- Be lenient when a NSEC NameError response with RCODE=NXDOMAIN is

  received. This is okay according 4035, but not after revising
  existence in 4592.  NSEC empty non-terminals exist and thus the
  RCODE should have been NOERROR. If this occurs, and the RRsets
  are secure, we set the RCODE to NOERROR and the security status
  of the reponse is also considered secure.

git-svn-id: file:///svn/unbound/trunk@3091 be551aaa-1e26-0410-a405-d3ace91eadb9

diff --git a/doc/Changelog b/doc/Changelog
index d960366e832f87021d88644c4bf615841c3627fe..6d11db0df08d8640d8668000352f96790fccd035 100644 (file)
--- a/doc/Changelog
+++ b/doc/Changelog
@@ -1,3 +1,11 @@
+20 February 2014: Matthijs
+       - Be lenient when a NSEC NameError response with RCODE=NXDOMAIN is
+         received. This is okay according 4035, but not after revising
+         existence in 4592.  NSEC empty non-terminals exist and thus the
+         RCODE should have been NOERROR. If this occurs, and the RRsets
+         are secure, we set the RCODE to NOERROR and the security status
+         of the reponse is also considered secure.
+
 14 February 2014: Wouter
        - Works on Minix (3.2.1).