From cbb4575a18ecbda829b949306de38817d0b3495f Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Wed, 2 Dec 2020 10:58:05 +0100
Subject: [PATCH] Document existence of option

---
 doc/Changelog         | 4 ++++
 doc/FEATURES          | 1 +
 doc/TODO              | 1 -
 doc/unbound.conf.5.in | 5 +++++
 4 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/doc/Changelog b/doc/Changelog
index 30b8d34a1..d5121864e 100644
--- a/doc/Changelog
+++ b/doc/Changelog
@@ -1,3 +1,7 @@
+2 December 2020: Willem
+	- Support for RFC5001: DNS Name Server Identifier (NSID) Option
+	  with the nsid: option in unbound.conf
+
 1 December 2020: Wouter
 	- Fix #358: Squelch udp connect 'no route to host' errors on low
 	  verbosity.
diff --git a/doc/FEATURES b/doc/FEATURES
index 076988ea9..8d69aba9b 100644
--- a/doc/FEATURES
+++ b/doc/FEATURES
@@ -39,6 +39,7 @@ RFC 4343: case insensitive handling of domain names.
 RFC 4509: SHA256 DS hash.
 RFC 4592: wildcards.
 RFC 4697: No DNS Resolution Misbehavior.
+RFC 5001: DNS Name Server Identifier (NSID) Option
 RFC 5011: update of trust anchors with timers.
 RFC 5155: NSEC3, NSEC3PARAM types
 RFC 5358: reflectors-are-evil: access control list for recursive
diff --git a/doc/TODO b/doc/TODO
index a2690451a..839656154 100644
--- a/doc/TODO
+++ b/doc/TODO
@@ -14,7 +14,6 @@ o (option) store primed key data in a overlaid keyhints file (sort of like draft
 o windows version, auto update feature, a query to check for the version.
 o command the server with TSIG inband. get-config, clearcache, 
 	get stats, get memstats, get ..., reload, clear one zone from cache
-o NSID rfc 5001 support.
 o timers rfc 5011 support.
 o Treat YXDOMAIN from a DNAME properly, in iterator (not throwaway), validator.
 o make timeout backoffs randomized (a couple percent random) to spread traffic.
diff --git a/doc/unbound.conf.5.in b/doc/unbound.conf.5.in
index 38bbc44df..0423f6200 100644
--- a/doc/unbound.conf.5.in
+++ b/doc/unbound.conf.5.in
@@ -819,6 +819,11 @@ If enabled version.server and version.bind queries are refused.
 Set the version to report. If set to "", the default, then the package
 version is returned.
 .TP
+.B nsid:\fR <string>
+Add the specified nsid to the EDNS section of the answer when queried
+with an NSID EDNS enabled packet.  As a sequence of hex characters or
+with ascii_ prefix and then an ascii string.
+.TP
 .B hide\-trustanchor: \fI<yes or no>
 If enabled trustanchor.unbound queries are refused.
 .TP