From 81f3de4da2e4a35d04465471b436f8253719796f Mon Sep 17 00:00:00 2001 From: Yorgos Thessalonikefs Date: Tue, 3 Jun 2025 14:10:53 +0200 Subject: [PATCH] - Small man page corrections for the 'disable-dnssec-lame-check' option. --- doc/Changelog | 3 +++ doc/unbound.conf.rst | 4 ++-- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/doc/Changelog b/doc/Changelog index b86a04524..2209c5e29 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -1,3 +1,6 @@ +3 June 2025: Yorgos + - Small manpage corrections for the 'disable-dnssec-lame-check' option. + 21 May 2025: Wouter - Fix #1288: [FR] Improve fuzzing of unbound by adapting the netbound program. diff --git a/doc/unbound.conf.rst b/doc/unbound.conf.rst index 3e02cb6e2..80a62309d 100644 --- a/doc/unbound.conf.rst +++ b/doc/unbound.conf.rst @@ -2025,8 +2025,8 @@ These options are part of the **server:** clause. @@UAHL@unbound.conf@disable-dnssec-lame-check@@: ** - If true, disables the DNSSEC lameness check in the iterator. - This check sees if RRSIGs are present in the answer, when dnssec is + If yes, disables the DNSSEC lameness check in the iterator. + This check sees if RRSIGs are present in the answer, when DNSSEC is expected, and retries another authority if RRSIGs are unexpectedly missing. The validator will insist in RRSIGs for DNSSEC signed domains regardless of this setting, if a trust anchor is loaded. -- 2.47.3