Adding upstream version 5.6.0.upstream/5.6.0upstream

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>

1 files changed, 26 insertions, 0 deletions

diff --git a/lib/layer/mode.rst b/lib/layer/mode.rst
new file mode 100644
index 0000000..d64257e
--- /dev/null
+++ b/lib/layer/mode.rst
@@ -0,0 +1,26 @@
+.. SPDX-License-Identifier: GPL-3.0-or-later
+
+.. function:: mode(['strict' | 'normal' | 'permissive'])
+
+   :param: New checking level specified as string (*optional*).
+   :return: Current checking level.
+
+   Get or change resolver strictness checking level.
+
+   By default, resolver runs in *normal* mode. There are possibly many small adjustments
+   hidden behind the mode settings, but the main idea is that in *permissive* mode, the resolver
+   tries to resolve a name with as few lookups as possible, while in *strict* mode it spends much
+   more effort resolving and checking referral path. However, if majority of the traffic is covered
+   by DNSSEC, some of the strict checking actions are counter-productive.
+
+   .. csv-table::
+    :header: "Glue type", "Modes when it is accepted",   "Example glue [#example_glue]_"
+
+    "mandatory glue",     "strict, normal, permissive",  "ns1.example.org"
+    "in-bailiwick glue",  "normal, permissive",          "ns1.example2.org"
+    "any glue records",   "permissive",                  "ns1.example3.net"
+
+   .. [#example_glue] The examples show glue records acceptable from servers
+        authoritative for `org` zone when delegating to `example.org` zone.
+        Unacceptable or missing glue records trigger resolution of names listed
+        in NS records before following respective delegation.