diff --git a/configure b/configure
index 14d16131c..635e8a4a5 100755
--- a/configure
+++ b/configure
@@ -20018,8 +20018,8 @@ $as_echo "$ac_cv_func_EVP_PKEY_set_type_str" >&6; }
 if test "x$ac_cv_func_EVP_PKEY_set_type_str" = x""yes; then
   :
 else
-  { { $as_echo "$as_me:$LINENO: error: OpenSSL >= 1.0.0 is needed for GOST support, upgrade openssl or rerun with --disable-gost" >&5
-$as_echo "$as_me: error: OpenSSL >= 1.0.0 is needed for GOST support, upgrade openssl or rerun with --disable-gost" >&2;}
+  { { $as_echo "$as_me:$LINENO: error: OpenSSL 1.0.0 is needed for GOST support" >&5
+$as_echo "$as_me: error: OpenSSL 1.0.0 is needed for GOST support" >&2;}
    { (exit 1); exit 1; }; }
 fi
 
@@ -20029,7 +20029,102 @@ cat >>confdefs.h <<\_ACEOF
 _ACEOF
 
 	;;
-	no|*)
+	no)
+	;;
+	*) 	{ $as_echo "$as_me:$LINENO: checking for EVP_PKEY_set_type_str" >&5
+$as_echo_n "checking for EVP_PKEY_set_type_str... " >&6; }
+if test "${ac_cv_func_EVP_PKEY_set_type_str+set}" = set; then
+  $as_echo_n "(cached) " >&6
+else
+  cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+/* Define EVP_PKEY_set_type_str to an innocuous variant, in case <limits.h> declares EVP_PKEY_set_type_str.
+   For example, HP-UX 11i <limits.h> declares gettimeofday.  */
+#define EVP_PKEY_set_type_str innocuous_EVP_PKEY_set_type_str
+
+/* System header to define __stub macros and hopefully few prototypes,
+    which can conflict with char EVP_PKEY_set_type_str (); below.
+    Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+    <limits.h> exists even on freestanding compilers.  */
+
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+
+#undef EVP_PKEY_set_type_str
+
+/* Override any GCC internal prototype to avoid an error.
+   Use char because int might match the return type of a GCC
+   builtin and then its argument prototype would still apply.  */
+#ifdef __cplusplus
+extern "C"
+#endif
+char EVP_PKEY_set_type_str ();
+/* The GNU C library defines this for functions which it implements
+    to always fail with ENOSYS.  Some functions are actually named
+    something starting with __ and the normal name is an alias.  */
+#if defined __stub_EVP_PKEY_set_type_str || defined __stub___EVP_PKEY_set_type_str
+choke me
+#endif
+
+int
+main ()
+{
+return EVP_PKEY_set_type_str ();
+  ;
+  return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\""
+$as_echo "$ac_try_echo") >&5
+  (eval "$ac_link") 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest$ac_exeext && {
+	 test "$cross_compiling" = yes ||
+	 $as_test_x conftest$ac_exeext
+       }; then
+  ac_cv_func_EVP_PKEY_set_type_str=yes
+else
+  $as_echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+	ac_cv_func_EVP_PKEY_set_type_str=no
+fi
+
+rm -rf conftest.dSYM
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+      conftest$ac_exeext conftest.$ac_ext
+fi
+{ $as_echo "$as_me:$LINENO: result: $ac_cv_func_EVP_PKEY_set_type_str" >&5
+$as_echo "$ac_cv_func_EVP_PKEY_set_type_str" >&6; }
+if test "x$ac_cv_func_EVP_PKEY_set_type_str" = x""yes; then
+
+
+cat >>confdefs.h <<\_ACEOF
+#define USE_GOST 1
+_ACEOF
+
+fi
+
 	;;
 esac
 
@@ -23548,72 +23643,7 @@ fi
 { $as_echo "$as_me:$LINENO: result: $ac_cv_func_ldns_key_buf2rsa_raw" >&5
 $as_echo "$ac_cv_func_ldns_key_buf2rsa_raw" >&6; }
 
