From: Evan Hunt <each@isc.org>
Date: Fri, 25 May 2018 05:15:46 +0000 (-0700)
Subject: CHANGES, release note
X-Git-Tag: v9.13.1~31^2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=9f8ba2eb826153ccf39110dfa97564621ba18f35;p=thirdparty%2Fbind9.git

CHANGES, release note
---

diff --git a/CHANGES b/CHANGES
index 699f54d060c..794f510e61d 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,16 @@
+4952.	[func]		Authoritative server support in named for the
+			EDNS CLIENT-SUBNET option (which was experimental
+			and not practical to deploy) has been removed.
+
+			The ECS option is still supported in dig and mdig
+			via the +subnet option, and can be parsed and logged
+			when received by named, but it is no longer used
+			for ACL processing. The "geoip-use-ecs" option
+			is now obsolete; a warning will be logged if it is
+			used in named.conf. "ecs" tags in an ACL definition
+			are also obsolete and will cause the configuration
+			to fail to load.  [GL #32]
+
 4951.	[protocol]	Add "HOME.ARPA" to list of built in empty zones as
 			per RFC 8375. [GL #273]
 
diff --git a/doc/arm/notes.xml b/doc/arm/notes.xml
index a50a4f9ce17..30ca51b601d 100644
--- a/doc/arm/notes.xml
+++ b/doc/arm/notes.xml
@@ -104,6 +104,28 @@
 
   <section xml:id="relnotes_removed"><info><title>Removed Features</title></info>
     <itemizedlist>
+      <listitem>
+	<para>
+	  <command>named</command> can no longer use the EDNS CLIENT-SUBNET
+	  option for view selection.  In its existing form, the authoritative
+	  ECS feature was not fully RFC-compliant, and could not realistically
+	  have been deployed in production for an authoritative server; its
+	  only practical use was for testing and experimentation. In the
+	  interest of code simplification, this feature has now been removed.
+	</para>
+	<para>
+	  The ECS option is still supported in <command>dig</command> and
+	  <command>mdig</command> via the +subnet argument, and can be parsed
+	  and logged when received by <command>named</command>, but
+	  it is no longer used for ACL processing. The
+	  <command>geoip-use-ecs</command> option is now obsolete;
+	  a warning will be logged if it is used in
+	  <filename>named.conf</filename>.
+	  <command>ecs</command> tags in an ACL definition are
+	  also obsolete, and will cause the configuration to fail to
+	  load if they are used. [GL #32]
+	</para>
+      </listitem>
       <listitem>
 	<para>
 	  <command>dnssec-keygen</command> can no longer generate HMAC