From 30c778094b90a637c6691c462a66df81eeb865b5 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Wed, 6 Jan 2016 00:59:51 +0100
Subject: resolved: populate negative trust anchor by default

Let's increase compatibility with many private domains by default, and
ship a default NTA list of wel-known private domains, where it is
unlikely they will be deployed as official TLD anytime soon.
---
 man/dnssec-trust-anchors.d.xml | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'man')

diff --git a/man/dnssec-trust-anchors.d.xml b/man/dnssec-trust-anchors.d.xml
index 9a7cf3c881..5f15d7cd59 100644
--- a/man/dnssec-trust-anchors.d.xml
+++ b/man/dnssec-trust-anchors.d.xml
@@ -175,6 +175,10 @@
 
     <para><ulink url="https://tools.ietf.org/html/rfc7646">RFC
     7646</ulink> for details on negative trust anchors.</para>
+
+    <para>If no negative trust anchor files are configured a built-in
+    set of well-known private DNS zone domains is used as negative
+    trust anchors.</para>
   </refsect1>
 
   <refsect1>
-- 
cgit v1.2.3-54-g00ecf