From: Evan Hunt Date: Wed, 19 Feb 2014 01:59:43 +0000 (-0800) Subject: [master] edit X-Git-Tag: v9.10.0b1~82 X-Git-Url: http://git.ipfire.org/gitweb/?a=commitdiff_plain;h=96a35905057eb2ba7d977460776b06ae0911c8a7;p=thirdparty%2Fbind9.git [master] edit --- diff --git a/CHANGES b/CHANGES index e70a3284ed7..10c26a6bfef 100644 --- a/CHANGES +++ b/CHANGES @@ -1,16 +1,20 @@ 3744. [experimental] SIT: send and process Source Identity Tokens - (which are similar to DNS Cookies by Donald Eastlake) - and are designed to help clients detect off path - spoofed responses and for servers to detect legitimate - clients. - - SIT use a experimental EDNS option code (65001). - - SIT can be enabled via --enable-developer or - --enable-sit. It is on by default in Windows. - - RRL processing as been updated to know about SIT with - legitimate clients not being rate limited. [RT #35389] + (similar to DNS Cookies by Donald Eastlake), + which are designed to help clients detect off-path + spoofed responses and for servers to identify + legitimate clients. + + SIT uses an experimental EDNS option code (65001). + + SIT can be enabled via "configure --enable-sit" (or + --enable-developer). It is enabled by default in + Windows. + + Servers can be configured to send smaller responses + to clients that have not identified themselves via + SIT. RRL processing has also been updated; + legitimate clients are not subject to rate + limiting. [RT #35389] 3743. [bug] delegation-only flag wasn't working in forward zone declarations despite being documented. This is