diff options
author | Lennart Poettering <lennart@poettering.net> | 2016-01-05 19:57:33 +0100 |
---|---|---|
committer | Lennart Poettering <lennart@poettering.net> | 2016-01-05 20:10:31 +0100 |
commit | ad6c04756115809d615dede330213d73edf732a8 (patch) | |
tree | 832a20d697321d22b62cabc5b9695b231a6f04f1 /man | |
parent | 125ae29d1bc3a6362c9bb1acddbe09fe1b274cfc (diff) |
resolved,networkd: add a per-interface DNSSEC setting
This adds a DNSSEC= setting to .network files, and makes resolved honour
them.
Diffstat (limited to 'man')
-rw-r--r-- | man/resolved.conf.xml | 10 | ||||
-rw-r--r-- | man/systemd.network.xml | 18 |
2 files changed, 28 insertions, 0 deletions
diff --git a/man/resolved.conf.xml b/man/resolved.conf.xml index c2c277b606..3209f73bc1 100644 --- a/man/resolved.conf.xml +++ b/man/resolved.conf.xml @@ -194,6 +194,16 @@ happen regularly. On other systems it is recommended to set <varname>DNSSEC=</varname> to <literal>allow-downgrade</literal>.</para> + + <para>In addition to this global DNSSEC setting + <citerefentry><refentrytitle>systemd-networkd.service</refentrytitle><manvolnum>8</manvolnum></citerefentry> + also maintains per-interface DNSSEC settings. For system DNS + servers (see above), only the global DNSSEC setting is in + effect. For per-interface DNS servers the per-interface + setting is in effect, unless it is unset in which case the + global setting is used instead.</para> + + <para>Defaults to off.</para> </listitem> </varlistentry> diff --git a/man/systemd.network.xml b/man/systemd.network.xml index 36172ae8b5..1dfa559c8b 100644 --- a/man/systemd.network.xml +++ b/man/systemd.network.xml @@ -301,6 +301,24 @@ </listitem> </varlistentry> <varlistentry> + <term><varname>DNSSEC=</varname></term> + <listitem> + <para>A boolean or + <literal>allow-downgrade</literal>. When true, enables + <ulink + url="https://tools.ietf.org/html/rfc4033">DNSSEC</ulink> + DNS validation support on the link. When set to + <literal>allow-downgrade</literal>, compatibility with + non-DNSSEC capable networks is increased, by automatically + turning off DNSEC in this case. This option defines a + per-interface setting for + <citerefentry><refentrytitle>resolved.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>'s + global <varname>DNSSEC=</varname> option. Defaults to + false. This setting is read by + <citerefentry><refentrytitle>systemd-resolved.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>.</para> + </listitem> + </varlistentry> + <varlistentry> <term><varname>LLDP=</varname></term> <listitem> <para>A boolean. When true, enables LLDP link receive support. |