doc updates

git-svn-id: file:///svn/unbound/trunk@1304 be551aaa-1e26-0410-a405-d3ace91eadb9

diff --git a/doc/Changelog b/doc/Changelog
index 60ea99829307780af9b11c46a77d497e53536fb6..4ef7bf16d861e5cf46fef70dc49a1a6d080ee65e 100644 (file)
--- a/doc/Changelog
+++ b/doc/Changelog
@@ -1,3 +1,6 @@
+15 October 2008: Wouter
+       - better documentation for 0x20; remove fallback TODO, it is done.
+
 14 October 2008: Wouter
        - fwd_three.tpkg test was flaky.  If the three requests hit the
          wrong threads by chance (or bad OS) then the test would fail.

diff --git a/doc/example.conf.in b/doc/example.conf.in
index 96fffacdf5963fdbd70d6761d55c907bafc2ddd0..ebe78a313c232e2be8260e9b9bf4b624683e9ca0 100644 (file)
--- a/doc/example.conf.in
+++ b/doc/example.conf.in
@@ -238,16 +238,12 @@ server:
 
         # Harden the referral path by performing additional queries for
        # infrastructure data.  Validates the replies (if possible).
-       # Default off, because it burdens the authority servers, and it is
-       # not RFC standard, and could be slower.  Experimental option.
+       # Default off, because the lookups burden the server.  Experimental 
+       # implementation of draft-wijngaards-dnsext-resolver-side-mitigation.
        # harden-referral-path: no
 
        # Use 0x20-encoded random bits in the query to foil spoof attempts.
-       # Disabled by default, because some caching forwarders may not
-       # support this (if you have forward-zones). Most authority servers do.
        # This feature is an experimental implementation of draft dns-0x20.
-       # It is known that some authority servers do not support 0x20, and
-       # resolution will fail for them. A solution is on the TODO list.
        # use-caps-for-id: no
        
        # Enforce privacy of these addresses. Strips them away from answers. 

diff --git a/doc/plan b/doc/plan
index 38723dc3f4ff12089ba7863f41d8afe8b734b47f..e7f12b9289b65ea6109c2a9917711836f508b089 100644 (file)
--- a/doc/plan
+++ b/doc/plan
@@ -70,15 +70,14 @@ not stats on SIGUSR1. perhaps also see which slow auth servers cause >1sec value
 + IPv6 reverse, IP4 reverse local-data shorthand for PTR records (?).
   cumbersome to reverse notate by hand for the operator. For local-data.
   local-data-ptr: "1.2.3.4 mypc.example.com"
-+ dns-0x20 fallback TODO item. