From: Ondřej Surý Date: Wed, 8 Mar 2017 12:03:03 +0000 (+0100) Subject: Update NEWS X-Git-Tag: v1.2.4~1^2~1 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=8b901757e1a52e283cf1bfb798f0a1bf8796a911;p=thirdparty%2Fknot-resolver.git Update NEWS --- diff --git a/NEWS b/NEWS index 07851ae66..d1f62586b 100644 --- a/NEWS +++ b/NEWS @@ -4,17 +4,19 @@ Knot Resolver 1.2.4-dev (2017-03-XX) Security -------- - Knot Resolver 1.2.0 and higher could return AD flag for insecure - answer if the daemon received answer with invalid RRSIG several times - in a row. + answer if the daemon received answer with invalid RRSIG several + times in a row. Improvements ------------ -- modules/policy: allow QTRACE policy to be chained with other policies +- modules/policy: allow QTRACE policy to be chained with other + policies - hints.add_hosts(path): a new property - module: document the API and simplify the code - policy.MIRROR: support IPv6 link-local addresses - policy.FORWARD: support IPv6 link-local addresses -- add net.outgoing_{v4,v6} to allow specifying address to use for connections +- add net.outgoing_{v4,v6} to allow specifying address to use for + connections Bugfixes -------- @@ -26,6 +28,8 @@ Bugfixes - fix a potential memory leak - don't treat answers that contain DS non-existance proof as insecure - don't store NSEC3 and their signatures in the cache +- layer/iterate: when processing delegations, check if qname is at or + below new authority Knot Resolver 1.2.3 (2017-02-23)