[master] spelling, release note

diff --git a/CHANGES b/CHANGES
index a00f7e4f1ee5009f525efaa9a887b62c7b7f2eb2..a9603a92a444687c3247334fa07d6622132a901a 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -6,11 +6,12 @@
 4881.  [bug]           Only include dst_openssl.h when OpenSSL is required.
                        [RT #47068]
 
-4880.  [bug]           Named wasn't returning the target of a cross zone
-                       CNAME between to served zones when recursion was
-                       desired and available (RD=1, RA=1). Don't return
-                       the CNAME target otherwise to prevent accidental
-                       cache poisoning. [RT #47078]
+4880.  [bug]           Named wasn't returning the target of a cross-zone
+                       CNAME between two served zones when recursion was
+                       desired and available (RD=1, RA=1). (When this is
+                       not the case, the CNAME target is deliberately
+                       withheld to prevent accidental cache poisoning.)
+                       [RT #47078]
 
 4879.  [bug]           dns_rdata_caa:value_len field was too small.
                        [RT #47086]

diff --git a/doc/arm/notes.xml b/doc/arm/notes.xml
index 57e492209fe9006a15d148f53cd57752008bdf87..446b9f51962f4d5dea907e0bee282695cffbd1f0 100644 (file)
--- a/doc/arm/notes.xml
+++ b/doc/arm/notes.xml
@@ -87,6 +87,15 @@
 
   <section xml:id="relnotes_bugs"><info><title>Bug Fixes</title></info>
     <itemizedlist>
+      <listitem>
+       <para>
+         When answering authoritative queries, <command>named</command>
+         does not return the target of a cross-zone CNAME between two
+         locally served zones; this prevents accidental cache poisoning.
+         This same restriction was incorrectly applied to recursive
+         queries as well; this has been fixed. [RT #47078]
+       </para>
+      </listitem>
       <listitem>
        <para>
          Attempting to validate improperly unsigned CNAME responses