mirror of
https://github.com/SebastianWendel/nixpkgs.git
synced 2024-09-20 20:39:04 +02:00
Merge pull request #254918 from RaitoBezarius/dnssec-resolved
This commit is contained in:
commit
73d552ecb7
|
@ -66,7 +66,7 @@ in
|
|||
};
|
||||
|
||||
services.resolved.dnssec = mkOption {
|
||||
default = "allow-downgrade";
|
||||
default = "false";
|
||||
example = "true";
|
||||
type = types.enum [ "true" "allow-downgrade" "false" ];
|
||||
description = lib.mdDoc ''
|
||||
|
@ -85,6 +85,12 @@ in
|
|||
synthesizing a DNS response that suggests DNSSEC was not
|
||||
supported.
|
||||
- `"false"`: DNS lookups are not DNSSEC validated.
|
||||
|
||||
At the time of September 2023, systemd upstream advise
|
||||
to disable DNSSEC by default as the current code
|
||||
is not robust enough to deal with "in the wild" non-compliant
|
||||
servers, which will usually give you a broken bad experience
|
||||
in addition of insecure.
|
||||
'';
|
||||
};
|
||||
|
||||
|
|
Loading…
Reference in a new issue