From a4606862388b0e18821798d849129a2ab5f40bd0 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Vladim=C3=ADr=20=C4=8Cun=C3=A1t?= Date: Tue, 23 Mar 2021 11:29:42 +0100 Subject: [PATCH] policy/README: fix "DNS-over-UDP" mentions Regressed in acd019db2. The intention was clearly to say that encryption (i.e. DNS-over-TLS) is not supported. --- modules/policy/README.rst | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/policy/README.rst b/modules/policy/README.rst index d209f846c..83ca7729d 100644 --- a/modules/policy/README.rst +++ b/modules/policy/README.rst @@ -302,7 +302,7 @@ Actions :func:`policy.FORWARD`, :func:`policy.TLS_FORWARD` and :func:`policy.STU .. function:: FORWARD(ip_address) FORWARD({ ip_address, [ip_address, ...] }) - Forward cache-miss queries to specified IP addresses via DNS-over-UDP, DNSSEC validate received answers and cache them. Target IP addresses are expected to be DNS resolvers. + Forward cache-miss queries to specified IP addresses (without encryption), DNSSEC validate received answers and cache them. Target IP addresses are expected to be DNS resolvers. .. code-block:: lua @@ -320,7 +320,7 @@ Actions :func:`policy.FORWARD`, :func:`policy.TLS_FORWARD` and :func:`policy.STU Similar to :func:`policy.FORWARD` but *without* attempting DNSSEC validation. Each request may be either answered from cache or simply sent to one of the IPs with proxying back the answer. - This mode supports only DNS-over-UDP and should be used only for `Replacing part of the DNS tree`_. + This mode does not support encryption and should be used only for `Replacing part of the DNS tree`_. Use :func:`policy.FORWARD` mode if possible. .. code-block:: lua -- 2.47.2