- Security Issue:
The DNSSEC-Tools libval validating resolver library does suffer
from the same issues that the other DNS resolvers were faced with
as described by: http://www.kb.cert.org/vuls/id/800113
Although DNSSEC will prevent the issues, it is assumed that not
everyone is using libval with only 100% DNSSEC protected zones.
The supporting tools that do not use libval are not affected by
this problem (eg, zonesigner, rollerd, donuts, etc are just fine).
- NSEC3 value change
Now that the NSEC3 RFC has been published we've changed the
internal numeric RR code to the assigned value. The NSEC3 code,
however, is still considered experimental and not fully tested.