split notes.xml into sections

0d51dec3 · Mark Andrews · 44fa4d20 · 0d51dec3 · 0d51dec3 · 0d51dec3
Commit 0d51dec3 authored Sep 12, 2019 by Mark Andrews
15 changed files
--- a/doc/arm/Makefile.in
+++ b/doc/arm/Makefile.in
@@ -19,6 +19,12 @@ TXTOBJS = notes.txt

 PDFOBJS = Bv9ARM.pdf notes.pdf

+NOTESXML = notes-bug-fixes.xml notes-download.xml notes-eol.xml \
+	   notes-feature-changes.xml notes-intro.xml notes-license.xml \
+	   notes-new-features.xml notes-numbering.xml notes-platforms.xml \
+	   notes-removed.xml notes-sec-fixes.xml notes-thankyou.xml \
+	   notes.xml
+
 doc man:: ${MANOBJS} ${TXTOBJS} ${PDFOBJS}

 clean::
@@ -36,11 +42,11 @@ maintainer-clean distclean::
 	rm -f noteversion.xml

 # use xmllint to process include
-notes.html: notes-wrapper.xml notes.xml releaseinfo.xml pkgversion.xml noteversion.xml
+notes.html: notes-wrapper.xml ${NOTESXML} releaseinfo.xml pkgversion.xml noteversion.xml
 	expand notes-wrapper.xml | ${XMLLINT} --xinclude - | \
 	${XSLTPROC} --stringparam generate.toc "" ../xsl/isc-notes-html.xsl - > notes.html

-notes.pdf: notes-wrapper.xml notes.xml releaseinfo.xml pkgversion.xml noteversion.xml
+notes.pdf: notes-wrapper.xml ${NOTESXML} releaseinfo.xml pkgversion.xml noteversion.xml
 	${XSLTPROC} ${top_srcdir}/doc/xsl/pre-latex.xsl notes-wrapper.xml | \
 	${DBLATEX} -c notes.conf -Pdoc.layout="mainmatter" -o notes.pdf -

@@ -50,17 +56,17 @@ notes.txt: notes.html
 		sed -e :a -e '/^\n*$$/{$$d;N;};/\n$$/ba' > notes.txt

 # use xmllint to process include
-Bv9ARM.html: Bv9ARM-book.xml releaseinfo.xml pkgversion.xml noteversion.xml
+Bv9ARM.html: Bv9ARM-book.xml ${NOTESXML} releaseinfo.xml pkgversion.xml noteversion.xml
 	expand Bv9ARM-book.xml | ${XMLLINT} --xinclude - | \
 	${XSLTPROC} --stringparam root.filename Bv9ARM \
 		${top_srcdir}/doc/xsl/isc-docbook-chunk.xsl -

 # use xmllint to process include
-Bv9ARM-all.html: Bv9ARM-book.xml releaseinfo.xml pkgversion.xml noteversion.xml
+Bv9ARM-all.html: Bv9ARM-book.xml ${NOTESXML} releaseinfo.xml pkgversion.xml noteversion.xml
 	expand Bv9ARM-book.xml | ${XMLLINT} --xinclude - |\
 	${XSLTPROC} -o Bv9ARM-all.html ../xsl/isc-docbook-html.xsl -

-Bv9ARM.pdf: Bv9ARM-book.xml releaseinfo.xml pkgversion.xml noteversion.xml
+Bv9ARM.pdf: Bv9ARM-book.xml ${NOTESXML} releaseinfo.xml pkgversion.xml noteversion.xml
 	expand Bv9ARM-book.xml | \
 	${XSLTPROC} ${top_srcdir}/doc/xsl/pre-latex.xsl - | \
 	${DBLATEX} -c Bv9ARM.conf -o Bv9ARM.pdf -
--- a/doc/arm/notes-bug-fixes.xml
+++ b/doc/arm/notes-bug-fixes.xml
+<!--
+ - Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ -
+ - This Source Code Form is subject to the terms of the Mozilla Public
+ - License, v. 2.0. If a copy of the MPL was not distributed with this
+ - file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ -
+ - See the COPYRIGHT file distributed with this work for additional
+ - information regarding copyright ownership.
+-->
+
+<section xml:id="relnotes_bugs"><info><title>Bug Fixes</title></info>
+  <itemizedlist>
+    <listitem>
+      <para>
+        The <command>allow-update</command> and
+        <command>allow-update-forwarding</command> options were
+        inadvertently treated as configuration errors when used at the
+        <command>options</command> or <command>view</command> level.
+        This has now been corrected.
+        [GL #913]
+      </para>
+    </listitem>
+    <listitem>
+      <para>
+        When <command>qname-minimization</command> was set to
+        <command>relaxed</command>, some improperly configured domains
+        would fail to resolve, but would have succeeded when minimization
+        was disabled. <command>named</command> will now fall back to normal
+        resolution in such cases, and also uses type A rather than NS for
+        minimal queries in order to reduce the likelihood of encountering
+        the problem. [GL #1055]
+      </para>
+    </listitem>
+    <listitem>
+      <para>
+        <command>./configure</command> no longer sets
+        <command>--sysconfdir</command> to <command>/etc</command> or
+        <command>--localstatedir</command> to <command>/var</command>
+        when <command>--prefix</command> is not specified and the
+        aforementioned options are not specified explicitly. Instead,
+        Autoconf's defaults of <command>$prefix/etc</command> and
+        <command>$prefix/var</command> are respected.
+      </para>
+    </listitem>
+    <listitem>
+      <para>
+        Glue address records were not being returned in responses
+        to root priming queries; this has been corrected. [GL #1092]
+      </para>
+    </listitem>
+    <listitem>
+      <para>
+        Interaction between DNS64 and RPZ No Data rule (CNAME *.) could
+        cause unexpected results; this has been fixed. [GL #1106]
+      </para>
+    </listitem>
+    <listitem>
+      <para>
+        <command>named-checkconf</command> now checks DNS64 prefixes
+        to ensure bits 64-71 are zero. [GL #1159]
+      </para>
+    </listitem>
+    <listitem>
+      <para>
+        <command>named-checkconf</command> now correctly reports a missing
+        <command>dnstap-output</command> option when
+        <command>dnstap</command> is set. [GL #1136]
+      </para>
+    </listitem>
+    <listitem>
+      <para>
+        Handle ETIMEDOUT error on connect() with a non-blocking
+        socket. [GL #1133]
+      </para>
+    </listitem>
+    <listitem>
+      <para>
+        Cache database statistics counters could report invalid values
+        when stale answers were enabled, because of a bug in counter
+        maintenance when cache data becomes stale. The statistics counters
+        have been corrected to report the number of RRsets for each
+        RR type that are active, stale but still potentially served,
+        or stale and marked for deletion. [GL #602]
+      </para>
+    </listitem>
+    <listitem>
+      <para>
+        <command>dig</command> now correctly expands the IPv6 address
+        when run with <command>+expandaaaa +short</command>. [GL #1152]
+      </para>
+    </listitem>
+    <listitem>
+      <para>
+        When a <command>response-policy</command> zone expires, ensure
+        that its policies are removed from the RPZ summary database.
+        [GL #1146]
+      </para>
+    </listitem>
+  </itemizedlist>
+</section>
--- a/doc/arm/notes-download.xml
+++ b/doc/arm/notes-download.xml
+<!--
+ - Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ -
+ - This Source Code Form is subject to the terms of the Mozilla Public
+ - License, v. 2.0. If a copy of the MPL was not distributed with this
+ - file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ -
+ - See the COPYRIGHT file distributed with this work for additional
+ - information regarding copyright ownership.
+-->
+
+<section xml:id="relnotes_download"><info><title>Download</title></info>
+  <para>
+    The latest versions of BIND 9 software can always be found at
+    <link xmlns:xlink="http://www.w3.org/1999/xlink" xlink:href="http://www.isc.org/downloads/">http://www.isc.org/downloads/</link>.
+    There you will find additional information about each release,
+    source code, and pre-compiled versions for Microsoft Windows
+    operating systems.
+  </para>
+</section>
--- a/doc/arm/notes-eol.xml
+++ b/doc/arm/notes-eol.xml
+<!--
+ - Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ -
+ - This Source Code Form is subject to the terms of the Mozilla Public
+ - License, v. 2.0. If a copy of the MPL was not distributed with this
+ - file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ -
+ - See the COPYRIGHT file distributed with this work for additional
+ - information regarding copyright ownership.
+-->
+
+<section xml:id="end_of_life"><info><title>End of Life</title></info>
+  <para>
+    BIND 9.15 is an unstable development branch. When its development
+    is complete, it will be renamed to BIND 9.16, which will be a
+    stable branch.
+  </para>
+  <para>
+    The end of life date for BIND 9.16 has not yet been determined.
+    For those needing long term support, the current Extended Support
+    Version (ESV) is BIND 9.11, which will be supported until at
+    least December 2021. See
+    <link xmlns:xlink="http://www.w3.org/1999/xlink" xlink:href="https://www.isc.org/downloads/software-support-policy/">https://www.isc.org/downloads/software-support-policy/</link>
+    for details of ISC's software support policy.
+  </para>
+</section>
--- a/doc/arm/notes-feature-changes.xml
+++ b/doc/arm/notes-feature-changes.xml
+<!--
+ - Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ -
+ - This Source Code Form is subject to the terms of the Mozilla Public
+ - License, v. 2.0. If a copy of the MPL was not distributed with this
+ - file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ -
+ - See the COPYRIGHT file distributed with this work for additional
+ - information regarding copyright ownership.
+-->
+
+<section xml:id="relnotes_changes"><info><title>Feature Changes</title></info>
+  <itemizedlist>
+    <listitem>
+      <para>
+        <command>named</command> will now log a warning if
+        a static key is configured for the root zone. [GL #6]
+      </para>
+    </listitem>
+    <listitem>
+      <para>
+        When static and managed DNSSEC keys were both configured for the
+        same name, or when a static key was used to
+        configure a trust anchor for the root zone and
+        <command>dnssec-validation</command> was set to the default
+        value of <literal>auto</literal>, automatic RFC 5011 key
+        rollovers would be disabled. This combination of settings was
+        never intended to work, but there was no check for it in the
+        parser. This has been corrected, and it is now a fatal
+        configuration error. [GL #868]
+      </para>
+    </listitem>
+    <listitem>
+      <para>
+        DS and CDS records are now generated with SHA-256 digests
+        only, instead of both SHA-1 and SHA-256. This affects the
+        default output of <command>dnssec-dsfromkey</command>, the
+        <filename>dsset</filename> files generated by
+        <command>dnssec-signzone</command>, the DS records added to
+        a zone by <command>dnssec-signzone</command> based on
+        <filename>keyset</filename> files, the CDS records added to
+        a zone by <command>named</command> and
+        <command>dnssec-signzone</command> based on "sync" timing
+        parameters in key files, and the checks performed by
+        <command>dnssec-checkds</command>.
+      </para>
+    </listitem>
+    <listitem>
+      <para>
+        JSON-C is now the only supported library for enabling JSON
+        support for BIND statistics. The <command>configure</command>
+        option has been renamed from <command>--with-libjson</command>
+        to <command>--with-json-c</command>.  Use
+        <command>PKG_CONFIG_PATH</command> to specify a custom path to
+        the <command>json-c</command> library as the new
+        <command>configure</command> option does not take the library
+        installation path as an optional argument.
+      </para>
+    </listitem>
+    <listitem>
+      <para>
+        A SipHash 2-4 based DNS Cookie (RFC 7873) algorithm has been added and
+        made default.  Old non-default HMAC-SHA based DNS Cookie algorithms
+        have been removed, and only the default AES algorithm is being kept
+        for legacy reasons.  This change doesn't have any operational impact
+        in most common scenarios. [GL #605]
+      </para>
+      <para>
+        If you are running multiple DNS Servers (different versions of BIND 9
+        or DNS server from multiple vendors) responding from the same IP
+        address (anycast or load-balancing scenarios), you'll have to make
+        sure that all the servers are configured with the same DNS Cookie
+        algorithm and same Server Secret for the best performance.
+      </para>
+    </listitem>
+    <listitem>
+      <para>
+        The information from the <command>dnssec-signzone</command> and
+        <command>dnssec-verify</command> commands is now printed to standard
+        output.  The standard error output is only used to print warnings and
+        errors, and in case the user requests the signed zone to be printed to
+        standard output with <command>-f -</command> option.  A new
+        configuration option <command>-q</command> has been added to silence
+        all output on standard output except for the name of the signed zone.
+      </para>
+    </listitem>
+    <listitem>
+      <para>
+        DS records included in DNS referral messages can now be validated
+        and cached immediately, reducing the number of queries needed for
+        a DNSSEC validation. [GL #964]
+      </para>
+    </listitem>
+  </itemizedlist>
+</section>
--- a/doc/arm/notes-intro.xml
+++ b/doc/arm/notes-intro.xml
+<!--
+ - Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ -
+ - This Source Code Form is subject to the terms of the Mozilla Public
+ - License, v. 2.0. If a copy of the MPL was not distributed with this
+ - file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ -
+ - See the COPYRIGHT file distributed with this work for additional
+ - information regarding copyright ownership.
+-->
+
+<section xml:id="relnotes_intro"><info><title>Introduction</title></info>
+  <para>
+    BIND 9.15 is an unstable development release of BIND.
+    This document summarizes new features and functional changes that
+    have been introduced on this branch.  With each development release
+    leading up to the stable BIND 9.16 release, this document will be
+    updated with additional features added and bugs fixed.
+  </para>
+</section>
--- a/doc/arm/notes-license.xml
+++ b/doc/arm/notes-license.xml
+<!--
+ - Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ -
+ - This Source Code Form is subject to the terms of the Mozilla Public
+ - License, v. 2.0. If a copy of the MPL was not distributed with this
+ - file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ -
+ - See the COPYRIGHT file distributed with this work for additional
+ - information regarding copyright ownership.
+-->
+
+<section xml:id="relnotes_license"><info><title>License</title></info>
+  <para>
+    BIND is open source software licensed under the terms of the Mozilla
+    Public License, version 2.0 (see the <filename>LICENSE</filename>
+    file for the full text).
+  </para>
+  <para>
+    The license requires that if you make changes to BIND and distribute
+    them outside your organization, those changes must be published under
+    the same license. It does not require that you publish or disclose
+    anything other than the changes you have made to our software.  This
+    requirement does not affect anyone who is using BIND, with or without
+    modifications, without redistributing it, nor anyone redistributing
+    BIND without changes.
+  </para>
+  <para>
+    Those wishing to discuss license compliance may contact ISC at
+    <link
+      xmlns:xlink="http://www.w3.org/1999/xlink"
+      xlink:href="https://www.isc.org/mission/contact/">
+      https://www.isc.org/mission/contact/</link>.
+  </para>
+</section>
--- a/doc/arm/notes-new-features.xml
+++ b/doc/arm/notes-new-features.xml
+<!--
+ - Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ -
+ - This Source Code Form is subject to the terms of the Mozilla Public
+ - License, v. 2.0. If a copy of the MPL was not distributed with this
+ - file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ -
+ - See the COPYRIGHT file distributed with this work for additional
+ - information regarding copyright ownership.
