From: Wouter Wijngaards Date: Thu, 31 Jan 2019 09:37:06 +0000 (+0000) Subject: - improve documentation for forward-first. X-Git-Tag: release-1.9.1rc1~36 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=91f585ed387d2d25349331ab2d4c2d3370e2e0a6;p=thirdparty%2Funbound.git - improve documentation for forward-first. git-svn-id: file:///svn/unbound/trunk@5092 be551aaa-1e26-0410-a405-d3ace91eadb9 --- diff --git a/doc/Changelog b/doc/Changelog index 2c445b08b..d67fbbf55 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -1,7 +1,7 @@ 31 January 2019: Wouter - Set ub_ctx_set_tls call signature in ltrace config file for libunbound in contrib/libunbound.so.conf. - - improve documentation for tls-service-key. + - improve documentation for tls-service-key and forward-first. 30 January 2019: Ralph - Fix case in which query timeout can result in marking delegation diff --git a/doc/unbound.conf.5.in b/doc/unbound.conf.5.in index 71bc27f6a..9bfd729c1 100644 --- a/doc/unbound.conf.5.in +++ b/doc/unbound.conf.5.in @@ -1618,10 +1618,9 @@ name is accepted. The cert must also match a CA from the tls\-cert\-bundle. The cert name match code needs OpenSSL 1.1.0 or later to be enabled. .TP .B forward\-first: \fI -If enabled, a query is attempted without the forward clause if it fails. -The data could not be retrieved and would have caused SERVFAIL because -the servers are unreachable, instead it is tried without this clause. -The default is no. +If a forwarded query is met with a SERVFAIL error, and this option is +enabled, unbound will fall back to normal recursive resolution for this +query as if no query forwarding had been specified. The default is "no". .TP .B forward\-tls\-upstream: \fI Enabled or disable whether the queries to this forwarder use TLS for transport.