alioth/nixpkgs
3
0
Fork 0
forked from mirrors/nixpkgs
Code Releases Activity
nixpkgs/nixos/doc/manual/from_md/release-notes/rl-1709.section.xml
David Arnold 1f6969dd5e
docs: nixos release notes (w/o 2105 - separate PR) 
docs: nixos release notes (revise code blocks)

docs: nixos release notes (fix opt links outside of code blocks)

docs: nixos release notes (fix opt links inside of code blocks)

went fishing with:

```console
rg -A1 \
   --multiline \
   --multiline-dotall \
   '<programlisting>[^</programlisting>]+' \
| rg linkend
```

docs: nixos release notes (prettier)

docs: nixos release notes (fix zonefile codeblocks)

docs: nixos release notes (restore admonition from prettier destriction)

docs: nixos release notes (recreate xml files)

docs: nixos release notes (fix trnslation error md -> xml)

admonition with a title seem not to work

docs: nixos release notes (fix code block indentation)

docs: nixos release notes (diff after converting with https://github.com/NixOS/nixpkgs/pull/127270)

docs: nixos release notes (fix remaingin '???')

Those where not catched i a previous iteration since they didn't satisfy
the then presumed search regex `#opt-.*`

doc: nixos release notes make docbook/md conversion consistent
2021-06-22 09:52:13 -05:00

