Revert "wip TLSA"

[pdns-pipe-nmc.git] / SPEC.md

diff --git a/SPEC.md b/SPEC.md
index b93a852a339847b29931c173766510d216908c45..4a0fb4ac7fdf82a890821236345580353d9b828e 100644 (file)
--- a/SPEC.md
+++ b/SPEC.md
@@ -340,8 +340,8 @@ is equivalent to
 ```
 "map": { "uk": { "map": { "www": { "alias" : "www.example.co.uk" }}}
        , "us": { "map": { "www": { "alias" : "www.example.com" }
 ```
 "map": { "uk": { "map": { "www": { "alias" : "www.example.co.uk" }}}
        , "us": { "map": { "www": { "alias" : "www.example.com" }

-                       , "smtp": { "alias" : "smtp.example.com" }}
-              }
+                        , "smtp": { "alias" : "smtp.example.com" }}
+               }

        }
 ```
 
        }
 ```
 


@@ -365,6 +365,20 @@ Intended to carry attributes as per
        }
 ```
 
        }
 ```
 

+translates into:
+
+```
+_443._tcp      TLSA  (3 0 1 660008F9...7621B787)
+_25._tcp       TLSA  (3 0 1 660008F9...7621B787)
+```
+
+The third element of the `TlsObj` heterogenous array is an extention
+to the DANE definition. Value `0` means that this rule is not enforced
+upon subdomains, value `1` means that it is enforced on subdomains.
+Rule defined inside a subdomain `DomObj` that specifies `0` on a rule
+existing in upper domain, that specifies `1` should be ignored. I.e.
+subdomain rule cannot revoke enforcement imposed by an upper domain rule.
+

 #### ds attribute
 
 Translates into `DS` RR. Carries attributes defined by
 #### ds attribute
 
 Translates into `DS` RR. Carries attributes defined by