From mboxrd@z Thu Jan 1 00:00:00 1970 From: "Carlos O'Donell" Subject: [PATCH] resolv.conf.5: DESCRIPTION: Mention that the data is trusted. Date: Tue, 18 Feb 2014 18:09:57 -0500 Message-ID: <5303E845.7080003@redhat.com> Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Return-path: Sender: linux-man-owner-u79uwXL29TY76Z2rM5mHXA@public.gmane.org To: Michael Kerrisk Cc: linux-man-u79uwXL29TY76Z2rM5mHXA@public.gmane.org List-Id: linux-man@vger.kernel.org In a recent discussion about DNSSEC it was brought to my attention that not all system administrators may understand that the information in /etc/resolv.conf is fully trusted. The resolver implementation in glibc treats /etc/resolv.conf as a fully trusted source of DNS information and passes on the AD-bit for DNSSEC as trusted. Would it be possible to add a clarifying setence to the man page for resolv.conf.5 to make it absolutely clear that indeed this source of information is trusted? Signed-off-by: Carlos O'Donell diff --git a/man5/resolv.conf.5 b/man5/resolv.conf.5 index f398724..2dfccdf 100644 --- a/man5/resolv.conf.5 +++ b/man5/resolv.conf.5 @@ -35,6 +35,9 @@ The resolver configuration file contains information that is read by the resolver routines the first time they are invoked by a process. The file is designed to be human readable and contains a list of keywords with values that provide various types of resolver information. +The configuration file is considered a trusted source of DNS information +e.g. DNSSEC AD-bit information will be returned unmodified from these +sources. .LP If this file does not exist, only the name server on the local machine will be queried; --- Cheers, Carlos. -- To unsubscribe from this list: send the line "unsubscribe linux-man" in the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org More majordomo info at http://vger.kernel.org/majordomo-info.html