+5010. [func] New "validate-except" option specifies a list of
+ domains beneath which DNSSEC validation should not
+ be performed. [GL #237]
+
5009. [bug] Upon an OpenSSL failure, the first error in the OpenSSL
error queue was not logged. [GL #476]
subject to DNSSEC validation and are not treated as authoritative data
when answering. This makes it easier to configure a local copy of the
root zone as described in RFC 7706.
+ * QNAME minimization is now supported
+ * The "validate-except" option allows configuration of domains below
+ which DNSSEC validation should not be performed.
In addition, cryptographic support has been modernized. BIND now uses the
best available pseudo-random number generator for the platform on which
DNSSEC validation and are not treated as authoritative data when
answering. This makes it easier to configure a local copy of the root
zone as described in RFC 7706.
+* QNAME minimization is now supported
+* The "validate-except" option allows configuration of domains below which
+ DNSSEC validation should not be performed.
In addition, cryptographic support has been modernized. BIND now uses the
best available pseudo-random number generator for the platform on which
loss of security.
</para>
</listitem>
+ <listitem>
+ <para>
+ The <command>validate-except</command> option specifies a list of
+ domains beneath which DNSSEC validation should not be performed,
+ regardless of whether a trust anchor has been configured above
+ them. [GL #237]
+ </para>
+ </listitem>
</itemizedlist>
</section>
projects / thirdparty / bind9.git / commitdiff
