From: Lennart Poettering <lennart@poettering.net>
Date: Fri, 15 Jan 2016 20:40:20 +0000 (+0100)
Subject: resolved: update DNSSEC TODO
X-Git-Tag: v229~129^2~3
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=c15493f4822b7176f0a6449e8f335844f512eed4;p=thirdparty%2Fsystemd.git

resolved: update DNSSEC TODO
---

diff --git a/src/resolve/resolved-dns-dnssec.c b/src/resolve/resolved-dns-dnssec.c
index 43fb365d682..f999a8cc77f 100644
--- a/src/resolve/resolved-dns-dnssec.c
+++ b/src/resolve/resolved-dns-dnssec.c
@@ -40,9 +40,10 @@
  *   - log all RRs that failed validation
  *   - enable by default
  *   - Allow clients to request DNSSEC even if DNSSEC is off
- *   - find public DNAME test domain
  *   - make sure when getting an NXDOMAIN response through CNAME, we still process the first CNAMEs in the packet
- *   - flush cache when DNSSEC setting changes
+ *   - update test-complex to also do ResolveAddress lookups
+ *   - extend complex test to check "xn--kprw13d." DNAME domain
+ *   - rework IDNA stuff: only to IDNA for ResolveAddress and ResolveService, and prepare a pair of lookup keys then, never do IDNA comparisons after that
  * */
 
 #define VERIFY_RRS_MAX 256