summaryrefslogtreecommitdiff
path: root/doc
diff options
context:
space:
mode:
authorTodd Lyons <tlyons@exim.org>2014-04-29 17:07:04 -0700
committerTodd Lyons <tlyons@exim.org>2014-04-29 17:07:04 -0700
commiteea58ada63dde3265728daccc037d3a376b25f45 (patch)
treeb7b4a63c3c6c21d8e169d9ee12fdae3108c86800 /doc
parentd2af03f4c11273d6f52c9043119e24e732080885 (diff)
parent578897ea8764001d0538b8b645d161524ba1fa4e (diff)
Merge branch 'master' of ssh://git.exim.org/home/git/exim
Diffstat (limited to 'doc')
-rw-r--r--doc/doc-docbook/spec.xfpt31
-rw-r--r--doc/doc-txt/ChangeLog3
-rw-r--r--doc/doc-txt/NewStuff2
3 files changed, 32 insertions, 4 deletions
diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt
index 623ce535a..afc15d433 100644
--- a/doc/doc-docbook/spec.xfpt
+++ b/doc/doc-docbook/spec.xfpt
@@ -11471,7 +11471,7 @@ the space value is -1. See also the &%check_log_space%& option.
.vitem &$lookup_dnssec_authenticated$&
.vindex "&$lookup_dnssec_authenticated$&"
This variable is set after a DNS lookup done by
-either a dnslookup router or a dnsdb lookup expansion.
+a dnsdb lookup expansion, dnslookup router or smtp transport.
It will be empty if &(DNSSEC)& was not requested,
&"no"& if the result was not labelled as authenticated data
and &"yes"& if it was.
@@ -17687,8 +17687,6 @@ when there is a DNS lookup error.
DNS lookups for domains matching &%dnssec_request_domains%& will be done with
the dnssec request bit set.
This applies to all of the SRV, MX A6, AAAA, A lookup sequence.
-
-See also the &$lookup_dnssec_authenticated$& variable.
.wen
@@ -22610,6 +22608,33 @@ See the &%search_parents%& option in chapter &<<CHAPdnslookup>>& for more
details.
+.new
+.option dnssec_request_domains smtp "domain list&!!" unset
+.cindex "MX record" "security"
+.cindex "DNSSEC" "MX lookup"
+.cindex "security" "MX lookup"
+.cindex "DNS" "DNSSEC"
+DNS lookups for domains matching &%dnssec_request_domains%& will be done with
+the dnssec request bit set.
+This applies to all of the SRV, MX A6, AAAA, A lookup sequence.
+.wen
+
+
+
+.new
+.option dnssec_require_domains smtp "domain list&!!" unset
+.cindex "MX record" "security"
+.cindex "DNSSEC" "MX lookup"
+.cindex "security" "MX lookup"
+.cindex "DNS" "DNSSEC"
+DNS lookups for domains matching &%dnssec_request_domains%& will be done with
+the dnssec request bit set. Any returns not having the Authenticated Data bit
+(AD bit) set wil be ignored and logged as a host-lookup failure.
+This applies to all of the SRV, MX A6, AAAA, A lookup sequence.
+.wen
+
+
+
.option dscp smtp string&!! unset
.cindex "DCSP" "outbound"
This option causes the DSCP value associated with a socket to be set to one
diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog
index 7f01919c2..172748584 100644
--- a/doc/doc-txt/ChangeLog
+++ b/doc/doc-txt/ChangeLog
@@ -85,7 +85,8 @@ TL/07 Add new dmarc expansion variable $dmarc_domain_policy to directly
JH/13 Fix handling of $tls_cipher et.al. in (non-verify) transport. Bug 1455.
JH/14 New options dnssec_request_domains, dnssec_require_domains on the
- dnslookup router (applying to the forward lookup).
+ dnslookup router and the smtp transport (applying to the forward
+ lookup).
TL/08 Bugzilla 1453: New LDAP "SERVERS=" option allows admin to override list
of ldap servers used for a specific lookup. Patch provided by Heiko
diff --git a/doc/doc-txt/NewStuff b/doc/doc-txt/NewStuff
index 6a1a5e8d1..33c66ceb9 100644
--- a/doc/doc-txt/NewStuff
+++ b/doc/doc-txt/NewStuff
@@ -42,6 +42,8 @@ Version 4.83
8. EXPERIMENTAL_OCSP now supports GnuTLS also, if you have version 3.1.3
or later of that.
+ 9. Support for DNSSEC on outbound connections.
+
Version 4.82
------------