From fe6eb5f665f2e8d9dd6fd4352cb16541aaeaa92c Mon Sep 17 00:00:00 2001 From: Wouter Wijngaards Date: Mon, 7 Jan 2019 10:52:08 +0000 Subject: [PATCH] - Document interaction between the tls-upstream option in the server section and forward-tls-upstream option in the forward-zone sections. git-svn-id: file:///svn/unbound/trunk@5027 be551aaa-1e26-0410-a405-d3ace91eadb9 --- doc/Changelog | 2 ++ doc/unbound.conf.5.in | 2 ++ 2 files changed, 4 insertions(+) diff --git a/doc/Changelog b/doc/Changelog index a640c50f0..602ae39c3 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -1,6 +1,8 @@ 7 January 2018: Wouter - On FreeBSD warn if systcl settings do not allow server TCP FASTOPEN, and server tcp fastopen is enabled at compile time. + - Document interaction between the tls-upstream option in the server + section and forward-tls-upstream option in the forward-zone sections. 12 December 2018: Wouter - Fix for crash in dns64 module if response is null. diff --git a/doc/unbound.conf.5.in b/doc/unbound.conf.5.in index 0acce72ac..c18616273 100644 --- a/doc/unbound.conf.5.in +++ b/doc/unbound.conf.5.in @@ -440,6 +440,8 @@ TCP wireformat. The other server must support this (see \fBtls\-service\-key\fR). If you enable this, also configure a tls\-cert\-bundle or use tls\-win\-cert to load CA certs, otherwise the connections cannot be authenticated. +This option enables TLS for all of them, but if you do not set this you can +configure TLS specifically for some forward zones with forward\-tls\-upstream. And also with stub\-tls\-upstream. .TP .B ssl\-upstream: \fI Alternate syntax for \fBtls\-upstream\fR. If both are present in the config -- 2.47.3