--- debian/systemd_howto | 2 +- man/dnsmasq.8 | 4 ++-- src/cache.c | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/debian/systemd_howto b/debian/systemd_howto index 31908e5..3ab5244 100644 --- a/debian/systemd_howto +++ b/debian/systemd_howto @@ -32,7 +32,7 @@ TODO #1 - Found shortcoming on 2019-03-10 Only the option DNSMASQ_EXCEPT="lo" avoids that an DNS instance will be set as the machine's DNS resolver. This may interfere with the wish to run an additional instance on a different port on the localhost addresses. -My suggestion in the initial Debian report [1] was to specify a explicit variable for this. +My suggestion in the initial Debian report [1] was to specify an explicit variable for this. [1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=914305#5 diff --git a/man/dnsmasq.8 b/man/dnsmasq.8 index addc29c..8f0ffdb 100644 --- a/man/dnsmasq.8 +++ b/man/dnsmasq.8 @@ -515,7 +515,7 @@ address of 0.0.0.0 and its IPv6 equivalent of :: so \fB--address=/example.com/#\fP will return NULL addresses for example.com and its subdomains. This is partly syntactic sugar for \fB--address=/example.com/0.0.0.0\fP and \fB--address=/example.com/::\fP but is also more efficient than including both -as seperate configuration lines. Note that NULL addresses normally work in the same way as localhost, so beware that clients looking up these names are likely to end up talking to themselves. +as separate configuration lines. Note that NULL addresses normally work in the same way as localhost, so beware that clients looking up these names are likely to end up talking to themselves. .TP .B --ipset=/<domain>[/<domain>...]/<ipset>[,<ipset>...] Places the resolved IP addresses of queries for one or more domains in @@ -748,7 +748,7 @@ fast. Versions of dnsmasq prior to 2.80 defaulted to not checking unsigned replies, and used .B --dnssec-check-unsigned -to switch this on. Such configurations will continue to work as before, but those which used the default of no checking will need to be altered to explicitly select no checking. The new default is because switching off checking for unsigned replies is inherently dangerous. Not only does it open the possiblity of forged replies, but it allows everything to appear to be working even when the upstream namesevers do not support DNSSEC, and in this case no DNSSEC validation at all is occuring. +to switch this on. Such configurations will continue to work as before, but those which used the default of no checking will need to be altered to explicitly select no checking. The new default is because switching off checking for unsigned replies is inherently dangerous. Not only does it open the possiblity of forged replies, but it allows everything to appear to be working even when the upstream namesevers do not support DNSSEC, and in this case no DNSSEC validation at all is occurring. .TP .B --dnssec-no-timecheck DNSSEC signatures are only valid for specified time windows, and should be rejected outside those windows. This generates an diff --git a/src/cache.c b/src/cache.c index 6168073..5d7ce65 100644 --- a/src/cache.c +++ b/src/cache.c @@ -771,7 +771,7 @@ int cache_recv_insert(time_t now, int fd) else if (flags & F_CNAME) { struct crec *newc = really_insert(daemon->namebuff, NULL, C_IN, now, ttl, flags); - /* This relies on the fact the the target of a CNAME immediately preceeds + /* This relies on the fact the the target of a CNAME immediately precedes it because of the order of extraction in extract_addresses, and the order reversal on the new_chain. */ if (newc) -- 2.17.1 _______________________________________________ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss