From: Matthijs Mekking <matthijs@isc.org>
Date: Tue, 3 Mar 2020 06:52:23 +0000 (+0100)
Subject: Update changes, documentation
X-Git-Tag: v9.17.1~64^2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=47e42d575027ce62f7e814d6703b45f113d66340;p=thirdparty%2Fbind9.git

Update changes, documentation
---

diff --git a/CHANGES b/CHANGES
index fac15650254..a17ba33d5cd 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,7 @@
+5366.	[bug]		Fix a race condition with the keymgr when the same
+			zone plus dnssec-policy is configured in multiple
+			views. [GL #1653]
+
 5365.	[bug]		Algorithm rollover was stuck on submitting DS
 			because keymgr thought it would move to an invalid
 			state.  Fixed by when checking the current key,
diff --git a/doc/arm/Bv9ARM-book.xml b/doc/arm/Bv9ARM-book.xml
index a006816a291..108732fb275 100644
--- a/doc/arm/Bv9ARM-book.xml
+++ b/doc/arm/Bv9ARM-book.xml
@@ -11132,6 +11132,13 @@ example.com                 CNAME   rpz-tcp-only.
 	    roll, which cryptographic algorithms to use, and how often RRSIG
 	    records need to be refreshed.
 	  </para>
+	  <para>
+	    Keys are not shared among zones, which means that one set of keys
+	    per zone will be generated even if they have the same policy.
+	    If multiple views are configured with different versions of the
+	    same zone, each separate version will use the same set of signing
+	    keys.
+	  </para>
 	  <para>
 	    Multiple key and signing policies can be configured.  To
 	    attach a policy to a zone, add a <command>dnssec-policy</command>