From abbb5c0f6d2a003ab818f834b74b2e5738070e36 Mon Sep 17 00:00:00 2001
From: Ralph Dolmans <ralph@nlnetlabs.nl>
Date: Wed, 7 Aug 2019 14:53:23 +0200
Subject: [PATCH] Update RPZ man page and example.conf

---
 doc/example.conf.in   | 8 +++++---
 doc/unbound.conf.5.in | 9 ++++++---
 2 files changed, 11 insertions(+), 6 deletions(-)

diff --git a/doc/example.conf.in b/doc/example.conf.in
index be1606fa1..987dfebdd 100644
--- a/doc/example.conf.in
+++ b/doc/example.conf.in
@@ -993,9 +993,11 @@ remote-control:
 #     redis-timeout: 100
 
 # Response Policy Zones
-# RPZ policies. Applied in order of configuration. QNAME trigger is the only
-# supported trigger. Supported actions are: NXDOMAIN, NODATA, PASSTHRU, DROP and
-# Local Data. Policy can be loaded from file or using zone transfer.
+# RPZ policies. Applied in order of configuration. QNAME and Response IP
+# Address trigger are the only supported triggers. Supported actions are:
+# NXDOMAIN, NODATA, PASSTHRU, DROP and Local Data. Polices can be loaded from
+# file or using zone transfer. The respip module needs to be added to the
+# module-config, e.g.: module-config: "respip validator iterator".
 # rpz:
 #     name: "rpz.example.com"
 #     zonefile: "rpz.example.com"
diff --git a/doc/unbound.conf.5.in b/doc/unbound.conf.5.in
index cee2393b4..edbaa601c 100644
--- a/doc/unbound.conf.5.in
+++ b/doc/unbound.conf.5.in
@@ -2077,10 +2077,13 @@ This option defaults to 100 milliseconds.
 .LP
 Response Policy Zones are configured with \fBrpz:\fR, and each one must have a
 \fBname:\fR. There can be multiple ones, by listing multiple rpz clauses, each
-with a different name. RPZ clauses are applied in order of configuration.
+with a different name. RPZ clauses are applied in order of configuration. The
+\fBrespip\fR module needs to be added to the \fBmodule-config\fR, e.g.:
+\fBmodule-config: "respip validator itarator"\fR.
 .P
-Only the QNAME trigger is supported. The supported RPZ actions are: NXDOMAIN,
-NODATA, PASSTHRU, DROP and Local Data. RPZ QNAME triggers are applied after
+Only the QNAME and Response IP Address triggers are supported. The supported RPZ
+actions are: NXDOMAIN, NODATA, PASSTHRU, DROP and Local Data. RPZ QNAME triggers
+are applied after
 \fBlocal-zones\fR and before \fBauth-zones\fR.
 .TP
 .B name: \fI<zone name>