]> git.ipfire.org Git - thirdparty/knot-resolver.git/commitdiff
projects / thirdparty / knot-resolver.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 74023b3)
doc: move DNSSEC to the end, users should not touch it anyway
authorPetr Špaček <petr.spacek@nic.cz>
Wed, 8 Jan 2020 08:48:58 +0000 (09:48 +0100)
committerTomas Krizek <tomas.krizek@nic.cz>
Wed, 15 Jan 2020 09:38:18 +0000 (10:38 +0100)
Also remove extra headers for trust anchors and mode(), this is an
implementation detail not important for users.

daemon/lua/trust_anchors.rst patch | blob | blame | history
doc/config-dnssec.rst patch | blob | blame | history
doc/index.rst patch | blob | blame | history

diff --git a/daemon/lua/trust_anchors.rst b/daemon/lua/trust_anchors.rst
index 7788000c5262d0128ffea837db5d13a7761f2e44..2c267e6bfbf9101009e9461b4daeacae4770a3e1 100644 (file)
--- a/daemon/lua/trust_anchors.rst
+++ b/daemon/lua/trust_anchors.rst
@@ -1,9 +1,7 @@
-Trust anchors
-=============
-
 .. warning:: Options in this section are intended only for expert users and
    normally should not be needed.
 
+Since version 4.0, **DNSSEC validation is enabled by default**.
 If you really need to turn DNSSEC off and are okay with lowering security of your
 system by doing so, add the following snippet to your configuration file.
 
diff --git a/doc/config-dnssec.rst b/doc/config-dnssec.rst
index 0da31343cee5047e357859c29c381ecd226ec53b..e8842ba3f86a1e6fcaf22d8a880aef1694ff9c90 100644 (file)
--- a/doc/config-dnssec.rst
+++ b/doc/config-dnssec.rst
@@ -4,14 +4,11 @@
 DNSSEC, data verification
 *************************
 
-Since version 4.0, **DNSSEC validation is enabled by default**.
-This is secure default and should not be changed unless absolutely necessary.
+Good news! Knot Resolver uses secure configuration by default, and this configuration
+should not be changed unless absolutely necessary, so feel free to skip over this section.
 
 .. include:: ../daemon/lua/trust_anchors.rst
 
-TODO: Some heading?
-===================
-
 DNSSEC is main technology to protect data, but it is also possible to change how strictly
 resolver checks data from insecure DNS zones:
 
diff --git a/doc/index.rst b/doc/index.rst
index c2f178a753a1febbce13b40edc4626850896f3ed..7a35d738b323bc8eb94275e7f12291928f3fc3d8 100644 (file)
--- a/doc/index.rst
+++ b/doc/index.rst
@@ -22,10 +22,10 @@ and it provides a state-machine like API for extensions.
 
    config-overview
    config-network
-   config-dnssec
    config-logging-monitoring
    config-policy
    config-performance
+   config-dnssec
    config-experimental
 
 .. _operation:
Mirror of https://gitlab.nic.cz/knot/knot-resolver.git