X-Git-Url: https://git.exim.org/exim.git/blobdiff_plain/d2a2c69b7b97d080d63dfb434584d98eb3228332..1f155f8e69b44ee7678dd1009ae0348e5c8d768e:/doc/doc-docbook/spec.xfpt diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt index 80d8aef81..c1668c7ac 100644 --- a/doc/doc-docbook/spec.xfpt +++ b/doc/doc-docbook/spec.xfpt @@ -8965,7 +8965,7 @@ The field selectors marked as "RFC4514" above output a Distinguished Name string which is not quite parseable by Exim as a comma-separated tagged list -(the exceptions being elements containin commas). +(the exceptions being elements containing commas). RDN elements of a single type may be selected by a modifier of the type label; if so the expansion result is a list (newline-separated by default). @@ -12223,7 +12223,8 @@ received. It is empty if there was no successful authentication. See also If an attempt to populate &$sender_host_name$& has been made (by reference, &%hosts_lookup%& or otherwise) then this boolean will have been set true if, and only if, the -resolver library states that the reverse DNS was authenticated data. At all +resolver library states that both +the reverse and forward DNS were authenticated data. At all other times, this variable is false. It is likely that you will need to coerce DNSSEC support on in the resolver @@ -12235,9 +12236,6 @@ dns_dnssec_ok = 1 Exim does not perform DNSSEC validation itself, instead leaving that to a validating resolver (eg, unbound, or bind with suitable configuration). -Exim does not (currently) check to see if the forward DNS was also secured -with DNSSEC, only the reverse DNS. - If you have changed &%host_lookup_order%& so that &`bydns`& is not the first mechanism in the list, then this variable will be false. @@ -17074,7 +17072,7 @@ This applies to all of the SRV, MX, AAAA, A lookup sequence. .cindex "DNS" "DNSSEC" DNS lookups for domains matching &%dnssec_request_domains%& will be done with the dnssec request bit set. Any returns not having the Authenticated Data bit -(AD bit) set wil be ignored and logged as a host-lookup failure. +(AD bit) set will be ignored and logged as a host-lookup failure. This applies to all of the SRV, MX, AAAA, A lookup sequence.