Add release note and CHANGES for #4363
This protocol change is definitely worth mentioning.
This commit is contained in:
Matthijs Mekking
6
CHANGES
6
CHANGES
@@ -1,3 +1,9 @@
|
||||
6292. [func] Lower the maximum number of allowed NSEC3 iterations,
|
||||
from 150 to 50. DNSSEC responses with a higher
|
||||
iteration count are treated as insecure. For signing
|
||||
with dnssec-policy, iterations must be set to zero.
|
||||
[GL #4363]
|
||||
|
||||
6291. [bug] SIGTERM failed to properly stop multiple outstanding
|
||||
lookup in dig. [GL #4457]
|
||||
|
||||
|
||||
@@ -33,7 +33,12 @@ Removed Features
|
||||
Feature Changes
|
||||
~~~~~~~~~~~~~~~
|
||||
|
||||
- None.
|
||||
- The maximum number of allowed NSEC3 iterations for validation has been
|
||||
lowered from 150 to 50. DNSSEC responses containing NSEC3 records with
|
||||
iteration counts greater than 50 are now treated as insecure. :gl:`#4363`
|
||||
|
||||
- The number of NSEC3 iterations that can be configured for a zone must be 0.
|
||||
:gl:`#4363`
|
||||
|
||||
Bug Fixes
|
||||
~~~~~~~~~
|
||||
|
||||
Reference in New Issue
Block a user