update docs for 3.5-rc2

author Peter van Dijk <peter.van.dijk@netherlabs.nl>

Mon, 4 Feb 2013 07:50:03 +0000 (07:50 +0000)

committer Peter van Dijk <peter.van.dijk@netherlabs.nl>

Mon, 4 Feb 2013 07:50:03 +0000 (07:50 +0000)
author Peter van Dijk <peter.van.dijk@netherlabs.nl>
Mon, 4 Feb 2013 07:50:03 +0000 (07:50 +0000)
committer Peter van Dijk <peter.van.dijk@netherlabs.nl>
Mon, 4 Feb 2013 07:50:03 +0000 (07:50 +0000)
diff --git a/pdns/docs/pdns.xml b/pdns/docs/pdns.xml

index c7677f07ca3eb80cee3c504208d0393b63c2d5ef..4b8a5cbafe09ac99bee0a8262e83eb24c2e98550 100644 (file)
--- a/pdns/docs/pdns.xml
+++ b/pdns/docs/pdns.xml
@@ -132,6 +132,28 @@
          3.4, we are skipping an actual 3.4 release to avoid confusion.
        </para>
        </note></para>
+      <para>
+        Changes between RC1 and RC2:
+        <itemizedlist>
+          <listitem>
+            <para>
+              While Recursor 3.3 was not vulnerable to the specific attack noted in
+              <ulink url="https://www.isc.org/files/imce/ghostdomain_camera.pdf">'Ghost Domain Names: Revoked Yet Still Resolvable'</ulink>,
+              further investigation showed that a variant of the attack could work. This was fixed in r3085.
+            </para>
+          </listitem>
+          <listitem>
+            <para>
+              The auth-can-lower-ttl flag was removed, as it did not have any effect in most situations, and thus
+              did not operate as advertised. We now always comply with the related parts of RFC2181. Change in
+              r3092, closing t88.
+            </para>
+          </listitem>
+        </itemizedlist>
+      </para>
+      <para>
+        Changes below are in RC1 (and up).
+      </para>
        <para>
        New features:
        <itemizedlist>
author	Peter van Dijk <peter.van.dijk@netherlabs.nl>
	Mon, 4 Feb 2013 07:50:03 +0000 (07:50 +0000)
committer	Peter van Dijk <peter.van.dijk@netherlabs.nl>
	Mon, 4 Feb 2013 07:50:03 +0000 (07:50 +0000)