docs: fix padding descriptions

Mentioning just answers is misleading.  Padding is very important
for queries as well; for us that applies during forwarding over TLS.

Also describe /tls/auto_discovery as experimental in the
configuration  schema.  It's a rather dead experiment from long ago.
I hope it can't be confused with more recent things like
https://datatracker.ietf.org/doc/draft-ietf-dprive-unilateral-probing/

diff --git a/daemon/bindings/net_tlssrv.rst b/daemon/bindings/net_tlssrv.rst
index f496cd70ee82f872d598b072793db1beb076ae4d..96391e2321ee060c1c2ca9baa19b9103152d3229 100644 (file)
--- a/daemon/bindings/net_tlssrv.rst
+++ b/daemon/bindings/net_tlssrv.rst
@@ -155,8 +155,8 @@ by a trusted CA. This is done using function :c:func:`net.tls()`.
 
 .. function:: net.tls_padding([true | false])
 
-   Get/set EDNS(0) padding of answers to queries that arrive over TLS
-   transport.  If set to `true` (the default), it will use a sensible
+   Get/set EDNS(0) padding of queries and answers sent over an encrypted
+   channel.  If set to `true` (the default), it will use a sensible
    default padding scheme, as implemented by libknot if available at
    compile time.  If set to a numeric value >= 2 it will pad the
    answers to nearest *padding* boundary, e.g. if set to `64`, the

diff --git a/doc/config-network-server-tls.rst b/doc/config-network-server-tls.rst
index 75175d4add68180d1a9a3924142952cdb3816b9c..b74617540ef8bdf443e5e4dde015bbdc0120471d 100644 (file)
--- a/doc/config-network-server-tls.rst
+++ b/doc/config-network-server-tls.rst
@@ -157,8 +157,8 @@ For serious deployments it is strongly recommended to configure your own TLS cer
 
       :default: true
 
-      EDNS(0) padding of answers to queries that arrive over TLS
-      transport.  If set to ``true`` (the default), it will use a sensible
+      EDNS(0) padding of answers of queries and answers sent over an encrypted
+      channel.  If set to ``true`` (the default), it will use a sensible
       default padding scheme, as implemented by libknot if available at
       compile time.  If set to a numeric value >= 2 it will pad the
       answers to nearest *padding* boundary, e.g. if set to ``64``, the

diff --git a/manager/knot_resolver_manager/datamodel/network_schema.py b/manager/knot_resolver_manager/datamodel/network_schema.py
index e59fe4137e1d71dee836bcc7197e57e58af111d7..289104b82dd4d069095e9556677b48e391c372af 100644 (file)
--- a/manager/knot_resolver_manager/datamodel/network_schema.py
+++ b/manager/knot_resolver_manager/datamodel/network_schema.py
@@ -58,8 +58,8 @@ class TLSSchema(ConfigSchema):
     key_file: Path to certificate key file.
     sticket_secret: Secret for TLS session resumption via tickets. (RFC 5077).
     sticket_secret_file: Path to file with secret for TLS session resumption via tickets. (RFC 5077).
-    auto_discovery: Automatic discovery of authoritative servers supporting DNS-over-TLS.
-    padding: EDNS(0) padding of answers to queries that arrive over TLS transport.
+    auto_discovery: Experimental automatic discovery of authoritative servers supporting DNS-over-TLS.
+    padding: EDNS(0) padding of queries and answers sent over an encrypted channel.
     """
 
     cert_file: Optional[File] = None