923 lines
31 KiB
XML
Raw Blame History

<section xmlns="http://docbook.org/ns/docbook" xmlns:xlink="http://www.w3.org/1999/xlink" xml:id="sec-release-17.09">
<title>Release 17.09 (<quote>Hummingbird</quote>, 2017/09/??)</title>
<section xml:id="sec-release-17.09-highlights">
<title>Highlights</title>
<para>
In addition to numerous new and upgraded packages, this release
has the following highlights:
</para>
<itemizedlist>
<listitem>
<para>
The GNOME version is now 3.24. KDE Plasma was upgraded to
5.10, KDE Applications to 17.08.1 and KDE Frameworks to 5.37.
</para>
</listitem>
<listitem>
<para>
The user handling now keeps track of deallocated UIDs/GIDs.
When a user or group is revived, this allows it to be
allocated the UID/GID it had before. A consequence is that
UIDs and GIDs are no longer reused.
</para>
</listitem>
<listitem>
<para>
The module option
<literal>services.xserver.xrandrHeads</literal> now causes the
first head specified in this list to be set as the primary
head. Apart from that, it's now possible to also set
additional options by using an attribute set, for example:
</para>
<programlisting language="bash">
{ services.xserver.xrandrHeads = [
&quot;HDMI-0&quot;
{
output = &quot;DVI-0&quot;;
primary = true;
monitorConfig = ''
Option &quot;Rotate&quot; &quot;right&quot;
'';
}
];
}
</programlisting>
<para>
This will set the <literal>DVI-0</literal> output to be the
primary head, even though <literal>HDMI-0</literal> is the
first head in the list.
</para>
</listitem>
<listitem>
<para>
The handling of SSL in the <literal>services.nginx</literal>
module has been cleaned up, renaming the misnamed
<literal>enableSSL</literal> to <literal>onlySSL</literal>
which reflects its original intention. This is not to be used
with the already existing <literal>forceSSL</literal> which
creates a second non-SSL virtual host redirecting to the SSL
virtual host. This by chance had worked earlier due to
specific implementation details. In case you had specified
both please remove the <literal>enableSSL</literal> option to
keep the previous behaviour.
</para>
<para>
Another <literal>addSSL</literal> option has been introduced
to configure both a non-SSL virtual host and an SSL virtual
host with the same configuration.
</para>
<para>
Options to configure <literal>resolver</literal> options and
<literal>upstream</literal> blocks have been introduced. See
their information for further details.
</para>
<para>
The <literal>port</literal> option has been replaced by a more
generic <literal>listen</literal> option which makes it
possible to specify multiple addresses, ports and SSL configs
dependant on the new SSL handling mentioned above.
</para>
</listitem>
</itemizedlist>
</section>
<section xml:id="sec-release-17.09-new-services">
<title>New Services</title>
<para>
The following new services were added since the last release:
</para>
<itemizedlist>
<listitem>
<para>
<literal>config/fonts/fontconfig-penultimate.nix</literal>
</para>
</listitem>
<listitem>
<para>
<literal>config/fonts/fontconfig-ultimate.nix</literal>
</para>
</listitem>
<listitem>
<para>
<literal>config/terminfo.nix</literal>
</para>
</listitem>
<listitem>
<para>
<literal>hardware/sensor/iio.nix</literal>
</para>
</listitem>
<listitem>
<para>
<literal>hardware/nitrokey.nix</literal>
</para>
</listitem>
<listitem>
<para>
<literal>hardware/raid/hpsa.nix</literal>
</para>
</listitem>
<listitem>
<para>
<literal>programs/browserpass.nix</literal>
</para>
</listitem>
<listitem>
<para>
<literal>programs/gnupg.nix</literal>
</para>
</listitem>
<listitem>
<para>
<literal>programs/qt5ct.nix</literal>
</para>
</listitem>
<listitem>
<para>
<literal>programs/slock.nix</literal>
</para>
</listitem>
<listitem>
<para>
<literal>programs/thefuck.nix</literal>
</para>
</listitem>
<listitem>
<para>
<literal>security/auditd.nix</literal>
</para>
</listitem>
<listitem>
<para>
<literal>security/lock-kernel-modules.nix</literal>
</para>
</listitem>
<listitem>
<para>
<literal>service-managers/docker.nix</literal>
</para>
</listitem>
<listitem>
<para>
<literal>service-managers/trivial.nix</literal>
</para>
</listitem>
<listitem>
<para>
<literal>services/admin/salt/master.nix</literal>
</para>
</listitem>
<listitem>
<para>
<literal>services/admin/salt/minion.nix</literal>
</para>
</listitem>
<listitem>
<para>
<literal>services/audio/slimserver.nix</literal>
</para>
</listitem>
<listitem>
<para>
<literal>services/cluster/kubernetes/default.nix</literal>
</para>
</listitem>
<listitem>
<para>
<literal>services/cluster/kubernetes/dns.nix</literal>
</para>
</listitem>
<listitem>
<para>
<literal>services/cluster/kubernetes/dashboard.nix</literal>
</para>
</listitem>
<listitem>
<para>
<literal>services/continuous-integration/hail.nix</literal>
</para>
</listitem>
<listitem>
<para>
<literal>services/databases/clickhouse.nix</literal>
</para>
</listitem>
<listitem>
<para>
<literal>services/databases/postage.nix</literal>
</para>
</listitem>
<listitem>
<para>
<literal>services/desktops/gnome3/gnome-disks.nix</literal>
</para>
</listitem>
<listitem>
<para>
<literal>services/desktops/gnome3/gpaste.nix</literal>
</para>
</listitem>
<listitem>
<para>
<literal>services/logging/SystemdJournal2Gelf.nix</literal>
</para>
</listitem>
<listitem>
<para>
<literal>services/logging/heartbeat.nix</literal>
</para>
</listitem>
<listitem>
<para>
<literal>services/logging/journalwatch.nix</literal>
</para>
</listitem>
<listitem>
<para>
<literal>services/logging/syslogd.nix</literal>
</para>
</listitem>
<listitem>
<para>
<literal>services/mail/mailhog.nix</literal>
</para>
</listitem>
<listitem>
<para>
<literal>services/mail/nullmailer.nix</literal>
</para>
</listitem>
<listitem>
<para>
<literal>services/misc/airsonic.nix</literal>
</para>
</listitem>
<listitem>
<para>
<literal>services/misc/autorandr.nix</literal>
</para>
</listitem>
<listitem>
<para>
<literal>services/misc/exhibitor.nix</literal>
</para>
</listitem>
<listitem>
<para>
<literal>services/misc/fstrim.nix</literal>
</para>
</listitem>
<listitem>
<para>
<literal>services/misc/gollum.nix</literal>
</para>
</listitem>
<listitem>
<para>
<literal>services/misc/irkerd.nix</literal>
</para>
</listitem>
<listitem>
<para>
<literal>services/misc/jackett.nix</literal>
</para>
</listitem>
<listitem>
<para>
<literal>services/misc/radarr.nix</literal>
</para>
</listitem>
<listitem>
<para>
<literal>services/misc/snapper.nix</literal>
</para>
</listitem>
<listitem>
<para>
<literal>services/monitoring/osquery.nix</literal>
</para>
</listitem>
<listitem>
<para>
<literal>services/monitoring/prometheus/collectd-exporter.nix</literal>
</para>
</listitem>
<listitem>
<para>
<literal>services/monitoring/prometheus/fritzbox-exporter.nix</literal>
</para>
</listitem>
<listitem>
<para>
<literal>services/network-filesystems/kbfs.nix</literal>
</para>
</listitem>
<listitem>
<para>
<literal>services/networking/dnscache.nix</literal>
</para>
</listitem>
<listitem>
<para>
<literal>services/networking/fireqos.nix</literal>
</para>
</listitem>
<listitem>
<para>
<literal>services/networking/iwd.nix</literal>
</para>
</listitem>
<listitem>
<para>
<literal>services/networking/keepalived/default.nix</literal>
</para>
</listitem>
<listitem>
<para>
<literal>services/networking/keybase.nix</literal>
</para>
</listitem>
<listitem>
<para>
<literal>services/networking/lldpd.nix</literal>
</para>
</listitem>
<listitem>
<para>
<literal>services/networking/matterbridge.nix</literal>
</para>
</listitem>
<listitem>
<para>
<literal>services/networking/squid.nix</literal>
</para>
</listitem>
<listitem>
<para>
<literal>services/networking/tinydns.nix</literal>
</para>
</listitem>
<listitem>
<para>
<literal>services/networking/xrdp.nix</literal>
</para>
</listitem>
<listitem>
<para>
<literal>services/security/shibboleth-sp.nix</literal>
</para>
</listitem>
<listitem>
<para>
<literal>services/security/sks.nix</literal>
</para>
</listitem>
<listitem>
<para>
<literal>services/security/sshguard.nix</literal>
</para>
</listitem>
<listitem>
<para>
<literal>services/security/torify.nix</literal>
</para>
</listitem>
<listitem>
<para>
<literal>services/security/usbguard.nix</literal>
</para>
</listitem>
<listitem>
<para>
<literal>services/security/vault.nix</literal>
</para>
</listitem>
<listitem>
<para>
<literal>services/system/earlyoom.nix</literal>
</para>
</listitem>
<listitem>
<para>
<literal>services/system/saslauthd.nix</literal>
</para>
</listitem>
<listitem>
<para>
<literal>services/web-apps/nexus.nix</literal>
</para>
</listitem>
<listitem>
<para>
<literal>services/web-apps/pgpkeyserver-lite.nix</literal>
</para>
</listitem>
<listitem>
<para>
<literal>services/web-apps/piwik.nix</literal>
</para>
</listitem>
<listitem>
<para>
<literal>services/web-servers/lighttpd/collectd.nix</literal>
</para>
</listitem>
<listitem>
<para>
<literal>services/web-servers/minio.nix</literal>
</para>
</listitem>
<listitem>
<para>
<literal>services/x11/display-managers/xpra.nix</literal>
</para>
</listitem>
<listitem>
<para>
<literal>services/x11/xautolock.nix</literal>
</para>
</listitem>
<listitem>
<para>
<literal>tasks/filesystems/bcachefs.nix</literal>
</para>
</listitem>
<listitem>
<para>
<literal>tasks/powertop.nix</literal>
</para>
</listitem>
</itemizedlist>
</section>
<section xml:id="sec-release-17.09-incompatibilities">
<title>Backward Incompatibilities</title>
<para>
When upgrading from a previous release, please be aware of the
following incompatible changes:
</para>
<itemizedlist>
<listitem>
<para>
<emphasis role="strong">In an Qemu-based virtualization
environment, the network interface names changed from i.e.
