These shouldn't make any problems:
- the verbose messages don't print any scope, and
- reputation cache doesn't consider scope.

RTT tracking for all targets is also supported,
but no loadbalancing is done based on that yet

example:

> daf.add 'forward 127.0.0.1@5353'

all relevant modules now support running in
forked mode and polling workers for information.
for example graphite module can poll stats from
all workers and then aggregate before sending,
or HTTP module can run on the process group leader
only and then poll workers for information.

* rules may now be chained if the rule action
  doesn't return next state. in this case, next
  matching rule will be executed. this is useful
  for snooping actions
* rules now may be paused/deleted
* implemented a new action for query mirroring to
  given destination

these are used as a handle to patch/modify rules
later in their lifetime, also added a rule match
counter to find out which rules match inbound
traffic

* REROUTE action rewrites all addresses in
  final answers matching given subnet to
  addresses in target subnet (or single address)
* REWRITE action rewrites rdata in final answers
  matching given owner and type (only works on
  A/AAAA now)

policy has policy.todnames() for table of names

this is Unbound's 'forward-zone' on steroids

config:
trust_anchors.negative = { ‘bad.cz’, ‘here.com’ }

all names below these NTA will not be validated
(unless there is an island of trust below these anchors)

the module can enforce RPZ from zone file, later a LMDB binary database
is going to come to solve following:
- updating zones on the fly
- instant startup (although it loads 1M blocklist in a fraction of
second)
- no extra memory usage between multiple processes
the compatibility notes are in the documentation

module can identify clients based on their source address or used TSIG
key