Commit c34680cf authored by Evan Hunt's avatar Evan Hunt
Browse files

[master] spelling, release note

parent 5fdca0da
......@@ -6,11 +6,12 @@
4881. [bug] Only include dst_openssl.h when OpenSSL is required.
[RT #47068]
 
4880. [bug] Named wasn't returning the target of a cross zone
CNAME between to served zones when recursion was
desired and available (RD=1, RA=1). Don't return
the CNAME target otherwise to prevent accidental
cache poisoning. [RT #47078]
4880. [bug] Named wasn't returning the target of a cross-zone
CNAME between two served zones when recursion was
desired and available (RD=1, RA=1). (When this is
not the case, the CNAME target is deliberately
withheld to prevent accidental cache poisoning.)
[RT #47078]
 
4879. [bug] dns_rdata_caa:value_len field was too small.
[RT #47086]
......
......@@ -87,6 +87,15 @@
<section xml:id="relnotes_bugs"><info><title>Bug Fixes</title></info>
<itemizedlist>
<listitem>
<para>
When answering authoritative queries, <command>named</command>
does not return the target of a cross-zone CNAME between two
locally served zones; this prevents accidental cache poisoning.
This same restriction was incorrectly applied to recursive
queries as well; this has been fixed. [RT #47078]
</para>
</listitem>
<listitem>
<para>
Attempting to validate improperly unsigned CNAME responses
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment