https-github-com-bit
diff --git a/‎man/directives-template.xml‎
Lines changed: 7 additions & 1 deletion b/‎man/directives-template.xml‎
Lines changed: 7 additions & 1 deletion
diff --git a/‎man/dnssec-trust-anchors.d.xml‎
Lines changed: 29 additions & 38 deletions b/‎man/dnssec-trust-anchors.d.xml‎
Lines changed: 29 additions & 38 deletions
diff --git a/‎man/org.freedesktop.resolve1.xml‎
Lines changed: 25 additions & 21 deletions b/‎man/org.freedesktop.resolve1.xml‎
Lines changed: 25 additions & 21 deletions
@@ -132,11 +132,17 @@
   <refsect1>
     <title>Constants</title>
 
-    <para>Various constant used and/or defined by systemd.</para>
+    <para>Various constants used and/or defined by systemd.</para>
 
     <variablelist id='constants' />
   </refsect1>
 
+  <refsect1>
+    <title>DNS resource record types</title>
+
+    <variablelist id='dns' />
+  </refsect1>
+
   <refsect1>
     <title>Miscellaneous options and directives</title>
 
 
@@ -43,12 +43,10 @@
   <refsect1>
     <title>Positive Trust Anchors</title>
 
-    <para>Positive trust anchor configuration files contain DNSKEY and
-    DS resource record definitions to use as base for DNSSEC integrity
-    proofs. See <ulink
-    url="https://tools.ietf.org/html/rfc4035#section-4.4">RFC 4035,
-    Section 4.4</ulink> for more information about DNSSEC trust
-    anchors.</para>
+    <para>Positive trust anchor configuration files contain <constant class='dns'>DNSKEY</constant> and
+    <constant class='dns'>DS</constant> resource record definitions to use as base for DNSSEC integrity
+    proofs. See <ulink url="https://tools.ietf.org/html/rfc4035#section-4.4">RFC 4035, Section 4.4</ulink>
+    for more information about DNSSEC trust anchors.</para>
 
     <para>Positive trust anchors are read from files with the suffix
     <filename>.positive</filename> located in
@@ -64,13 +62,12 @@
     <filename>/run/dnssec-trust-anchors.d/</filename> that is either
     empty or a symlink to <filename>/dev/null</filename> ("masked").</para>
 
-    <para>Positive trust anchor files are simple text files resembling
-    DNS zone files, as documented in <ulink
-    url="https://tools.ietf.org/html/rfc1035#section-5">RFC 1035, Section
-    5</ulink>. One DS or DNSKEY resource record may be listed per
-    line. Empty lines and lines starting with a semicolon
-    (<literal>;</literal>) are ignored and considered comments. A DS
-    resource record is specified like in the following example:</para>
+    <para>Positive trust anchor files are simple text files resembling DNS zone files, as documented in
+    <ulink url="https://tools.ietf.org/html/rfc1035#section-5">RFC 1035, Section 5</ulink>. One <constant
+    class='dns'>DS</constant> or <constant class='dns'>DNSKEY</constant> resource record may be listed per
+    line. Empty lines and lines starting with <literal>#</literal> or <literal>;</literal> are ignored, which
+    may be used for commenting. A <consant class='dns'>DS</consant> resource record is specified like in the
+    following example:</para>
 
     <programlisting>. IN DS 19036 8 2 49aac11d7b6f6446702e54a1607371607a1a41855200fd2ce1cdde32f24e8fb5</programlisting>
 
@@ -85,24 +82,20 @@
     Section 5</ulink> for details about the precise syntax and meaning
     of these fields.</para>
 
-    <para>Alternatively, DNSKEY resource records may be used to define
-    trust anchors, like in the following example:</para>
+    <para>Alternatively, <constant class='dns'>DNSKEY</constant> resource records may be used to define trust
+    anchors, like in the following example:</para>
 
     <programlisting>. IN DNSKEY 257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=</programlisting>
 
-    <para>The first word specifies the domain again, the second word
-    must be <literal>IN</literal>, followed by
-    <literal>DNSKEY</literal>. The subsequent words encode the DNSKEY
-    flags, protocol and algorithm fields, followed by the key data
-    encoded in Base64. See <ulink
-    url="https://tools.ietf.org/html/rfc4034#section-2">RFC 4034,
-    Section 2</ulink> for details about the precise syntax and meaning
-    of these fields.</para>
+    <para>The first word specifies the domain again, the second word must be <literal>IN</literal>, followed
+    by <literal>DNSKEY</literal>. The subsequent words encode the <constant class='dns'>DNSKEY</constant>
+    flags, protocol and algorithm fields, followed by the key data encoded in Base64. See <ulink
+    url="https://tools.ietf.org/html/rfc4034#section-2">RFC 4034, Section 2</ulink> for details about the
+    precise syntax and meaning of these fields.</para>
 
-    <para>If multiple DS or DNSKEY records are defined for the same
-    domain (possibly even in different trust anchor files), all keys
-    are used and are considered equivalent as base for DNSSEC
-    proofs.</para>
+    <para>If multiple <constant class='dns'>DS</constant> or <constant class='dns'>DNSKEY</constant> records
+    are defined for the same domain (possibly even in different trust anchor files), all keys are used and
+    are considered equivalent as base for DNSSEC proofs.</para>
 
     <para>Note that <filename>systemd-resolved</filename> will
     automatically use a built-in trust anchor key for the Internet
@@ -112,17 +105,15 @@
     as soon as at least one trust anchor key for the root domain is
     defined in trust anchor files.</para>
 
-    <para>It is generally recommended to encode trust anchors in DS
-    resource records, rather than DNSKEY resource records.</para>
-
-    <para>If a trust anchor specified via a DS record is found revoked
-    it is automatically removed from the trust anchor database for the
-    runtime. See <ulink url="https://tools.ietf.org/html/rfc5011">RFC
-    5011</ulink> for details about revoked trust anchors. Note that
-    <filename>systemd-resolved</filename> will not update its trust
-    anchor database from DNS servers automatically. Instead, it is
-    recommended to update the resolver software or update the new
-    trust anchor via adding in new trust anchor files.</para>
+    <para>It is generally recommended to encode trust anchors in <constant class='dns'>DS</constant> resource
+    records, rather than <constant class='dns'>DNSKEY</constant> resource records.</para>
+
+    <para>If a trust anchor specified via a <constant class='dns'>DS</constant> record is found revoked it is
+    automatically removed from the trust anchor database for the runtime. See <ulink
+    url="https://tools.ietf.org/html/rfc5011">RFC 5011</ulink> for details about revoked trust anchors. Note
+    that <filename>systemd-resolved</filename> will not update its trust anchor database from DNS servers
+    automatically. Instead, it is recommended to update the resolver software or update the new trust anchor
+    via adding in new trust anchor files.</para>
 
     <para>The current DNSSEC trust anchor for the Internet's root
     domain is available at the <ulink
 
@@ -308,12 +308,15 @@ node /org/freedesktop/resolve1 {
       records of many types, it is crucial that clients using this API understand that the RR data originates
       from the network and should be thoroughly validated before use.</para>
 
-      <para><function>ResolveService()</function> may be used to resolve a DNS SRV service record, as well as the
-      hostnames referenced in it, and possibly an accompanying DNS-SD TXT record containing additional
-      service metadata. The primary benefit of using this method over <function>ResolveRecord()</function>
-      specifying the SRV type is that it will resolve the SRV and TXT RRs as well as the hostnames referenced
-      in the SRV in a single operation. As parameters it takes a Linux network interface index, a service
-      name, a service type and a service domain. This method may be invoked in three different modes:</para>
+      <para><function>ResolveService()</function> may be used to resolve a DNS
+      <constant class="dns">SRV</constant> service record, as well as the hostnames referenced in it, and
+      possibly an accompanying DNS-SD <constant class="dns">TXT</constant> record containing additional
+      service metadata.  The primary benefit of using this method over <function>ResolveRecord()</function>
+      specifying the <constant class="dns">SRV</constant> type is that it will resolve the
+      <constant class="dns">SRV</constant> and <constant class="dns">TXT</constant> RRs as well as the
+      hostnames referenced in the SRV in a single operation. As parameters it takes a Linux network interface
+      index, a service name, a service type and a service domain. This method may be invoked in three
+      different modes:</para>
 
