summaryrefslogtreecommitdiff
path: root/doc
diff options
context:
space:
mode:
authorPhil Pennock <pdp@exim.org>2013-03-23 19:46:22 -0400
committerPhil Pennock <pdp@exim.org>2013-03-23 19:46:22 -0400
commit0fbd9bff71b47e3a32e54629c3f67e7eda1812fe (patch)
tree45fa251f29cdba3c88b2deae8b6dceccbbe3e09f /doc
parent26e72755c101f59e24735e9ca9a320d5f1ebc2b7 (diff)
Rename dns_use_dnssec to dns_dnssec_ok.
This per Tony's suggestion; this makes it clearer that we are merely setting resolver flags, not performing validation ourselves. Well, clearer to those who understand DNSSEC. For everyone else, they'll still be dependent upon a forthcoming new chapter to the Specification.
Diffstat (limited to 'doc')
-rw-r--r--doc/doc-txt/ChangeLog4
-rw-r--r--doc/doc-txt/NewStuff5
2 files changed, 7 insertions, 2 deletions
diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog
index a2e204d34..abaee5659 100644
--- a/doc/doc-txt/ChangeLog
+++ b/doc/doc-txt/ChangeLog
@@ -181,6 +181,10 @@ PP/18 OpenSSL made graceful with empty tls_verify_certificates setting.
unset was to force an expansion failure. That still works, and
an empty string is now equivalent.
+PP/19 Renamed DNSSEC-enabling option to "dns_dnssec_ok", to make it
+ clearer that Exim is using the DO (DNSSEC OK) EDNS0 resolver flag,
+ not performing validation itself.
+
Exim version 4.80.1
-------------------
diff --git a/doc/doc-txt/NewStuff b/doc/doc-txt/NewStuff
index 47c5f6fec..ab8589e53 100644
--- a/doc/doc-txt/NewStuff
+++ b/doc/doc-txt/NewStuff
@@ -32,10 +32,11 @@ Version 4.82
Unless you really know what you are doing, leave it alone.
4. If not built with DISABLE_DNSSEC, Exim now has the main option
- dns_use_dnssec; if set to 1 then Exim will initialise the resolver library
+ dns_dnssec_ok; if set to 1 then Exim will initialise the resolver library
to send the DO flag to your recursive resolver. If you have a recursive
resolver, which can set the Authenticated Data (AD) flag in results, Exim
- can now detect this.
+ can now detect this. Exim does not perform validation itself, instead
+ relying upon a trusted path to the resolver.
Current status: work-in-progress; $sender_host_dnssec variable added.