[PATCH] resolv.conf.5: DESCRIPTION: Mention that the data is trusted.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



In a recent discussion about DNSSEC it was brought to my
attention that not all system administrators may understand
that the information in /etc/resolv.conf is fully trusted.
The resolver implementation in glibc treats /etc/resolv.conf
as a fully trusted source of DNS information and passes on
the AD-bit for DNSSEC as trusted.

Would it be possible to add a clarifying setence to the
man page for resolv.conf.5 to make it absolutely clear that
indeed this source of information is trusted?

Signed-off-by: Carlos O'Donell <carlos@xxxxxxxxxx>

diff --git a/man5/resolv.conf.5 b/man5/resolv.conf.5
index f398724..2dfccdf 100644
--- a/man5/resolv.conf.5
+++ b/man5/resolv.conf.5
@@ -35,6 +35,9 @@ The resolver configuration file contains information that is read
 by the resolver routines the first time they are invoked by a process.
 The file is designed to be human readable and contains a list of
 keywords with values that provide various types of resolver information.
+The configuration file is considered a trusted source of DNS information
+e.g. DNSSEC AD-bit information will be returned unmodified from these
+sources.
 .LP
 If this file does not exist,
 only the name server on the local machine will be queried;
---

Cheers,
Carlos.
--
To unsubscribe from this list: send the line "unsubscribe linux-man" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html




[Index of Archives]     [Kernel Documentation]     [Netdev]     [Linux Ethernet Bridging]     [Linux Wireless]     [Kernel Newbies]     [Security]     [Linux for Hams]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux RAID]     [Linux Admin]     [Samba]

  Powered by Linux