Prepare release notes for BIND 9.20.17

diff --git a/doc/arm/notes.rst b/doc/arm/notes.rst
index 1baca621d800622dcc048716a99f75f257bf89ad..9a4c08ed5f9a9b1ee4f0ff01ffe979c16dc97d71 100644 (file)
--- a/doc/arm/notes.rst
+++ b/doc/arm/notes.rst
@@ -45,6 +45,7 @@ The list of known issues affecting the latest version in the 9.20 branch can be
 found at
 https://gitlab.isc.org/isc-projects/bind9/-/wikis/Known-Issues-in-BIND-9.20
 
+.. include:: ../notes/notes-9.20.17.rst
 .. include:: ../notes/notes-9.20.16.rst
 .. include:: ../notes/notes-9.20.15.rst
 .. include:: ../notes/notes-9.20.14.rst

diff --git a/doc/notes/notes-9.20.17.rst b/doc/notes/notes-9.20.17.rst
new file mode 100644 (file)
index 0000000..f802b40
--- /dev/null
+++ b/doc/notes/notes-9.20.17.rst
@@ -0,0 +1,82 @@
+.. Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+..
+.. SPDX-License-Identifier: MPL-2.0
+..
+.. This Source Code Form is subject to the terms of the Mozilla Public
+.. License, v. 2.0.  If a copy of the MPL was not distributed with this
+.. file, you can obtain one at https://mozilla.org/MPL/2.0/.
+..
+.. See the COPYRIGHT file distributed with this work for additional
+.. information regarding copyright ownership.
+
+Notes for BIND 9.20.17
+----------------------
+
+Feature Changes
+~~~~~~~~~~~~~~~
+
+- Provide more information when the memory allocation fails.
+
+  Provide more information about the failure when the memory allocation
+  fails.
+
+- Reduce the number of outgoing queries.
+
+  Reduces the number of outgoing queries when resolving the nameservers
+  for delegation points.  This helps the DNS resolver with cold cache
+  resolve client queries with complex delegation chains and
+  redirections.
+
+Bug Fixes
+~~~~~~~~~
+
+- Fix the spurious timeouts while resolving names.
+
+  Sometimes the loops in the resolving (e.g. to resolve or validate
+  ns1.example.com we need to resolve ns1.example.com) were not properly
+  detected leading to spurious 10 seconds delay.  This has been fixed
+  and such loops are properly detected. :gl:`#3033`, #5578
+
+- Fix bug where zone switches from NSEC3 to NSEC after retransfer.
+
+  When a zone is re-transferred, but the zone journal on an
+  inline-signing secondary is out of sync, the zone could fall back to
+  using NSEC records instead of NSEC3. This has been fixed. :gl:`#5527`
+
+- AMTRELAY type 0 presentation format handling was wrong.
+
+  RFC 8777 specifies a placeholder value of "." for the gateway field
+  when the gateway type is 0 (no gateway).  This was not being checked
+  for nor emitted when displaying the record. This has been corrected.
+
+  Instances of this record will need the placeholder period added to
+  them when upgrading. :gl:`#5639`
+
+- Fix parsing bug in remote-servers with key or tls.
+
+  The :any:`remote-servers` clause enable the following pattern using a
+  named ``server-list``:
+
+  remote-servers a { 1.2.3.4; ... };         remote-servers b { a key
+  foo; };
+
+  However, such configuration was wrongly rejected, with an "unexpected
+  token 'foo'" error. Such configuration is now accepted. :gl:`#5646`
+
+- Fix TLS contexts cache object usage bug in the resolver.
+
+  :iscman:`named` could terminate unexpectedly when reconfiguring or
+  reloading, and if client-side TLS transport was in use (for example,
+  when forwarding queries to a DoT server). This has been fixed.
+  :gl:`#5653`
+
+- Adding NSEC3 opt-out records could leave invalid records in
+  chain.
+
+  When creating an NSEC3 opt-out chain, a node in the chain could be
+  removed too soon, causing the previous NSEC3 being unable to be found,
+  resulting in invalid NSEC3 records to be left in the zone. This has
+  been fixed.
+
+  Closes [#5671](#5671)
+