Add change entry and release note for #3462

News worthy.

(cherry picked from commit 44bbc0175c5cd0df5c45b726464bcb82604d34ab)

diff --git a/CHANGES b/CHANGES
index 5d097f68031544ac94a5674958fa725d51359aae..f1c38e70a51c79ed8d047d4d241c540f2e341aa6 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -2,6 +2,10 @@
                        named on Fedorda 33, Oracle Linux 9 and RHEL9 when
                        they are disabled by the security policy. [GL #3469]
 
+5932.  [bug]           Fix rndc dumpdb -expired and always include expired
+                       RRsets, not just for RBTDB_VIRTUAL time window.
+                       [GL #3462]
+
 5929.  [bug]           The "max-zone-ttl" option in "dnssec-policy" was
                        not fully effective; it was used for timing key
                        rollovers but did not actually place an upper limit

diff --git a/doc/notes/notes-current.rst b/doc/notes/notes-current.rst
index e5ae67b234279c71e35cf2307fa199ca4dcb3fd3..6c59eccb67fd09f185763cc359b4d4720cb6164a 100644 (file)
--- a/doc/notes/notes-current.rst
+++ b/doc/notes/notes-current.rst
@@ -56,3 +56,7 @@ Bug Fixes
   ``dnssec-policy``. In zones with both the old ``max-zone-ttl``
   option and ``dnssec-policy`` configured, the old option will be
   ignored, and a warning will be generated. :gl:`#2918`
+
+- Fix `rndc dumpdb -expired` to include expired RRsets, even if the cache
+  cleaning time window has passed. This will now show expired RRsets that are
+  stuck in the cache. :gl:`#3462`