Tweak and reword release notes

doc/notes/notes-9.18.28.rst

@@ -15,55 +15,57 @@ Notes for BIND 9.18.28
 Security Fixes
 ~~~~~~~~~~~~~~
 
-- Malicious DNS client that sends many queries over TCP but never reads
-  responses can cause server to respond slowly or not respond at all for other
-  clients. :cve:`2024-0760` :gl:`#4481`
+- A malicious DNS client that sent many queries over TCP but never read
+  the responses could cause a server to respond slowly or not at all for
+  other clients. This has been fixed. :cve:`2024-0760` :gl:`#4481`
 
-- Excessively large resource record sets can be crafted to slow down
+- It is possible to craft excessively large resource records sets, which
+  have the effect of slowing down database processing. This has been
+  addressed by adding a configurable limit to the number of records that
+  can be stored per name and type in a cache or zone database. The
+  default is 100, which can be tuned with the new
+  :any:`max-records-per-type` option. :gl:`#497` :gl:`#3405`
+
+  It is possible to craft excessively large numbers of resource record
+  types for a given owner name, which has the effect of slowing down
   database processing. This has been addressed by adding a configurable
   limit to the number of records that can be stored per name and type in
-  a cache or zone database. The default is 100, but it can be tuned with
-  the new ``max-records-per-type`` option. :gl:`#497` :gl:`#3405`
+  a cache or zone database.  The default is 100, which can be tuned with
+  the new :any:`max-types-per-name` option. :cve:`2024-1737` :gl:`#3403`
 
-  An excessively large number of resource record types for a single owner name can
-  be crafted to slow down database processing. This has been addressed by adding
-  a configurable limit to the number of records that can be stored per name and
-  type in a cache or zone database.  The default is 100, and can be tuned with
-  the new ``max-rrtypes-per-name`` option. :cve:`2024-1737` :gl:`#3403`
+  ISC would like to thank Toshifumi Sakaguchi who independently
+  discovered and responsibly reported the issue to ISC. :gl:`#4548`
 
-  ISC would like to thank Toshifumi Sakaguchi who independently discovered
-  and responsibly reported the issue to ISC. :gl:`#4548`
+- Validating DNS messages signed using the SIG(0) protocol (:rfc:`2931`)
+  could cause excessive CPU load, leading to a denial-of-service
+  condition. Support for SIG(0) message validation was removed from this
+  version of :iscman:`named`. :cve:`2024-1975` :gl:`#4480`
 
-- Validating DNS messages signed using the SIG(0) protocol (:rfc:`2931`) could
-  cause excessive CPU load, leading to a denial-of-service condition.
-  Support for SIG(0) message validation was removed from this version of
-  :iscman:`named`. :cve:`2024-1975` :gl:`#4480`
+- Due to a logic error, lookups that triggered serving stale data and
+  required lookups in local authoritative zone data could have resulted
+  in an assertion failure. This has been fixed. :cve:`2024-4076`
+  :gl:`#4507`
 
-- Due to a logic error, lookups that trigger serving stale data and require
-  lookups in local authoritative zone data may result in an assertion failure.
-  This has been fixed. :cve:`2024-4076` :gl:`#4507`
-
-- Named could trigger an assertion failure when looking up the NS
-  records of parent zones as part of looking up DS records.  This
-  has been fixed. :gl:`#4661`
+- When looking up the NS records of parent zones as part of looking up DS
+  records, it was possible for :iscman:`named` to trigger an assertion
+  failure if serve-stale was enabled. This has been fixed. :gl:`#4661`
 
 Bug Fixes
 ~~~~~~~~~
 
-- Potential data races were found in our DoH implementation related
-  to HTTP/2 session object management and endpoints set object
-  management after reconfiguration. These issues have been
-  fixed. :gl:`#4473`
+- Potential data races were found in our DoH implementation, related to
+  HTTP/2 session object management and endpoints set object management
+  after reconfiguration. These issues have been fixed. :gl:`#4473`
 
-  ISC would like to thank Dzintars and Ivo from nic.lv for bringing
-  this to our attention.
+  ISC would like to thank Dzintars and Ivo from nic.lv for bringing this
+  to our attention.
 
 - Command-line options for IPv4-only (:option:`named -4`) and IPv6-only
-  (:option:`named -6`) modes are now respected for zone primaries,
-  :any:`also-notify` and :any:`parental-agents`. :gl:`#3472`
+  (:option:`named -6`) modes are now respected for zone :any:`primaries`,
+  :any:`also-notify`, and :any:`parental-agents`. :gl:`#3472`
 
-- An RPZ response's SOA record TTL was set to 1 instead of the SOA TTL, if
-  ``add-soa`` was used. This has been fixed. :gl:`#3323`
+- An RPZ response's SOA record TTL was set to 1 instead of the SOA TTL,
+  if ``add-soa`` was used. This has been fixed. :gl:`#3323`
 
 - When a query related to zone maintenance (NOTIFY, SOA) timed out close
   to a view shutdown (triggered e.g. by :option:`rndc reload`),
@@ -74,15 +76,15 @@ Bug Fixes
   connected TCP IPv4/IPv6 clients were not properly adjusted in certain
   failure scenarios. This has been fixed. :gl:`#4742`
 
-- Some servers which couldn't be reached due EHOSTDOWN or ENETDOWN
-  conditions were incorrectly prioritized during server selection.
-  These are now properly handled as unreachable. :gl:`#4736`
+- Some servers that could not be reached due to EHOSTDOWN or ENETDOWN
+  conditions were incorrectly prioritized during server selection. These
+  are now properly handled as unreachable. :gl:`#4736`
 
-- When sending a TCP reset for a connection, on some systems
-  the libuv call may return an error code, which triggered an
-  assertion failure in `named`. This error condition is now
-  being dealt with in a more graceful manner, by logging the
-  incident and shutting down the connection. :gl:`#4708`
+- On some systems the libuv call may return an error code when sending a
+  TCP reset for a connection, which triggers an assertion failure in
+  :iscman:`named`. This error condition is now dealt with in a more
+  graceful manner, by logging the incident and shutting down the
+  connection. :gl:`#4708`
 
 Known Issues
 ~~~~~~~~~~~~