<literal>enp0s3</literal> to
<literal>ens3</literal>.</emphasis>
</para>
<para>
This is due to a kernel configuration change. The new naming
is consistent with those of other Linux distributions with
systemd. See
<link xlink:href="https://github.com/NixOS/nixpkgs/issues/29197">#29197</link>
for more information.
</para>
<para>
A machine is affected if the <literal>virt-what</literal> tool
either returns <literal>qemu</literal> or
<literal>kvm</literal> <emphasis>and</emphasis> has interface
names used in any part of its NixOS configuration, in
particular if a static network configuration with
<literal>networking.interfaces</literal> is used.
</para>
<para>
Before rebooting affected machines, please ensure:
</para>
<itemizedlist>
<listitem>
<para>
Change the interface names in your NixOS configuration.
The first interface will be called
<literal>ens3</literal>, the second one
<literal>ens8</literal> and starting from there
incremented by 1.
</para>
</listitem>
<listitem>
<para>
After changing the interface names, rebuild your system
with <literal>nixos-rebuild boot</literal> to activate the
new configuration after a reboot. If you switch to the new
configuration right away you might lose network
connectivity! If using <literal>nixops</literal>, deploy
with <literal>nixops deploy --force-reboot</literal>.
</para>
</listitem>
</itemizedlist>
</listitem>
<listitem>
<para>
The following changes apply if the
<literal>stateVersion</literal> is changed to 17.09 or higher.
For <literal>stateVersion = &quot;17.03&quot;</literal> or
lower the old behavior is preserved.
</para>
<itemizedlist>
<listitem>
<para>
The <literal>postgres</literal> default version was
changed from 9.5 to 9.6.
</para>
</listitem>
<listitem>
<para>
The <literal>postgres</literal> superuser name has changed
from <literal>root</literal> to
<literal>postgres</literal> to more closely follow what
other Linux distributions are doing.
</para>
</listitem>
<listitem>
<para>
The <literal>postgres</literal> default
<literal>dataDir</literal> has changed from
<literal>/var/db/postgres</literal> to
<literal>/var/lib/postgresql/$psqlSchema</literal> where
$psqlSchema is 9.6 for example.
</para>
</listitem>
<listitem>
<para>
The <literal>mysql</literal> default
<literal>dataDir</literal> has changed from
<literal>/var/mysql</literal> to
<literal>/var/lib/mysql</literal>.
</para>
</listitem>
<listitem>
<para>
Radicale's default package has changed from 1.x to 2.x.
Instructions to migrate can be found
<link xlink:href="http://radicale.org/1to2/"> here
</link>. It is also possible to use the newer version by
setting the <literal>package</literal> to
<literal>radicale2</literal>, which is done automatically
when <literal>stateVersion</literal> is 17.09 or higher.
The <literal>extraArgs</literal> option has been added to
allow passing the data migration arguments specified in
the instructions; see the <literal>radicale.nix</literal>
NixOS test for an example migration.
</para>
</listitem>
</itemizedlist>
</listitem>
<listitem>
<para>
The <literal>aiccu</literal> package was removed. This is due
to SixXS <link xlink:href="https://www.sixxs.net/main/">
sunsetting</link> its IPv6 tunnel.
</para>
</listitem>
<listitem>
<para>
The <literal>fanctl</literal> package and
<literal>fan</literal> module have been removed due to the
developers not upstreaming their iproute2 patches and lagging
with compatibility to recent iproute2 versions.
</para>
</listitem>
<listitem>
<para>
Top-level <literal>idea</literal> package collection was
renamed. All JetBrains IDEs are now at
<literal>jetbrains</literal>.
</para>
</listitem>
<listitem>
<para>
<literal>flexget</literal>'s state database cannot be upgraded
to its new internal format, requiring removal of any existing
<literal>db-config.sqlite</literal> which will be
automatically recreated.
</para>
</listitem>
<listitem>
<para>
The <literal>ipfs</literal> service now doesn't ignore the
<literal>dataDir</literal> option anymore. If you've ever set
this option to anything other than the default you'll have to
either unset it (so the default gets used) or migrate the old
data manually with
</para>
<programlisting>
dataDir=&lt;valueOfDataDir&gt;
mv /var/lib/ipfs/.ipfs/* $dataDir
rmdir /var/lib/ipfs/.ipfs
</programlisting>
</listitem>
<listitem>
<para>
The <literal>caddy</literal> service was previously using an
extra <literal>.caddy</literal> directory in the data
directory specified with the <literal>dataDir</literal>
option. The contents of the <literal>.caddy</literal>
directory are now expected to be in the
<literal>dataDir</literal>.
</para>
</listitem>
<listitem>
<para>
The <literal>ssh-agent</literal> user service is not started
by default anymore. Use
<literal>programs.ssh.startAgent</literal> to enable it if
needed. There is also a new
<literal>programs.gnupg.agent</literal> module that creates a
<literal>gpg-agent</literal> user service. It can also serve
as a SSH agent if <literal>enableSSHSupport</literal> is set.
</para>
</listitem>
<listitem>
<para>
The
<literal>services.tinc.networks.&lt;name&gt;.listenAddress</literal>
option had a misleading name that did not correspond to its
behavior. It now correctly defines the ip to listen for
incoming connections on. To keep the previous behaviour, use
<literal>services.tinc.networks.&lt;name&gt;.bindToAddress</literal>
instead. Refer to the description of the options for more
details.
</para>
</listitem>
<listitem>
<para>
<literal>tlsdate</literal> package and module were removed.
This is due to the project being dead and not building with
openssl 1.1.
</para>
</listitem>
<listitem>
<para>
<literal>wvdial</literal> package and module were removed.
This is due to the project being dead and not building with
openssl 1.1.
</para>
</listitem>
<listitem>
<para>
<literal>cc-wrapper</literal>'s setup-hook now exports a
number of environment variables corresponding to binutils
binaries, (e.g. <literal>LD</literal>,
<literal>STRIP</literal>, <literal>RANLIB</literal>, etc).
This is done to prevent packages' build systems guessing,
which is harder to predict, especially when cross-compiling.
However, some packages have broken due to this—their build
systems either not supporting, or claiming to support without
adequate testing, taking such environment variables as
parameters.
</para>
</listitem>
<listitem>
<para>
<literal>services.firefox.syncserver</literal> now runs by
default as a non-root user. To accomodate this change, the
default sqlite database location has also been changed.
Migration should work automatically. Refer to the description
of the options for more details.
</para>
</listitem>
<listitem>
<para>
The <literal>compiz</literal> window manager and package was
removed. The system support had been broken for several years.
</para>
</listitem>
<listitem>
<para>
Touchpad support should now be enabled through
<literal>libinput</literal> as <literal>synaptics</literal> is
now deprecated. See the option
<literal>services.xserver.libinput.enable</literal>.
</para>
</listitem>
<listitem>
<para>
grsecurity/PaX support has been dropped, following upstream's
decision to cease free support. See
<link xlink:href="https://grsecurity.net/passing_the_baton.php">
upstream's announcement</link> for more information. No
complete replacement for grsecurity/PaX is available
presently.
</para>
</listitem>
<listitem>
<para>
<literal>services.mysql</literal> now has declarative
configuration of databases and users with the
<literal>ensureDatabases</literal> and
<literal>ensureUsers</literal> options.
</para>
<para>
These options will never delete existing databases and users,
especially not when the value of the options are changed.
</para>
<para>
The MySQL users will be identified using
<link xlink:href="https://mariadb.com/kb/en/library/authentication-plugin-unix-socket/">
Unix socket authentication</link>. This authenticates the Unix
user with the same name only, and that without the need for a
password.
</para>
<para>
If you have previously created a MySQL <literal>root</literal>
user <emphasis>with a password</emphasis>, you will need to
add <literal>root</literal> user for unix socket
authentication before using the new options. This can be done
by running the following SQL script:
</para>
<programlisting language="SQL">
CREATE USER 'root'@'%' IDENTIFIED BY '';
GRANT ALL PRIVILEGES ON *.* TO 'root'@'%' WITH GRANT OPTION;
FLUSH PRIVILEGES;
-- Optionally, delete the password-authenticated user:
-- DROP USER 'root'@'localhost';
</programlisting>
</listitem>
<listitem>
<para>
<literal>services.mysqlBackup</literal> now works by default
without any user setup, including for users other than
<literal>mysql</literal>.
</para>
<para>
By default, the <literal>mysql</literal> user is no longer the
user which performs the backup. Instead a system account
<literal>mysqlbackup</literal> is used.
</para>
<para>
The <literal>mysqlBackup</literal> service is also now using
systemd timers instead of <literal>cron</literal>.
</para>
<para>
Therefore, the <literal>services.mysqlBackup.period</literal>
option no longer exists, and has been replaced with
<literal>services.mysqlBackup.calendar</literal>, which is in
the format of
<link xlink:href="https://www.freedesktop.org/software/systemd/man/systemd.time.html#Calendar%20Events">systemd.time(7)</link>.
</para>
<para>
If you expect to be sent an e-mail when the backup fails,
consider using a script which monitors the systemd journal for
errors. Regretfully, at present there is no built-in
functionality for this.
</para>
<para>
