From: Vladimír Čunát <vladimir.cunat@nic.cz>
Date: Tue, 23 Mar 2021 10:29:42 +0000 (+0100)
Subject: policy/README: fix "DNS-over-UDP" mentions
X-Git-Tag: v5.3.1~3^2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a4606862388b0e18821798d849129a2ab5f40bd0;p=thirdparty%2Fknot-resolver.git

policy/README: fix "DNS-over-UDP" mentions

Regressed in acd019db2.  The intention was clearly to say that
encryption (i.e. DNS-over-TLS) is not supported.
---

diff --git a/modules/policy/README.rst b/modules/policy/README.rst
index d209f846c..83ca7729d 100644
--- a/modules/policy/README.rst
+++ b/modules/policy/README.rst
@@ -302,7 +302,7 @@ Actions :func:`policy.FORWARD`, :func:`policy.TLS_FORWARD` and :func:`policy.STU
 .. function:: FORWARD(ip_address)
               FORWARD({ ip_address, [ip_address, ...] })
 
-   Forward cache-miss queries to specified IP addresses via DNS-over-UDP, DNSSEC validate received answers and cache them. Target IP addresses are expected to be DNS resolvers.
+   Forward cache-miss queries to specified IP addresses (without encryption), DNSSEC validate received answers and cache them. Target IP addresses are expected to be DNS resolvers.
 
    .. code-block:: lua
 
@@ -320,7 +320,7 @@ Actions :func:`policy.FORWARD`, :func:`policy.TLS_FORWARD` and :func:`policy.STU
    Similar to :func:`policy.FORWARD` but *without* attempting DNSSEC validation.
    Each request may be either answered from cache or simply sent to one of the IPs with proxying back the answer.
 
-   This mode supports only DNS-over-UDP and should be used only for `Replacing part of the DNS tree`_.
+   This mode does not support encryption and should be used only for `Replacing part of the DNS tree`_.
    Use :func:`policy.FORWARD` mode if possible.
 
    .. code-block:: lua