From: Evan Hunt Date: Wed, 22 Mar 2023 22:06:58 +0000 (-0700) Subject: CHANGES and release note for [GL #3953] X-Git-Tag: v9.19.12~68^2 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=8d80ee561ed087d3376919cd9239a53c46970995;p=thirdparty%2Fbind9.git CHANGES and release note for [GL #3953] --- diff --git a/CHANGES b/CHANGES index 35c751348d5..8c7240d58d4 100644 --- a/CHANGES +++ b/CHANGES @@ -1,3 +1,7 @@ +6126. [cleanup] Deprecate zone type "delegation-only" and the + "delegation-only" and "root-delegation-only" + options. [GL #3953] + 6125. [bug] Hold a catz reference while the update process is running, so that the catalog zone is not destroyed during shutdown until the update process is finished or diff --git a/doc/notes/notes-current.rst b/doc/notes/notes-current.rst index c4f6750e2e0..a106d8a0a10 100644 --- a/doc/notes/notes-current.rst +++ b/doc/notes/notes-current.rst @@ -30,6 +30,16 @@ Removed Features using TKEY Mode 2 is now a fatal error. Users are advised to switch to TKEY Mode 3 (GSS-API). :gl:`#3905` +- Zone type ``delegation-only``, and the ``delegation-only`` and + ``root-delegation-only`` options, have been deprecated; a warning will + be logged when they are used. + + These options were created to address the SiteFinder controversy, in + which certain top-level domains redirected misspelled queries to other + sites instead of returning NXDOMAIN responses. Since top-level domains are + now DNSSEC signed, and DNSSEC validation is active by default, the + options are no longer needed. :gl:`#3953` + Feature Changes ~~~~~~~~~~~~~~~