summaryrefslogtreecommitdiff
path: root/doc
diff options
context:
space:
mode:
authorHeiko Schlittermann (HS12) <hs@schlittermann.de>2015-04-09 17:30:58 +0200
committerHeiko Schlittermann (HS12) <hs@schlittermann.de>2015-04-25 22:39:39 +0200
commit99c1bb4ed9d99c7b0f615750c37884d7a7f9aa0d (patch)
tree484d372d52347d4f54307888c301189a5444ca78 /doc
parent8d42c8364882bf2d743a5b876d6df741b6d67e40 (diff)
Make dnssec_request_domains/dnssec_require_domains generic
Not only the dnslookup router should use DNSSEC for lookups. The manualroute and even queryprogram router may just generate a host list. The names then need to be resolved, optionally via DNSSEC.
Diffstat (limited to 'doc')
-rw-r--r--doc/doc-docbook/spec.xfpt41
-rw-r--r--doc/doc-txt/ChangeLog2
2 files changed, 21 insertions, 22 deletions
diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt
index f274db74e..bd1c8bfdd 100644
--- a/doc/doc-docbook/spec.xfpt
+++ b/doc/doc-docbook/spec.xfpt
@@ -17018,6 +17018,25 @@ or for any deliveries caused by this router. You should not set this option
unless you really, really know what you are doing. See also the generic
transport option of the same name.
+.option dnssec_request_domains routers "domain list&!!" unset
+.cindex "MX record" "security"
+.cindex "DNSSEC" "MX lookup"
+.cindex "security" "MX lookup"
+.cindex "DNS" "DNSSEC"
+DNS lookups for domains matching &%dnssec_request_domains%& will be done with
+the dnssec request bit set.
+This applies to all of the SRV, MX, AAAA, A lookup sequence.
+
+.option dnssec_require_domains routers "domain list&!!" unset
+.cindex "MX record" "security"
+.cindex "DNSSEC" "MX lookup"
+.cindex "security" "MX lookup"
+.cindex "DNS" "DNSSEC"
+DNS lookups for domains matching &%dnssec_request_domains%& will be done with
+the dnssec request bit set. Any returns not having the Authenticated Data bit
+(AD bit) set wil be ignored and logged as a host-lookup failure.
+This applies to all of the SRV, MX, AAAA, A lookup sequence.
+
.option domains routers&!? "domain list&!!" unset
.cindex "router" "restricting to specific domains"
@@ -18070,28 +18089,6 @@ when there is a DNS lookup error.
-.option dnssec_request_domains dnslookup "domain list&!!" unset
-.cindex "MX record" "security"
-.cindex "DNSSEC" "MX lookup"
-.cindex "security" "MX lookup"
-.cindex "DNS" "DNSSEC"
-DNS lookups for domains matching &%dnssec_request_domains%& will be done with
-the dnssec request bit set.
-This applies to all of the SRV, MX, AAAA, A lookup sequence.
-
-
-
-.option dnssec_require_domains dnslookup "domain list&!!" unset
-.cindex "MX record" "security"
-.cindex "DNSSEC" "MX lookup"
-.cindex "security" "MX lookup"
-.cindex "DNS" "DNSSEC"
-DNS lookups for domains matching &%dnssec_request_domains%& will be done with
-the dnssec request bit set. Any returns not having the Authenticated Data bit
-(AD bit) set wil be ignored and logged as a host-lookup failure.
-This applies to all of the SRV, MX, AAAA, A lookup sequence.
-
-
.option fail_defer_domains dnslookup "domain list&!!" unset
.cindex "MX record" "not found"
diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog
index c0a965eeb..2421bab45 100644
--- a/doc/doc-txt/ChangeLog
+++ b/doc/doc-txt/ChangeLog
@@ -83,6 +83,8 @@ JH/23 Bug 1572: Increase limit on SMTP confirmation message copy size
JH/24 Verification callouts now attempt to use TLS by default.
+HS/01 DNSSEC options (dnssec_require_domains, dnssec_request_domains)
+ are generic router options now. The defaults didn't change.
Exim version 4.85