note PROXY/trusted-notification-proxy interaction

diff --git a/docs/settings.rst b/docs/settings.rst
index a5930e7eaf5ab873187e212f7bbc0c3812740735..5ca61883eb40f24a6bf4cffe22bdad68395bf2b1 100644 (file)
--- a/docs/settings.rst
+++ b/docs/settings.rst
@@ -1253,7 +1253,7 @@ prevent-self-notification to "no".
 
 Turn on operating as a primary. See :ref:`primary-operation`.
 
-.. _setting-proxy-protocol-from
+.. _setting-proxy-protocol-from:
 
 ``proxy-protocol-from``
 -----------------------
@@ -1266,6 +1266,7 @@ Ranges that are required to send a Proxy Protocol version 2 header in front of U
 Queries that are not prefixed with such a header will not be accepted from clients in these ranges. Queries prefixed by headers from clients that are not listed in these ranges will be dropped.
 
 Note that once a Proxy Protocol header has been received, the source address from the proxy header instead of the address of the proxy will be checked against primary addresses sending NOTIFYs, and the ACLs for any client requesting AXFRs.
+When using this setting combined with :ref:`setting-trusted-notification-proxy`, please be aware that the trusted address will also be checked against the source address in the PROXY header.
 
 .. _setting-proxy-protocol-maximum-size: