summaryrefslogtreecommitdiff
path: root/man
diff options
context:
space:
mode:
authorLennart Poettering <lennart@poettering.net>2016-01-05 19:57:33 +0100
committerLennart Poettering <lennart@poettering.net>2016-01-05 20:10:31 +0100
commitad6c04756115809d615dede330213d73edf732a8 (patch)
tree832a20d697321d22b62cabc5b9695b231a6f04f1 /man
parent125ae29d1bc3a6362c9bb1acddbe09fe1b274cfc (diff)
resolved,networkd: add a per-interface DNSSEC setting
This adds a DNSSEC= setting to .network files, and makes resolved honour them.
Diffstat (limited to 'man')
-rw-r--r--man/resolved.conf.xml10
-rw-r--r--man/systemd.network.xml18
2 files changed, 28 insertions, 0 deletions
diff --git a/man/resolved.conf.xml b/man/resolved.conf.xml
index c2c277b606..3209f73bc1 100644
--- a/man/resolved.conf.xml
+++ b/man/resolved.conf.xml
@@ -194,6 +194,16 @@
happen regularly. On other systems it is recommended to set
<varname>DNSSEC=</varname> to
<literal>allow-downgrade</literal>.</para>
+
+ <para>In addition to this global DNSSEC setting
+ <citerefentry><refentrytitle>systemd-networkd.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>
+ also maintains per-interface DNSSEC settings. For system DNS
+ servers (see above), only the global DNSSEC setting is in
+ effect. For per-interface DNS servers the per-interface
+ setting is in effect, unless it is unset in which case the
+ global setting is used instead.</para>
+
+ <para>Defaults to off.</para>
</listitem>
</varlistentry>
diff --git a/man/systemd.network.xml b/man/systemd.network.xml
index 36172ae8b5..1dfa559c8b 100644
--- a/man/systemd.network.xml
+++ b/man/systemd.network.xml
@@ -301,6 +301,24 @@
</listitem>
</varlistentry>
<varlistentry>
+ <term><varname>DNSSEC=</varname></term>
+ <listitem>
+ <para>A boolean or
+ <literal>allow-downgrade</literal>. When true, enables
+ <ulink
+ url="https://tools.ietf.org/html/rfc4033">DNSSEC</ulink>
+ DNS validation support on the link. When set to
+ <literal>allow-downgrade</literal>, compatibility with
+ non-DNSSEC capable networks is increased, by automatically
+ turning off DNSEC in this case. This option defines a
+ per-interface setting for
+ <citerefentry><refentrytitle>resolved.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>'s
+ global <varname>DNSSEC=</varname> option. Defaults to
+ false. This setting is read by
+ <citerefentry><refentrytitle>systemd-resolved.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>.</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
<term><varname>LLDP=</varname></term>
<listitem>
<para>A boolean. When true, enables LLDP link receive support.