Mention that the allow-transfer option has been extended

This commit updates both the reference manual and release notes with
the information that 'allow-transfer' has been extended with
additional "port" and "transport" options.

diff --git a/doc/arm/reference.rst b/doc/arm/reference.rst
index 0562bbe62786f001255cfa1bb657132e7cab29b7..c69148989c41abd31299663205973d30a89c2290 100644 (file)
--- a/doc/arm/reference.rst
+++ b/doc/arm/reference.rst
@@ -2416,6 +2416,14 @@ for details on how to specify IP address lists.
    statement set in ``options`` or ``view``. If not specified, the
    default is to allow transfers to all hosts.
 
+   The transport level limitations can also be specified.  In
+   particular, zone transfers can be restricted to a specific port and
+   DNS transport protocol by using the options ``port`` and
+   ``transport``. Zone transfers are currently only possible via the
+   TCP and TLS transports; either option can be specified.
+
+   For example: ``allow-transfer port 853 transport tls { any; };``
+
 ``blackhole``
    This specifies a list of addresses which the server does not accept queries
    from or use to resolve a query. Queries from these addresses are not

diff --git a/doc/notes/notes-current.rst b/doc/notes/notes-current.rst
index 9fe3c2bfefc8246633369b955669a94d47d01558..8932ffcca167a2f1413f10e6e8f05356eb667821 100644 (file)
--- a/doc/notes/notes-current.rst
+++ b/doc/notes/notes-current.rst
@@ -35,7 +35,13 @@ Removed Features
 Feature Changes
 ~~~~~~~~~~~~~~~
 
-- None.
+- The ``allow-transfers`` option was extended to accept additional
+  ``port`` and ``transport`` parameters, to further restrict zone
+  transfers to a particular port and DNS transport protocol. Either of
+  these options can be specified.
+
+  For example: ``allow-transfer port 853 transport tls { any; };``
+  :gl:`#2776`
 
 Bug Fixes
 ~~~~~~~~~