Automatically add hyperlinks to release notes for BIND 9.21.3

doc/notes/notes-9.21.3.rst

@@ -7,37 +7,37 @@ New Features
 - Add separate query counters for new protocols.
 
   Add query counters for DoT, DoH, unencrypted DoH and their proxied
-  counterparts. The new protocols do not update their respective TCP/UDP
+  counterparts. The new :namedconf:`protocols` do not update their respective TCP/UDP
   transport counter and is now for TCP/UDP over plain 53 only.
   :gl:`#598`
 
 - Implement RFC 9567: EDNS Report-Channel option.
 
-  Add new `send-report-channel` and `log-report-channel` options.
-  `send-report-channel` specifies an agent domain, to which error
+  Add new :namedconf:`send-report-channel` and :namedconf:`log-report-channel` options.
+  :namedconf:`send-report-channel` specifies an agent domain, to which error
   reports can be sent by querying a specially constructed name within
-  the agent domain. EDNS Report-Channel options will be added to
-  outgoing authoritative responses, to inform clients where to send such
+  the agent domain. EDNS Report-Channel :FIXME-rndcconf-namedconf:`options` will be added to
+  outgoing authoritative responses, to inform :namedconf:`clients` where to send such
   queries in the event of a problem.
 
-  If a zone is configured which matches the agent domain and has
-  `log-report-channel` set to `yes`, error-reporting queries will be
-  logged at level `info` to the `dns-reporting-agent` logging channel.
+  If a :namedconf:`zone` is configured which matches the agent domain and has
+  :namedconf:`log-report-channel` set to `yes`, error-reporting queries will be
+  logged at level `info` to the `dns-reporting-agent` :namedconf:`logging` channel.
   :gl:`#3659`
 
-- Add detailed debugging of update-policy rule matching.
+- Add detailed debugging of :namedconf:`update-policy` rule matching.
 
-  This logs how named determines if an update request is granted or
+  This logs how :iscman:`named` determines if an update request is granted or
   denied when using update-policy. :gl:`#4751`
 
 - Update bind.keys with the new 2025 IANA root key.
 
-  Add an 'initial-ds' entry to bind.keys for the new root key, ID 38696,
+  Add an 'initial-ds' entry to bind.keys for the new root :FIXME-rndcconf-namedconf:`key`, ID 38696,
   which is scheduled for publication in January 2025. :gl:`#4896`
 
-- Enable runtime selection of FIPS mode in dig and delv.
+- Enable runtime selection of FIPS mode in :iscman:`dig` and delv.
 
-  'dig -F' and 'delv -F' can now be used to select FIPS mode at runtime.
+  ':iscman:`dig` -F' and ':iscman:`delv` -F' can now be used to select FIPS mode at runtime.
   :gl:`#5046`
 
 Removed Features
@@ -47,7 +47,7 @@ Removed Features
 
   The DLZ modules are poorly maintained as we only ensure they can still
   be compiled, the DLZ interface is blocking, so anything that blocks
-  the query to the database blocks the whole server and they should not
+  the query to the :namedconf:`database` blocks the whole :FIXME-rndcconf-namedconf:`server` and they should not
   be used except in testing.  The DLZ interface itself is going to be
   scheduled for removal.
 
@@ -57,10 +57,10 @@ Removed Features
 
 - Remove RBTDB implementation.
 
-  Remove the RBTDB database implementation, and only leave the QPDB
-  based implementations of zone and cache databases.  This means it's no
+  Remove the RBTDB :namedconf:`database` implementation, and only leave the QPDB
+  based implementations of :namedconf:`zone` and cache databases.  This means it's no
   longer possible to choose the RBTDB to be default at the compilation
-  time and it's not possible to configure RBTDB as the database backend
+  time and it's not possible to configure RBTDB as the :namedconf:`database` backend
   in the configuration file. :gl:`#5027`
 
 Feature Changes
@@ -68,29 +68,29 @@ Feature Changes
 
 - Dnssec-ksr now supports KSK rollovers.
 
