From 02b1a18db28a2f57f954bd075b10ddfccf43e3c1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20K=C4=99pie=C5=84?= Date: Fri, 5 Nov 2021 08:04:15 +0100 Subject: [PATCH] Reorder release notes --- doc/notes/notes-current.rst | 36 ++++++++++++++++++------------------ 1 file changed, 18 insertions(+), 18 deletions(-) diff --git a/doc/notes/notes-current.rst b/doc/notes/notes-current.rst index 073d40ddd5..ce2768aa0c 100644 --- a/doc/notes/notes-current.rst +++ b/doc/notes/notes-current.rst @@ -24,11 +24,6 @@ Known Issues New Features ~~~~~~~~~~~~ -- Internal data structures maintained for each cache database are now - grown incrementally when they need to be expanded. This helps maintain - a steady response rate on a loaded resolver while these internal data - structures are resized. :gl:`#2941` - - New finer-grained ``update-policy`` rule types, ``krb5-subdomain-self-rhs`` and ``ms-subdomain-self-rhs``, were added. These rule types restrict updates to SRV and PTR records so that their @@ -47,16 +42,12 @@ Removed Features engine_pkcs11 which employs the new "provider" approach introduced in OpenSSL 3.0.0 is in the making. :gl:`#2843` -Feature Changes -~~~~~~~~~~~~~~~ - - Since the old socket manager API has been removed, "socketmgr" statistics are no longer reported by the :ref:`statistics channel `. :gl:`#2926` -- The `UseSTD3ASCIIRules`_ flag is now set for libidn2 function calls. - This enables additional validation rules for IDN domains and hostnames - in ``dig``. :gl:`#1610` +Feature Changes +~~~~~~~~~~~~~~~ - The default for ``dnssec-dnskey-kskonly`` was changed to ``yes``. This means that DNSKEY, CDNSKEY, and CDS RRsets are now only signed with @@ -64,14 +55,23 @@ Feature Changes when the option is set to ``no`` add to the DNS response payload without offering added value. :gl:`#1316` +- The default NSEC3 parameters for ``dnssec-policy`` were updated to no + extra SHA-1 iterations and no salt (``NSEC3PARAM 1 0 0 -``). + :gl:`#2956` + +- Internal data structures maintained for each cache database are now + grown incrementally when they need to be expanded. This helps maintain + a steady response rate on a loaded resolver while these internal data + structures are resized. :gl:`#2941` + - The output of ``rndc serve-stale status`` has been clarified. It now explicitly reports whether retention of stale data in the cache is enabled (``stale-cache-enable``), and whether returning such data in responses is enabled (``stale-answer-enable``). :gl:`#2742` -- The default NSEC3 parameters for ``dnssec-policy`` were updated to no - extra SHA-1 iterations and no salt (``NSEC3PARAM 1 0 0 -``). - :gl:`#2956` +- The `UseSTD3ASCIIRules`_ flag is now set for libidn2 function calls. + This enables additional validation rules for IDN domains and hostnames + in ``dig``. :gl:`#1610` .. _UseSTD3ASCIIRules: http://www.unicode.org/reports/tr46/#UseSTD3ASCIIRules @@ -82,12 +82,12 @@ Bug Fixes zone triggered a runtime check failure, causing ``named`` to exit prematurely. This has been fixed. :gl:`#2308` -- Log files using ``timestamp``-style suffixes were not always correctly - removed when the number of files exceeded the limit set by - ``versions``. This has been fixed. :gl:`#828` - - Some lame delegations could trigger a dependency loop, in which a resolver fetch waited for a name server address lookup which was waiting for the same resolver fetch. This could cause a recursive lookup to hang until timing out. This situation is now detected and prevented. :gl:`#2927` + +- Log files using ``timestamp``-style suffixes were not always correctly + removed when the number of files exceeded the limit set by + ``versions``. This has been fixed. :gl:`#828`