(removed content from the f10 release notes, preparing for the f11 release notes process...) |
(Sync with XML and edit) |
||
Line 2: | Line 2: | ||
This section contains information about networking changes in Fedora 11. | This section contains information about networking changes in Fedora 11. | ||
=== DNSSEC === | |||
Bind and unbound (recursive DNS servers) now enable DNSSEC validation in their default configuration. DNSSEC Lookaside Verification (DLV) is also enabled with the <code>dlv.sc.org</code> DLV Registry. This behavior can be modified in {{filename|/etc/sysconfig/dnssec}} by changing the DNSSEC and DLV settings. | |||
With DNSSEC enabled, when a domain supplies DNSSEC data (such as .gov, .se, the ENUM zone and other TLD's) then that data will be cryptographically validated on the recursive DNS server. If validation fails due to attempts at cache poisoning, for example via a Kaminsky Attack, then the end user will not be given this forged/spoofed data. DNSSEC deployment is gaining speed rapidly, and is a crucial and logical step to make the Internet more secure for end users. DLV is used to add DNSSEC signed domains into TLD's that themselves are not yet signed, such as .com and .org. | |||
=== TigerVNC === | |||
TigerVNC is used as default VNC project. Package names were changed to {{package|tigervnc}}, {{package|tigervnc-server}} and {{package|tigervnc-server-module}}. Binary names are the same as in previous version. The {{filename|libvnc.so}} module has been moved to the {{package|tigervnc-server-module}} subpackage. Otherwise there should be no difference. |
Revision as of 01:10, 3 April 2009
Networking
This section contains information about networking changes in Fedora 11.
DNSSEC
Bind and unbound (recursive DNS servers) now enable DNSSEC validation in their default configuration. DNSSEC Lookaside Verification (DLV) is also enabled with the dlv.sc.org
DLV Registry. This behavior can be modified in /etc/sysconfig/dnssec
by changing the DNSSEC and DLV settings.
With DNSSEC enabled, when a domain supplies DNSSEC data (such as .gov, .se, the ENUM zone and other TLD's) then that data will be cryptographically validated on the recursive DNS server. If validation fails due to attempts at cache poisoning, for example via a Kaminsky Attack, then the end user will not be given this forged/spoofed data. DNSSEC deployment is gaining speed rapidly, and is a crucial and logical step to make the Internet more secure for end users. DLV is used to add DNSSEC signed domains into TLD's that themselves are not yet signed, such as .com and .org.
TigerVNC
TigerVNC is used as default VNC project. Package names were changed to tigervnc
, tigervnc-server
and tigervnc-server-module
. Binary names are the same as in previous version. The libvnc.so
module has been moved to the tigervnc-server-module
subpackage. Otherwise there should be no difference.