From: Evan Hunt <each@isc.org>
Date: Fri, 2 Feb 2018 18:32:35 +0000 (-0800)
Subject: [v9_12] spelling, release note
X-Git-Tag: v9.12.1b1~19
X-Git-Url: http://git.ipfire.org/gitweb/?a=commitdiff_plain;h=d6a3fbe09d722761a586458dc541b1de7b59b5e3;p=thirdparty%2Fbind9.git

[v9_12] spelling, release note

(cherry picked from commit c34680cf3b01eae8debde94596ef367f2b79f4b9)
---

diff --git a/CHANGES b/CHANGES
index e5e511d1a4c..b82bcd1f3d2 100644
--- a/CHANGES
+++ b/CHANGES
@@ -6,11 +6,12 @@
 4881.	[bug]		Only include dst_openssl.h when OpenSSL is required.
 			[RT #47068]
 
-4880.	[bug]		Named wasn't returning the target of a cross zone
-			CNAME between to served zones when recursion was
-			desired and available (RD=1, RA=1). Don't return
-			the CNAME target otherwise to prevent accidental
-			cache poisoning. [RT #47078]
+4880.	[bug]		Named wasn't returning the target of a cross-zone
+			CNAME between two served zones when recursion was
+			desired and available (RD=1, RA=1). (When this is
+			not the case, the CNAME target is deliberately
+			withheld to prevent accidental cache poisoning.)
+			[RT #47078]
 
 4879.	[bug]		dns_rdata_caa:value_len field was too small.
 			[RT #47086]
diff --git a/doc/arm/notes.xml b/doc/arm/notes.xml
index 2fec7052107..65eb7d196c9 100644
--- a/doc/arm/notes.xml
+++ b/doc/arm/notes.xml
@@ -61,6 +61,15 @@
 
   <section xml:id="relnotes_bugs"><info><title>Bug Fixes</title></info>
     <itemizedlist>
+      <listitem>
+	<para>
+	  When answering authoritative queries, <command>named</command>
+	  does not return the target of a cross-zone CNAME between two
+	  locally served zones; this prevents accidental cache poisoning.
+	  This same restriction was incorrectly applied to recursive
+	  queries as well; this has been fixed. [RT #47078]
+	</para>
+      </listitem>
       <listitem>
 	<para>
 	  Attempting to validate improperly unsigned CNAME responses