doc: DNS Flag Day 2020 is now effective

diff --git a/NEWS b/NEWS
index 00cf3942fc2ff7b27a84025c3fb786733fde69b7..ff2691e7f59477da38424e395b4e214afc0f629a 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -3,7 +3,8 @@ Knot Resolver 5.2.0 (2020-1m-dd)
 
 Improvements
 ------------
-- lower default EDNS buffer size to 1232 (#538, #300, !920)
+- lower default EDNS buffer size to 1232 bytes (#538, #300, !920);
+  see https://dnsflagday.net/2020/
 - net: split the EDNS buffer size into upstream and downstream (!1026)
 - lua-http doh: answer to /dns-query endpoint as well as /doh (!1069)
 - improve resiliency against UDP fragmentation attacks (disable PMTUD) (!1061)

diff --git a/doc/upgrading.rst b/doc/upgrading.rst
index 13a19693bccc2a4bbcab7123bf60a13618cde68a..5c5e471509cc3dc61b95106ce2819dd2b4af7547 100644 (file)
--- a/doc/upgrading.rst
+++ b/doc/upgrading.rst
@@ -24,9 +24,6 @@ newer versions when they are released.
 * DoH over HTTP/1 and unencrypted transports is still available in
   :ref:`legacy http module <mod-http-doh>` (``kind='doh'``).
   This module will not receive receive any more bugfixes and will be eventually removed.
-* New releases since October 2020 will contain changes for
-  `DNS Flag Day 2020 <https://dnsflagday.net/2020/>`_. Please double-check your firewall,
-  it has to allow DNS traffic on UDP and also TCP port 53.
 
 
 5.1 to 5.2
@@ -38,6 +35,10 @@ Users
 * Users of :ref:`control-sockets` API need to terminate each command sent to resolver with newline
   character (ASCII ``\n``). Correct usage: ``cache.stats()\n``.
   Newline terminated commands are accepted by all resolver versions >= 1.0.0.
+* `DNS Flag Day 2020 <https://dnsflagday.net/2020/>`_ is now effective and Knot Resolver uses
+  maximum size of UDP answer to 1232 bytes. Please double-check your firewall,
+  it has to allow DNS traffic on UDP and **also TCP** port 53.
+
 
 Configuration file
 ------------------