regen master

This commit is contained in:
Tinderbox User
2015-01-13 01:04:50 +00:00
parent 2dd6ffb5cb
commit 8402f7bfea
38 changed files with 640 additions and 613 deletions

View File

@@ -336,7 +336,7 @@ to be effective. It defaults to enabled.
.RS 4
Sets a DNSSEC negative trust anchor (NTA) for
\fBdomain\fR, with a lifetime of
\fBlifetime\fR. The default lifetime is configured in
\fBduration\fR. The default lifetime is configured in
\fInamed.conf\fR
via the
\fBnta\-lifetime\fR
@@ -344,7 +344,12 @@ option, and defaults to one hour. The lifetime cannot exceed one week.
.sp
A negative trust anchor selectively disables DNSSEC validation for zones that are known to be failing because of misconfiguration rather than an attack. When data to be validated is at or below an active NTA (and above any other configured trust anchors),
\fBnamed\fR
will abort the DNSSEC validation process and treat the data as insecure rather than bogus. This continues until the NTA's lifetime is elapsed, or until the server is restarted (NTAs do not persist across restarts).
will abort the DNSSEC validation process and treat the data as insecure rather than bogus. This continues until the NTA's lifetime is elapsed.
.sp
NTAs persist across restarts of the named server. The NTAs for a view are saved in a file called
\fI\fIname\fR\fR\fI.nta\fR, where
\fIname\fR
is the name of the view, or if it contains characters that are incompatible with use as a file name, a cryptographic hash generated from the name of the view.
.sp
An existing NTA can be removed by using the
\fB\-remove\fR