diff --git a/doc/Changelog b/doc/Changelog index 5582fc8c4..17b12330a 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -1,6 +1,7 @@ 6 January 2020: Wouter - Merge #135 from Florian Obser: Use passed in neg and key cache if non-NULL. + - Fix #140: Document slave not downloading new zonefile upon update. 16 December 2019: George - Update mailing list URL. diff --git a/doc/unbound.conf.5.in b/doc/unbound.conf.5.in index 4bdfcd56b..a4d925499 100644 --- a/doc/unbound.conf.5.in +++ b/doc/unbound.conf.5.in @@ -1680,6 +1680,12 @@ Name of the authority zone. Where to download a copy of the zone from, with AXFR and IXFR. Multiple masters can be specified. They are all tried if one fails. With the "ip#name" notation a AXFR over TLS can be used. +If you point it at another Unbound instance, it would not work because +that does not support AXFR/IXFR for the zone, but if you used \fBurl:\fR to download +the zonefile as a text file from a webserver that would work. +If you specify the hostname, you cannot use the domain from the zonefile, +because it may not have that when retrieving that data, instead use a plain +IP address to avoid a circular dependency on retrieving that IP address. .TP .B url: \fI Where to download a zonefile for the zone. With http or https. An example @@ -1691,6 +1697,10 @@ see if the SOA serial number has changed, reducing the number of downloads. If none of the urls work, the masters are tried with IXFR and AXFR. For https, the \fBtls\-cert\-bundle\fR and the hostname from the url are used to authenticate the connection. +If you specify a hostname in the URL, you cannot use the domain from the +zonefile, because it may not have that when retrieving that data, instead +use a plain IP address to avoid a circular dependency on retrieving that IP +address. Avoid dependencies on name lookups by using a notation like "http://192.0.2.1/unbound-master/example.com.zone", with an explicit IP address. .TP .B allow\-notify: \fI With allow\-notify you can specify additional sources of notifies.