upstream/unbound
1
0
Fork 0
mirror of https://github.com/NLnetLabs/unbound.git synced 2025-12-20 23:00:56 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

- Fix #3727: Protocol name is TLS, options have been renamed but

Browse source 
documentation is not consistent.


git-svn-id: file:///svn/unbound/trunk@4578 be551aaa-1e26-0410-a405-d3ace91eadb9
This commit is contained in:
Wouter Wijngaards 2018-03-12 12:35:53 +00:00
parent 3a7d4d7c8d
commit a48abc2f8b
3 changed files with 13 additions and 11 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
doc/Changelog
View file

@ -1,6 +1,8 @@
12 March 2018: Wouter 12 March 2018: Wouter
- Added documentation for aggressive-nsec: yes. - Added documentation for aggressive-nsec: yes.
- tag 1.7.0rc3. - tag 1.7.0rc3.
- Fix #3727: Protocol name is TLS, options have been renamed but
documentation is not consistent.
9 March 2018: Wouter 9 March 2018: Wouter
- Fix #3598: Fix swig build issue on rhel6 based system. - Fix #3598: Fix swig build issue on rhel6 based system.

6
doc/example.conf.in
View file

@ -664,14 +664,14 @@ server:
# add a netblock specific override to a localzone, with zone type # add a netblock specific override to a localzone, with zone type
# local-zone-override: "example.com" 192.0.2.0/24 refuse # local-zone-override: "example.com" 192.0.2.0/24 refuse
# service clients over SSL (on the TCP sockets), with plain DNS inside # service clients over TLS (on the TCP sockets), with plain DNS inside
# the SSL stream. Give the certificate to use and private key. # the TLS stream. Give the certificate to use and private key.
# default is "" (disabled). requires restart to take effect. # default is "" (disabled). requires restart to take effect.
# tls-service-key: "path/to/privatekeyfile.key" # tls-service-key: "path/to/privatekeyfile.key"
# tls-service-pem: "path/to/publiccertfile.pem" # tls-service-pem: "path/to/publiccertfile.pem"
# tls-port: 853 # tls-port: 853
# request upstream over SSL (with plain DNS inside the SSL stream). # request upstream over TLS (with plain DNS inside the TLS stream).
# Default is no. Can be turned on and off with unbound-control. # Default is no. Can be turned on and off with unbound-control.
# tls-upstream: no # tls-upstream: no

16
doc/unbound.conf.5.in
View file

@ -399,8 +399,8 @@ change anything. Useful for TLS service providers, that want no udp downstream
but use udp to fetch data upstream. but use udp to fetch data upstream.
.TP .TP
.B tls\-upstream: \fI<yes or no> .B tls\-upstream: \fI<yes or no>
Enabled or disable whether the upstream queries use SSL only for transport. Enabled or disable whether the upstream queries use TLS only for transport.
Default is no. Useful in tunneling scenarios. The SSL contains plain DNS in Default is no. Useful in tunneling scenarios. The TLS contains plain DNS in
TCP wireformat. The other server must support this (see TCP wireformat. The other server must support this (see
\fBtls\-service\-key\fR). \fBtls\-service\-key\fR).
.TP .TP
@ -409,7 +409,7 @@ Alternate syntax for \fBtls\-upstream\fR. If both are present in the config
file the last is used. file the last is used.
.TP .TP
.B tls\-service\-key: \fI<file> .B tls\-service\-key: \fI<file>
If enabled, the server provider SSL service on its TCP sockets. The clients If enabled, the server provider TLS service on its TCP sockets. The clients
have to use tls\-upstream: yes. The file is the private key for the TLS have to use tls\-upstream: yes. The file is the private key for the TLS
session. The public certificate is in the tls\-service\-pem file. Default session. The public certificate is in the tls\-service\-pem file. Default
is "", turned off. Requires a restart (a reload is not enough) if changed, is "", turned off. Requires a restart (a reload is not enough) if changed,
@ -429,8 +429,8 @@ turned off.
Alternate syntax for \fBtls\-service\-pem\fR. Alternate syntax for \fBtls\-service\-pem\fR.
.TP .TP
.B tls\-port: \fI<number> .B tls\-port: \fI<number>
The port number on which to provide TCP SSL service, default 853, only The port number on which to provide TCP TLS service, default 853, only
interfaces configured with that port number as @number get the SSL service. interfaces configured with that port number as @number get the TLS service.
.TP .TP
.B ssl\-port: \fI<number> .B ssl\-port: \fI<number>
Alternate syntax for \fBtls\-port\fR. Alternate syntax for \fBtls\-port\fR.
@ -1310,7 +1310,7 @@ In the
clause are the declarations for the remote control facility. If this is clause are the declarations for the remote control facility. If this is
enabled, the \fIunbound\-control\fR(8) utility can be used to send enabled, the \fIunbound\-control\fR(8) utility can be used to send
commands to the running unbound server. The server uses these clauses commands to the running unbound server. The server uses these clauses
to setup SSLv3 / TLSv1 security for the connection. The to setup TLSv1 security for the connection. The
\fIunbound\-control\fR(8) utility also reads the \fBremote\-control\fR \fIunbound\-control\fR(8) utility also reads the \fBremote\-control\fR
section for options. To setup the correct self\-signed certificates use the section for options. To setup the correct self\-signed certificates use the
\fIunbound\-control\-setup\fR(8) utility. \fIunbound\-control\-setup\fR(8) utility.
@ -1416,7 +1416,7 @@ the servers are unreachable, instead it is tried without this clause.
The default is no. The default is no.
.TP .TP
.B stub\-tls\-upstream: \fI<yes or no> .B stub\-tls\-upstream: \fI<yes or no>
Enabled or disable whether the queries to this stub use SSL for transport. Enabled or disable whether the queries to this stub use TLS for transport.
Default is no. Default is no.
.TP .TP
.B stub\-ssl\-upstream: \fI<yes or no> .B stub\-ssl\-upstream: \fI<yes or no>
@ -1456,7 +1456,7 @@ the servers are unreachable, instead it is tried without this clause.
The default is no. The default is no.
.TP .TP
.B forward\-tls\-upstream: \fI<yes or no> .B forward\-tls\-upstream: \fI<yes or no>
Enabled or disable whether the queries to this forwarder use SSL for transport. Enabled or disable whether the queries to this forwarder use TLS for transport.
Default is no. Default is no.
.TP .TP
.B forward\-ssl\-upstream: \fI<yes or no> .B forward\-ssl\-upstream: \fI<yes or no>