From: Petr Špaček <petr.spacek@nic.cz>
Date: Mon, 6 Mar 2017 12:24:20 +0000 (+0100)
Subject: Clarify conditions when invalid RRSIG can lead to AD=1 response
X-Git-Tag: v1.2.4~2^2~1
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=210d1703d1ff14e5b371294780a597ac5bed664e;p=thirdparty%2Fknot-resolver.git

Clarify conditions when invalid RRSIG can lead to AD=1 response

Further clarification of fb957a9b5593aaa46dcfddd9adb488cf898b4a45
---

diff --git a/NEWS b/NEWS
index 5eb761c3b..07851ae66 100644
--- a/NEWS
+++ b/NEWS
@@ -4,7 +4,8 @@ Knot Resolver 1.2.4-dev (2017-03-XX)
 Security
 --------
 - Knot Resolver 1.2.0 and higher could return AD flag for insecure
-  answer, if the same answer was validated three or more times.
+  answer if the daemon received answer with invalid RRSIG several times
+  in a row.
 
 Improvements
 ------------