diff options
-rw-r--r-- | man/dnssec-trust-anchors.d.xml | 12 |
1 files changed, 11 insertions, 1 deletions
diff --git a/man/dnssec-trust-anchors.d.xml b/man/dnssec-trust-anchors.d.xml index 8b6394e927..f14ebbce7c 100644 --- a/man/dnssec-trust-anchors.d.xml +++ b/man/dnssec-trust-anchors.d.xml @@ -138,7 +138,17 @@ and follow the same overriding rules. They are text files with the <filename>.negative</filename> suffix. Empty lines and lines whose first character is <literal>;</literal> are ignored. Each line specifies one domain name which is the root of a DNS - subtree where validation shall be disabled.</para> + subtree where validation shall be disabled. For example:</para> + + <programlisting># Reverse IPv4 mappings +10.in-addr.arpa +16.172.in-addr.arpa +168.192.in-addr.arpa +... +# Some custom domains +prod +stag +</programlisting> <para>Negative trust anchors are useful to support private DNS subtrees that are not referenced from the Internet DNS hierarchy, |