From: Mark Andrews <marka@isc.org>
Date: Fri, 22 Aug 2014 01:49:58 +0000 (+1000)
Subject: 3918.   [doc]           Update check-spf documentation. [RT #36910]
X-Git-Tag: v9.8.8rc1~23
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e0370ec1a893261c03729b076b3f161b63c8bc8e;p=thirdparty%2Fbind9.git

3918.   [doc]           Update check-spf documentation. [RT #36910]
---

diff --git a/CHANGES b/CHANGES
index 677b762e680..356e6864bab 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,5 @@
+3918.	[doc]		Update check-spf documentation. [RT #36910]
+
 3917.	[bug]		dig, nslookup and host now continue on names that are
 			too long after applying a search list elements.
 			[RT #36892]
diff --git a/doc/arm/Bv9ARM-book.xml b/doc/arm/Bv9ARM-book.xml
index 4a13e0d504b..b26a8b52f64 100644
--- a/doc/arm/Bv9ARM-book.xml
+++ b/doc/arm/Bv9ARM-book.xml
@@ -4690,7 +4690,7 @@ badresp:1,adberr:0,findfail:0,valfail:0]
     <optional> check-mx-cname ( <replaceable>warn</replaceable> | <replaceable>fail</replaceable> | <replaceable>ignore</replaceable> ); </optional>
     <optional> check-srv-cname ( <replaceable>warn</replaceable> | <replaceable>fail</replaceable> | <replaceable>ignore</replaceable> ); </optional>
     <optional> check-sibling <replaceable>yes_or_no</replaceable>; </optional>
-    <optional> check-spf ( <replaceable>warn</replaceable> | <replaceable>fail</replaceable> | <replaceable>ignore</replaceable> ); </optional>
+    <optional> check-spf ( <replaceable>warn</replaceable> | <replaceable>ignore</replaceable> ); </optional>
     <optional> allow-new-zones { <replaceable>yes_or_no</replaceable> }; </optional>
     <optional> allow-notify { <replaceable>address_match_list</replaceable> }; </optional>
     <optional> allow-query { <replaceable>address_match_list</replaceable> }; </optional>
@@ -6442,10 +6442,13 @@ options {
 		  The default is <command>yes</command>.
 		</para>
 		<para>
-		  Check that the two forms of Sender Policy Framework
-		  records (TXT records starting with "v=spf1" and SPF) either
-		  both exist or both don't exist.  Warnings are
-		  emitted it they don't and be suppressed with
+		  The use of the SPF record for publishing Sender
+		  Policy Framework is deprecated as the migration
+		  from using TXT records to SPF records was abandoned.
+		  Enabling this option also checks that a TXT Sender
+		  Policy Framework record exists (starts with "v=spf1")
+		  if there is an SPF record. Warnings are emitted if the
+		  TXT record does not exist and can be suppressed with
 		  <command>check-spf</command>.
 		</para>
 	      </listitem>
@@ -6487,11 +6490,11 @@ options {
 	      <term><command>check-spf</command></term>
 	      <listitem>
 		<para>
-		  When performing integrity checks, check that the
-		  two forms of Sender Policy Framwork records (TXT
-		  records starting with "v=spf1" and SPF) both exist
-		  or both don't exist and issue a warning if not
-		  met.  The default is <command>warn</command>.
+		  If <command>check-integrity</command> is set then
+		  check that there is a TXT Sender Policy Framework
+		  record present (starts with "v=spf1") if there is an
+		  SPF record present. The default is
+		  <command>warn</command>.
 		</para>
 	      </listitem>
 	    </varlistentry>
@@ -9947,7 +9950,7 @@ view "external" {
     <optional> check-names (<constant>warn</constant>|<constant>fail</constant>|<constant>ignore</constant>) ; </optional>
     <optional> check-mx (<constant>warn</constant>|<constant>fail</constant>|<constant>ignore</constant>) ; </optional>
     <optional> check-wildcard <replaceable>yes_or_no</replaceable>; </optional>
-    <optional> check-spf ( <replaceable>warn</replaceable> | <replaceable>fail</replaceable> | <replaceable>ignore</replaceable> ); </optional>
+    <optional> check-spf ( <replaceable>warn</replaceable> | <replaceable>ignore</replaceable> ); </optional>
     <optional> check-integrity <replaceable>yes_or_no</replaceable> ; </optional>
     <optional> dialup <replaceable>dialup_option</replaceable> ; </optional>
     <optional> file <replaceable>string</replaceable> ; </optional>