From: Wouter Wijngaards <wouter@nlnetlabs.nl>
Date: Thu, 20 Feb 2014 12:36:05 +0000 (+0000)
Subject: - Be lenient when a NSEC NameError response with RCODE=NXDOMAIN is
X-Git-Tag: release-1.4.22rc1~1
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=fede6aa4b798756dcc7109c0640b49c4d32536f6;p=thirdparty%2Funbound.git

- Be lenient when a NSEC NameError response with RCODE=NXDOMAIN is
  received. This is okay according 4035, but not after revising
  existence in 4592.  NSEC empty non-terminals exist and thus the
  RCODE should have been NOERROR. If this occurs, and the RRsets
  are secure, we set the RCODE to NOERROR and the security status
  of the reponse is also considered secure.


git-svn-id: file:///svn/unbound/trunk@3091 be551aaa-1e26-0410-a405-d3ace91eadb9
---

diff --git a/doc/Changelog b/doc/Changelog
index d960366e8..6d11db0df 100644
--- a/doc/Changelog
+++ b/doc/Changelog
@@ -1,3 +1,11 @@
+20 February 2014: Matthijs
+	- Be lenient when a NSEC NameError response with RCODE=NXDOMAIN is
+	  received. This is okay according 4035, but not after revising
+	  existence in 4592.  NSEC empty non-terminals exist and thus the
+	  RCODE should have been NOERROR. If this occurs, and the RRsets
+	  are secure, we set the RCODE to NOERROR and the security status
+	  of the reponse is also considered secure.
+
 14 February 2014: Wouter
 	- Works on Minix (3.2.1).