summaryrefslogtreecommitdiff
path: root/interface-definitions/dns-forwarding.xml
diff options
context:
space:
mode:
Diffstat (limited to 'interface-definitions/dns-forwarding.xml')
-rw-r--r--interface-definitions/dns-forwarding.xml13
1 files changed, 8 insertions, 5 deletions
diff --git a/interface-definitions/dns-forwarding.xml b/interface-definitions/dns-forwarding.xml
index e3d33e8cc..88af5f4f9 100644
--- a/interface-definitions/dns-forwarding.xml
+++ b/interface-definitions/dns-forwarding.xml
@@ -35,25 +35,28 @@
<leafNode name="dnssec">
<properties>
<help>DNSSEC mode</help>
+ <completionHelp>
+ <list>off process-no-validate process log-fail validate</list>
+ </completionHelp>
<valueHelp>
<format>off</format>
- <description/>
+ <description>No DNSSEC processing whatsoever!</description>
</valueHelp>
<valueHelp>
<format>process-no-validate</format>
- <description/>
+ <description>Respond with DNSSEC records to clients that ask for it. Don't do any validation.</description>
</valueHelp>
<valueHelp>
<format>process</format>
- <description/>
+ <description>Respond with DNSSEC records to clients that ask for it. Validation for clients that request it.</description>
</valueHelp>
<valueHelp>
<format>log-fail</format>
- <description/>
+ <description>Similar behaviour to process, but validate RRSIGs on responses and log bogus responses.</description>
</valueHelp>
<valueHelp>
<format>validate</format>
- <description/>
+ <description>Full blown DNSSEC validation. Send SERVFAIL to clients on bogus responses.</description>
</valueHelp>
<constraint>
<regex>(off|process-no-validate|process|log-fail|validate)</regex>
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-05 01:47:54 +0000