Reorder release notes

diff --git a/doc/notes/notes-current.rst b/doc/notes/notes-current.rst
index c7e9f1f6b471aa1117282e9112003289c3780c36..a29f42390e2b97584f214d6d995a8f5cd1dff07a 100644 (file)
--- a/doc/notes/notes-current.rst
+++ b/doc/notes/notes-current.rst
@@ -26,6 +26,11 @@ New Features
 
 - None.
 
+- NSEC3 support was added to KASP. A new option for ``dnssec-policy``,
+  ``nsec3param``, can be used to set the desired NSEC3 parameters.
+  NSEC3 salt collisions are automatically prevented during resalting.
+  [GL #1620]
+
 Removed Features
 ~~~~~~~~~~~~~~~~
 
@@ -36,11 +41,6 @@ Feature Changes
 
 - None.
 
-- NSEC3 support was added to KASP. A new option for ``dnssec-policy``,
-  ``nsec3param``, can be used to set the desired NSEC3 parameters.
-  NSEC3 salt collisions are automatically prevented during resalting.
-  [GL #1620]
-
 - The default value of ``max-recursion-queries`` was increased from 75
   to 100. Since the queries sent towards root and TLD servers are now
   included in the count (as a result of the fix for CVE-2020-8616),
@@ -59,11 +59,11 @@ Feature Changes
 Bug Fixes
 ~~~~~~~~~
 
-- The CNAME synthesized from a DNAME was incorrectly followed when the
-  QTYPE was CNAME or ANY. [GL #2280]
-
 - Handling of missing DNS COOKIE responses over UDP was tightened by
   falling back to TCP. [GL #2275]
 
+- The CNAME synthesized from a DNAME was incorrectly followed when the
+  QTYPE was CNAME or ANY. [GL #2280]
+
 - Building with native PKCS#11 support for AEP Keyper has been broken
   since BIND 9.16.6. This has been fixed. [GL #2315]