-
-for ac_header in ldns/ldns.h
-do
-as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh`
-{ $as_echo "$as_me:$LINENO: checking for $ac_header" >&5
-$as_echo_n "checking for $ac_header... " >&6; }
-if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
-  $as_echo_n "(cached) " >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-$ac_includes_default
-
-#include <$ac_header>
-_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\""
-$as_echo "$ac_try_echo") >&5
-  (eval "$ac_compile") 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest.$ac_objext; then
-  eval "$as_ac_Header=yes"
-else
-  $as_echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-	eval "$as_ac_Header=no"
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-fi
-ac_res=`eval 'as_val=${'$as_ac_Header'}
-		 $as_echo "$as_val"'`
-	       { $as_echo "$as_me:$LINENO: result: $ac_res" >&5
-$as_echo "$ac_res" >&6; }
-as_val=`eval 'as_val=${'$as_ac_Header'}
-		 $as_echo "$as_val"'`
-   if test "x$as_val" = x""yes; then
-  cat >>confdefs.h <<_ACEOF
-#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1
-_ACEOF
-
-fi
-
-done
-
-	if test $ac_cv_lib_ldns_ldns_buffer_copy = yes \
-	    -a $ac_cv_func_ldns_key_buf2rsa_raw = yes \
-	    -a $ac_cv_header_ldns_ldns_h = yes; then
-	    	    { $as_echo "$as_me:$LINENO: checking for ldns_b32_ntop_extended_hex" >&5
+	{ $as_echo "$as_me:$LINENO: checking for ldns_b32_ntop_extended_hex" >&5
 $as_echo_n "checking for ldns_b32_ntop_extended_hex... " >&6; }
 if test "${ac_cv_func_ldns_b32_ntop_extended_hex+set}" = set; then
   $as_echo_n "(cached) " >&6
@@ -23698,15 +23728,161 @@ rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
 fi
 { $as_echo "$as_me:$LINENO: result: $ac_cv_func_ldns_b32_ntop_extended_hex" >&5
 $as_echo "$ac_cv_func_ldns_b32_ntop_extended_hex" >&6; }
-if test "x$ac_cv_func_ldns_b32_ntop_extended_hex" = x""yes; then
-  :
-else
 
-		{ { $as_echo "$as_me:$LINENO: error: ldns version too old, need >=1.4.0" >&5
-$as_echo "$as_me: error: ldns version too old, need >=1.4.0" >&2;}
-   { (exit 1); exit 1; }; }
+	{ $as_echo "$as_me:$LINENO: checking for ldns_key_EVP_load_gost_id" >&5
+$as_echo_n "checking for ldns_key_EVP_load_gost_id... " >&6; }
+if test "${ac_cv_func_ldns_key_EVP_load_gost_id+set}" = set; then
+  $as_echo_n "(cached) " >&6
+else
+  cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+/* Define ldns_key_EVP_load_gost_id to an innocuous variant, in case <limits.h> declares ldns_key_EVP_load_gost_id.
+   For example, HP-UX 11i <limits.h> declares gettimeofday.  */
+#define ldns_key_EVP_load_gost_id innocuous_ldns_key_EVP_load_gost_id
+
+/* System header to define __stub macros and hopefully few prototypes,
+    which can conflict with char ldns_key_EVP_load_gost_id (); below.
+    Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+    <limits.h> exists even on freestanding compilers.  */
+
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+
+#undef ldns_key_EVP_load_gost_id
+
+/* Override any GCC internal prototype to avoid an error.
+   Use char because int might match the return type of a GCC
+   builtin and then its argument prototype would still apply.  */
+#ifdef __cplusplus
+extern "C"
+#endif
+char ldns_key_EVP_load_gost_id ();
+/* The GNU C library defines this for functions which it implements
+    to always fail with ENOSYS.  Some functions are actually named
+    something starting with __ and the normal name is an alias.  */
+#if defined __stub_ldns_key_EVP_load_gost_id || defined __stub___ldns_key_EVP_load_gost_id
+choke me
+#endif
+
+int
+main ()
+{
+return ldns_key_EVP_load_gost_id ();
+  ;
+  return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\""
+$as_echo "$ac_try_echo") >&5
+  (eval "$ac_link") 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest$ac_exeext && {
+	 test "$cross_compiling" = yes ||
+	 $as_test_x conftest$ac_exeext
+       }; then
+  ac_cv_func_ldns_key_EVP_load_gost_id=yes
+else
+  $as_echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+	ac_cv_func_ldns_key_EVP_load_gost_id=no
 fi
 
+rm -rf conftest.dSYM
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+      conftest$ac_exeext conftest.$ac_ext
+fi
+{ $as_echo "$as_me:$LINENO: result: $ac_cv_func_ldns_key_EVP_load_gost_id" >&5
+$as_echo "$ac_cv_func_ldns_key_EVP_load_gost_id" >&6; }
+
+
+for ac_header in ldns/ldns.h
+do
+as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh`
+{ $as_echo "$as_me:$LINENO: checking for $ac_header" >&5
+$as_echo_n "checking for $ac_header... " >&6; }
+if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
+  $as_echo_n "(cached) " >&6
+else
+  cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+$ac_includes_default
+
+#include <$ac_header>
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\""
+$as_echo "$ac_try_echo") >&5
+  (eval "$ac_compile") 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest.$ac_objext; then
+  eval "$as_ac_Header=yes"
+else
+  $as_echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+	eval "$as_ac_Header=no"
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+ac_res=`eval 'as_val=${'$as_ac_Header'}
+		 $as_echo "$as_val"'`
+	       { $as_echo "$as_me:$LINENO: result: $ac_res" >&5
+$as_echo "$ac_res" >&6; }
+as_val=`eval 'as_val=${'$as_ac_Header'}
+		 $as_echo "$as_val"'`
+   if test "x$as_val" = x""yes; then
+  cat >>confdefs.h <<_ACEOF
+#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+
+done
+
+	if test $ac_cv_lib_ldns_ldns_buffer_copy = yes \
+	    -a $ac_cv_func_ldns_key_buf2rsa_raw = yes \
+	    -a $ac_cv_header_ldns_ldns_h = yes \
+	    -a $ac_cv_func_ldns_b32_ntop_extended_hex = yes \
+	    -a $ac_cv_func_ldns_key_EVP_load_gost_id = yes; then
+	    	    :
 	else
 	    use_ldns_builtin="yes"
 	fi
diff --git a/configure.ac b/configure.ac
index dfdeb7708..6801143cb 100644
--- a/configure.ac
+++ b/configure.ac
@@ -421,10 +421,14 @@ esac
 AC_ARG_ENABLE(gost, AC_HELP_STRING([--enable-gost], [Enable GOST support, experimental]))
 case "$enable_gost" in
 	yes)
-	AC_CHECK_FUNC(EVP_PKEY_set_type_str, [:],[AC_MSG_ERROR([OpenSSL >= 1.0.0 is needed for GOST support, upgrade openssl or rerun with --disable-gost])])
+	AC_CHECK_FUNC(EVP_PKEY_set_type_str, [:],[AC_MSG_ERROR([OpenSSL 1.0.0 is needed for GOST support])])
 	AC_DEFINE([USE_GOST], [1], [Define this to enable GOST support.])
 	;;
-	no|*)
+	no)
+	;;
+	*) dnl default
+	AC_CHECK_FUNC(EVP_PKEY_set_type_str, [
+	  AC_DEFINE([USE_GOST], [1], [Define this to enable GOST support.])])
 	;;
 esac
 
@@ -622,13 +626,16 @@ AC_ARG_WITH(ldns-builtin, AC_HELP_STRING([--with-ldns-builtin],
 if test "$use_ldns_builtin" = "no"; then
 	AC_CHECK_LIB(ldns, ldns_buffer_copy)
 	AC_CHECK_FUNC(ldns_key_buf2rsa_raw)
+	AC_CHECK_FUNC(ldns_b32_ntop_extended_hex)
+	AC_CHECK_FUNC(ldns_key_EVP_load_gost_id)
 	AC_CHECK_HEADERS([ldns/ldns.h],,, [AC_INCLUDES_DEFAULT])
 	if test $ac_cv_lib_ldns_ldns_buffer_copy = yes \
 	    -a $ac_cv_func_ldns_key_buf2rsa_raw = yes \
-	    -a $ac_cv_header_ldns_ldns_h = yes; then
-	    dnl ldns was found, check compat functions
-	    AC_CHECK_FUNC([ldns_b32_ntop_extended_hex],, [
-		AC_MSG_ERROR([ldns version too old, need >=1.4.0])])
+	    -a $ac_cv_header_ldns_ldns_h = yes \
+	    -a $ac_cv_func_ldns_b32_ntop_extended_hex = yes \
+	    -a $ac_cv_func_ldns_key_EVP_load_gost_id = yes; then
+	    dnl ldns was found
+	    :
 	else
 	    use_ldns_builtin="yes"
 	fi
diff --git a/doc/Changelog b/doc/Changelog
index 116833486..db870fcc4 100644
--- a/doc/Changelog
+++ b/doc/Changelog
@@ -1,3 +1,7 @@
+28 April 2010: Wouter
+	- ldns tarball updated and GOST support is detected and then enabled. 
+	- iana portlist updated.
+
 27 April 2010: Wouter
 	- unbound-control get_option domain-insecure shows config file items.
 	- fix retry sequence if prime hints are recursion-lame.
diff --git a/ldns-src.tar.gz b/ldns-src.tar.gz
index 3906bc015..c816b8fce 100644
Binary files a/ldns-src.tar.gz and b/ldns-src.tar.gz differ
diff --git a/util/iana_ports.inc b/util/iana_ports.inc
index 8bfdc8165..8ac201198 100644
--- a/util/iana_ports.inc
+++ b/util/iana_ports.inc
@@ -4683,6 +4683,8 @@
 8148,
 8160,
 8161,
+8182,
+8184,
 8192,
 8194,
 8195,