From 3b2fd8e11b6f8d4e7920670a4f2958c2068b00a5 Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Sun, 9 Dec 2018 21:39:20 +0100 Subject: T1091: add DNS forwarding completion helpers for DNSSEC (cherry picked from commit f9ad571f6d2a6238fe841f8eb1acf7daced1c7d5) --- interface-definitions/dns-forwarding.xml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/interface-definitions/dns-forwarding.xml b/interface-definitions/dns-forwarding.xml index e3d33e8cc..eda31f029 100644 --- a/interface-definitions/dns-forwarding.xml +++ b/interface-definitions/dns-forwarding.xml @@ -35,6 +35,9 @@ DNSSEC mode + + off process-no-validate process log-fail validate + off -- cgit v1.2.3 From 2893059be8d427c787c8a2dbac4d88320223340a Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Sun, 9 Dec 2018 21:46:00 +0100 Subject: T1091: extend DNS forwarding/DNSSEC completion help text (cherry picked from commit f968d0846abc416c0eac51aeff55551f9df2dea0) --- interface-definitions/dns-forwarding.xml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/interface-definitions/dns-forwarding.xml b/interface-definitions/dns-forwarding.xml index eda31f029..88af5f4f9 100644 --- a/interface-definitions/dns-forwarding.xml +++ b/interface-definitions/dns-forwarding.xml @@ -40,23 +40,23 @@ off - + No DNSSEC processing whatsoever! process-no-validate - + Respond with DNSSEC records to clients that ask for it. Don't do any validation. process - + Respond with DNSSEC records to clients that ask for it. Validation for clients that request it. log-fail - + Similar behaviour to process, but validate RRSIGs on responses and log bogus responses. validate - + Full blown DNSSEC validation. Send SERVFAIL to clients on bogus responses. (off|process-no-validate|process|log-fail|validate) -- cgit v1.2.3