From: Yorgos Thessalonikefs Date: Fri, 3 Oct 2025 09:27:26 +0000 (+0200) Subject: - Note 'respip' and 'dns64' module order in the unbound.conf X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=e017d66fc1994095f896a0cbd9c4846f8dcdbae9;p=thirdparty%2Funbound.git - Note 'respip' and 'dns64' module order in the unbound.conf man page. --- diff --git a/doc/Changelog b/doc/Changelog index d027c8ba1..28b86fb45 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -1,3 +1,7 @@ +3 October 2025: Yorgos + - Note 'respip' and 'dns64' module order in the unbound.conf + man page. + 2 October 2025: Wouter - Fix that https is set up as enabled when the port is listed in interface-automatic-ports. Also for the set up of quic it is diff --git a/doc/unbound.conf.rst b/doc/unbound.conf.rst index f9f2dea8a..22c53620a 100644 --- a/doc/unbound.conf.rst +++ b/doc/unbound.conf.rst @@ -3959,6 +3959,13 @@ and be compiled into the daemon to be enabled. .. note:: These settings go in the :ref:`server:` section. +.. note:: + If combining the ``respip`` and ``dns64`` modules, the ``respip`` module + needs to appear before the ``dns64`` module in the + :ref:`module-config` + configuration option so that response IP and/or RPZ feeds can properly + filter responses regardless of DNS64 synthesis. + @@UAHL@unbound.conf.dns64@dns64-prefix@@: ** This sets the DNS64 prefix to use to synthesize AAAA records with. @@ -4777,6 +4784,13 @@ The respip module needs to be added to the module-config: "respip validator iterator" +.. note:: + If combining the ``respip`` and ``dns64`` modules, the ``respip`` module + needs to appear before the ``dns64`` module in the + :ref:`module-config` + configuration option so that response IP and/or RPZ feeds can properly + filter responses regardless of DNS64 synthesis. + QNAME, Response IP Address, nsdname, nsip and clientip triggers are supported. Supported actions are: NXDOMAIN, NODATA, PASSTHRU, DROP, Local Data, tcp-only and drop.