upstream/unbound
1
0
Fork 0
mirror of https://github.com/NLnetLabs/unbound.git synced 2025-12-20 23:00:56 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

- Fix #425: Document auth-zone supports communication with DNS primary

Browse source 
on nondefault port.
This commit is contained in:
George Thessalonikefs 2021-06-07 16:02:41 +02:00
parent 553d1c78ef
commit df53badfa2
2 changed files with 14 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
doc/Changelog
View file

@ -1,6 +1,8 @@
7 June 2021: George 7 June 2021: George
- Merge #448 from shoeper: Update unbound-control.8.in, fix - Merge #448 from shoeper: Update unbound-control.8.in, fix
rpz_disable typo. rpz_disable typo.
- Fix #425: Document auth-zone supports communication with DNS
primary on nondefault port.
1 June 2021: George 1 June 2021: George
- Fix test for zonemd-check option. - Fix test for zonemd-check option.

13
doc/unbound.conf.5.in
View file

@ -1923,7 +1923,9 @@ Name of the authority zone.
.B primary: \fI<IP address or host name> .B primary: \fI<IP address or host name>
Where to download a copy of the zone from, with AXFR and IXFR. Multiple Where to download a copy of the zone from, with AXFR and IXFR. Multiple
primaries can be specified. They are all tried if one fails. primaries can be specified. They are all tried if one fails.
With the "ip#name" notation a AXFR over TLS can be used. To use a nondefault port for DNS communication append '@' with the port number.
You can append a '#' and a name, then AXFR over TLS can be used and the tls authentication certificates will be checked with that name. If you combine
the '@' and '#', the '@' comes first.
If you point it at another Unbound instance, it would not work because If you point it at another Unbound instance, it would not work because
that does not support AXFR/IXFR for the zone, but if you used \fBurl:\fR to download that does not support AXFR/IXFR for the zone, but if you used \fBurl:\fR to download
the zonefile as a text file from a webserver that would work. the zonefile as a text file from a webserver that would work.
@ -2500,6 +2502,15 @@ Name of the authority zone.
.B primary: \fI<IP address or host name> .B primary: \fI<IP address or host name>
Where to download a copy of the zone from, with AXFR and IXFR. Multiple Where to download a copy of the zone from, with AXFR and IXFR. Multiple
primaries can be specified. They are all tried if one fails. primaries can be specified. They are all tried if one fails.
To use a nondefault port for DNS communication append '@' with the port number.
You can append a '#' and a name, then AXFR over TLS can be used and the tls authentication certificates will be checked with that name. If you combine
the '@' and '#', the '@' comes first.
If you point it at another Unbound instance, it would not work because
that does not support AXFR/IXFR for the zone, but if you used \fBurl:\fR to download
the zonefile as a text file from a webserver that would work.
If you specify the hostname, you cannot use the domain from the zonefile,
because it may not have that when retrieving that data, instead use a plain
IP address to avoid a circular dependency on retrieving that IP address.
.TP .TP
.B master: \fI<IP address or host name> .B master: \fI<IP address or host name>
Alternate syntax for \fBprimary\fR. Alternate syntax for \fBprimary\fR.