From: Matthijs Mekking <matthijs@isc.org>
Date: Fri, 9 Dec 2022 11:42:05 +0000 (+0100)
Subject: Add release note and CHANGES for GL #3677
X-Git-Tag: v9.19.16~11^2
X-Git-Url: http://git.ipfire.org/gitweb/index.cgi?a=commitdiff_plain;h=bd00c2ce4e844d393f892d1c3cdee049cdc4d7df;p=thirdparty%2Fbind9.git

Add release note and CHANGES for GL #3677

News worthy.
---

diff --git a/CHANGES b/CHANGES
index ce35066732c..e568b930f3f 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,5 @@
+6218.	[func]		Add inline-signing to dnssec-policy. [GL #3677]
+
 6217.	[func]		The dns_badcache unit was refactored to use cds_lfht
 			instead of hand-crafted locked hashtable. [GL #4223]
 
diff --git a/doc/notes/notes-current.rst b/doc/notes/notes-current.rst
index 7e8907db101..c2e2a53268c 100644
--- a/doc/notes/notes-current.rst
+++ b/doc/notes/notes-current.rst
@@ -40,6 +40,12 @@ Feature Changes
   DNS SERVER COOKIES.  Previously these were silently treated as
   DNS CLIENT COOKIES.  :gl:`#4194`
 
+- The option :any:`inline-signing` can now also be set inside
+  :any:`dnssec-policy`. The built-in policies ``default`` and ``insecure``
+  enable the use of :any:`inline-signing`. If you set :any:`inline-signing`
+  at the ``zone`` level, it overrides the value used set in
+  :any:`dnssec-policy`. :gl:`#3677`.
+
 Bug Fixes
 ~~~~~~~~~