diff options
author | Lennart Poettering <lennart@poettering.net> | 2016-01-06 18:36:32 +0100 |
---|---|---|
committer | Lennart Poettering <lennart@poettering.net> | 2016-01-06 18:36:32 +0100 |
commit | 8a516214c4412e8a40544bd725a6d499a30cbbbf (patch) | |
tree | d8e7504d9da15641f03f7b4ca82dd3fc612544ed /man | |
parent | bec690501ed544199e72a292fbd6d28bc1e1727e (diff) |
resolved: introduce support for per-interface negative trust anchors
Diffstat (limited to 'man')
-rw-r--r-- | man/dnssec-trust-anchors.d.xml | 9 | ||||
-rw-r--r-- | man/systemd.network.xml | 14 |
2 files changed, 22 insertions, 1 deletions
diff --git a/man/dnssec-trust-anchors.d.xml b/man/dnssec-trust-anchors.d.xml index 5f15d7cd59..51271abc16 100644 --- a/man/dnssec-trust-anchors.d.xml +++ b/man/dnssec-trust-anchors.d.xml @@ -179,6 +179,12 @@ <para>If no negative trust anchor files are configured a built-in set of well-known private DNS zone domains is used as negative trust anchors.</para> + + <para>It is also possibly to define per-interface negative trust + anchors using the <varname>DNSSECNegativeTrustAnchors=</varname> + setting in + <citerefentry><refentrytitle>systemd.network</refentrytitle><manvolnum>5</manvolnum></citerefentry> + files.</para> </refsect1> <refsect1> @@ -186,7 +192,8 @@ <para> <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>, <citerefentry><refentrytitle>systemd-resolved.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>, - <citerefentry><refentrytitle>resolved.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry> + <citerefentry><refentrytitle>resolved.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>, + <citerefentry><refentrytitle>systemd.network</refentrytitle><manvolnum>5</manvolnum></citerefentry> </para> </refsect1> diff --git a/man/systemd.network.xml b/man/systemd.network.xml index 1dfa559c8b..5a6383cfc2 100644 --- a/man/systemd.network.xml +++ b/man/systemd.network.xml @@ -319,6 +319,20 @@ </listitem> </varlistentry> <varlistentry> + <term><varname>DNSSECNegativeTrustAnchors=</varname></term> + <listitem><para>A space-separated list of DNSSEC negative + trust anchor domains. If specified and DNSSEC is enabled, + look-ups done via the interface's DNS server will be subject + to the list of negative trust anchors, and not require + authentication for the specified domains, or anything below + it. Use this to disable DNSSEC authentication for specific + private domains, that cannot be proven valid using the + Internet DNS hierarchy. Defaults to the empty list. This + setting is read by + <citerefentry><refentrytitle>systemd-resolved.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>.</para> + </listitem> + </varlistentry> + <varlistentry> <term><varname>LLDP=</varname></term> <listitem> <para>A boolean. When true, enables LLDP link receive support. |