diff options
| author | Tom Gundersen <teg@jklm.no> | 2016-01-25 20:28:38 +0100 |
|---|---|---|
| committer | Tom Gundersen <teg@jklm.no> | 2016-01-25 20:28:38 +0100 |
| commit | f49ce89edf37a20abed923782dd8176d6c0e7166 (patch) | |
| tree | 5174563e958ef5be22eebd7d9b848d37e724a911 /catalog/systemd.catalog | |
| parent | 164228707d7785a27316e2f28be7068044127016 (diff) | |
| parent | 6c1e69f9456d022f14dd00737126cfa4d9cca10c (diff) | |
Merge pull request #2392 from poettering/dnssec18
eightteenth dnssec patch
Diffstat (limited to 'catalog/systemd.catalog')
| -rw-r--r-- | catalog/systemd.catalog | 40 |
1 files changed, 40 insertions, 0 deletions
diff --git a/catalog/systemd.catalog b/catalog/systemd.catalog index 4488c835a8..696f4ed618 100644 --- a/catalog/systemd.catalog +++ b/catalog/systemd.catalog @@ -1,3 +1,4 @@ +# -*- fill-column: 79; indent-tabs-mode: nil -*- # This file is part of systemd. # # Copyright 2012 Lennart Poettering @@ -278,3 +279,42 @@ Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel The virtual machine @NAME@ with its leader PID @LEADER@ has been shut down. + +-- 36db2dfa5a9045e1bd4af5f93e1cf057 +Subject: DNSSEC mode has been turned off, as server doesn't support it +Defined-By: systemd +Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel +Documentation: man:systemd-resolved.service(8) resolved.conf(5) + +The resolver service (systemd-resolved.service) has detected that the +configured DNS server does not support DNSSEC, and DNSSEC validation has been +turned off as result. + +This event will take place if DNSSEC=allow-downgrade is configured in +resolved.conf and the configured DNS server is incompatible with DNSSEC. Note +that using this mode permits DNSSEC downgrade attacks, as an attacker might be +able turn off DNSSEC validation on the system by inserting DNS replies in the +communication channel that result in a downgrade like this. + +This event might be indication that the DNS server is indeed incompatible with +DNSSEC or that an attacker has successfully managed to stage such a downgrade +attack. + +-- 1675d7f172174098b1108bf8c7dc8f5d +Subject: DNSSEC validation failed +Defined-By: systemd +Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel +Documentation: man:systemd-resolved.service(8) + +A DNS query or resource record set failed DNSSEC validation. This is usually +indication that the communication channel used was tampered with. + +-- 4d4408cfd0d144859184d1e65d7c8a65 +Subject: A DNSSEC trust anchor has been revoked +Defined-By: systemd +Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel +Documentation: man:systemd-resolved.service(8) + +A DNSSEC trust anchor has been revoked. A new trust anchor has to be +configured, or the operating system needs to be updated, to provide an updated +DNSSEC trust anchor. |