announce the release of version 1.12.0 of the Unbound recursive DNS resolver.
This release contains the DNS Flag Day 2020 changes. This sets the default EDNS buffer size to 1232, that should reduce fragmentation. https://dnsflagday.net/2020/
There is inclusive language in the configuration. There is caps-exempt, ipsecmod-allow and primary server options for auth-zones. The older terms are accepted to keep configuration working.
DNS-over-HTTPS is supported in this release. The DoH is enabled when Unbound is compiled with the nghttp2 library, with configure --with-libnghttp2. Then have an interface on the https port, that can be configured with the https-port option. Also have a cert and key available with the tls-service-key and tls-service-pem options. Further settings can be configured for the http-endpoint, http-max-streams, http-query-buffer-size, http-response-buffer-size and http-nodelay options. The max streams sets the maximum concurrent streams, the buffer size options the number of bytes in buffers, and the nodelay option can turn on TCP_NODELAY for DNS-over-HTTPS service. In the statistics the memory used is reported in mem.http.query_buffer and mem.http.response_buffer. The number of queries is reported in num.query.https, they are also included in the tcp and tls counts because https uses TLS and TCP.
The DLV options and code to handle DLV lookups have been removed from the code base. The DLV repository is empty nowadays, it has been decommissioned.
There is a new feature where it is possible to use interface names to bind to the IP addresses on that interface. It pulls in the addresses at the start of the server, if the addresses change, use the existing freebind and other socket options to register for addresses before they appear, or the interface-automatic option that copies them from queries to answers with ancillary data.
There is a new option for the edns-tag draft specification. It can be enabled if you need the tentative implementation to add those tags to outgoing messages.
For a full list of changes and binary and source packages, see the download page.