From fede6aa4b798756dcc7109c0640b49c4d32536f6 Mon Sep 17 00:00:00 2001
From: Wouter Wijngaards <wouter@nlnetlabs.nl>
Date: Thu, 20 Feb 2014 12:36:05 +0000
Subject: [PATCH] - Be lenient when a NSEC NameError response with
 RCODE=NXDOMAIN is   received. This is okay according 4035, but not after
 revising   existence in 4592.  NSEC empty non-terminals exist and thus the  
 RCODE should have been NOERROR. If this occurs, and the RRsets   are secure,
 we set the RCODE to NOERROR and the security status   of the reponse is also
 considered secure.

git-svn-id: file:///svn/unbound/trunk@3091 be551aaa-1e26-0410-a405-d3ace91eadb9
---
 doc/Changelog | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/doc/Changelog b/doc/Changelog
index d960366e8..6d11db0df 100644
--- a/doc/Changelog
+++ b/doc/Changelog
@@ -1,3 +1,11 @@
+20 February 2014: Matthijs
+	- Be lenient when a NSEC NameError response with RCODE=NXDOMAIN is
+	  received. This is okay according 4035, but not after revising
+	  existence in 4592.  NSEC empty non-terminals exist and thus the
+	  RCODE should have been NOERROR. If this occurs, and the RRsets
+	  are secure, we set the RCODE to NOERROR and the security status
+	  of the reponse is also considered secure.
+
 14 February 2014: Wouter
 	- Works on Minix (3.2.1).
 
-- 
2.47.2