Tweak and reword release notes

doc/notes/notes-9.17.3.rst

@@ -11,13 +11,16 @@
 Notes for BIND 9.17.3
 ---------------------
 
+New Features
+~~~~~~~~~~~~
+
+- New ``rndc`` command ``rndc dnssec -status`` shows the current DNSSEC
+  policy and keys in use, the key states, and rollover status.
+  [GL #1612]
+
 Feature Changes
 ~~~~~~~~~~~~~~~
 
-- New ``rndc`` command ``rndc dnssec -status`` that shows the current
-  DNSSEC policy and keys in use, the key states and rollover status.
-  [GL #1612]
-
 - Disable and disallow static linking of BIND 9 binaries and libraries
   as BIND 9 modules require ``dlopen()`` support and static linking also
   prevents using security features like read-only relocations (RELRO) or
@@ -25,40 +28,41 @@ Feature Changes
   programs that interact with the network and process arbitrary user
   input. [GL #1933]
 
-- As part of an ongoing effort to use RFC 8499 terminology, ``primaries``
+- As part of an ongoing effort to use RFC 8499 terminology,
-  can now be used as a synonym for ``masters`` in ``named.conf``.
+  ``primaries`` can now be used as a synonym for ``masters`` in
-  Similarly, ``notify priamry-only`` can now be used as a synonym
+  ``named.conf``. Similarly, ``notify primary-only`` can now be used as
-  for ``notify master-only``. The output of ``rndc zonestatus`` now
+  a synonym for ``notify master-only``. The output of ``rndc
-  uses ``primary`` and ``secondary`` terminology. [GL #1948]
+  zonestatus`` now uses ``primary`` and ``secondary`` terminology.
+  [GL #1948]
 
 Bug Fixes
 ~~~~~~~~~
 
-- The DS set returned by ``dns_keynode_dsset()`` was not thread-safe.
+- The DS RRset returned by ``dns_keynode_dsset()`` was used in a
-  This could result in an INSIST being triggered. [GL #1926]
+  non-thread-safe manner. This could result in an INSIST being
+  triggered. [GL #1926]
 
-- The ``primary`` and ``secondary`` keywords, when used as parameters for
+- The ``primary`` and ``secondary`` keywords, when used as parameters
-  ``check-names``, were not processed correctly and were being ignored.
+  for ``check-names``, were not processed correctly and were being
-  [GL #1949]
+  ignored. [GL #1949]
 
-- 'rndc dnstap -roll <value>' was not limiting the number of saved
+- ``rndc dnstap -roll <value>`` did not limit the number of saved files
-  files to <value>. [GL !3728]
+  to ``<value>``. [GL !3728]
 
 - The validator could fail to accept a properly signed RRset if an
   unsupported algorithm appeared earlier in the DNSKEY RRset than a
   supported algorithm. It could also stop if it detected a malformed
   public key. [GL #1689]
 
-- The ``blackhole`` ACL was inadvertently disabled with respect to
+- The ``blackhole`` ACL was inadvertently disabled for client queries.
-  client queries. Blocked IP addresses were not used for upstream
+  Blocked IP addresses were not used for upstream queries but queries
-  queries but queries from those addresses could still be answered.
+  from those addresses could still be answered. [GL #1936]
-  [GL #1936]
 
-- ``named`` would crash on shutdown when new ``rndc`` connection is received at
+- ``named`` crashed on shutdown when a new ``rndc`` connection was
-  the same time as shutting down. [GL #1747]
+  received during shutdown. This has been fixed. [GL #1747]
 
-- Fix assertion failure when server is under load and root zone is not yet
+- Fix assertion failure when server was under load and root zone had not
-  loaded. [GL #1862]
+  yet been loaded. [GL #1862]
 
-- ``named`` could crash when cleaning dead nodes in ``lib/dns/rbtdb.c`` that
+- ``named`` could crash when cleaning dead nodes in ``lib/dns/rbtdb.c``
-  have been reused meanwhile.  [GL #1968]
+  that were being reused. [GL #1968]