diff options
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/doc-docbook/spec.xfpt | 6 | ||||
| -rw-r--r-- | doc/doc-txt/ChangeLog | 3 |
2 files changed, 5 insertions, 4 deletions
diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt index d4ebf464d..c1668c7ac 100644 --- a/doc/doc-docbook/spec.xfpt +++ b/doc/doc-docbook/spec.xfpt @@ -12223,7 +12223,8 @@ received. It is empty if there was no successful authentication. See also If an attempt to populate &$sender_host_name$& has been made (by reference, &%hosts_lookup%& or otherwise) then this boolean will have been set true if, and only if, the -resolver library states that the reverse DNS was authenticated data. At all +resolver library states that both +the reverse and forward DNS were authenticated data. At all other times, this variable is false. It is likely that you will need to coerce DNSSEC support on in the resolver @@ -12235,9 +12236,6 @@ dns_dnssec_ok = 1 Exim does not perform DNSSEC validation itself, instead leaving that to a validating resolver (eg, unbound, or bind with suitable configuration). -Exim does not (currently) check to see if the forward DNS was also secured -with DNSSEC, only the reverse DNS. - If you have changed &%host_lookup_order%& so that &`bydns`& is not the first mechanism in the list, then this variable will be false. diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog index 789887e35..c6825d5be 100644 --- a/doc/doc-txt/ChangeLog +++ b/doc/doc-txt/ChangeLog @@ -103,6 +103,9 @@ JH/28 Bug 1588: Do not use the A lookup following an AAAA for setting the FQDN. JH/29 Bug 1632: Removed the word "rejected" from line logged for ACL discards. +JH/30 Check the forward DNS lookup for DNSSEC, in addition to the reverse, + when evaluating $sender_host_dnssec. + Exim version 4.85 ----------------- |