summaryrefslogtreecommitdiff
path: root/doc/doc-docbook
diff options
context:
space:
mode:
authorJeremy Harris <jgh146exb@wizmail.org>2015-05-19 22:32:38 +0100
committerJeremy Harris <jgh146exb@wizmail.org>2015-05-19 22:32:38 +0100
commit1f155f8e69b44ee7678dd1009ae0348e5c8d768e (patch)
tree25c6ef8955e40a3057ea1f90b82c246a0928a1d9 /doc/doc-docbook
parent7cd171b76e5bd3cb825c2a8720bc1fe4ad9b37e0 (diff)
Change host_lookup re-forward from byname to bydns; checking DNSSEC
Diffstat (limited to 'doc/doc-docbook')
-rw-r--r--doc/doc-docbook/spec.xfpt6
1 files changed, 2 insertions, 4 deletions
diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt
index d4ebf464d..c1668c7ac 100644
--- a/doc/doc-docbook/spec.xfpt
+++ b/doc/doc-docbook/spec.xfpt
@@ -12223,7 +12223,8 @@ received. It is empty if there was no successful authentication. See also
If an attempt to populate &$sender_host_name$& has been made
(by reference, &%hosts_lookup%& or
otherwise) then this boolean will have been set true if, and only if, the
-resolver library states that the reverse DNS was authenticated data. At all
+resolver library states that both
+the reverse and forward DNS were authenticated data. At all
other times, this variable is false.
It is likely that you will need to coerce DNSSEC support on in the resolver
@@ -12235,9 +12236,6 @@ dns_dnssec_ok = 1
Exim does not perform DNSSEC validation itself, instead leaving that to a
validating resolver (eg, unbound, or bind with suitable configuration).
-Exim does not (currently) check to see if the forward DNS was also secured
-with DNSSEC, only the reverse DNS.
-
If you have changed &%host_lookup_order%& so that &`bydns`& is not the first
mechanism in the list, then this variable will be false.