summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--man/dnssec-trust-anchors.d.xml12
1 files changed, 11 insertions, 1 deletions
diff --git a/man/dnssec-trust-anchors.d.xml b/man/dnssec-trust-anchors.d.xml
index 8b6394e927..f14ebbce7c 100644
--- a/man/dnssec-trust-anchors.d.xml
+++ b/man/dnssec-trust-anchors.d.xml
@@ -138,7 +138,17 @@
and follow the same overriding rules. They are text files with the
<filename>.negative</filename> suffix. Empty lines and lines whose first character is
<literal>;</literal> are ignored. Each line specifies one domain name which is the root of a DNS
- subtree where validation shall be disabled.</para>
+ subtree where validation shall be disabled. For example:</para>
+
+ <programlisting># Reverse IPv4 mappings
+10.in-addr.arpa
+16.172.in-addr.arpa
+168.192.in-addr.arpa
+...
+# Some custom domains
+prod
+stag
+</programlisting>
<para>Negative trust anchors are useful to support private DNS
subtrees that are not referenced from the Internet DNS hierarchy,