CHANGES, release note

CHANGES

@@ -1,3 +1,16 @@
+4952.	[func]		Authoritative server support in named for the
+			EDNS CLIENT-SUBNET option (which was experimental
+			and not practical to deploy) has been removed.
+
+			The ECS option is still supported in dig and mdig
+			via the +subnet option, and can be parsed and logged
+			when received by named, but it is no longer used
+			for ACL processing. The "geoip-use-ecs" option
+			is now obsolete; a warning will be logged if it is
+			used in named.conf. "ecs" tags in an ACL definition
+			are also obsolete and will cause the configuration
+			to fail to load.  [GL #32]
+
 4951.	[protocol]	Add "HOME.ARPA" to list of built in empty zones as
 			per RFC 8375. [GL #273]
 

doc/arm/notes.xml

@@ -104,6 +104,28 @@
 
   <section xml:id="relnotes_removed"><info><title>Removed Features</title></info>
     <itemizedlist>
+      <listitem>
+	<para>
+	  <command>named</command> can no longer use the EDNS CLIENT-SUBNET
+	  option for view selection.  In its existing form, the authoritative
+	  ECS feature was not fully RFC-compliant, and could not realistically
+	  have been deployed in production for an authoritative server; its
+	  only practical use was for testing and experimentation. In the
+	  interest of code simplification, this feature has now been removed.
+	</para>
+	<para>
+	  The ECS option is still supported in <command>dig</command> and
+	  <command>mdig</command> via the +subnet argument, and can be parsed
+	  and logged when received by <command>named</command>, but
+	  it is no longer used for ACL processing. The
+	  <command>geoip-use-ecs</command> option is now obsolete;
+	  a warning will be logged if it is used in
+	  <filename>named.conf</filename>.
+	  <command>ecs</command> tags in an ACL definition are
+	  also obsolete, and will cause the configuration to fail to
+	  load if they are used. [GL #32]
+	</para>
+      </listitem>
       <listitem>
 	<para>
 	  <command>dnssec-keygen</command> can no longer generate HMAC