diff --git a/README b/README
index 9022399b58..5ea68b7208 100644
--- a/README
+++ b/README
@@ -67,10 +67,10 @@ BIND 9.11.0
- Added support for "dyndb", a new API for loading zone data
from an external database, developed by Red Hat for the FreeIPA
project.
- - New "fetchlimit" quotas are now available for the use of
- recursive resolvers that are are under high query load for
- domains whose authoritative servers are nonresponsive or are
- experiencing a denial of service attack:
+ - "fetchlimit" quotas are now compiled in by default. These
+ are for the use of recursive resolvers that are are under
+ high query load for domains whose authoritative servers are
+ nonresponsive or are experiencing a denial of service attack:
+ "fetches-per-server" limits the number of simultaneous queries
that can be sent to any single authoritative server. The
configured value is a starting point; it is automatically
diff --git a/doc/arm/Bv9ARM-book.xml b/doc/arm/Bv9ARM-book.xml
index bee0ab3487..074860b6ac 100644
--- a/doc/arm/Bv9ARM-book.xml
+++ b/doc/arm/Bv9ARM-book.xml
@@ -4890,7 +4890,7 @@ badresp:1,adberr:0,findfail:0,valfail:0]
fstrm-set-buffer-hint: The
threshold number of bytes to accumulate in the output
buffer before forcing a buffer flush. The minimum is
- 1K, the maximum is 64K, and the default is 8K.
+ 1024, the maximum is 65536, and the default is 8096.
diff --git a/doc/arm/notes.xml b/doc/arm/notes.xml
index f60fc8bef4..0b7e929daf 100644
--- a/doc/arm/notes.xml
+++ b/doc/arm/notes.xml
@@ -144,10 +144,15 @@
- New quotas have been added to limit the queries that are
- sent by recursive resolvers to authoritative servers
- experiencing denial-of-service attacks. When configured,
- these options can both reduce the harm done to authoritative
+ Fetch quotas are now compiled in by default: they
+ no longer require BIND to be configured with
+ --enable-fetchlimit, as was the case
+ when the feature was introduced in BIND 9.10.3.
+
+
+ These quotas limit the queries that are sent by recursive
+ resolvers to authoritative servers experiencing denial-of-service
+ attacks. They can both reduce the harm done to authoritative
servers and also avoid the resource exhaustion that can be
experienced by recursive servers when they are being used as a
vehicle for such an attack.
@@ -558,7 +563,7 @@
recursive lookup returns NXDOMAIN, a second lookup is
initiated with the specified name appended to the query
name. This allows NXDOMAIN redirection data to be supplied
- by multiple zones configured on the server or by recursive
+ by multiple zones configured on the server, or by recursive
queries to other servers. (The older method, using
a single type redirect zone, has
better average performance but is less flexible.) [RT #37989]
@@ -778,14 +783,6 @@
[RT #39047]
-
-
- A alternative NXDOMAIN redirect method (nxdomain-redirect)
- which allows the redirect information to be looked up from
- a namespace on the Internet rather than requiring a zone
- to be configured on the server is now available.
-
-
Retrieving the local port range from net.ipv4.ip_local_port_range
@@ -816,7 +813,7 @@
The default preferred glue is now the address type of the
- transport the query was received over.
+ transport the query was received over.
@@ -852,14 +849,26 @@
does the same but only when answering recursive queries.
-
-
-
- Porting Changes
-
- None.
+ At server startup time, the queues for processing
+ notify and zone refresh queries are now processed in
+ LIFO rather than FIFO order, to speed up
+ loading of newly added zones. [RT #42825]
+
+
+
+
+ When answering queries of type MX or SRV, TLSA records for
+ the target name are now included in the additional section
+ to speed up DANE processing. [RT #42894]
+
+
+
+
+ named can now use the TCP Fast Open
+ mechanism on the server side, if supported by the
+ local operating system. [RT #42866]