Document dynamic update forwarding limitation when XoT is enabled

BIND 9.18 does not support sending forwarded DDNS update requests through DoT.
2022-09-13 09:52:32 +00:00
parent f05297fe5a
commit e20cda5928
1 changed files with 7 additions and 0 deletions
--- a/doc/arm/reference.rst
+++ b/doc/arm/reference.rst
@@ -1074,6 +1074,13 @@ where ``tls-configuration-name`` refers to a previously defined
   observers but does not protect from man-in-the-middle attacks on
   zone transfers.

+.. warning::
+
+  Please note that this version of BIND 9 does not support dynamic updates
+  forwarding (see :any:`allow-update-forwarding`) in conjuction with zone
+  transfers over TLS (XoT), that is when the :any:`tls` keyword is used with
+  :any:`primaries`, e.g. ``primaries { 192.0.2.1 tls tls-configuration-name; };``.
+
 .. _options_grammar:

 ``options`` Block Grammar