Merge pull request systemd#21628 from yuwata/man-network-dnssec

keszybz · web-flow · commit 8fc264845468 · 2021-12-06T08:54:43.000+01:00
man: network: fix default values for DNSSEC= and DNSOverTLS=
diff --git a/man/systemd.network.xml b/man/systemd.network.xml
@@ -518,35 +518,30 @@ Table=1234</programlisting></para>
         <varlistentry>
           <term><varname>DNSOverTLS=</varname></term>
           <listitem>
-            <para>Takes a boolean or <literal>opportunistic</literal>.
-            When true, enables
-            <ulink
-            url="https://tools.ietf.org/html/rfc7858">DNS-over-TLS</ulink>
-            support on the link.
-            When set to <literal>opportunistic</literal>, compatibility with
-            non-DNS-over-TLS servers is increased, by automatically
-            turning off DNS-over-TLS servers in this case.
-            This option defines a per-interface setting for
+            <para>Takes a boolean or <literal>opportunistic</literal>. When true, enables
+            <ulink url="https://tools.ietf.org/html/rfc7858">DNS-over-TLS</ulink> support on the link.
+            When set to <literal>opportunistic</literal>, compatibility with non-DNS-over-TLS servers
+            is increased, by automatically turning off DNS-over-TLS servers in this case. This option
+            defines a per-interface setting for
             <citerefentry><refentrytitle>resolved.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>'s
-            global <varname>DNSOverTLS=</varname> option. Defaults to
-            false. This setting is read by
+            global <varname>DNSOverTLS=</varname> option. Defaults to unset, and the global setting
+            will be used. This setting is read by
             <citerefentry><refentrytitle>systemd-resolved.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>.</para>
           </listitem>
         </varlistentry>
         <varlistentry>
           <term><varname>DNSSEC=</varname></term>
           <listitem>
             <para>Takes a boolean or <literal>allow-downgrade</literal>. When true, enables
-            <ulink url="https://tools.ietf.org/html/rfc4033">DNSSEC</ulink>
-            DNS validation support on the link. When set to
-            <literal>allow-downgrade</literal>, compatibility with
-            non-DNSSEC capable networks is increased, by automatically
-            turning off DNSSEC in this case. This option defines a
-            per-interface setting for
+            <ulink url="https://tools.ietf.org/html/rfc4033">DNSSEC</ulink> DNS validation support on
+            the link. When set to <literal>allow-downgrade</literal>, compatibility with non-DNSSEC
+            capable networks is increased, by automatically turning off DNSSEC in this case. This
+            option defines a per-interface setting for
             <citerefentry><refentrytitle>resolved.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>'s
-            global <varname>DNSSEC=</varname> option. Defaults to
-            false. This setting is read by
-            <citerefentry><refentrytitle>systemd-resolved.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>.</para>
+            global <varname>DNSSEC=</varname> option. Defaults to unset, and the global setting will be
+            used. This setting is read by
+            <citerefentry><refentrytitle>systemd-resolved.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>.
+            </para>
           </listitem>
         </varlistentry>
         <varlistentry>
