Add CHANGES and release note for [GL #3071]

diff --git a/CHANGES b/CHANGES
index c64bd9437cc5bbdb602f27bed607d44d2b638b72..0e6b6307ba06079b313e064b03c68befb6eeb6b0 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -5,6 +5,12 @@
 5787.  [doc]           Update 'auto-dnssec' documentation, it may only be
                        activated at zone level. [GL #3023]
 
+5786.  [bug]           Defer detaching from zone->raw in zone_shutdown() if
+                       the zone is in the process of being dumped to disk, to
+                       ensure that the unsigned serial number information is
+                       always written in the raw-format header of the signed
+                       version on an inline-signed zone. [GL #3071]
+
 5785.  [bug]           named could leak memory when two dnssec-policy clauses
                        had the same name. named failed to log this error.
                        [GL #3085]

diff --git a/doc/notes/notes-current.rst b/doc/notes/notes-current.rst
index dbf3266abd2f20e26e771d58846afde1e01b0975..741b70453b11a65d3a5c79af6d50d91efdf40755 100644 (file)
--- a/doc/notes/notes-current.rst
+++ b/doc/notes/notes-current.rst
@@ -43,3 +43,9 @@ Bug Fixes
 
 - On FreeBSD, a TCP connection would leak a small amount of heap memory leading
   to out-of-memory problem in a long run. This has been fixed. :gl:`#3051`
+
+- Under certain circumstances, the signed version of an inline-signed
+  zone could be dumped to disk without the serial number of the unsigned
+  version of the zone, preventing resynchronization of zone contents
+  after ``named`` restart in case the unsigned zone file gets modified
+  while ``named`` is not running. This has been fixed. :gl:`#3071`