Add CHANGES and release note for [GL #1610]

diff --git a/CHANGES b/CHANGES
index 647b682a3c3e74b72775e1c3b5de1f6bd91cb0b2..e147f40630d7d1d0fe2bcdfdd9d9da3808d3fc9a 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,10 @@
+5771.  [bug]           Use idn2 UseSTD3ASCIIRules=false to disable additional
+                       unicode validity checks because enabling the additional
+                       checks would break valid domain names that contains
+                       non-alphanumerical characters such as underscore
+                       character (_) or wildcard (*).  This reverts change
+                       [GL !5738] from the previous release. [GL #1610]
+
 5770.  [func]          BIND could abort on startup on systems using old
                        OpenSSL versions when 'protocols' option is used inside
                        a 'tls' statement. [GL !5602]

diff --git a/doc/notes/notes-current.rst b/doc/notes/notes-current.rst
index 8932ffcca167a2f1413f10e6e8f05356eb667821..66035404ae8b2399dcc5b08ba510c1f00a2a9f34 100644 (file)
--- a/doc/notes/notes-current.rst
+++ b/doc/notes/notes-current.rst
@@ -43,6 +43,12 @@ Feature Changes
   For example: ``allow-transfer port 853 transport tls { any; };``
   :gl:`#2776`
 
+- `UseSTD3ASCIIRules`_ is now disabled for IDN support. This disables additional
+  validation rules for domain names in dig because applying the rules would
+  silently strip characters not-allowed in hostnames such as underscore (``_``)
+  or wildcard (``*``) characters.  This reverts change :gl:`!5738` from the
+  previous release.  :gl:`#1610`
+
 Bug Fixes
 ~~~~~~~~~