diff options
Diffstat (limited to 'man/resolved.conf.xml')
| -rw-r--r-- | man/resolved.conf.xml | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/man/resolved.conf.xml b/man/resolved.conf.xml index 3209f73bc1..5da2d5488e 100644 --- a/man/resolved.conf.xml +++ b/man/resolved.conf.xml @@ -203,6 +203,15 @@ setting is in effect, unless it is unset in which case the global setting is used instead.</para> + <para>Site-private DNS zones generally conflict with DNSSEC + operation, unless a negative (if the private zone is not + signed) or positive (if the private zone is signed) trust + anchor is configured for them. If + <literal>allow-downgrade</literal> mode is selected, it is + attempted to detect site-private DNS zones using top-level + domains (TLDs) that are not known by the DNS root server. This + logic does not work in all private zone setups.</para> + <para>Defaults to off.</para> </listitem> </varlistentry> |