From: Evan Hunt <each@isc.org>
Date: Fri, 29 Jan 2021 01:17:02 +0000 (-0800)
Subject: CHANGES and release notes
X-Git-Tag: v9.17.10~12^2
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=220bca9ebfbb810e8ff8ffaec7c3e12a87c46cf3;p=thirdparty%2Fbind9.git

CHANGES and release notes
---

diff --git a/CHANGES b/CHANGES
index 63a2c54db17..344afbca5fa 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,10 @@
+5574.	[func]		Incoming zone transfers can now use TLS.
+			Addresses in a "primaries" list take an optional
+			"tls" argument, specifying either a previously
+			configured "tls" block or "ephemeral"; SOA queries
+			and zone transfer requests will then be sent via
+			TLS. [GL #2392]
+
 5573.	[func]		Also return stale data if an error occurred and we are
 			not resuming. Only start the stale-refresh-time window
 			if we timed out. [GL #2434]
diff --git a/doc/notes/notes-current.rst b/doc/notes/notes-current.rst
index 600911bd2a3..82677a00ee2 100644
--- a/doc/notes/notes-current.rst
+++ b/doc/notes/notes-current.rst
@@ -47,6 +47,11 @@ New Features
   case, we will try to answer DNS requests with stale data, but not start
   the ``stale-refresh-time`` window. [GL #2434]
 
+- ``named`` now supports XFR-over-TLS (XoT) for incoming as well as
+  outgoing zone transfers.  Addresses in a ``primaries`` list can take
+  an optional ``tls`` option which specifies either a previously configured
+  ``tls`` statement or ``ephemeral``. [GL #2392]
+
 Removed Features
 ~~~~~~~~~~~~~~~~