man: add example of negative trust anchor file

Fixes #17226.
author: Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> 2020-10-11 12:55:10 +0200
committer: Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> 2020-10-20 19:58:37 +0200
commit: 2c91906e25ab0a4caa30f0bfaa1bdff6994cb9d9 (patch)
tree: b77c237fee7113aa47b6608982b8ebbca7fad2e7
parent: 7c5023037815228280dcf461bf9b9f2b3575f600 (diff)
download: systemd-2c91906e25ab0a4caa30f0bfaa1bdff6994cb9d9.tar.gz
1 files changed, 11 insertions, 1 deletions
diff --git a/man/dnssec-trust-anchors.d.xml b/man/dnssec-trust-anchors.d.xml
index 8b6394e927..f14ebbce7c 100644
--- a/man/dnssec-trust-anchors.d.xml
+++ b/man/dnssec-trust-anchors.d.xml
@@ -138,7 +138,17 @@
     and follow the same overriding rules. They are text files with the
     <filename>.negative</filename> suffix. Empty lines and lines whose first character is
     <literal>;</literal> are ignored. Each line specifies one domain name which is the root of a DNS
-    subtree where validation shall be disabled.</para>
+    subtree where validation shall be disabled. For example:</para>
+
+    <programlisting># Reverse IPv4 mappings
+10.in-addr.arpa
+16.172.in-addr.arpa
+168.192.in-addr.arpa
+...
+# Some custom domains
+prod
+stag
+</programlisting>
 
     <para>Negative trust anchors are useful to support private DNS
     subtrees that are not referenced from the Internet DNS hierarchy,
author	Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>	2020-10-11 12:55:10 +0200
committer	Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>	2020-10-20 19:58:37 +0200
commit	2c91906e25ab0a4caa30f0bfaa1bdff6994cb9d9 (patch)
tree	b77c237fee7113aa47b6608982b8ebbca7fad2e7
parent	7c5023037815228280dcf461bf9b9f2b3575f600 (diff)
download	systemd-2c91906e25ab0a4caa30f0bfaa1bdff6994cb9d9.tar.gz