Tweak and reword release notes

doc/notes/notes-9.19.6.rst

@@ -15,36 +15,40 @@ Notes for BIND 9.19.6
 Known Issues
 ~~~~~~~~~~~~
 
-- Upgrading from BIND 9.16.32, 9.18.6, or older, may require a manual
-  configuration change. The following configurations are affected:
+- Upgrading from BIND 9.16.32, 9.18.6, 9.19.4, or any older version may
+  require a manual configuration change. The following configurations
+  are affected:
 
-  - :any:`type primary` zones configured with :any:`dnssec-policy` but without
-    either :any:`allow-update` or :any:`update-policy`
-  - :any:`type secondary` zones configured with :any:`dnssec-policy`
+  - :any:`type primary` zones configured with :any:`dnssec-policy` but
+    without either :any:`allow-update` or :any:`update-policy`,
+  - :any:`type secondary` zones configured with :any:`dnssec-policy`.
 
   In these cases please add :namedconf:ref:`inline-signing yes;
-  <inline-signing>` to individual zone configuration(s). Without applying this
-  change :iscman:`named` will fail to start. For more details see
+  <inline-signing>` to the individual zone configuration(s). Without
+  applying this change, :iscman:`named` will fail to start. For more
+  details, see
   https://kb.isc.org/docs/dnssec-policy-requires-dynamic-dns-or-inline-signing
 
 New Features
 ~~~~~~~~~~~~
 
-- A new configuration option ``require-cookie`` has been introduced, it
-  specifies if there should be a DNS COOKIE in the response for a given
-  prefix and if not named falls back to TCP.  This is useful if you know
-  a given server support DNS COOKIE.  It can also be used to force all
-  non DNS COOKIE responses to fall back to TCP.  :gl:`#2295`
+- A new configuration option :any:`require-cookie` has been introduced.
+  It specifies whether there should be a DNS COOKIE in the response for
+  a given prefix; if not, :iscman:`named` falls back to TCP. This is
+  useful if it is known that a given server supports DNS COOKIE. It can
+  also be used to force all non-DNS COOKIE responses to fall back to
+  TCP. :gl:`#2295`
 
-- Add libsystemd sd_notify() integration that allows the ``named`` to report
-  status to the supervisor.  This allows the systemd to wait until ``named`` is
-  fully started before starting other services that depend on name resolution.
-  :gl:`#1176`
+- Support for libsystemd's ``sd_notify()`` function was added, enabling
+  :iscman:`named` to report its status to the init system. This allows
+  systemd to wait until :iscman:`named` is fully ready before starting
+  other services that depend on name resolution. :gl:`#1176`
 
-- The ``nsupdate`` tool now supports DNS-over-TLS (DoT). :gl:`#1781`
+- The :iscman:`nsupdate` tool now supports DNS-over-TLS (DoT).
+  :gl:`#1781`
 
-- :iscman:``named`` now supports forwarding Dynamic DNS updates through
-  DNS-over-TLS (DoT), configured with a TLS-enabled primary server. :gl:`#3512`
+- :iscman:`named` now supports forwarding Dynamic DNS updates through
+  DNS-over-TLS (DoT). :gl:`#3512`
 
 - :iscman:`named` now logs the supported cryptographic algorithms during
   startup and in the output of :option:`named -V`. :gl:`#3541`
@@ -53,37 +57,38 @@ Feature Changes
 ~~~~~~~~~~~~~~~
 
 - When an international domain name is not valid according to IDNA2008,
-  :program:`dig` will now try to convert it according to IDNA2003 rules,
-  or pass it through unchanged, instead of stopping with an error message.
-  You can use the ``idna2`` utility for checking IDNA syntax. :gl:`#3485`.
+  :iscman:`dig` now tries to convert it according to IDNA2003 rules, or
+  pass it through unchanged, instead of stopping with an error message.
+  The ``idna2`` utility can be used to check IDNA syntax. :gl:`#3527`
 
 - The DNSSEC signing data included in zone statistics identified
   keys only by the key ID; this caused confusion when two keys using
   different algorithms had the same ID. Zone statistics now identify
   keys using the algorithm number, followed by "+", followed by the
-  key ID: for example, "8+54274". :gl:`#3525`
+  key ID: for example, ``8+54274``. :gl:`#3525`
 
-- The ability to use pkcs11 via engine_pkcs11 has been restored, by only using
-  deprecated APIs in OpenSSL 3.0.0. BIND needs to be compiled
-  with '-DOPENSSL_API_COMPAT=10100' specified in the CFLAGS at
-  compile time. :gl:`!6711`
+- The ability to use PKCS#11 via engine_pkcs11 has been restored, by
+  using only deprecated APIs in OpenSSL 3.0.0. BIND 9 needs to be
+  compiled with ``-DOPENSSL_API_COMPAT=10100`` specified in the CFLAGS
+  environment variable at compile time. :gl:`#3578`
 
-- Compiling BIND 9 now requires at least libuv version 1.34.0 or higher.  The
-  libuv should be available on all supported platforms either as a native
-  package or as a backport. :gl:`#3567`
+- Compiling BIND 9 now requires at least libuv version 1.34.0 or higher.
+  libuv should be available on all supported platforms either as a
+  native package or as a backport. :gl:`#3567`
 
-- Add support for parsing and validating ``dohpath`` to SVBC records.
-  :gl:`#3544`
+- Support for parsing and validating the ``dohpath`` service parameter
+  in SVCB records was added. :gl:`#3544`
 
 Bug Fixes
 ~~~~~~~~~
 
-- An assertion failure was fixed in ``named`` that was caused by aborting the statistics
-  channel connection while sending statistics data to the client.  :gl:`#3542`
+- An assertion failure was fixed in :iscman:`named` that was caused by
+  aborting the statistics channel connection while sending statistics
+  data to the client. :gl:`#3542`
 
 - :iscman:`named` could incorrectly return non-truncated, glueless
   referrals for responses whose size was close to the UDP packet size
-  limit. :gl:`#1967`
+  limit. This has been fixed. :gl:`#1967`
 
-- Changing just the TSIG key names for primaries in catalog zones' member
-  zones was not effective. :gl:`#3557`
+- Changing just the TSIG key names for primaries in catalog zones'
+  member zones was not effective. This has been fixed. :gl:`#3557`