From: Otto <otto.moerbeek@open-xchange.com>
Date: Mon, 15 Feb 2021 14:35:33 +0000 (+0100)
Subject: Document trace=fail better and warn against its shortcomings.
X-Git-Tag: dnsdist-1.6.0-alpha2~32^2
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=4305f45c2f5a08db57f28bc978d73799565156b7;p=thirdparty%2Fpdns.git

Document trace=fail better and warn against its shortcomings.
---

diff --git a/pdns/recursordist/docs/settings.rst b/pdns/recursordist/docs/settings.rst
index 022f60ee31..9c20148231 100644
--- a/pdns/recursordist/docs/settings.rst
+++ b/pdns/recursordist/docs/settings.rst
@@ -1754,11 +1754,13 @@ Spawn this number of threads on startup.
 
 ``trace``
 ---------
--  Boolean
--  Default: no
+-  String, one of ``no``, ``yes`` or ``fail``
+-  Default: ``no``
 
 If turned on, output impressive heaps of logging.
 May destroy performance under load.
+To log only queries resulting in a ``ServFail`` answer from the resolving process, this value can be set to ``fail``, but note that the performance impact is still large.
+Also note that queries that do produce a result but with a failing DNSSEC validation are not written to the log
 
 .. _setting-udp-source-port-min: