Tweak and reword release notes

doc/notes/notes-9.21.18.rst

@@ -15,58 +15,40 @@ Notes for BIND 9.21.18
 Feature Changes
 ~~~~~~~~~~~~~~~
 
-- Update requirements for system test suite.
-
-  Python 3.10 or newer is now required for running the system test
-  suite. The required python packages and their version requirements are
-  now tracked in `bin/tests/system/requirements.txt`.
-
-  Support for pytest 9.0.0 has been added its minimum supported version
-  has been raised to 7.0.0. The minimum supported dnspython version has
-  been raised to 2.3.0. :gl:`#5690`  :gl:`#5614`
-
-- Lowercase the NSEC next owner name when signing.
-
-  When building the NSEC rdata, lowercase the next owner name before
-  storing it in the Next Domain Name Field.
-
-  Note that this is not required according to RFC 6840, but since there
-  is inconsistency in the documents over time, having uppercase next
-  owner names in the NSEC records may cause validation failures if
-  validators are not following RFC 6840. :gl:`#5702`
-
 - Enable minimal ANY answers by default.
 
-  ANY queries are widely abused by attackers doing reflection attacks as
-  they return the largest answers.  Enable minimal ANY answers by
-  default to reduce the attack surface of the DNS servers. :gl:`#5723`
+  ANY queries are widely abused by attackers in reflection attacks, as
+  they result in large answers. The :namedconf:ref:`minimal-any` feature
+  is now enabled by default to reduce the attack surface. :gl:`#5723`
+
+- Lowercase the NSEC Next Domain Name field.
+
+  When building an NSEC record, the next owner name is now converted to lowercase
+  before storing it in the Next Domain Name field.
+
+  This is not required according to :rfc:`6840#section-5.1`, but since
+  inconsistencies have been introduced to the specification over time, having
+  "next owner" names in only lowercase in the NSEC records improves compatibility with
+  software that does not follow the latest version of the DNSSEC
+  specification. :gl:`#5702`
+
+- Update requirements for system test suite.
+
+  Python 3.10 or newer is now required for running the system test suite. The
+  required Python packages and their version requirements are now tracked in the
+  file `bin/tests/system/requirements.txt`. :gl:`#5690` :gl:`#5614`
+
 
 Bug Fixes
 ~~~~~~~~~
 
 - Make catalog zone names and member zones' entry names
-  case-insensitive.
+  case-insensitive. :gl:`#5693`
 
-  Previously, the catalog zone names and their member zones' entry names
-  were unintentionally case-sensitive. This has been fixed. :gl:`#5693`
+- Fix implementation of BRID and HHIT record types. :gl:`#5710`
 
-- Fix brid and hhit implementation.
-
-  Fix bugs in BRID and HHIT implementation and enable the unit tests.
-  :gl:`#5710`
-
-- DSYNC record incorrectly used two octets for the Scheme Field.
-
-  When creating the `DSYNC` record from a structure, `uint16_tobuffer`
-  was used instead of `uint8_tobuffer` when adding the scheme, causing a
-  `DSYNC` record that was one octet too long. This has been fixed.
-  :gl:`#5711`
-
-- Fix a possible issue with reponse policy zones and catalog zones.
-
-  If a response policy zone (RPZ) or a catalog zone contained an
-  `$INCLUDE` directive, then manually reloading that zone could fail to
-  process the changes in the response policy or in the catalog,
-  respectively. This has been fixed. :gl:`#5714`
+- Fix implementation of DSYNC record type. :gl:`#5711`
 
+- Fix response policy and catalog zones to work with `$INCLUDE` directive.
 
+  Reloading a RPZ or a catalog zone could have failed when `$INCLUDE` was in use. :gl:`#5714`