Fix out-of-zone-additional-processing documentation

author Graham Hayes <graham.hayes@hp.com>

Thu, 9 Jul 2015 17:18:30 +0000 (18:18 +0100)

committer Graham Hayes <graham.hayes@hp.com>

Thu, 9 Jul 2015 17:18:30 +0000 (18:18 +0100)
author Graham Hayes <graham.hayes@hp.com>
Thu, 9 Jul 2015 17:18:30 +0000 (18:18 +0100)
committer Graham Hayes <graham.hayes@hp.com>
Thu, 9 Jul 2015 17:18:30 +0000 (18:18 +0100)
diff --git a/docs/markdown/authoritative/settings.md b/docs/markdown/authoritative/settings.md

index dff03e2583bd4519599e645ed80b2cb56ac47642..767985036b4c3e212273cd505d56a29899460534 100644 (file)
--- a/docs/markdown/authoritative/settings.md
+++ b/docs/markdown/authoritative/settings.md
@@ -507,13 +507,16 @@ or ALSO-NOTIFY metadata always receive AXFR NOTIFY.
  
  ## `out-of-zone-additional-processing`
  * Boolean
-* Default: no
+* Default: yes
  
  Do out of zone additional processing. This means that if a malicious user adds a
  '.com' zone to your server, it is not used for other domains and will not
  contaminate answers. Do not enable this setting if you run a public DNS service
  with untrusted users.
  
+The docs had previously indicated that the default was "no", but the default has
+been "yes" since 2005.
+
  ## `pipebackend-abi-version`
  * Integer
  * Default: 1
author	Graham Hayes <graham.hayes@hp.com>
	Thu, 9 Jul 2015 17:18:30 +0000 (18:18 +0100)
committer	Graham Hayes <graham.hayes@hp.com>
	Thu, 9 Jul 2015 17:18:30 +0000 (18:18 +0100)