From: Eugene Crosser <crosser@average.org>
Date: Sun, 27 Apr 2014 18:02:58 +0000 (+0400)
Subject: expand doc on tls attribute
X-Git-Tag: 0.9.0.0~9
X-Git-Url: http://www.average.org/gitweb/?p=pdns-pipe-nmc.git;a=commitdiff_plain;h=946bf9517524052ccb0cfa9ee2568c76848c49d2;hp=fa2d64f8e53437f388e0760b239b7a0424ec1453;ds=sidebyside

expand doc on tls attribute
---

diff --git a/SPEC.md b/SPEC.md
index 6c15199..4a0fb4a 100644
--- a/SPEC.md
+++ b/SPEC.md
@@ -365,6 +365,20 @@ Intended to carry attributes as per
        }
 ```
 
+translates into:
+
+```
+_443._tcp      TLSA  (3 0 1 660008F9...7621B787)
+_25._tcp       TLSA  (3 0 1 660008F9...7621B787)
+```
+
+The third element of the `TlsObj` heterogenous array is an extention
+to the DANE definition. Value `0` means that this rule is not enforced
+upon subdomains, value `1` means that it is enforced on subdomains.
+Rule defined inside a subdomain `DomObj` that specifies `0` on a rule
+existing in upper domain, that specifies `1` should be ignored. I.e.
+subdomain rule cannot revoke enforcement imposed by an upper domain rule.
+
 #### ds attribute
 
 Translates into `DS` RR. Carries attributes defined by