output a Distinguished Name string which is
not quite
parseable by Exim as a comma-separated tagged list
-(the exceptions being elements containin commas).
+(the exceptions being elements containing commas).
RDN elements of a single type may be selected by
a modifier of the type label; if so the expansion
result is a list (newline-separated by default).
If an attempt to populate &$sender_host_name$& has been made
(by reference, &%hosts_lookup%& or
otherwise) then this boolean will have been set true if, and only if, the
-resolver library states that the reverse DNS was authenticated data. At all
+resolver library states that both
+the reverse and forward DNS were authenticated data. At all
other times, this variable is false.
It is likely that you will need to coerce DNSSEC support on in the resolver
Exim does not perform DNSSEC validation itself, instead leaving that to a
validating resolver (eg, unbound, or bind with suitable configuration).
-Exim does not (currently) check to see if the forward DNS was also secured
-with DNSSEC, only the reverse DNS.
-
If you have changed &%host_lookup_order%& so that &`bydns`& is not the first
mechanism in the list, then this variable will be false.
.cindex "DNS" "DNSSEC"
DNS lookups for domains matching &%dnssec_request_domains%& will be done with
the dnssec request bit set. Any returns not having the Authenticated Data bit
-(AD bit) set wil be ignored and logged as a host-lookup failure.
+(AD bit) set will be ignored and logged as a host-lookup failure.
This applies to all of the SRV, MX, AAAA, A lookup sequence.