resolved,networkd: add a per-interface DNSSEC setting

This adds a DNSSEC= setting to .network files, and makes resolved honour them.
author: Lennart Poettering <lennart@poettering.net> 2016-01-05 19:57:33 +0100
committer: Lennart Poettering <lennart@poettering.net> 2016-01-05 20:10:31 +0100
commit: ad6c04756115809d615dede330213d73edf732a8 (patch)
tree: 832a20d697321d22b62cabc5b9695b231a6f04f1 /man/resolved.conf.xml
parent: 125ae29d1bc3a6362c9bb1acddbe09fe1b274cfc (diff)
1 files changed, 10 insertions, 0 deletions
diff --git a/man/resolved.conf.xml b/man/resolved.conf.xml
index c2c277b606..3209f73bc1 100644
--- a/man/resolved.conf.xml
+++ b/man/resolved.conf.xml
@@ -194,6 +194,16 @@
         happen regularly. On other systems it is recommended to set
         <varname>DNSSEC=</varname> to
         <literal>allow-downgrade</literal>.</para>
+
+        <para>In addition to this global DNSSEC setting
+        <citerefentry><refentrytitle>systemd-networkd.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>
+        also maintains per-interface DNSSEC settings. For system DNS
+        servers (see above), only the global DNSSEC setting is in
+        effect. For per-interface DNS servers the per-interface
+        setting is in effect, unless it is unset in which case the
+        global setting is used instead.</para>
+
+        <para>Defaults to off.</para>
         </listitem>
       </varlistentry>
author	Lennart Poettering <lennart@poettering.net>	2016-01-05 19:57:33 +0100
committer	Lennart Poettering <lennart@poettering.net>	2016-01-05 20:10:31 +0100
commit	ad6c04756115809d615dede330213d73edf732a8 (patch)
tree	832a20d697321d22b62cabc5b9695b231a6f04f1 /man/resolved.conf.xml
parent	125ae29d1bc3a6362c9bb1acddbe09fe1b274cfc (diff)