regen master
This commit is contained in:
@@ -336,7 +336,7 @@ to be effective. It defaults to enabled.
|
||||
.RS 4
|
||||
Sets a DNSSEC negative trust anchor (NTA) for
|
||||
\fBdomain\fR, with a lifetime of
|
||||
\fBlifetime\fR. The default lifetime is configured in
|
||||
\fBduration\fR. The default lifetime is configured in
|
||||
\fInamed.conf\fR
|
||||
via the
|
||||
\fBnta\-lifetime\fR
|
||||
@@ -344,7 +344,12 @@ option, and defaults to one hour. The lifetime cannot exceed one week.
|
||||
.sp
|
||||
A negative trust anchor selectively disables DNSSEC validation for zones that are known to be failing because of misconfiguration rather than an attack. When data to be validated is at or below an active NTA (and above any other configured trust anchors),
|
||||
\fBnamed\fR
|
||||
will abort the DNSSEC validation process and treat the data as insecure rather than bogus. This continues until the NTA's lifetime is elapsed, or until the server is restarted (NTAs do not persist across restarts).
|
||||
will abort the DNSSEC validation process and treat the data as insecure rather than bogus. This continues until the NTA's lifetime is elapsed.
|
||||
.sp
|
||||
NTAs persist across restarts of the named server. The NTAs for a view are saved in a file called
|
||||
\fI\fIname\fR\fR\fI.nta\fR, where
|
||||
\fIname\fR
|
||||
is the name of the view, or if it contains characters that are incompatible with use as a file name, a cryptographic hash generated from the name of the view.
|
||||
.sp
|
||||
An existing NTA can be removed by using the
|
||||
\fB\-remove\fR
|
||||
|
||||
Reference in New Issue
Block a user