-  The tool 'dnssec-ksr' now allows for KSK generation, as well as
+  The tool ':iscman:`dnssec-ksr`' now allows for KSK generation, as well as
   planned KSK rollovers. When signing a bundle from a Key Signing
-  Request (KSR), only the key that is active in that time frame is being
+  Request (KSR), only the :FIXME-rndcconf-namedconf:`key` that is active in that time frame is being
   used for signing. Also, the CDS and CDNSKEY records are now added and
   removed at the correct time. :gl:`#4697`  :gl:`#4705`
 
-- Add none parameter to query-source and query-source-v6 to disable IPv4
+- Add none parameter to :namedconf:`query-source` and :namedconf:`query-source-v6` to disable IPv4
   or IPv6 upstream queries.
 
-  Add a none parameter to named configuration option `query-source`
-  (respectively `query-source-v6`) which forbid usage of IPv4
-  (respectively IPv6) addresses when named is doing an upstream query.
+  Add a none parameter to :iscman:`named` configuration option :namedconf:`query-source`
+  (respectively :namedconf:`query-source-v6`) which forbid usage of IPv4
+  (respectively IPv6) :rndcconf:`addresses` when :iscman:`named` is doing an upstream query.
   :gl:`#4981` Turning-off upstream IPv6 queries while still listening to
   downstream queries on IPv6.
 
 - Print expire option in transfer summary.
 
-  The zone transfer summary will now print the expire option value in
-  the zone transfer summary. :gl:`#5013`
+  The :namedconf:`zone` transfer summary will now print the expire option value in
+  the :namedconf:`zone` transfer summary. :gl:`#5013`
 
 - Add missing EDNS option mnemonics.
 
-  The `Report-Channel` and `ZONEVERSION` EDNS options can now be sent
+  The `Report-Channel` and `ZONEVERSION` EDNS :FIXME-rndcconf-namedconf:`options` can now be sent
   using `dig +ednsopt=report-channel` (or `dig +ednsopt=rc` for short),
   and `dig +ednsopt=zoneversion`.
 
@@ -100,7 +100,7 @@ Feature Changes
   spelled with a hyphen in both text and YAML formats; previously, text
   format used a space.
 
-- Add new logging module for logging crypto errors in libisc.
+- Add new :namedconf:`logging` module for :namedconf:`logging` crypto errors in libisc.
 
   Add a new 'crypto' log module that will be used for a low-level
   cryptographic operations.  The DNS related cryptography logs are still
@@ -109,21 +109,21 @@ Feature Changes
 - Emit more helpful log for exceeding max-records-per-type.
 
   The new log message is emitted when adding or updating an RRset fails
-  due to exceeding the max-records-per-type limit. The log includes the
-  owner name and type, corresponding zone name, and the limit value. It
-  will be emitted on loading a zone file, inbound zone transfer (both
+  due to exceeding the :namedconf:`max-records-per-type` limit. The log includes the
+  owner name and :namedconf:`type`, corresponding :namedconf:`zone` name, and the limit value. It
+  will be emitted on loading a :namedconf:`zone` :namedconf:`file`, inbound :namedconf:`zone` transfer (both
   AXFR and IXFR), handling a DDNS update, or updating a cache DB. It's
-  especially helpful in the case of zone transfer, since the secondary
-  side doesn't have direct access to the offending zone data.
+  especially helpful in the case of :namedconf:`zone` transfer, since the secondary
+  side doesn't have direct access to the offending :namedconf:`zone` data.
 
-  It could also be used for max-types-per-name, but this change doesn't
+  It could also be used for :namedconf:`max-types-per-name`, but this change doesn't
   implement it yet as it's much less likely to happen in practice.
 
-- Harden key management when key files have become unavailabe.
+- Harden :FIXME-rndcconf-namedconf:`key` management when :FIXME-rndcconf-namedconf:`key` files have become unavailabe.
 
-  Prior to doing key management, BIND 9 will check if the key files on
-  disk match the expected keys. If key files for previously observed
-  keys have become unavailable, this will prevent the internal key
+  Prior to doing :FIXME-rndcconf-namedconf:`key` management, BIND 9 will check if the :FIXME-rndcconf-namedconf:`key` files on
+  disk match the expected keys. If :FIXME-rndcconf-namedconf:`key` files for previously observed
+  :namedconf:`keys` have become unavailable, this will prevent the internal :FIXME-rndcconf-namedconf:`key`
   manager from running.
 
