Add Known Issue about config incompatibility

author Petr Špaček <pspacek@isc.org>

Wed, 5 Oct 2022 13:21:36 +0000 (15:21 +0200)

committer Petr Špaček <pspacek@isc.org>

Thu, 6 Oct 2022 08:32:52 +0000 (10:32 +0200)
author Petr Špaček <pspacek@isc.org>
Wed, 5 Oct 2022 13:21:36 +0000 (15:21 +0200)
committer Petr Špaček <pspacek@isc.org>
Thu, 6 Oct 2022 08:32:52 +0000 (10:32 +0200)
diff --git a/doc/notes/notes-current.rst b/doc/notes/notes-current.rst

index 38e8061e1eb9dcc2ceb0e1476836ed40932e794c..6850318c4a6adb76fc63b0d34500f8d3e3e7bd03 100644 (file)
--- a/doc/notes/notes-current.rst
+++ b/doc/notes/notes-current.rst
@@ -20,7 +20,17 @@ Security Fixes
  Known Issues
  ~~~~~~~~~~~~
  
-- None.
+- Upgrading from BIND 9.16.32 or older may require a manual
+  configuration change. The following configurations are affected:
+
+  - ``type primary`` zones configured with ``dnssec-policy`` but without
+    either ``allow-update`` or ``update-policy``
+  - ``type secondary`` zones configured with ``dnssec-policy``
+
+  In these cases please add ``inline-signing yes;``
+  to individual zone configuration(s). Without applying this
+  change :iscman:`named` will fail to start. For more details see
+  https://kb.isc.org/docs/dnssec-policy-requires-dynamic-dns-or-inline-signing
  
  New Features
  ~~~~~~~~~~~~
author	Petr Špaček <pspacek@isc.org>
	Wed, 5 Oct 2022 13:21:36 +0000 (15:21 +0200)
committer	Petr Špaček <pspacek@isc.org>
	Thu, 6 Oct 2022 08:32:52 +0000 (10:32 +0200)