OpenBSD Journal

OpenBSD Journal

DNSSEC enabled in default unbound(8) configuration

Contributed by rueda on from the +dnssec dept.

With this commit, Florian Obser (florian@) enabled DNSSEC validation in the default unbound.conf(5) in -current:

Module name:	src
Changes by:	2018/12/07 02:21:08

Modified files:
	etc            : unbound.conf 

Log message:
Enable DNSSEC validation.
Requested by & OK claudio
Input & OK sthen
OK job, solene
Various commenting that they run with validation since a long time
without issues.

There's also a related entry in the "Following -current and using snapshots" FAQ.

Update: The change has been reverted:

Module name:	src
Changes by:	2018/12/11 12:16:36

Modified files:
	etc            : unbound.conf 

Log message:
the world is not ready for dnssec enabled by default

A proposal for a new RPKI validator: OpenBSD rpki-client(1)

Contributed by rueda on from the let's-encrypt-the-bgpd dept.

Job Snijders (job@) has written an article at Medium proposing rpki-client(1), a new, BSD-licensed RPKI validator.

[ TL;DR—$1000 out of $20,000 USD has been pledged! ]

As always, readers are encouraged to contribute!

Update: As noted in the first comment here, the article has been updated (already!) with good news -

[ TL;DR—DONE! We reached the $20,000 fundraiser goal! Thank you NetNod, IIS.SE, SUNET & 6connect for supporting this effort! ]

OpenBGPD - Adding Diversity to the Route Server Landscape

Contributed by rueda on from the route me up before you go-go dept.

Claudio Jeker (claudio@) wrote in to let us know that he and Job Snijders (job@) have written an article about OpenBGPD for RIPE Labs.

There has been a lot of activity from my side going to OpenBGPD. Thanks to some funding by RIPE NCC and many European internet exchange points I was able to work full time on OpenBGPD for the last 6 month. The article covers why and what was done until now.

[Also worthy of note are Claudio's slides from the recent DENOG10.]

OpenBSD Community reaches Iridium in 2018!

Contributed by Paul 'WEiRD' de Weerd on from the is it osmium next? dept.

Right on the heels of the previous announcement, Kenneth R. Westerback (krw@) of the OpenBSD Foundation writes to inform us:

The OpenBSD Foundation is happy to announce that individual contributions from the OpenBSD commnunity have again exceeded $100,000, making the community the 2nd Iridium level donor for 2018!

These smaller regular contributions are the backbone of longer term spending planning. The Foundation would like to thank all the individuals who made and continue to make regular monthly contributions.

We'd like to thank Ken for sharing this piece of good news, and join him in thanking the larger community for their donations. If you haven't already (or want to add a donation), you can visit the donations page of the Foundation to make a contribution too.

Blog post by jcs@ on reverse engineering audio drivers

Contributed by Paul 'WEiRD' de Weerd on from the reversed-audio dept.

On his blog, joshua stein (jcs@) has a description of the hoops he jumped through to get stereo sound out of his Huawei Matebook X under OpenBSD (something that only worked under Windows with special drivers).

His approach involves logging all PCI device accesses by running Windows in QEMU under Linux with VFIO, parsing that, and making the OpenBSD azalia(4) driver do the same.

Thanks to joshua for the interesting write-up!

Microsoft goes Gold for 2018!

Contributed by Nayden Markatchev on from the Microsoft goes for the Gold! dept.

Kenneth R. Westerback (krw@) writes to inform us:

Microsoft goes Gold for 2018!

The OpenBSD Foundation is happy to announce that Microsoft has increased its support level from Silver to Gold for 2018.

This is the fourth consecutive year that Microsoft has made a contribution to the OpenBSD Foundation and we are grateful for their continuing support.

Thank you, Ken for sharing the good news about the OpenBSD Foundation with the community.


Donate to OpenBSD


We are constantly on the lookout for stories of how you put OpenBSD to work. Please submit any informative articles on how OpenBSD is helping your company.

OpenBSD Errata

OpenBSD 6.4

0082018-11-29 RELIABILITY Writing more than 4GB to a qcow2 volume corrupts the virtual disk.
0072018-11-29 RELIABILITY The mail.mda and mail.lmtp delivery agents were not reporting temporary failures correctly, causing smtpd to bounce messages in some cases where it should have retried them.
0062018-11-29 RELIABILITY UNIX domain sockets leak kernel memory with MSG_PEEK on SCM_RIGHTS, or can attempt excessive memory allocations leading to a crash.
0052018-11-29 SECURITY Various overflows exist in perl.
0042018-11-17 RELIABILITY A recent change to POSIX file locks could cause incorrect results during lock acquisition.
0032018-11-17 SECURITY The portsmash vulnerability allows exfiltration of elliptic curve keys.

Unofficial RSS feed of OpenBSD errata


Users wishing RSS/RDF summary files of OpenBSD Journal can retrieve: RSS feed

Options are available.


Copyright © - Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to as well as images and HTML templates were copied from the fabulous original with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]