From: Evan Hunt <each@isc.org>
Date: Thu, 16 Nov 2023 02:57:45 +0000 (-0800)
Subject: CHANGES and release note for [GL #4364]
X-Git-Tag: v9.19.21~22^2
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=0c90d09604f934f1dce50ab409581cb6db8756ed;p=thirdparty%2Fbind9.git

CHANGES and release note for [GL #4364]
---

diff --git a/CHANGES b/CHANGES
index ed0d0520200..779ac09389a 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,11 @@
+6311.	[func]		Zone content checks are now disabled by default
+			when running named-compilezone. named-checkzone
+			can still be used for checking zone integrity,
+			or the former checks in named-compilezone can be
+			re-enabled by using "named-compilezone -i full
+			-k fail -n fail -r warn -m warn -M warn -S warn
+			-T warn -W warn -C check-svcb:fail". [GL #4364]
+
 6310.	[bug]		Memory leak in zone.c:sign_zone. When named signed a
 			zone it could leak dst_keys due to a misplaced
 			'continue'. [GL #4488]
diff --git a/doc/notes/notes-current.rst b/doc/notes/notes-current.rst
index fbb4897a942..bebf1cd3b79 100644
--- a/doc/notes/notes-current.rst
+++ b/doc/notes/notes-current.rst
@@ -32,6 +32,13 @@ Feature Changes
 
 - None.
 
+- :program:`named-compilezone` no longer performs zone integrity checks
+  by default; this allows faster conversion of a zone file from one format
+  to another. Zone checks can be performed by running :program:`named-checkzone`
+  separately, or the previous default behavior can be restored by using
+  ``named-compilezone -i full -k fail -n fail -r warn -m warn -M warn
+  -S warn -T warn -W warn -C check-svcb:fail``. :gl:`#4364`
+
 Bug Fixes
 ~~~~~~~~~