diff options
author | Tobias Brunner <tobias@strongswan.org> | 2013-08-29 09:04:36 +0200 |
---|---|---|
committer | Tobias Brunner <tobias@strongswan.org> | 2013-10-11 15:45:25 +0200 |
commit | 6ecf1aab35dbf8d7c245935558570295a0352c83 (patch) | |
tree | fbf2c77e0f5de1b8e342c4b50d1a3b9bd916ebc9 /man | |
parent | 1ff63f153e5b551ee7ba0670ea4cc8b151432bc5 (diff) | |
download | strongswan-6ecf1aab35dbf8d7c245935558570295a0352c83.tar.bz2 strongswan-6ecf1aab35dbf8d7c245935558570295a0352c83.tar.xz |
unbound: Add support for DLV (DNSSEC Lookaside Validation)
Fixes #392.
Diffstat (limited to 'man')
-rw-r--r-- | man/strongswan.conf.5.in | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/man/strongswan.conf.5.in b/man/strongswan.conf.5.in index e8dbe63f8..0fb239adc 100644 --- a/man/strongswan.conf.5.in +++ b/man/strongswan.conf.5.in @@ -886,7 +886,15 @@ File to read pseudo random bytes from, instead of @urandom_device@ File to read DNS resolver configuration from .TP .BR libstrongswan.plugins.unbound.trust_anchors " [/etc/ipsec.d/dnssec.keys]" -File to read DNSSEC trust anchors from (usually root zone KSK) +File to read DNSSEC trust anchors from (usually root zone KSK). The format of +the file is the standard DNS Zone file format, anchors can be stored as DS or +DNSKEY entries in the file. +.TP +.BR libstrongswan.plugins.unbound.dlv_anchors +File to read trusted keys for DLV (DNSSEC Lookaside Validation) from. It uses +the same format as \fItrust_anchors\fR. Only one DLV can be configured, which +is then used as a root trusted DLV, this means that it is a lookaside for +the root. .SS libtls section .TP .BR libtls.cipher |