From 8a516214c4412e8a40544bd725a6d499a30cbbbf Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Wed, 6 Jan 2016 18:36:32 +0100
Subject: resolved: introduce support for per-interface negative trust anchors

---
 man/systemd.network.xml | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

(limited to 'man/systemd.network.xml')

diff --git a/man/systemd.network.xml b/man/systemd.network.xml
index 1dfa559c8b..5a6383cfc2 100644
--- a/man/systemd.network.xml
+++ b/man/systemd.network.xml
@@ -318,6 +318,20 @@
             <citerefentry><refentrytitle>systemd-resolved.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>.</para>
           </listitem>
         </varlistentry>
+        <varlistentry>
+          <term><varname>DNSSECNegativeTrustAnchors=</varname></term>
+          <listitem><para>A space-separated list of DNSSEC negative
+          trust anchor domains. If specified and DNSSEC is enabled,
+          look-ups done via the interface's DNS server will be subject
+          to the list of negative trust anchors, and not require
+          authentication for the specified domains, or anything below
+          it. Use this to disable DNSSEC authentication for specific
+          private domains, that cannot be proven valid using the
+          Internet DNS hierarchy. Defaults to the empty list. This
+          setting is read by
+          <citerefentry><refentrytitle>systemd-resolved.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>.</para>
+          </listitem>
+        </varlistentry>
         <varlistentry>
           <term><varname>LLDP=</varname></term>
           <listitem>
-- 
cgit v1.2.3-54-g00ecf