Tweak and reword release notes

doc/notes/notes-9.17.3.rst

@@ -11,13 +11,16 @@
 Notes for BIND 9.17.3
 ---------------------
 
+New Features
+~~~~~~~~~~~~
+
+- New ``rndc`` command ``rndc dnssec -status`` shows the current DNSSEC
+  policy and keys in use, the key states, and rollover status.
+  [GL #1612]
+
 Feature Changes
 ~~~~~~~~~~~~~~~
 
-- New ``rndc`` command ``rndc dnssec -status`` that shows the current
-  DNSSEC policy and keys in use, the key states and rollover status.
-  [GL #1612]
-
 - Disable and disallow static linking of BIND 9 binaries and libraries
   as BIND 9 modules require ``dlopen()`` support and static linking also
   prevents using security features like read-only relocations (RELRO) or
@@ -25,40 +28,41 @@ Feature Changes
   programs that interact with the network and process arbitrary user
   input. [GL #1933]
 
-- As part of an ongoing effort to use RFC 8499 terminology, ``primaries``
-  can now be used as a synonym for ``masters`` in ``named.conf``.
-  Similarly, ``notify priamry-only`` can now be used as a synonym
-  for ``notify master-only``. The output of ``rndc zonestatus`` now
-  uses ``primary`` and ``secondary`` terminology. [GL #1948]
+- As part of an ongoing effort to use RFC 8499 terminology,
+  ``primaries`` can now be used as a synonym for ``masters`` in
+  ``named.conf``. Similarly, ``notify primary-only`` can now be used as
+  a synonym for ``notify master-only``. The output of ``rndc
+  zonestatus`` now uses ``primary`` and ``secondary`` terminology.
+  [GL #1948]
 
 Bug Fixes
 ~~~~~~~~~
 
-- The DS set returned by ``dns_keynode_dsset()`` was not thread-safe.
-  This could result in an INSIST being triggered. [GL #1926]
+- The DS RRset returned by ``dns_keynode_dsset()`` was used in a
+  non-thread-safe manner. This could result in an INSIST being
+  triggered. [GL #1926]
 
-- The ``primary`` and ``secondary`` keywords, when used as parameters for
-  ``check-names``, were not processed correctly and were being ignored.
-  [GL #1949]
+- The ``primary`` and ``secondary`` keywords, when used as parameters
+  for ``check-names``, were not processed correctly and were being
+  ignored. [GL #1949]
 
-- 'rndc dnstap -roll <value>' was not limiting the number of saved
-  files to <value>. [GL !3728]
+- ``rndc dnstap -roll <value>`` did not limit the number of saved files
+  to ``<value>``. [GL !3728]
 
 - The validator could fail to accept a properly signed RRset if an
   unsupported algorithm appeared earlier in the DNSKEY RRset than a
-  supported algorithm.  It could also stop if it detected a malformed
+  supported algorithm. It could also stop if it detected a malformed
   public key. [GL #1689]
 
-- The ``blackhole`` ACL was inadvertently disabled with respect to
-  client queries. Blocked IP addresses were not used for upstream
-  queries but queries from those addresses could still be answered.
-  [GL #1936]
+- The ``blackhole`` ACL was inadvertently disabled for client queries.
+  Blocked IP addresses were not used for upstream queries but queries
+  from those addresses could still be answered. [GL #1936]
 
-- ``named`` would crash on shutdown when new ``rndc`` connection is received at
-  the same time as shutting down. [GL #1747]
+- ``named`` crashed on shutdown when a new ``rndc`` connection was
+  received during shutdown. This has been fixed. [GL #1747]
 
-- Fix assertion failure when server is under load and root zone is not yet
-  loaded. [GL #1862]
+- Fix assertion failure when server was under load and root zone had not
+  yet been loaded. [GL #1862]
 
-- ``named`` could crash when cleaning dead nodes in ``lib/dns/rbtdb.c`` that
-  have been reused meanwhile.  [GL #1968]
+- ``named`` could crash when cleaning dead nodes in ``lib/dns/rbtdb.c``
+  that were being reused. [GL #1968]