From nobody Mon Jan 24 06:33:03 2022 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 311DD1980A5D; Mon, 24 Jan 2022 06:33:04 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Jj0Xw0wx8z4j8k; Mon, 24 Jan 2022 06:33:04 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1643005984; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=aw2RtlyPZNCeUQcdkewLIZ9spDtu8Z5B6HRiygsy74Q=; b=Abw1FQkQBLH+6dO+RnOhal61m/FUAhAdTXOtm26A8O1CYQ5WUvett7iG24SEN1eIWDl5oI AYbY5KVZm/kQyybM7w009GQzmY7dYHAhm0A0AGXMEW5iLjDuBa77fR5Htov1z0i8snnkLx jgLjnen4Wb8jMTcvvwB1MXfR72JJL5DaDBh+nxbdcCcKT86zvo/zHW7bHlA0rRRVOPnFwX ZydJVxP2SIqLSVjWhbqvQvg3GSxrSQgHyAH1fnb40o3r3EEpe/J7nq0JQcTyTkQ971LaGo y0le+E0D76cLcmxEz2Ve4OShRfdsDHl5CY658r48bGoMBioCnw1vNYgVaddloQ== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 0078711279; Mon, 24 Jan 2022 06:33:04 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 20O6X3TJ018849; Mon, 24 Jan 2022 06:33:03 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 20O6X3LF018848; Mon, 24 Jan 2022 06:33:03 GMT (envelope-from git) Date: Mon, 24 Jan 2022 06:33:03 GMT Message-Id: <202201240633.20O6X3LF018848@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Cy Schubert Subject: git: 72d0d523e9ba - main - UPDATING: Document unbound support of RFC8375 List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-all@freebsd.org X-BeenThere: dev-commits-src-all@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: cy X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 72d0d523e9ba740d21ae6b03902eacd6100dd594 Auto-Submitted: auto-generated ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1643005984; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=aw2RtlyPZNCeUQcdkewLIZ9spDtu8Z5B6HRiygsy74Q=; b=WEjB9cN5I2+gPD/LszgZKr0JFy5F42aXM9wA8CNXvSMGAsEpHwb5TfITyF3FhOf01FXdCs LLXEyUlydPKaAQdqRq6WR7cagg849wNOw4JbCeMYaSujc4Ic9QDH+cspmUwqsBzmW6+5iD lAthynTCfeKhIrcGcJvEQxBZQpG0YWTAbIh6NHiQx8n/C83P+T0fQnKhS0raYLz/N/JV4O mA9NfNw15L8z+NtnFZyEsJVWQ2SSwHNTecNHChc/AbBpWtmcCtRakEkqFHoFpELluRaxFI H64/3tPXYZS8k0TUAfFYDdrlZbC2cOYFGt4mmnHo8R6IUJmqMWvRnuN/JsoKpg== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1643005984; a=rsa-sha256; cv=none; b=GnFH5G7bYTusSvrn2gj15SX/+GLG7Iehg0EfWW5t2A3xqukGEwwwNxAo4rej3Hw0XaNxue hdhFdhQ3mBZ4FsBLhvjBOe9+/KsYApce9wpmjhHGzGrMPPZAfVv51uUyN4U4L4HR3IUFwW k+/Qs3+VJTWFV0tp7NKaXRqqqu9hBQUGJG1AdghGrCsIpufP10rPoDHmCLrviU99Hn+Vu1 RJPphfLEARduivMKCXQfVk0ecSz1MF2pmtsJbHTiyrxD8K3MCQKrUkLDdWL5Gi8gyRlf5Q 2m2yfcjCbHfjWKmUeSKSid5z4k/umI2T7Hy679V3FnbymE6obJP88XiQuR1RnA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none X-ThisMailContainsUnwantedMimeParts: N The branch main has been updated by cy: URL: https://cgit.FreeBSD.org/src/commit/?id=72d0d523e9ba740d21ae6b03902eacd6100dd594 commit 72d0d523e9ba740d21ae6b03902eacd6100dd594 Author: Cy Schubert AuthorDate: 2022-01-24 06:21:49 +0000 Commit: Cy Schubert CommitDate: 2022-01-24 06:30:55 +0000 UPDATING: Document unbound support of RFC8375 As of unbound 1.14.0rc1, as per RFC8375 unbound by default blocks 'home.arpa'. Document this new behaviour and how to unblock it. Reported by: avg Discussed with: glebius, avg RFC: 8375, Section 6: Security Considerations --- UPDATING | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/UPDATING b/UPDATING index 53a31d6217fd..3c8b9aa84639 100644 --- a/UPDATING +++ b/UPDATING @@ -27,6 +27,21 @@ NOTE TO PEOPLE WHO THINK THAT FreeBSD 14.x IS SLOW: world, or to merely disable the most expensive debugging functionality at runtime, run "ln -s 'abort:false,junk:false' /etc/malloc.conf".) +20211202: + Unbound support for RFC8375: The special-use domain 'home.arpa' is + by default blocked. To unblock it use a local-zone nodefault + statement in unbound.conf: + local-zone: "home.arpa." nodefault + + Or use another type of local-zone to override with your choice. + + The reason for this is discussed in Section 6.1 of RFC8375: + Because 'home.arpa.' is not globally scoped and cannot be secured + using DNSSEC based on the root domain's trust anchor, there is no way + to tell, using a standard DNS query, in which homenet scope an answer + belongs. Consequently, users may experience surprising results with + such names when roaming to different homenets. + 20211230: The macros provided for the manipulation of CPU sets (e.g. CPU_AND) have been modified to take 2 source arguments instead of only 1.