X-Git-Url: https://git.exim.org/users/heiko/exim.git/blobdiff_plain/8d91c6dcd2c16f9a84b7abf47d130bac1a8bb273..4e0983dcef8dd8630fc77aad39f7606e2ed32199:/doc/doc-docbook/spec.xfpt diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt index 72823028d..0e6a38bd9 100644 --- a/doc/doc-docbook/spec.xfpt +++ b/doc/doc-docbook/spec.xfpt @@ -6981,6 +6981,8 @@ ${lookup dnsdb{a=one.host.com:two.host.com}} Thus, in the default case, as long as at least one of the DNS lookups yields some data, the lookup succeeds. +.new +.cindex "DNSSEC" "dns lookup" Use of &(DNSSEC)& is controlled by a dnssec modifier. The possible keywords are &"dnssec_strict"&, &"dnssec_lax"&, and &"dnssec_never"&. @@ -6989,7 +6991,10 @@ with the lookup. With &"strict"& a response from the DNS resolver that is not labelled as authenticated data is treated as equivalent to a temporary DNS error. -The default is &"never". +The default is &"never"&. + +See also the &$lookup_dnssec_authenticated$& variable. +.wen @@ -7213,7 +7218,9 @@ them. The following names are recognized: &`USER `& set the DN, for authenticating the LDAP bind &`PASS `& set the password, likewise &`REFERRALS `& set the referrals parameter +.new &`SERVERS `& set alternate server list for this query only +.wen &`SIZE `& set the limit for the number of entries returned &`TIME `& set the maximum waiting time for a query .endd @@ -7235,6 +7242,7 @@ Netscape SDK; for OpenLDAP no action is taken. The TIME parameter (also a number of seconds) is passed to the server to set a server-side limit on the time taken to complete a search. +.new The SERVERS parameter allows you to specify an alternate list of ldap servers to use for an individual lookup. The global ldap_servers option provides a default list of ldap servers, and a single lookup can specify a single ldap @@ -7242,7 +7250,7 @@ server to use. But when you need to do a lookup with a list of servers that is different than the default list (maybe different order, maybe a completely different set of servers), the SERVERS parameter allows you to specify this alternate list. - +.wen Here is an example of an LDAP query in an Exim lookup that uses some of these values. This is a single line, folded to fit on the page: @@ -11445,6 +11453,16 @@ ability to find the amount of free space (only true for experimental systems), the space value is -1. See also the &%check_log_space%& option. +.new +.vitem &$lookup_dnssec_authenticated$& +.vindex "&$lookup_dnssec_authenticated$&" +This variable is set after a DNS lookup done by +either a dnslookup router or a dnsdb lookup expansion. +It will be empty if &(DNSSEC)& was not requested, +&"no"& if the result was not labelled as authenticated data +and &"yes"& if it was. +.wen + .vitem &$mailstore_basename$& .vindex "&$mailstore_basename$&" This variable is set only when doing deliveries in &"mailstore"& format in the @@ -17646,6 +17664,7 @@ when there is a DNS lookup error. +.new .option dnssec_request_domains dnslookup "domain list&!!" unset .cindex "MX record" "security" .cindex "DNSSEC" "MX lookup" @@ -17655,8 +17674,12 @@ DNS lookups for domains matching &%dnssec_request_domains%& will be done with the dnssec request bit set. This applies to all of the SRV, MX A6, AAAA, A lookup sequence. +See also the &$lookup_dnssec_authenticated$& variable. +.wen + +.new .option dnssec_require_domains dnslookup "domain list&!!" unset .cindex "MX record" "security" .cindex "DNSSEC" "MX lookup" @@ -17666,6 +17689,7 @@ DNS lookups for domains matching &%dnssec_request_domains%& will be done with the dnssec request bit set. Any returns not having the Authenticated Data bit (AD bit) set wil be ignored and logged as a host-lookup failure. This applies to all of the SRV, MX A6, AAAA, A lookup sequence. +.wen