2.2.1 Force disabling of harden glue? Why?
-
Force disabling of harden glue configuration option, and remove GUI control of that option. Problem with Unbound pre-1.5.2 means in 2.2-RELEASE, having this option enabled, and DNSSEC disabled, could lead to DNS cache poisoning.
It references this bug: https://redmine.pfsense.org/issues/4402
Why is this being force disabled? That was the option to enable to stop the cache poisoning myself and many others were experiencing.
It was having it OFF that led to the poisoning. -
Huh?! It is force-enabled.
-
Huh?! It is force-enabled.
That's not what it says here: https://doc.pfsense.org/index.php?title=2.2.1_New_Features_and_Changes#DNS_Resolver
-
$ grep glue /var/unbound/unbound.conf harden-glue: yes $ cat /etc/version 2.2.1-RELEASE
https://github.com/pfsense/pfsense/commit/5c7c369f5f2c9584ad53a5657965deb2d6661da2
-
$ grep glue /var/unbound/unbound.conf harden-glue: yes $ cat /etc/version 2.2.1-RELEASE
https://github.com/pfsense/pfsense/commit/5c7c369f5f2c9584ad53a5657965deb2d6661da2
So it's the chagelog that's wrong, not the actual release then. That's a relief.
(I'm sure you know what I was looking so closely at that line heh, thanks again BTW for being able to test with those sites that were doing the poisoning) -
seems to be about the size of things. Typo.
-
I fixed the changelog (See also https://redmine.pfsense.org/issues/4402 )