From: Evan Hunt <each@isc.org>
Date: Tue, 1 May 2018 01:17:35 +0000 (-0700)
Subject: CHANGES, release notes, README
X-Git-Tag: v9.13.3~58^2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=4eb0897c909a7643b30bdc46c21ab354d5f66689;p=thirdparty%2Fbind9.git

CHANGES, release notes, README
---

diff --git a/CHANGES b/CHANGES
index 6956376258e..f0325241231 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,7 @@
+5010.	[func]		New "validate-except" option specifies a list of
+			domains beneath which DNSSEC validation should not
+			be performed. [GL #237]
+
 5009.	[bug]		Upon an OpenSSL failure, the first error in the OpenSSL
 			error queue was not logged. [GL #476]
 
diff --git a/README b/README
index c9f54212644..ba5f29d9f18 100644
--- a/README
+++ b/README
@@ -114,6 +114,9 @@ of changes from BIND 9.12 and earlier releases. New features include:
     subject to DNSSEC validation and are not treated as authoritative data
     when answering. This makes it easier to configure a local copy of the
     root zone as described in RFC 7706.
+  * QNAME minimization is now supported
+  * The "validate-except" option allows configuration of domains below
+    which DNSSEC validation should not be performed.
 
 In addition, cryptographic support has been modernized. BIND now uses the
 best available pseudo-random number generator for the platform on which
diff --git a/README.md b/README.md
index b283ff98c8f..e06941f40d6 100644
--- a/README.md
+++ b/README.md
@@ -131,6 +131,9 @@ include:
   DNSSEC validation and are not treated as authoritative data when
   answering. This makes it easier to configure a local copy of the root
   zone as described in RFC 7706.
+* QNAME minimization is now supported
+* The "validate-except" option allows configuration of domains below which
+  DNSSEC validation should not be performed.
 
 In addition, cryptographic support has been modernized. BIND now uses the
 best available pseudo-random number generator for the platform on which
diff --git a/doc/arm/notes.xml b/doc/arm/notes.xml
index 8a1f647af56..de2760cbe5c 100644
--- a/doc/arm/notes.xml
+++ b/doc/arm/notes.xml
@@ -143,6 +143,14 @@
 	  loss of security.
 	</para>
       </listitem>
+      <listitem>
+	<para>
+	  The <command>validate-except</command> option specifies a list of
+	  domains beneath which DNSSEC validation should not be performed,
+	  regardless of whether a trust anchor has been configured above
+	  them. [GL #237]
+	</para>
+      </listitem>
     </itemizedlist>
   </section>