Unbound 1.4.22 Date: 12 March, 2014 Features - separate ldns into core ldns inside ldns/ subdirectory. No more configure --with-ldns is needed and unbound does not rely on libldns. - Accept ip-address: as an alternative for interface: for consistency with nsd.conf syntax. - [bugzilla: 536 ] acl_deny_non_local and refuse_non_local added. - so-reuseport: yesno option to distribute queries evenly over threads on Linux (Thanks Robert Edmonds). Reuseport is attempted, then fallback to without on failure. - delay-close: msec option that delays closing ports for which the UDP reply has timed out. Keeps the port open, only accepts the correct reply. This correct reply is not used, but the port is open so that no port-denied ICMPs are generated. It would be nice to have a local caching DNS server and not to use bind, that is mostly an overkill. However, with the default settings, one must emerge openssl USE="-bindist" (and recompile the dependending packages). I was thinking of creating a minimal caching version of unbound without having to rebuild several other packages, so the idea is to disable ecdsa by default. I don't know how to say the ebuild way that "depend on openssl, but when ecdsa use is set, depend on openssl[-bindist]" in a clean and nice way. It would be even better to be able to completely disable ssl (like with bind), but I failed to manage that. --- unbound-1.4.21-r1.ebuild 2014-01-14 14:01:26.000000000 +0000 +++ unbound-1.4.22.ebuild 2014-04-17 19:56:49.463351348 +0000 @@ -14,13 +14,13 @@ LICENSE="BSD GPL-2" SLOT="0" KEYWORDS="amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 x86 ~x64-macos" -IUSE="debug gost python selinux static-libs test threads" +IUSE="debug ecdsa gost python selinux static-libs test threads" REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} )" RDEPEND="dev-libs/expat dev-libs/libevent >=dev-libs/openssl-0.9.8 - >=net-libs/ldns-1.6.13[ecdsa,ssl,gost?] + ecdsa? ( >=dev-libs/openssl-0.9.8[-bindist] ) selinux? ( sec-policy/selinux-bind )" DEPEND="${RDEPEND} @@ -58,13 +58,12 @@ econf \ $(use_enable debug) \ $(use_enable gost) \ + $(use_enable ecdsa) \ $(use_enable static-libs static) \ $(use_with python pythonmodule) \ $(use_with python pyunbound) \ $(use_with threads pthreads) \ --disable-rpath \ - --enable-ecdsa \ - --with-ldns="${EPREFIX}"/usr \ --with-libevent="${EPREFIX}"/usr \ --with-pidfile="${EPREFIX}"/var/run/unbound.pid \ --with-rootkey-file="${EPREFIX}"/etc/dnssec/root-anchors.txt
So they bundle ldns now? Really awesome from security standpoint.
This was bumped a while ago, albeit somewhat wrong but that's been fixed in 1.4.22-r1.