Merge branch 'aram/arm-xot-and-ddns-update-forwarding-v9_18' into 'v9_18'

[v9_18] Document dynamic update forwarding limitation when XoT is enabled See merge request isc-projects/bind9!6765
2026-06-11 09:48:34 -04:00 · 2022-09-22 11:43:53 +00:00 · 2022-09-22 11:43:53 +00:00 · 588ee1f581
commit 588ee1f581
parent f05297fe5a f6f828989f
2 changed files with 10 additions and 1 deletions
--- a/doc/arm/reference.rst
+++ b/doc/arm/reference.rst
@ -1074,6 +1074,13 @@ where ``tls-configuration-name`` refers to a previously defined
   observers but does not protect from man-in-the-middle attacks on
   zone transfers.

+.. warning::
+
+  Please note that this version of BIND 9 does not support dynamic updates
+  forwarding (see :any:`allow-update-forwarding`) in conjuction with zone
+  transfers over TLS (XoT), that is when the :any:`tls` keyword is used with
+  :any:`primaries`, e.g. ``primaries { 192.0.2.1 tls tls-configuration-name; };``.
+
 .. _options_grammar:

 ``options`` Block Grammar
--- a/doc/notes/notes-current.rst
+++ b/doc/notes/notes-current.rst
@ -20,7 +20,9 @@ Security Fixes
 Known Issues
 ~~~~~~~~~~~~

- None.
+- BIND 9.18 does not support dynamic updates forwarding (see
+  :any:`allow-update-forwarding`) in conjuction with zone transfers
+  over TLS (XoT). :gl:`#3512`

 New Features
 ~~~~~~~~~~~~