diff options
author | Lennart Poettering <lennart@poettering.net> | 2016-01-05 17:44:16 +0100 |
---|---|---|
committer | Lennart Poettering <lennart@poettering.net> | 2016-01-05 20:00:53 +0100 |
commit | 1ed8c0fbb4cc51413f3a6025233f41c19f154bc1 (patch) | |
tree | 0dacdca7477fa73cac0c9ef304a72a0da5c2347c /man | |
parent | f41b446a7677c030250ccf318306dc637d1d9871 (diff) |
resolved: rename "downgrade-ok" mode to "allow-downgrade"
After discussing this with Tom, we figured out "allow-downgrade" sounds
nicer.
Diffstat (limited to 'man')
-rw-r--r-- | man/resolved.conf.xml | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/man/resolved.conf.xml b/man/resolved.conf.xml index 3c1e698d33..c2c277b606 100644 --- a/man/resolved.conf.xml +++ b/man/resolved.conf.xml @@ -143,13 +143,13 @@ <varlistentry> <term><varname>DNSSEC=</varname></term> <listitem><para>Takes a boolean argument or - <literal>downgrade-ok</literal>. If true all DNS lookups are + <literal>allow-downgrade</literal>. If true all DNS lookups are DNSSEC-validated locally (excluding LLMNR and Multicast DNS). If a response for a lookup request is detected invalid this is returned as lookup failure to applications. Note that this mode requires a DNS server that supports DNSSEC. If the DNS server does not properly support DNSSEC all validations - will fail. If set to <literal>downgrade-ok</literal> DNSSEC + will fail. If set to <literal>allow-downgrade</literal> DNSSEC validation is attempted, but if the server does not support DNSSEC properly, DNSSEC mode is automatically disabled. Note that this mode makes DNSSEC validation vulnerable to @@ -176,7 +176,7 @@ lookups will fail, as it cannot be proved anymore whether lookups are correctly signed, or validly unsigned. If <varname>DNSSEC=</varname> is set to - <literal>downgrade-ok</literal> the resolver will + <literal>allow-downgrade</literal> the resolver will automatically turn off DNSSEC validation in such a case.</para> <para>Client programs looking up DNS data will be informed @@ -193,7 +193,7 @@ DNSSEC correctly, and where software or trust anchor updates happen regularly. On other systems it is recommended to set <varname>DNSSEC=</varname> to - <literal>downgrade-ok</literal>.</para> + <literal>allow-downgrade</literal>.</para> </listitem> </varlistentry> |