You can check that backups still work by running
<literal>systemctl start mysql-backup</literal> then
<literal>systemctl status mysql-backup</literal>.
</para>
</listitem>
<listitem>
<para>
Templated systemd services e.g
<literal>container@name</literal> are now handled currectly
when switching to a new configuration, resulting in them being
reloaded.
</para>
</listitem>
<listitem>
<para>
Steam: the <literal>newStdcpp</literal> parameter was removed
and should not be needed anymore.
</para>
</listitem>
<listitem>
<para>
Redis has been updated to version 4 which mandates a cluster
mass-restart, due to changes in the network handling, in order
to ensure compatibility with networks NATing traffic.
</para>
</listitem>
</itemizedlist>
</section>
<section xml:id="sec-release-17.09-notable-changes">
<title>Other Notable Changes</title>
<itemizedlist>
<listitem>
<para>
Modules can now be disabled by using
<link xlink:href="https://nixos.org/nixpkgs/manual/#sec-replace-modules">
disabledModules</link>, allowing another to take it's place.
This can be used to import a set of modules from another
channel while keeping the rest of the system on a stable
release.
</para>
</listitem>
<listitem>
<para>
Updated to FreeType 2.7.1, including a new TrueType engine.
The new engine replaces the Infinality engine which was the
default in NixOS. The default font rendering settings are now
provided by fontconfig-penultimate, replacing
fontconfig-ultimate; the new defaults are less invasive and
provide rendering that is more consistent with other systems
and hopefully with each font designer's intent. Some
system-wide configuration has been removed from the Fontconfig
NixOS module where user Fontconfig settings are available.
</para>
</listitem>
<listitem>
<para>
ZFS/SPL have been updated to 0.7.0,
<literal>zfsUnstable, splUnstable</literal> have therefore
been removed.
</para>
</listitem>
<listitem>
<para>
The <literal>time.timeZone</literal> option now allows the
value <literal>null</literal> in addition to timezone strings.
This value allows changing the timezone of a system
imperatively using
<literal>timedatectl set-timezone</literal>. The default
timezone is still UTC.
</para>
</listitem>
<listitem>
<para>
Nixpkgs overlays may now be specified with a file as well as a
directory. The value of
<literal>&lt;nixpkgs-overlays&gt;</literal> may be a file, and
<literal>~/.config/nixpkgs/overlays.nix</literal> can be used
instead of the <literal>~/.config/nixpkgs/overlays</literal>
directory.
</para>
<para>
See the overlays chapter of the Nixpkgs manual for more
details.
</para>
</listitem>
<listitem>
<para>
Definitions for <literal>/etc/hosts</literal> can now be
specified declaratively with
<literal>networking.hosts</literal>.
</para>
</listitem>
<listitem>
<para>
Two new options have been added to the installer loader, in
addition to the default having changed. The kernel log
verbosity has been lowered to the upstream default for the
default options, in order to not spam the console when e.g.
joining a network.
</para>
<para>
This therefore leads to adding a new <literal>debug</literal>
option to set the log level to the previous verbose mode, to
make debugging easier, but still accessible easily.
</para>
<para>
Additionally a <literal>copytoram</literal> option has been
added, which makes it possible to remove the install medium
after booting. This allows tethering from your phone after
booting from it.
</para>
</listitem>
<listitem>
<para>
<literal>services.gitlab-runner.configOptions</literal> has
been added to specify the configuration of gitlab-runners
declaratively.
</para>
</listitem>
<listitem>
<para>
<literal>services.jenkins.plugins</literal> has been added to
install plugins easily, this can be generated with
jenkinsPlugins2nix.
</para>
</listitem>
<listitem>
<para>
<literal>services.postfix.config</literal> has been added to
specify the main.cf with NixOS options. Additionally other
options have been added to the postfix module and has been
improved further.
</para>
</listitem>
<listitem>
<para>
The GitLab package and module have been updated to the latest
10.0 release.
</para>
</listitem>
<listitem>
<para>
The <literal>systemd-boot</literal> boot loader now lists the
NixOS version, kernel version and build date of all bootable
generations.
</para>
</listitem>
<listitem>
<para>
The dnscrypt-proxy service now defaults to using a random
upstream resolver, selected from the list of public
non-logging resolvers with DNSSEC support. Existing
configurations can be migrated to this mode of operation by
omitting the
<literal>services.dnscrypt-proxy.resolverName</literal> option
or setting it to <literal>&quot;random&quot;</literal>.
</para>
</listitem>
</itemizedlist>
</section>
</section>
View git blame Copy permalink