 Bug Fixes
@@ -133,21 +133,21 @@ Bug Fixes
 
   Notifies configured to use TLS will now be sent over TLS, instead of
   plaintext UDP or TCP. Also, failing to load the TLS configuration for
-  notify now also results in an error. :gl:`#4821`
+  :namedconf:`notify` now also results in an error. :gl:`#4821`
 
 - '{&dns}' is as valid as '{?dns}' in a SVCB's dohpath.
 
-  `dig` fails to parse a valid (as far as I can tell, and accepted by
+  :iscman:`dig` fails to parse a valid (as far as I can tell, and accepted by
   `kdig` and `Wireshark`) `SVCB` record with a `dohpath` URI template
-  containing a `{&dns}`, like `dohpath=/some/path?key=value{&dns}"`. If
-  the URI template contains a `{?dns}` instead `dig` is happy, but my
+  containing a `{&dns}`, like `dohpath=/some/path?:FIXME-rndcconf-namedconf:`key`=value{&dns}"`. If
+  the URI template contains a `{?dns}` instead :iscman:`dig` is happy, but my
   understanding of rfc9461 and section 1.2. "Levels and Expression
   Types" of rfc6570 is that `{&dns}` is valid. See for example section
   1.2. "Levels and Expression Types" of rfc6570.
 
   Note that Peter van Dijk suggested that `{dns}` and
   `{dns,someothervar}` might be valid forms as well, so my patch might
-  be too restrictive, although it's anyone's guess how DoH clients would
+  be too restrictive, although it's anyone's guess how DoH :namedconf:`clients` would
   handle complex templates. :gl:`#4922`
 
 - Fix NSEC3 closest encloser lookup for names with empty non-terminals.
@@ -157,9 +157,9 @@ Bug Fixes
   incorrect NSEC3 records in some cases. This has been fixed.
   :gl:`#4950`
 
-- Report client transport in 'rndc recursing'
+- Report client transport in ':iscman:`rndc` recursing'
 
-  When `rndc recursing` is used to dump the list of recursing clients,
+  When `rndc recursing` is used to dump the list of recursing :namedconf:`clients`,
   it now indicates whether a query was sent via UDP, TCP, TLS, or HTTP.
   :gl:`#4971`
 
@@ -168,20 +168,20 @@ Bug Fixes
   BIND 9.20.0 broke `recursive-clients 0;`.  This has now been fixed.
   :gl:`#4987`
 
-- Parsing of hostnames in rndc.conf was broken.
+- Parsing of hostnames in :iscman:`rndc.conf` was broken.
 
-  When DSCP support was removed, parsing of hostnames in rndc.conf was
+  When DSCP support was removed, parsing of hostnames in :iscman:`rndc.conf` was
   accidentally broken, resulting in an assertion failure.  This has been
   fixed. :gl:`#4991`
 
-- Restore values when dig prints command line.
+- Restore values when :iscman:`dig` prints command line.
 
   Options of the form `[+-]option=<value>` failed to display the value
   on the printed command line. This has been fixed. :gl:`#4993`
 
 - Provide more visibility into configuration errors.
 
-  by logging SSL_CTX_use_certificate_chain_file and
+  by :namedconf:`logging` SSL_CTX_use_certificate_chain_file and
   SSL_CTX_use_PrivateKey_file errors individually. :gl:`#5008`
 
 - Fix race condition when canceling ADB find.
@@ -199,13 +199,13 @@ Bug Fixes
   old SERVFAIL cache entries was implemented only in opportunistic
   manner.  Improve the memory cleaning of the SERVFAIL cache to be more
   aggressive, so it doesn't consume a lot of memory in the case the
-  server encounters many SERVFAILs at once. :gl:`#5025`
+  :FIXME-rndcconf-namedconf:`server` encounters many SERVFAILs at once. :gl:`#5025`
 
-- Fix trying the next primary server when the preivous one was marked as
+- Fix trying the next primary :FIXME-rndcconf-namedconf:`server` when the preivous one was marked as
   unreachable.
 
-  In some cases (there is evidence only when XoT was used) `named`
-  failed to try the next primary server in the list when the previous
+  In some cases (there is evidence only when XoT was used) :iscman:`named`
+  failed to try the next primary :FIXME-rndcconf-namedconf:`server` in the list when the previous
   one was marked as unreachable. This has been fixed. :gl:`#5038`