- Document in the manual more text about configuring locally served

zones.


git-svn-id: file:///svn/unbound/trunk@3465 be551aaa-1e26-0410-a405-d3ace91eadb9

doc/Changelog

@@ -1,3 +1,7 @@
+3 August 2015: Wouter
+	- Document in the manual more text about configuring locally served
+	  zones.
+
 30 July 2015: Wouter
 	- please afl-gcc (llvm) for uninitialised variable warning.
 	- Added permit-small-holddown config to debug fast 5011 rollover.

doc/example.conf.in

@@ -626,6 +626,8 @@ remote-control:
 # nameservers by hostname or by ipaddress. If you set stub-prime to yes, 
 # the list is treated as priming hints (default is no).
 # With stub-first yes, it attempts without the stub if it fails.
+# Consider adding domain-insecure: name and local-zone: name nodefault
+# to the server: section if the stub is a locally served zone.
 # stub-zone:
 #	name: "example.com"
 #	stub-addr: 192.0.2.68

doc/unbound.conf.5.in

@@ -1128,6 +1128,12 @@ bit on replies for the private zone (authoritative servers do not set the
 AD bit).  This setup makes unbound capable of answering queries for the 
 private zone, and can even set the AD bit ('authentic'), but the AA 
 ('authoritative') bit is not set on these replies. 
+.P
+Consider adding \fBserver:\fR statements for \fBdomain\-insecure:\fR and
+for \fBlocal\-zone:\fI name nodefault\fR for the zone if it is a locally
+served zone.  The insecure clause stops DNSSEC from invalidating the
+zone.  The local zone nodefault (or \fItransparent\fR) clause makes the
+(reverse\-) zone bypass unbound's filtering of RFC1918 zones.
 .TP
 .B name: \fI<domain name>
 Name of the stub zone.