diff --git a/CHANGES b/CHANGES
index a00f7e4f1e..a9603a92a4 100644
--- a/CHANGES
+++ b/CHANGES
@@ -6,11 +6,12 @@
 4881.	[bug]		Only include dst_openssl.h when OpenSSL is required.
 			[RT #47068]
 
-4880.	[bug]		Named wasn't returning the target of a cross zone
-			CNAME between to served zones when recursion was
-			desired and available (RD=1, RA=1). Don't return
-			the CNAME target otherwise to prevent accidental
-			cache poisoning. [RT #47078]
+4880.	[bug]		Named wasn't returning the target of a cross-zone
+			CNAME between two served zones when recursion was
+			desired and available (RD=1, RA=1). (When this is
+			not the case, the CNAME target is deliberately
+			withheld to prevent accidental cache poisoning.)
+			[RT #47078]
 
 4879.	[bug]		dns_rdata_caa:value_len field was too small.
 			[RT #47086]
diff --git a/doc/arm/notes.xml b/doc/arm/notes.xml
index 57e492209f..446b9f5196 100644
--- a/doc/arm/notes.xml
+++ b/doc/arm/notes.xml
@@ -87,6 +87,15 @@
 
   <section xml:id="relnotes_bugs"><info><title>Bug Fixes</title></info>
     <itemizedlist>
+      <listitem>
+	<para>
+	  When answering authoritative queries, <command>named</command>
+	  does not return the target of a cross-zone CNAME between two
+	  locally served zones; this prevents accidental cache poisoning.
+	  This same restriction was incorrectly applied to recursive
+	  queries as well; this has been fixed. [RT #47078]
+	</para>
+      </listitem>
       <listitem>
 	<para>
 	  Attempting to validate improperly unsigned CNAME responses