From c15493f4822b7176f0a6449e8f335844f512eed4 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Fri, 15 Jan 2016 21:40:20 +0100
Subject: resolved: update DNSSEC TODO

---
 src/resolve/resolved-dns-dnssec.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/src/resolve/resolved-dns-dnssec.c b/src/resolve/resolved-dns-dnssec.c
index 43fb365d68..f999a8cc77 100644
--- a/src/resolve/resolved-dns-dnssec.c
+++ b/src/resolve/resolved-dns-dnssec.c
@@ -40,9 +40,10 @@
  *   - log all RRs that failed validation
  *   - enable by default
  *   - Allow clients to request DNSSEC even if DNSSEC is off
- *   - find public DNAME test domain
  *   - make sure when getting an NXDOMAIN response through CNAME, we still process the first CNAMEs in the packet
- *   - flush cache when DNSSEC setting changes
+ *   - update test-complex to also do ResolveAddress lookups
+ *   - extend complex test to check "xn--kprw13d." DNAME domain
+ *   - rework IDNA stuff: only to IDNA for ResolveAddress and ResolveService, and prepare a pair of lookup keys then, never do IDNA comparisons after that
  * */
 
 #define VERIFY_RRS_MAX 256
-- 
cgit v1.2.3-54-g00ecf