man: add example of negative trust anchor file

author Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>

Sun, 11 Oct 2020 10:55:10 +0000 (12:55 +0200)

committer Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>

Tue, 20 Oct 2020 17:58:37 +0000 (19:58 +0200)
author Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
Sun, 11 Oct 2020 10:55:10 +0000 (12:55 +0200)
committer Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
Tue, 20 Oct 2020 17:58:37 +0000 (19:58 +0200)
diff --git a/man/dnssec-trust-anchors.d.xml b/man/dnssec-trust-anchors.d.xml

index 8b6394e927117692c2503e020878a91c5348e2a1..f14ebbce7cbe0fb49a9a678410ee5f3d2e36edf4 100644 (file)
--- a/man/dnssec-trust-anchors.d.xml
+++ b/man/dnssec-trust-anchors.d.xml
@@ -138,7 +138,17 @@
      and follow the same overriding rules. They are text files with the
      <filename>.negative</filename> suffix. Empty lines and lines whose first character is
      <literal>;</literal> are ignored. Each line specifies one domain name which is the root of a DNS
-    subtree where validation shall be disabled.</para>
+    subtree where validation shall be disabled. For example:</para>
+
+    <programlisting># Reverse IPv4 mappings
+10.in-addr.arpa
+16.172.in-addr.arpa
+168.192.in-addr.arpa
+...
+# Some custom domains
+prod
+stag
+</programlisting>
  
      <para>Negative trust anchors are useful to support private DNS
      subtrees that are not referenced from the Internet DNS hierarchy,
author	Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
	Sun, 11 Oct 2020 10:55:10 +0000 (12:55 +0200)
committer	Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
	Tue, 20 Oct 2020 17:58:37 +0000 (19:58 +0200)