Add CHANGES and release note

diff --git a/CHANGES b/CHANGES
index 01ec0b7b263da2ef30878e4b5ef05c3bbbf88579..a0ceea14bb26c3f6c0d1b8011736d56ef1ffa2c9 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,8 @@
+5369.  [func]          Add the ability to specify whether or not to wait
+                       for nameserver domain names to be looked up, with
+                       a new RPZ modifying directive 'nsdname-wait-recurse'.
+                       [GL #1138]
+
 5368.  [bug]           Named failed to restart if 'rndc addzone' names
                        contained special characters (e.g. '/'). [GL #1655]
 

diff --git a/doc/arm/notes-9.17.0.xml b/doc/arm/notes-9.17.0.xml
index 7f0227a95b510651480de2a80408a6cc2901f6ed..5234ccec7e7f59f8401427fc2e697c0c1d70e12b 100644 (file)
--- a/doc/arm/notes-9.17.0.xml
+++ b/doc/arm/notes-9.17.0.xml
@@ -49,6 +49,19 @@
           <literal>100%</literal>. [GL #1515]
         </para>
       </listitem>
+      <listitem>
+       <para>
+         A new RPZ option <command>nsdname-wait-recurse</command>
+         controls whether RPZ-NSDNAME rules should always be applied
+         even if the names of authoritative name servers for the query
+         name need to be looked up recurively first.  The default is
+         <userinput>yes</userinput>.  Setting it to
+         <userinput>no</userinput> speeds up initial responses by skipping
+         RPZ-NSDNAME rules when name server domain names are not yet
+         in the cache. The names will be looked up in the background and
+         the rule will be applied for subsequent queries. [GL #1138]
+       </para>
+      </listitem>
     </itemizedlist>
   </section>