diff options
author | Simon Kelley <simon@thekelleys.org.uk> | 2015-01-07 21:55:43 +0000 |
---|---|---|
committer | Simon Kelley <simon@thekelleys.org.uk> | 2015-01-07 21:55:43 +0000 |
commit | 97e618a0e3f29465acc689d87288596b006f197e (patch) | |
tree | da82193f5d4bbb079a63db42978825bd76f2bc1f /CHANGELOG | |
parent | d310ab7ecbffce79d3d90debba621e0222f9bced (diff) | |
download | dnsmasq-unsigned.tar.gz |
DNSSEC: do top-down search for limit of secure delegation.unsigned
Diffstat (limited to 'CHANGELOG')
-rw-r--r-- | CHANGELOG | 9 |
1 files changed, 9 insertions, 0 deletions
@@ -31,7 +31,16 @@ version 2.73 request for certain domains, before the correct answer can arrive. Thanks to Glen Huang for the patch. + Revisit the part of DNSSEC validation which determines if an + unsigned answer is legit, or is in some part of the DNS + tree which should be signed. Dnsmasq now works from the + DNS root downward looking for the limit of signed + delegations, rather than working bottom up. This is + both more correct, and less likely to trip over broken + nameservers in the unsigned parts of the DNS tree + which don't respond well to DNSSEC queries. + version 2.72 Add ra-advrouter mode, for RFC-3775 mobile IPv6 support. |