Commit 4eb0897c authored by Evan Hunt's avatar Evan Hunt

CHANGES, release notes, README

parent 7ecd699e
Pipeline #3732 passed with stages
in 8 minutes and 10 seconds
5010. [func] New "validate-except" option specifies a list of
domains beneath which DNSSEC validation should not
be performed. [GL #237]
5009. [bug] Upon an OpenSSL failure, the first error in the OpenSSL
error queue was not logged. [GL #476]
......
......@@ -114,6 +114,9 @@ of changes from BIND 9.12 and earlier releases. New features include:
subject to DNSSEC validation and are not treated as authoritative data
when answering. This makes it easier to configure a local copy of the
root zone as described in RFC 7706.
* QNAME minimization is now supported
* The "validate-except" option allows configuration of domains below
which DNSSEC validation should not be performed.
In addition, cryptographic support has been modernized. BIND now uses the
best available pseudo-random number generator for the platform on which
......
......@@ -131,6 +131,9 @@ include:
DNSSEC validation and are not treated as authoritative data when
answering. This makes it easier to configure a local copy of the root
zone as described in RFC 7706.
* QNAME minimization is now supported
* The "validate-except" option allows configuration of domains below which
DNSSEC validation should not be performed.
In addition, cryptographic support has been modernized. BIND now uses the
best available pseudo-random number generator for the platform on which
......
......@@ -143,6 +143,14 @@
loss of security.
</para>
</listitem>
<listitem>
<para>
The <command>validate-except</command> option specifies a list of
domains beneath which DNSSEC validation should not be performed,
regardless of whether a trust anchor has been configured above
them. [GL #237]
</para>
</listitem>
</itemizedlist>
</section>
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment