resolved: populate negative trust anchor by default

Let's increase compatibility with many private domains by default, and ship a default NTA list of wel-known private domains, where it is unlikely they will be deployed as official TLD anytime soon.
author: Lennart Poettering <lennart@poettering.net> 2016-01-06 00:59:51 +0100
committer: Lennart Poettering <lennart@poettering.net> 2016-01-06 01:04:23 +0100
commit: 30c778094b90a637c6691c462a66df81eeb865b5 (patch)
tree: b45d1e3557d558e9c4fa267f01828f4698b94803 /man/dnssec-trust-anchors.d.xml
parent: b3331c3970fe4aa08eed1a6864080e57a3fbbbd8 (diff)
1 files changed, 4 insertions, 0 deletions
diff --git a/man/dnssec-trust-anchors.d.xml b/man/dnssec-trust-anchors.d.xml
index 9a7cf3c881..5f15d7cd59 100644
--- a/man/dnssec-trust-anchors.d.xml
+++ b/man/dnssec-trust-anchors.d.xml
@@ -175,6 +175,10 @@
 
     <para><ulink url="https://tools.ietf.org/html/rfc7646">RFC
     7646</ulink> for details on negative trust anchors.</para>
+
+    <para>If no negative trust anchor files are configured a built-in
+    set of well-known private DNS zone domains is used as negative
+    trust anchors.</para>
   </refsect1>
 
   <refsect1>
author	Lennart Poettering <lennart@poettering.net>	2016-01-06 00:59:51 +0100
committer	Lennart Poettering <lennart@poettering.net>	2016-01-06 01:04:23 +0100
commit	30c778094b90a637c6691c462a66df81eeb865b5 (patch)
tree	b45d1e3557d558e9c4fa267f01828f4698b94803 /man/dnssec-trust-anchors.d.xml
parent	b3331c3970fe4aa08eed1a6864080e57a3fbbbd8 (diff)