diff options
author | Jeremy Harris <jgh146exb@wizmail.org> | 2015-05-19 22:32:38 +0100 |
---|---|---|
committer | Jeremy Harris <jgh146exb@wizmail.org> | 2015-05-19 22:32:38 +0100 |
commit | 1f155f8e69b44ee7678dd1009ae0348e5c8d768e (patch) | |
tree | 25c6ef8955e40a3057ea1f90b82c246a0928a1d9 /doc/doc-docbook | |
parent | 7cd171b76e5bd3cb825c2a8720bc1fe4ad9b37e0 (diff) |
Change host_lookup re-forward from byname to bydns; checking DNSSEC
Diffstat (limited to 'doc/doc-docbook')
-rw-r--r-- | doc/doc-docbook/spec.xfpt | 6 |
1 files changed, 2 insertions, 4 deletions
diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt index d4ebf464d..c1668c7ac 100644 --- a/doc/doc-docbook/spec.xfpt +++ b/doc/doc-docbook/spec.xfpt @@ -12223,7 +12223,8 @@ received. It is empty if there was no successful authentication. See also If an attempt to populate &$sender_host_name$& has been made (by reference, &%hosts_lookup%& or otherwise) then this boolean will have been set true if, and only if, the -resolver library states that the reverse DNS was authenticated data. At all +resolver library states that both +the reverse and forward DNS were authenticated data. At all other times, this variable is false. It is likely that you will need to coerce DNSSEC support on in the resolver @@ -12235,9 +12236,6 @@ dns_dnssec_ok = 1 Exim does not perform DNSSEC validation itself, instead leaving that to a validating resolver (eg, unbound, or bind with suitable configuration). -Exim does not (currently) check to see if the forward DNS was also secured -with DNSSEC, only the reverse DNS. - If you have changed &%host_lookup_order%& so that &`bydns`& is not the first mechanism in the list, then this variable will be false. |