Commit 793d358c authored by Tony Finch's avatar Tony Finch Committed by Evan Hunt
Browse files

add CHANGES and release note

parent 8785f6fa
Pipeline #14256 passed with stages
in 11 minutes and 54 seconds
5230. [protocol] The SHA-1 hash algorithm is no longer used when
generating DS and CDS records. [GL #1015]
5229. [protocol] Enforce known SSHFP fingerprint lengths. [GL #852] 5229. [protocol] Enforce known SSHFP fingerprint lengths. [GL #852]
   
5228. [func] If trusted-keys and managed-keys were configured 5228. [func] If trusted-keys and managed-keys were configured
......
...@@ -144,6 +144,21 @@ ...@@ -144,6 +144,21 @@
configuration error. [GL #868] configuration error. [GL #868]
</para> </para>
</listitem> </listitem>
<listitem>
<para>
DS and CDS records are now generated with SHA-256 digests
only, instead of both SHA-1 and SHA-256. This affects the
default output of <command>dnssec-dsfromkey</command>, the
<filename>dsset</filename> files generated by
<command>dnssec-signzone</command>, the DS records added to
a zone by <command>dnssec-signzone</command> based on
<filename>keyset</filename> files, the CDS records added to
a zone by <command>named</command> and
<command>dnssec-signzone</command> based on "sync" timing
parameters in key files, and the checks performed by
<command>dnssec-checkds</command>.
</para>
</listitem>
</itemizedlist> </itemizedlist>
</section> </section>
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment