From bd00c2ce4e844d393f892d1c3cdee049cdc4d7df Mon Sep 17 00:00:00 2001
From: Matthijs Mekking <matthijs@isc.org>
Date: Fri, 9 Dec 2022 12:42:05 +0100
Subject: [PATCH] Add release note and CHANGES for GL #3677

News worthy.
---
 CHANGES                     | 2 ++
 doc/notes/notes-current.rst | 6 ++++++
 2 files changed, 8 insertions(+)

diff --git a/CHANGES b/CHANGES
index ce35066732..e568b930f3 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,5 @@
+6218.	[func]		Add inline-signing to dnssec-policy. [GL #3677]
+
 6217.	[func]		The dns_badcache unit was refactored to use cds_lfht
 			instead of hand-crafted locked hashtable. [GL #4223]
 
diff --git a/doc/notes/notes-current.rst b/doc/notes/notes-current.rst
index 7e8907db10..c2e2a53268 100644
--- a/doc/notes/notes-current.rst
+++ b/doc/notes/notes-current.rst
@@ -40,6 +40,12 @@ Feature Changes
   DNS SERVER COOKIES.  Previously these were silently treated as
   DNS CLIENT COOKIES.  :gl:`#4194`
 
+- The option :any:`inline-signing` can now also be set inside
+  :any:`dnssec-policy`. The built-in policies ``default`` and ``insecure``
+  enable the use of :any:`inline-signing`. If you set :any:`inline-signing`
+  at the ``zone`` level, it overrides the value used set in
+  :any:`dnssec-policy`. :gl:`#3677`.
+
 Bug Fixes
 ~~~~~~~~~