Document dynamic update forwarding limitation when XoT is enabled

author Aram Sargsyan <aram@isc.org>

Tue, 13 Sep 2022 09:52:32 +0000 (09:52 +0000)

committer Aram Sargsyan <aram@isc.org>

Thu, 22 Sep 2022 10:54:56 +0000 (10:54 +0000)
author Aram Sargsyan <aram@isc.org>
Tue, 13 Sep 2022 09:52:32 +0000 (09:52 +0000)
committer Aram Sargsyan <aram@isc.org>
Thu, 22 Sep 2022 10:54:56 +0000 (10:54 +0000)
diff --git a/doc/arm/reference.rst b/doc/arm/reference.rst

index ef5e72228e58d47797f3f1c6dbcba96fdbd4a483..26af274c002620b3592d689b14e0f185f6bd3bf5 100644 (file)
--- a/doc/arm/reference.rst
+++ b/doc/arm/reference.rst
@@ -1074,6 +1074,13 @@ where ``tls-configuration-name`` refers to a previously defined
     observers but does not protect from man-in-the-middle attacks on
     zone transfers.
  
+.. warning::
+
+  Please note that this version of BIND 9 does not support dynamic updates
+  forwarding (see :any:`allow-update-forwarding`) in conjuction with zone
+  transfers over TLS (XoT), that is when the :any:`tls` keyword is used with
+  :any:`primaries`, e.g. ``primaries { 192.0.2.1 tls tls-configuration-name; };``.
+
  .. _options_grammar:
  
  ``options`` Block Grammar
author	Aram Sargsyan <aram@isc.org>
	Tue, 13 Sep 2022 09:52:32 +0000 (09:52 +0000)
committer	Aram Sargsyan <aram@isc.org>
	Thu, 22 Sep 2022 10:54:56 +0000 (10:54 +0000)