Make the defined term stick out by making it bold.
This commit is contained in:
Florian Obser
parent
4f65a3a136
commit
c41a8a11a2
@ -41,7 +41,7 @@ can secure those with DNSSEC.
|
||||
[[https://man.openbsd.org/ssh_config.5#VerifyHostKeyDNS][ssh_config(5)]] explains how [[https://man.openbsd.org/ssh.1][ssh(1)]] can use SSHFP records to verify
|
||||
host-keys:
|
||||
|
||||
+ VerifyHostKeyDNS :: Specifies whether to verify the remote key using
|
||||
+ *VerifyHostKeyDNS* :: Specifies whether to verify the remote key using
|
||||
DNS and SSHFP resource records. If this option is set to yes, the
|
||||
client will implicitly trust keys that match a secure fingerprint
|
||||
from DNS. Insecure fingerprints will be handled as if this option
|
||||
@ -70,7 +70,7 @@ have a trustworthy validating name-server is to run one on localhost.
|
||||
|
||||
[[http://man.openbsd.org/resolv.conf#trust-ad][resolv.conf(5)]] explains the *trust-ad* option:
|
||||
|
||||
+ trust-ad :: A name server indicating that it performed DNSSEC
|
||||
+ *trust-ad* :: A name server indicating that it performed DNSSEC
|
||||
validation by setting the Authentic Data (AD) flag in the answer can
|
||||
only be trusted if the name server itself is trusted and the network
|
||||
path is trusted. Generally this is not the case and the AD flag is
|
||||
|
||||
Loading…
Reference in New Issue
Block a user