Add Known Issue about config incompatibility

author Petr Špaček <pspacek@isc.org>

Wed, 5 Oct 2022 13:21:36 +0000 (15:21 +0200)

committer Petr Špaček <pspacek@isc.org>

Thu, 6 Oct 2022 08:26:33 +0000 (10:26 +0200)
author Petr Špaček <pspacek@isc.org>
Wed, 5 Oct 2022 13:21:36 +0000 (15:21 +0200)
committer Petr Špaček <pspacek@isc.org>
Thu, 6 Oct 2022 08:26:33 +0000 (10:26 +0200)
diff --git a/doc/notes/notes-current.rst b/doc/notes/notes-current.rst

index 0152d9f2087476443fe1e13cc0174debe2523036..e6c5a02c93497f80abd712f81e7cf6e25cccf1d9 100644 (file)
--- a/doc/notes/notes-current.rst
+++ b/doc/notes/notes-current.rst
@@ -20,7 +20,17 @@ Security Fixes
  Known Issues
  ~~~~~~~~~~~~
  
-- None.
+- Upgrading from BIND 9.16.32, 9.18.6, or older, may require a manual
+  configuration change. The following configurations are affected:
+
+  - :any:`type primary` zones configured with :any:`dnssec-policy` but without
+    either :any:`allow-update` or :any:`update-policy`
+  - :any:`type secondary` zones configured with :any:`dnssec-policy`
+
+  In these cases please add :namedconf:ref:`inline-signing yes;
+  <inline-signing>` to individual zone configuration(s). Without applying this
+  change :iscman:`named` will fail to start. For more details see
+  https://kb.isc.org/docs/dnssec-policy-requires-dynamic-dns-or-inline-signing
  
  New Features
  ~~~~~~~~~~~~
author	Petr Špaček <pspacek@isc.org>
	Wed, 5 Oct 2022 13:21:36 +0000 (15:21 +0200)
committer	Petr Špaček <pspacek@isc.org>
	Thu, 6 Oct 2022 08:26:33 +0000 (10:26 +0200)