+-->
+
+<section xml:id="relnotes_features"><info><title>New Features</title></info>
+  <itemizedlist>
+    <listitem>
+      <para>
+        Added a new command line option to <command>dig</command>:
+        <comand>+[no]unexpected</comand>. By default, <command>dig</command>
+        won't accept a reply from a source other than the one to which
+        it sent the query.  Add the <command>+unexpected</command> argument
+        to enable it to process replies from unexpected sources.
+      </para>
+    </listitem>
+    <listitem>
+      <para>
+        The GeoIP2 API from MaxMind is now supported. Geolocation support
+        will be compiled in by default if the <command>libmaxminddb</command>
+        library is found at compile time, but can be turned off by using
+        <command>configure --disable-geoip</command>.
+      </para>
+      <para>
+        The default path to the GeoIP2 databases will be set based
+        on the location of the <command>libmaxminddb</command> library;
+        for example, if it is in <filename>/usr/local/lib</filename>,
+        then the default path will be
+        <filename>/usr/local/share/GeoIP</filename>.
+        This value can be overridden in <filename>named.conf</filename>
+        using the <command>geoip-directory</command> option.
+      </para>
+      <para>
+        Some <command>geoip</command> ACL settings that were available with
+        legacy GeoIP, including searches for <command>netspeed</command>,
+        <command>org</command>, and three-letter ISO country codes, will
+        no longer work when using GeoIP2. Supported GeoIP2 database
+        types are <command>country</command>, <command>city</command>,
+        <command>domain</command>, <command>isp</command>, and
+        <command>as</command>. All of these databases support both IPv4
+        and IPv6 lookups. [GL #182] [GL #1112]
+      </para>
+    </listitem>
+    <listitem>
+      <para>
+        In order to clarify the configuration of DNSSEC keys,
+        the <command>trusted-keys</command> and
+        <command>managed-keys</command> statements have been
+        deprecated, and the new <command>dnssec-keys</command>
+        statement should now be used for both types of key.
+      </para>
+      <para>
+        When used with the keyword <command>initial-key</command>,
+        <command>dnssec-keys</command> has the same behavior as
+        <command>managed-keys</command>, i.e., it configures
+        a trust anchor that is to be maintained via RFC 5011.
+      </para>
+      <para>
+        When used with the new keyword <command>static-key</command>, it
+        has the same behavior as <command>trusted-keys</command>,
+        configuring a permanent trust anchor that will not automatically
+        be updated.  (This usage is not recommended for the root key.)
+        [GL #6]
+      </para>
+    </listitem>
+    <listitem>
+      <para>
+        The new <command>add-soa</command> option specifies whether
+        or not the <command>response-policy</command> zone's SOA record
+        should be included in the additional section of RPZ responses.
+        [GL #865]
+      </para>
+    </listitem>
+    <listitem>
+      <para>
+        Two new metrics have been added to the
+        <command>statistics-channel</command> to report DNSSEC
+        signing operations.  For each key in each zone, the
+        <command>dnssec-sign</command> counter indicates the total
+        number of signatures <command>named</command> has generated
+        using that key since server startup, and the
+        <command>dnssec-refresh</command> counter indicates how
+        many of those signatures were refreshed during zone
+        maintenance, as opposed to having been generated
+        as a result of a zone update.  [GL #513]
+      </para>
+    </listitem>
+    <listitem>
+      <para>
+        Statistics channel groups are now toggleable. [GL #1030]
+      </para>
+    </listitem>
+    <listitem>
+      <para>
+        <command>dig</command>, <command>mdig</command> and
+        <command>delv</command> can all now take a <command>+yaml</command>
+        option to print output in a a detailed YAML format. [RT #1145]
+      </para>
+    </listitem>
+  </itemizedlist>
+</section>
--- a/doc/arm/notes-numbering.xml
+++ b/doc/arm/notes-numbering.xml
+<!--
+ - Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ -
+ - This Source Code Form is subject to the terms of the Mozilla Public
+ - License, v. 2.0. If a copy of the MPL was not distributed with this
+ - file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ -
+ - See the COPYRIGHT file distributed with this work for additional
+ - information regarding copyright ownership.
+-->
+
+<section xml:id="relnotes_versions"><info><title>Note on Version Numbering</title></info>
+  <para>
+    Until BIND 9.12, new feature development releases were tagged
+    as "alpha" and "beta", leading up to the first stable release
+    for a given development branch, which always ended in ".0".
+    More recently, BIND adopted the "odd-unstable/even-stable"
+    release numbering convention. There will be no "alpha" or "beta"
+    releases in the 9.15 branch, only increasing version numbers.
+    So, for example, what would previously have been called 9.15.0a1,
+    9.15.0a2, 9.15.0b1, and so on, will instead be called 9.15.0,
+    9.15.1, 9.15.2, etc.
+  </para>
+  <para>
+    The first stable release from this development branch will be
+    renamed as 9.16.0. Thereafter, maintenance releases will continue
+    on the 9.16 branch, while unstable feature development proceeds in
+    9.17.
+  </para>
+</section>
--- a/doc/arm/notes-platforms.xml
+++ b/doc/arm/notes-platforms.xml
+<!--
+ - Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ -
+ - This Source Code Form is subject to the terms of the Mozilla Public
+ - License, v. 2.0. If a copy of the MPL was not distributed with this
+ - file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ -
+ - See the COPYRIGHT file distributed with this work for additional
+ - information regarding copyright ownership.
+-->
+
+<section xml:id="relnotes_platforms"><info><title>Supported Platforms</title></info>
+  <para>
+    To build on UNIX-like systems, BIND requires support for POSIX.1c
+    threads (IEEE Std 1003.1c-1995), the Advanced Sockets API for
+    IPv6 (RFC 3542), and standard atomic operations provided by the
+    C compiler.
+  </para>
+  <para>
+    The OpenSSL cryptography library must be available for the target
+    platform.  A PKCS#11 provider can be used instead for Public Key
+    cryptography (i.e., DNSSEC signing and validation), but OpenSSL is
+    still required for general cryptography operations such as hashing
+    and random number generation.
+  </para>
+  <para>
+    More information can be found in the <filename>PLATFORMS.md</filename>
+    file that is included in the source distribution of BIND 9.  If your
+    compiler and system libraries provide the above features, BIND 9
+    should compile and run. If that isn't the case, the BIND
+    development team will generally accept patches that add support
+    for systems that are still supported by their respective vendors.
+  </para>
+</section>
--- a/doc/arm/notes-removed.xml
+++ b/doc/arm/notes-removed.xml
+<!--
+ - Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ -
+ - This Source Code Form is subject to the terms of the Mozilla Public
+ - License, v. 2.0. If a copy of the MPL was not distributed with this
+ - file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ -
+ - See the COPYRIGHT file distributed with this work for additional
+ - information regarding copyright ownership.
+-->
+
+<section xml:id="relnotes_removed"><info><title>Removed Features</title></info>
+  <itemizedlist>
+    <listitem>
+      <para>
+        The <command>dnssec-enable</command> option has been obsoleted and
+        no longer has any effect. DNSSEC responses are always enabled
+        if signatures and other DNSSEC data are present. [GL #866]
+      </para>
+    </listitem>
+    <listitem>
+      <para>
+        The <command>cleaning-interval</command> option has been
+        removed.  [GL !1731]
+      </para>
+    </listitem>
+    <listitem>
+      <para>
+        DNSSEC Lookaside Validation (DLV) is now obsolete.
+        The <command>dnssec-lookaside</command> option has been
+        marked as deprecated; when used in <filename>named.conf</filename>,
+        it will generate a warning but will otherwise be ignored.
+        All code enabling the use of lookaside validation has been removed
+        from the validator, <command>delv</command>, and the DNSSEC tools.
+        [GL #7]
+      </para>
+    </listitem>
+  </itemizedlist>
+</section>
--- a/doc/arm/notes-sec-fixes.xml
+++ b/doc/arm/notes-sec-fixes.xml
+<!--
+ - Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ -
+ - This Source Code Form is subject to the terms of the Mozilla Public
+ - License, v. 2.0. If a copy of the MPL was not distributed with this
+ - file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ -
+ - See the COPYRIGHT file distributed with this work for additional
+ - information regarding copyright ownership.
+-->
+
+<section xml:id="relnotes_security"><info><title>Security Fixes</title></info>
+  <itemizedlist>
+    <listitem>
+      <para>
+        The TCP client quota set using the <command>tcp-clients</command>
+        option could be exceeded in some cases. This could lead to
+        exhaustion of file descriptors. This flaw is disclosed in
+        CVE-2018-5743. [GL #615]
+      </para>
+    </listitem>
+    <listitem>
+      <para>
+        In certain configurations, <command>named</command> could crash
+        with an assertion failure if <command>nxdomain-redirect</command>
+        was in use and a redirected query resulted in an NXDOMAIN from the
+        cache. This flaw is disclosed in CVE-2019-6467. [GL #880]
+      </para>
+    </listitem>
+    <listitem>
+      <para>
+        A race condition could trigger an assertion failure when
+        a large number of incoming packets were being rejected.
+        This flaw is disclosed in CVE-2019-6471. [GL #942]
+      </para>
+    </listitem>
+  </itemizedlist>
+</section>
--- a/doc/arm/notes-thankyou.xml
+++ b/doc/arm/notes-thankyou.xml
+<!--
+ - Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ -
+ - This Source Code Form is subject to the terms of the Mozilla Public
+ - License, v. 2.0. If a copy of the MPL was not distributed with this
+ - file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ -
+ - See the COPYRIGHT file distributed with this work for additional
+ - information regarding copyright ownership.
+-->
+
+<section xml:id="relnotes_thanks"><info><title>Thank You</title></info>
+  <para>
+    Thank you to everyone who assisted us in making this release possible.
+    If you would like to contribute to ISC to assist us in continuing to
+    make quality open source software, please visit our donations page at
+    <link xmlns:xlink="http://www.w3.org/1999/xlink" xlink:href="http://www.isc.org/donate/">http://www.isc.org/donate/</link>.
+  </para>
+</section>
--- a/doc/arm/notes.xml
+++ b/doc/arm/notes.xml
@@ -19,446 +19,16 @@

 <section xmlns:db="http://docbook.org/ns/docbook" version="5.0"><info/>
  <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="noteversion.xml"/>
-  <section xml:id="relnotes_intro"><info><title>Introduction</title></info>
-    <para>
-      BIND 9.15 is an unstable development release of BIND.
-      This document summarizes new features and functional changes that
-      have been introduced on this branch.  With each development release
-      leading up to the stable BIND 9.16 release, this document will be
-      updated with additional features added and bugs fixed.
-    </para>
-  </section>
-
-  <section xml:id="relnotes_versions"><info><title>Note on Version Numbering</title></info>
-    <para>
-      Until BIND 9.12, new feature development releases were tagged
-      as "alpha" and "beta", leading up to the first stable release
-      for a given development branch, which always ended in ".0".
-      More recently, BIND adopted the "odd-unstable/even-stable"
-      release numbering convention. There will be no "alpha" or "beta"
-      releases in the 9.15 branch, only increasing version numbers.
-      So, for example, what would previously have been called 9.15.0a1,
-      9.15.0a2, 9.15.0b1, and so on, will instead be called 9.15.0,
-      9.15.1, 9.15.2, etc.
-    </para>
-    <para>
-      The first stable release from this development branch will be
-      renamed as 9.16.0. Thereafter, maintenance releases will continue
-      on the 9.16 branch, while unstable feature development proceeds in
-      9.17.
-    </para>
-  </section>
-
-  <section xml:id="relnotes_platforms"><info><title>Supported Platforms</title></info>
-    <para>
-      To build on UNIX-like systems, BIND requires support for POSIX.1c