[master] spelling, release note

2025-08-30 22:15:20 +00:00 · 2018-02-02 10:32:17 -08:00
parent 5fdca0da2f
commit c34680cf3b
2 changed files with 15 additions and 5 deletions
--- a/11
+++ b/11
@@ -6,11 +6,12 @@
 4881.	[bug]		Only include dst_openssl.h when OpenSSL is required.
 			[RT #47068]

-4880.	[bug]		Named wasn't returning the target of a cross zone
-			CNAME between to served zones when recursion was
-			desired and available (RD=1, RA=1). Don't return
-			the CNAME target otherwise to prevent accidental
-			cache poisoning. [RT #47078]
+4880.	[bug]		Named wasn't returning the target of a cross-zone
+			CNAME between two served zones when recursion was
+			desired and available (RD=1, RA=1). (When this is
+			not the case, the CNAME target is deliberately
+			withheld to prevent accidental cache poisoning.)
+			[RT #47078]

 4879.	[bug]		dns_rdata_caa:value_len field was too small.
 			[RT #47086]
--- a/doc/arm/notes.xml
+++ b/doc/arm/notes.xml
@@ -87,6 +87,15 @@

  <section xml:id="relnotes_bugs"><info><title>Bug Fixes</title></info>
    <itemizedlist>
+      <listitem>
+	<para>
+	  When answering authoritative queries, <command>named</command>
+	  does not return the target of a cross-zone CNAME between two
+	  locally served zones; this prevents accidental cache poisoning.
+	  This same restriction was incorrectly applied to recursive
+	  queries as well; this has been fixed. [RT #47078]
+	</para>
+      </listitem>
      <listitem>
 	<para>
 	  Attempting to validate improperly unsigned CNAME responses