Update RPZ man page and example.conf

2026-01-03 21:39:36 -05:00 · 2019-08-07 14:53:23 +02:00 · 2019-08-07 14:53:23 +02:00 · abbb5c0f6d
commit abbb5c0f6d
parent 0987a82877
2 changed files with 11 additions and 6 deletions
--- a/doc/example.conf.in
+++ b/doc/example.conf.in
@ -993,9 +993,11 @@ remote-control:
 #     redis-timeout: 100

 # Response Policy Zones
-# RPZ policies. Applied in order of configuration. QNAME trigger is the only
-# supported trigger. Supported actions are: NXDOMAIN, NODATA, PASSTHRU, DROP and
-# Local Data. Policy can be loaded from file or using zone transfer.
+# RPZ policies. Applied in order of configuration. QNAME and Response IP
+# Address trigger are the only supported triggers. Supported actions are:
+# NXDOMAIN, NODATA, PASSTHRU, DROP and Local Data. Polices can be loaded from
+# file or using zone transfer. The respip module needs to be added to the
+# module-config, e.g.: module-config: "respip validator iterator".
 # rpz:
 #     name: "rpz.example.com"
 #     zonefile: "rpz.example.com"
--- a/doc/unbound.conf.5.in
+++ b/doc/unbound.conf.5.in
@ -2077,10 +2077,13 @@ This option defaults to 100 milliseconds.
 .LP
 Response Policy Zones are configured with \fBrpz:\fR, and each one must have a
 \fBname:\fR. There can be multiple ones, by listing multiple rpz clauses, each
-with a different name. RPZ clauses are applied in order of configuration.
+with a different name. RPZ clauses are applied in order of configuration. The
+\fBrespip\fR module needs to be added to the \fBmodule-config\fR, e.g.:
+\fBmodule-config: "respip validator itarator"\fR.
 .P
-Only the QNAME trigger is supported. The supported RPZ actions are: NXDOMAIN,
-NODATA, PASSTHRU, DROP and Local Data. RPZ QNAME triggers are applied after
+Only the QNAME and Response IP Address triggers are supported. The supported RPZ
+actions are: NXDOMAIN, NODATA, PASSTHRU, DROP and Local Data. RPZ QNAME triggers
+are applied after
 \fBlocal-zones\fR and before \fBauth-zones\fR.
 .TP
 .B name: \fI<zone name>