From: Vladimír Čunát <vladimir.cunat@nic.cz>
Date: Mon, 23 Jan 2023 11:15:47 +0000 (+0100)
Subject: NEWS for the past two commits
X-Git-Tag: v5.6.0~1^2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=6baf76649407bdf2808b8c9a760777843b5f2fa7;p=thirdparty%2Fknot-resolver.git

NEWS for the past two commits
---

diff --git a/NEWS b/NEWS
index b9d3894d9..24ab1cfcd 100644
--- a/NEWS
+++ b/NEWS
@@ -1,8 +1,19 @@
 Knot Resolver 5.6.0 (202y-mm-dd)
 ================================
 
+Security
+--------
+- avoid excessive TCP reconnections in some cases
+  For example, a DNS server that just closes connections without answer
+  could cause lots of work for the resolver (and itself, too).
+  The number of connections could be up to around 100 per client's query.
+
+  We thank Xiang Li from NISL Lab, Tsinghua University,
+  and Xuesong Bai and Qifan Zhang from DSP Lab, UCI.
+
 Improvements
 ------------
+- daemon: feed server selection with more kinds of bad-answer events
 - cache.max_ttl(): lower the default from six days to one day
   and apply both limits to the first uncached answer already (!1323 #127)
 - depend on jemalloc, preferably, to improve memory usage (!1353)