       <orderedlist>
         <listitem><para>To resolve a DNS-SD service, specify the service name (e.g. <literal>Lennart's
@@ -323,13 +326,13 @@ node /org/freedesktop/resolve1 {
         specifications). However, if necessary, IDNA conversion is applied to the domain parameter.</para>
         </listitem>
 
-        <listitem><para>To resolve a plain SRV record, set the service name parameter to the empty string
-        and set the service type and domain properly. (IDNA conversion is applied to the domain, if
-        necessary.)</para></listitem>
+        <listitem><para>To resolve a plain <constant class="dns">SRV</constant> record, set the service name
+        parameter to the empty string and set the service type and domain properly. (IDNA conversion is
+        applied to the domain, if necessary.)</para></listitem>
 
-        <listitem><para>Alternatively, leave both the service name and type empty and specify the full
-        domain name of the SRV record (i.e. prefixed with the service type) in the domain parameter. (No IDNA
-        conversion is applied in this mode.)</para></listitem>
+        <listitem><para>Alternatively, leave both the service name and type empty and specify the full domain
+        name of the <constant class="dns">SRV</constant> record (i.e. prefixed with the service type) in the
+        domain parameter. (No IDNA conversion is applied in this mode.)</para></listitem>
       </orderedlist>
 
       <para>The <varname>family</varname> parameter of the <function>ResolveService()</function> method encodes
@@ -339,15 +342,16 @@ node /org/freedesktop/resolve1 {
       <varname>flags</varname> parameter takes a couple of flags that may be used to alter the resolver
       operation.</para>
 
-      <para>On completion, <function>ResolveService()</function> returns an array of SRV record structures. Each
-      items consisting of the priority, weight and port fields as well as the hostname to contact, as encoded in the SRV
+      <para>On completion, <function>ResolveService()</function> returns an array of
+      <constant class="dns">SRV</constant> record structures. Each items consisting of the priority, weight and port
+      fields as well as the hostname to contact, as encoded in the <constant class="dns">SRV</constant>
       record. Immediately following is an array of the addresses of this hostname, with each item consisting
       of the interface index, the address family and the address data in a byte array. This address array is
-      followed by the canonicalized hostname. After this array of SRV record structures an array of byte
-      arrays follows that encodes the TXT RR strings, in case DNS-SD look-ups are enabled. The next parameters
-      are the canonical service name, type and domain. This may or may not be identical to the parameters
-      passed in. Finally, a <varname>flags</varname> field is returned that contains information about the
-      resolver operation performed.</para>
+      followed by the canonicalized hostname. After this array of <constant class="dns">SRV</constant> record
+      structures an array of byte arrays follows that encodes the TXT RR strings, in case DNS-SD look-ups are
+      enabled. The next parameters are the canonical service name, type and domain. This may or may not be
+      identical to the parameters passed in. Finally, a <varname>flags</varname> field is returned that
+      contains information about the resolver operation performed.</para>
 
       <para>The <function>ResetStatistics()</function> method resets the various statistics counters that
       <filename>systemd-resolved</filename> maintains to zero. (For details, see the statistics properties below.)</para>
@@ -779,8 +783,8 @@ node /org/freedesktop/resolve1/link/_1 {
       </varlistentry>
 
       <varlistentry><term><constant>org.freedesktop.resolve1.NoSuchService</constant></term>
-      <listitem><para>A service look-up was successful, but the SRV record reported that the service is not
-      available.</para></listitem></varlistentry>
+      <listitem><para>A service look-up was successful, but the <constant class="dns">SRV</constant> record
+      reported that the service is not available.</para></listitem></varlistentry>
 
       <varlistentry><term><constant>org.freedesktop.resolve1.DnssecFailed</constant></term>
       <listitem><para>The acquired response did not pass DNSSEC validation.</para></listitem>