From 513dfd4fcc296fd8e1375d9c12a7a5a7dd8dfd10 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Micha=C5=82=20K=C4=99pie=C5=84?= <michal@isc.org>
Date: Mon, 6 Dec 2021 15:51:24 +0100
Subject: [PATCH] Reorder release notes

---
 doc/notes/notes-current.rst | 22 +++++++++++-----------
 1 file changed, 11 insertions(+), 11 deletions(-)

diff --git a/doc/notes/notes-current.rst b/doc/notes/notes-current.rst
index c046589927..2803f580b2 100644
--- a/doc/notes/notes-current.rst
+++ b/doc/notes/notes-current.rst
@@ -24,6 +24,11 @@ Known Issues
 New Features
 ~~~~~~~~~~~~
 
+- The ``allow-transfer`` option was extended to accept additional
+  ``port`` and ``transport`` parameters, to further restrict zone
+  transfers to a particular port and/or DNS transport protocol.
+  :gl:`#2776`
+
 - Extended DNS Error Code 18 - Prohibited (see :rfc:`8194` section
   4.19) is now set if query access is denied to the specific client.
   :gl:`#1836`
@@ -36,10 +41,12 @@ Removed Features
 Feature Changes
 ~~~~~~~~~~~~~~~
 
-- The ``allow-transfer`` option was extended to accept additional
-  ``port`` and ``transport`` parameters, to further restrict zone
-  transfers to a particular port and/or DNS transport protocol.
-  :gl:`#2776`
+- Aggressive Use of DNSSEC-Validated Cache (``synth-from-dnssec``, see
+  :rfc:`8198`) is now enabled by default again, after having been
+  disabled in BIND 9.14.8. The implementation of this feature was
+  reworked to achieve better efficiency and tuned to ignore certain
+  types of broken NSEC records. Negative answer synthesis is currently
+  only supported for zones using NSEC. :gl:`#1265`
 
 - The `UseSTD3ASCIIRules`_ flag is now disabled again for libidn2
   function calls. Applying additional validation rules for domain names
@@ -57,13 +64,6 @@ Feature Changes
   following triggering events: ``socket is not connected``, ``quota
   reached``, and ``soft quota reached``. :gl:`#2700`
 
-- Aggressive Use of DNSSEC-Validated Cache (``synth-from-dnssec``, see
-  :rfc:`8198`) is now enabled by default again, after having been
-  disabled in BIND 9.14.8. The implementation of this feature was
-  reworked to achieve better efficiency and tuned to ignore certain
-  types of broken NSEC records. Negative answer synthesis is currently
-  only supported for zones using NSEC. :gl:`#1265`
-
 - ``dnssec-dsfromkey`` no longer generates DS records from revoked keys.
   :gl:`#853`