summaryrefslogtreecommitdiff
path: root/man/dnssec-trust-anchors.d.xml
diff options
context:
space:
mode:
authorLennart Poettering <lennart@poettering.net>2016-01-06 00:59:51 +0100
committerLennart Poettering <lennart@poettering.net>2016-01-06 01:04:23 +0100
commit30c778094b90a637c6691c462a66df81eeb865b5 (patch)
treeb45d1e3557d558e9c4fa267f01828f4698b94803 /man/dnssec-trust-anchors.d.xml
parentb3331c3970fe4aa08eed1a6864080e57a3fbbbd8 (diff)
resolved: populate negative trust anchor by default
Let's increase compatibility with many private domains by default, and ship a default NTA list of wel-known private domains, where it is unlikely they will be deployed as official TLD anytime soon.
Diffstat (limited to 'man/dnssec-trust-anchors.d.xml')
-rw-r--r--man/dnssec-trust-anchors.d.xml4
1 files changed, 4 insertions, 0 deletions
diff --git a/man/dnssec-trust-anchors.d.xml b/man/dnssec-trust-anchors.d.xml
index 9a7cf3c881..5f15d7cd59 100644
--- a/man/dnssec-trust-anchors.d.xml
+++ b/man/dnssec-trust-anchors.d.xml
@@ -175,6 +175,10 @@
<para><ulink url="https://tools.ietf.org/html/rfc7646">RFC
7646</ulink> for details on negative trust anchors.</para>
+
+ <para>If no negative trust anchor files are configured a built-in
+ set of well-known private DNS zone domains is used as negative
+ trust anchors.</para>
</refsect1>
<refsect1>