1 files changed, 158 insertions, 0 deletions
diff --git a/doc/Changelog b/doc/Changelog
index a1c2f76cd21d..525bb365e3d9 100644
--- a/doc/Changelog
+++ b/doc/Changelog
@@ -1,6 +1,164 @@
+29 June 2015: Wouter
+	- iana portlist update.
+	- Fix alloc with log for allocation size checks.
+
+26 June 2015: Wouter
+	- Fix #677 Fix DNAME responses from cache that failed internal chain
+	  test.
+	- iana portlist update.
+
+22 June 2015: Wouter
+	- Fix #677 Fix CNAME corresponding to a DNAME was checked incorrectly
+	  and was therefore always synthesized (thanks to Valentin Dietrich).
+
+4 June 2015: Wouter
+	- RFC 7553 RR type URI support, is now enabled by default.
+
+2 June 2015: Wouter
+	- Fix #674: Do not free pointers given by getenv.
+
+29 May 2015: Wouter
+	- Fix that unparseable error responses are ratelimited.
+	- SOA negative TTL is capped at minimumttl in its rdata section.
+	- cache-max-negative-ttl config option, default 3600.
+
+26 May 2015: Wouter
+	- Document that ratelimit works with unbound-control set_option.
+
+21 May 2015: Wouter
+	- iana portlist update.
+	- documentation proposes ratelimit of 1000 (closer to what upstream
+	  servers expect from us).
+
+20 May 2015: Wouter
+	- DLV is going to be decommissioned.  Advice to stop using it, and
+	  put text in the example configuration and man page to that effect.
+
+10 May 2015: Wouter
+	- Change syntax of particular validator error to be easier for
+	  machine parse, swap rrset and ip adres info so it looks like:
+	  validation failure <www.example.nl. TXT IN>: signature crypto
+	  failed from 2001:DB8:7:bba4::53 for <*.example.nl. NSEC IN>
+
+1 May 2015: Wouter
+	- caps-whitelist in unbound.conf allows whitelist of loadbalancers
+	  that cannot work with caps-for-id or its fallback.
+
+30 April 2015: Wouter
+	- Unit test for type ANY synthesis.
+
+22 April 2015: Wouter
+	- Removed contrib/unbound_unixsock.diff, because it has been
+	  integrated, use control-interface: /path in unbound.conf.
+	- iana portlist update.
+
+17 April 2015: Wouter
+	- Synthesize ANY responses from cache.  Does not search exhaustively,
+	  but MX,A,AAAA,SOA,NS also CNAME.
+	- Fix leaked dns64prefix configuration string.
+
+16 April 2015: Wouter
+	- Add local-zone type inform_deny, that logs query and drops answer.
+	- Ratelimit does not apply to prefetched queries, and ratelimit-factor
+	  is default 10.  Repeated normal queries get resolved and with
+	  prefetch stay in the cache.
+	- Fix bug#664: libunbound python3 related fixes (from Tomas Hozza)
+	  Use print_function also for Python2.
+	  libunbound examples: produce sorted output.
+	  libunbound-Python: libldns is not used anymore.
+	  Fix issue with Python 3 mapping of FILE* using file_py3.i from ldns.
+
+10 April 2015: Wouter
+	- unbound-control ratelimit_list lists high rate domains.
+	- ratelimit feature, ratelimit: 100, or some sensible qps, can be
+	  used to turn it on.  It ratelimits recursion effort per zone.
+	  For particular names you can configure exceptions in unbound.conf.
+	- Fix that get_option for cache-sizes does not print double newline.
+	- Fix#663: ssl handshake fails when using unix socket because dh size
+	  is too small.
+
+8 April 2015: Wouter
+	- Fix crash in dnstap: Do not try to log TCP responses after timeout.
+
+7 April 2015: Wouter
+	- Libunbound skips dos-line-endings from etc/hosts.
+	- Unbound exits with a fatal error when the auto-trust-anchor-file
+	  fails to be writable.  This is seconds after startup.  You can
+	  load a readonly auto-trust-anchor-file with trust-anchor-file.
+	  The file has to be writable to notice the trust anchor change,
+	  without it, a trust anchor change will be unnoticed and the system
+	  will then become inoperable.
+	- unbound-control list_insecure command shows the negative trust
+	  anchors currently configured, patch from Jelte Jansen.
+
+2 April 2015: Wouter
+	- Fix #660: Fix interface-automatic broken in the presence of
+	  asymmetric routing.
+
+26 March 2015: Wouter
+	- remote.c probedelay line is easier to read.
+	- rename ldns subdirectory to sldns to avoid name collision.
+
+25 March 2015: Wouter
+	- Fix #657:  libunbound(3) recommends deprecated
+	  CRYPTO_set_id_callback.
+	- If unknown trust anchor algorithm, and libressl is used, error
+	  message encourages upgrade of the libressl package.
+
 23 March 2015: Wouter
 	- Fix segfault on user not found at startup (from Maciej Soltysiak).
 
+20 March 2015: Wouter
+	- Fixed to add integer overflow checks on allocation (defense in depth).
+
+19 March 2015: Wouter
+	- Add ip-transparent config option for bind to non-local addresses.
+
+17 March 2015: Wouter
+	- Use reallocarray for integer overflow protection, patch submitted
+	  by Loganaden Velvindron.
+
+16 March 2015: Wouter
+	- Fixup compile on cygwin, more portable openssl thread id.
+
+12 March 2015: Wouter
+	- Updated default keylength in unbound-control-setup to 3k.
+
+10 March 2015: Wouter
+	- Fix lintian warning in unbound-checkconf man page (from Andreas
+	  Schulze).
+	- print svnroot when building windows dist.
+	- iana portlist update.
+	- Fix warning on sign compare in getentropy_linux.
+
+9 March 2015: Wouter
+	- Fix #644: harden-algo-downgrade option, if turned off, fixes the
+	  reported excessive validation failure when multiple algorithms
+	  are present.  It allows the weakest algorithm to validate the zone.
+	- iana portlist update.
+
+5 March 2015: Wouter
+	- contrib/unbound_smf22.tar.gz: Solaris SMF installation/removal
+	  scripts.  Contributed by Yuri Voinov.
+	- Document that incoming-num-tcp increase is good for large servers.
+	- stats reports tcp usage, of incoming-num-tcp buffers.
+
+4 March 2015: Wouter
+	- Patch from Brad Smith that syncs compat/getentropy_linux with
+	  OpenBSD's version (2015-03-04).
+	- 0x20 fallback improved: servfail responses do not count as missing
+	  comparisons (except if all responses are errors),
+	  inability to find nameservers does not fail equality comparisons,
+	  many nameservers does not try to compare more than max-sent-count,
+	  parse failures start 0x20 fallback procedure.
+	- store caps_response with best response in case downgrade response
+	  happens to be the last one.
+	- Document windows 8 tests.
+
+3 March 2015: Wouter
+	- tag 1.5.3rc1
+	[ This became 1.5.3 on 10 March, trunk is 1.5.4 in development ]
+
 2 March 2015: Wouter
 	- iana portlist update.