upstream/unbound
1
0
Fork 0
mirror of https://github.com/NLnetLabs/unbound.git synced 2025-12-20 23:00:56 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

- Fix #425: Document auth-zone supports communication with DNS primary

Browse source 
on nondefault port.
This commit is contained in:
George Thessalonikefs 2021-06-07 16:02:41 +02:00
parent 553d1c78ef
commit df53badfa2
2 changed files with 14 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
doc/Changelog
View file

@ -1,6 +1,8 @@
7 June 2021: George
- Merge #448 from shoeper: Update unbound-control.8.in, fix
rpz_disable typo.
- Fix #425: Document auth-zone supports communication with DNS
primary on nondefault port.
1 June 2021: George
- Fix test for zonemd-check option.

13
doc/unbound.conf.5.in
View file

@ -1923,7 +1923,9 @@ Name of the authority zone.
.B primary: \fI<IP address or host name>
Where to download a copy of the zone from, with AXFR and IXFR. Multiple
primaries can be specified. They are all tried if one fails.
With the "ip#name" notation a AXFR over TLS can be used.
To use a nondefault port for DNS communication append '@' with the port number.
You can append a '#' and a name, then AXFR over TLS can be used and the tls authentication certificates will be checked with that name. If you combine
the '@' and '#', the '@' comes first.
If you point it at another Unbound instance, it would not work because
that does not support AXFR/IXFR for the zone, but if you used \fBurl:\fR to download
the zonefile as a text file from a webserver that would work.
@ -2500,6 +2502,15 @@ Name of the authority zone.
.B primary: \fI<IP address or host name>
Where to download a copy of the zone from, with AXFR and IXFR. Multiple
primaries can be specified. They are all tried if one fails.
To use a nondefault port for DNS communication append '@' with the port number.
You can append a '#' and a name, then AXFR over TLS can be used and the tls authentication certificates will be checked with that name. If you combine
the '@' and '#', the '@' comes first.
If you point it at another Unbound instance, it would not work because
that does not support AXFR/IXFR for the zone, but if you used \fBurl:\fR to download
the zonefile as a text file from a webserver that would work.
If you specify the hostname, you cannot use the domain from the zonefile,
because it may not have that when retrieving that data, instead use a plain
IP address to avoid a circular dependency on retrieving that IP address.
.TP
.B master: \fI<IP address or host name>
Alternate syntax for \fBprimary\fR.