prep 9.17.0

The files configure.ac and version are already up to date.

Updated CHANGES with 9.17.0 release line.

Fixed CHANGES by adding GitLab reference to entry 5357 and fix
grammar mistakes.

Add missing /util/check-make-install.in to .gitattributes.

The lib/*/api are already updated to match the new ranges.

I listed two new features under BIND 9.17 features that to me
seemed noteworthy.

The release notes look good to me.

diff --git a/.gitattributes b/.gitattributes
index 3dac3b0fe6eeb987e361dcacf404c9c752f94fd1..86b4561c9aec4ae4385a459d32e5f3f43e29e7b8 100644 (file)
--- a/.gitattributes
+++ b/.gitattributes
@@ -7,4 +7,5 @@
 /doc/dev                        export-ignore
 /util/**                        export-ignore
 /util/bindkeys.pl              -export-ignore
+/util/check-make-install.in    -export-ignore
 /util/mksymtbl.pl              -export-ignore

diff --git a/CHANGES b/CHANGES
index a17ba33d5cdea41db1a14e6eac52046b81d21867..7b50cd691ddf56e9c66b94e2feee34bfb52e0511 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -1,17 +1,18 @@
+       --- 9.17.0 released ---
+
 5366.  [bug]           Fix a race condition with the keymgr when the same
                        zone plus dnssec-policy is configured in multiple
                        views. [GL #1653]
 
 5365.  [bug]           Algorithm rollover was stuck on submitting DS
                        because keymgr thought it would move to an invalid
-                       state.  Fixed by when checking the current key,
-                       check it against the desired state, not the existing
-                       state. [GL #1626]
+                       state.  Fixed by checking the current key against
+                       the desired state, not the existing state. [GL #1626]
 
 5364.  [bug]           Algorithm rollover waited too long before introducing
                        zone signatures.  It waited to make sure all signatures
-                       were resigned, but when introducing a new algorithm,
-                       all signatures are resigned immediately.  Only
+                       were regenerated, but when introducing a new algorithm,
+                       all signatures are regenerated immediately.  Only
                        add the sign delay if there is a predecessor key.
                        [GL #1625]
 
@@ -43,7 +44,8 @@
 
 5357.  [bug]           Newly added RRSIG records with expiry times before
                        the previous earliest expiry times might not be
-                       re-signed in time.  The was a side effect of 5315.
+                       re-signed in time.  This was a side effect of 5315.
+                       [GL !3137]
 
 5356.  [func]          Update dnssec-policy configuration statements:
                        - Rename "zone-max-ttl" dnssec-policy option to

diff --git a/README.md b/README.md
index 698bb85765d41ab73f1eb30569889a8904c76bb6..970c846d60785c779a088d24aa9547be555cdd30 100644 (file)
--- a/README.md
+++ b/README.md
@@ -128,7 +128,12 @@ including your patch as an attachment, preferably generated by
 ### <a name="features"/> BIND 9.17 features
 
 BIND 9.17 is the newest development branch of BIND 9. It includes a
-number of changes from BIND 9.16 and earlier releases.
+number of changes from BIND 9.16 and earlier releases. New features include:
+
+* New option "max-ixfr-ratio" to limit the size of outgoing IXFR responses
+  before falling back to full zone transfers.
+* "rndc nta -d" and "rndc secroots" now include "validate-except" entries
+  when listing negative trust anchors.
 
 ### <a name="build"/> Building BIND