diff options
| author | Jeremy Harris <jgh146exb@wizmail.org> | 2014-04-24 00:49:56 +0100 |
|---|---|---|
| committer | Jeremy Harris <jgh146exb@wizmail.org> | 2014-04-24 14:02:19 +0100 |
| commit | fd3b6a4ad699259b80dcaed6287ec01ab5ec0105 (patch) | |
| tree | 6e5f0a344816c8e54a16b744e963c1509caeee39 /doc | |
| parent | deae092e544ecfb3d8a362a260fc00ec01f0883f (diff) | |
dnssec_strict, _lax, _never modifiers for dnsdb lookups
Lacking testsuite coverage
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/doc-docbook/spec.xfpt | 21 | ||||
| -rw-r--r-- | doc/doc-txt/ChangeLog | 3 |
2 files changed, 21 insertions, 3 deletions
diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt index 6f0a16f37..612d147a5 100644 --- a/doc/doc-docbook/spec.xfpt +++ b/doc/doc-docbook/spec.xfpt @@ -6959,11 +6959,16 @@ The data from each lookup is concatenated, with newline separators by default, in the same way that multiple DNS records for a single item are handled. A different separator can be specified, as described above. +Modifiers for &(dnsdb)& lookups are givien by optional keywords, +each followed by a comma, +that may appear before the record type. + The &(dnsdb)& lookup fails only if all the DNS lookups fail. If there is a temporary DNS error for any of them, the behaviour is controlled by -an optional keyword followed by a comma that may appear before the record -type. The possible keywords are &"defer_strict"&, &"defer_never"&, and -&"defer_lax"&. With &"strict"& behaviour, any temporary DNS error causes the +a defer-option modifier. +The possible keywords are +&"defer_strict"&, &"defer_never"&, and &"defer_lax"&. +With &"strict"& behaviour, any temporary DNS error causes the whole lookup to defer. With &"never"& behaviour, a temporary DNS error is ignored, and the behaviour is as if the DNS lookup failed to find anything. With &"lax"& behaviour, all the queries are attempted, but a temporary DNS @@ -6976,6 +6981,16 @@ ${lookup dnsdb{a=one.host.com:two.host.com}} Thus, in the default case, as long as at least one of the DNS lookups yields some data, the lookup succeeds. +Use of &(DNSSEC)& is controlled by a dnssec modifier. +The possible keywords are +&"dnssec_strict"&, &"dnssec_lax"&, and &"dnssec_never"&. +With &"strict"& or &"lax"& DNSSEC information is requested +with the lookup. +With &"strict"& a response from the DNS resolver that +is not labelled as authenticated data +is treated as equivalent to a temporary DNS error. +The default is &"never". + diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog index 30b27a012..649b730f0 100644 --- a/doc/doc-txt/ChangeLog +++ b/doc/doc-txt/ChangeLog @@ -91,6 +91,9 @@ TL/08 Bugzilla 1453: New LDAP "SERVERS=" option allows admin to override list of ldap servers used for a specific lookup. Patch provided by Heiko Schlichting. +JH/18 New options dnssec_lax, dnssec_strict on dnsdb lookups. + + Exim version 4.82 ----------------- |