From 1ed8c0fbb4cc51413f3a6025233f41c19f154bc1 Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Tue, 5 Jan 2016 17:44:16 +0100 Subject: resolved: rename "downgrade-ok" mode to "allow-downgrade" After discussing this with Tom, we figured out "allow-downgrade" sounds nicer. --- man/resolved.conf.xml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'man') diff --git a/man/resolved.conf.xml b/man/resolved.conf.xml index 3c1e698d33..c2c277b606 100644 --- a/man/resolved.conf.xml +++ b/man/resolved.conf.xml @@ -143,13 +143,13 @@ DNSSEC= Takes a boolean argument or - downgrade-ok. If true all DNS lookups are + allow-downgrade. If true all DNS lookups are DNSSEC-validated locally (excluding LLMNR and Multicast DNS). If a response for a lookup request is detected invalid this is returned as lookup failure to applications. Note that this mode requires a DNS server that supports DNSSEC. If the DNS server does not properly support DNSSEC all validations - will fail. If set to downgrade-ok DNSSEC + will fail. If set to allow-downgrade DNSSEC validation is attempted, but if the server does not support DNSSEC properly, DNSSEC mode is automatically disabled. Note that this mode makes DNSSEC validation vulnerable to @@ -176,7 +176,7 @@ lookups will fail, as it cannot be proved anymore whether lookups are correctly signed, or validly unsigned. If DNSSEC= is set to - downgrade-ok the resolver will + allow-downgrade the resolver will automatically turn off DNSSEC validation in such a case. Client programs looking up DNS data will be informed @@ -193,7 +193,7 @@ DNSSEC correctly, and where software or trust anchor updates happen regularly. On other systems it is recommended to set DNSSEC= to - downgrade-ok. + allow-downgrade. -- cgit v1.2.3-54-g00ecf