diff options
| author | Jeremy Harris <jgh146exb@wizmail.org> | 2014-04-20 16:44:52 +0100 |
|---|---|---|
| committer | Jeremy Harris <jgh146exb@wizmail.org> | 2014-04-20 17:52:22 +0100 |
| commit | 8c51eead714a52b81651352b5db4b985d17c3148 (patch) | |
| tree | dbaf19a651a617dd0e8d9033db27dec65ed5ceb6 /doc | |
| parent | 35aba663e3f1eab672a8b2082a83194bf3b7a058 (diff) | |
Add options dnssec_request_domains, dnssec_require_domains to the dnslookup router
Note there are no testsuite cases included.
TODO in this area:
- dnssec during verify-callouts
- dnssec during dnsdb expansions
- dnssec on the forward lookup of a verify=helo and verify=reverse_host_lookup
- observability of status of requested dnssec
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/doc-docbook/spec.xfpt | 23 | ||||
| -rw-r--r-- | doc/doc-txt/ChangeLog | 3 |
2 files changed, 26 insertions, 0 deletions
diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt index 86090290b..68ebf8ad6 100644 --- a/doc/doc-docbook/spec.xfpt +++ b/doc/doc-docbook/spec.xfpt @@ -17622,6 +17622,29 @@ when there is a DNS lookup error. +.option dnssec_request_domains dnslookup "domain list&!!" unset +.cindex "MX record" "security" +.cindex "DNSSEC" "MX lookup" +.cindex "security" "MX lookup" +.cindex "DNS" "DNSSEC" +DNS lookups for domains matching &%dnssec_request_domains%& will be done with +the dnssec request bit set. +This applies to all of the SRV, MX A6, AAAA, A lookup sequence. + + + +.option dnssec_require_domains dnslookup "domain list&!!" unset +.cindex "MX record" "security" +.cindex "DNSSEC" "MX lookup" +.cindex "security" "MX lookup" +.cindex "DNS" "DNSSEC" +DNS lookups for domains matching &%dnssec_request_domains%& will be done with +the dnssec request bit set. Any returns not having the Authenticated Data bit +(AD bit) set wil be ignored and logged as a host-lookup failure. +This applies to all of the SRV, MX A6, AAAA, A lookup sequence. + + + .option mx_domains dnslookup "domain list&!!" unset .cindex "MX record" "required to exist" .cindex "SRV record" "required to exist" diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog index 56ff713cb..6252956a6 100644 --- a/doc/doc-txt/ChangeLog +++ b/doc/doc-txt/ChangeLog @@ -84,6 +84,9 @@ TL/07 Add new dmarc expansion variable $dmarc_domain_policy to directly JH/13 Fix handling of $tls_cipher et.al. in (non-verify) transport. Bug 1455. +JH/14 New options dnssec_request_domains, dnssec_require_domains on the + dnslookup router (applying to the forward lookup). + Exim version 4.82 ----------------- |