From c15493f4822b7176f0a6449e8f335844f512eed4 Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Fri, 15 Jan 2016 21:40:20 +0100 Subject: resolved: update DNSSEC TODO --- src/resolve/resolved-dns-dnssec.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'src') diff --git a/src/resolve/resolved-dns-dnssec.c b/src/resolve/resolved-dns-dnssec.c index 43fb365d68..f999a8cc77 100644 --- a/src/resolve/resolved-dns-dnssec.c +++ b/src/resolve/resolved-dns-dnssec.c @@ -40,9 +40,10 @@ * - log all RRs that failed validation * - enable by default * - Allow clients to request DNSSEC even if DNSSEC is off - * - find public DNAME test domain * - make sure when getting an NXDOMAIN response through CNAME, we still process the first CNAMEs in the packet - * - flush cache when DNSSEC setting changes + * - update test-complex to also do ResolveAddress lookups + * - extend complex test to check "xn--kprw13d." DNAME domain + * - rework IDNA stuff: only to IDNA for ResolveAddress and ResolveService, and prepare a pair of lookup keys then, never do IDNA comparisons after that * */ #define VERIFY_RRS_MAX 256 -- cgit v1.2.3-54-g00ecf