.UNINDENT
.INDENT 0.0
.TP
+.B num.valops
+The number of validation operations performed by the validator.
+Increased for every RRSIG verification operation regardless of the
+validation result.
+The RRSIG and key combination needs to first pass some sanity checks before
+Unbound even performs the verification, e.g., length/protocol checks.
+.UNINDENT
+.INDENT 0.0
+.TP
.B unwanted.queries
Number of queries that were refused or dropped because they failed the
access control settings.
This could happen if the host has not been able to service the queries for
a while, i.e. Unbound is not running, and then is enabled again.
It uses timestamp socket options.
+The socket option is available on the Linux and FreeBSD platforms.
.sp
Default: 0 (disabled)
.UNINDENT
.INDENT 0.0
.TP
.B disable\-dnssec\-lame\-check: \fI<yes or no>\fP
-If true, disables the DNSSEC lameness check in the iterator.
-This check sees if RRSIGs are present in the answer, when dnssec is
+If yes, disables the DNSSEC lameness check in the iterator.
+This check sees if RRSIGs are present in the answer, when DNSSEC is
expected, and retries another authority if RRSIGs are unexpectedly missing.
The validator will insist in RRSIGs for DNSSEC signed domains regardless of
this setting, if a trust anchor is loaded.
.B ede: \fI<yes or no>\fP
If enabled, Unbound will respond with Extended DNS Error codes
(\fI\%RFC 8914\fP).
-These EDEs privide additional information with a response mainly for, but
+These EDEs provide additional information with a response mainly for, but
not limited to, DNS and DNSSEC errors.
.sp
When the \fI\%val\-log\-level\fP option is also
projects / thirdparty / unbound.git / commitdiff
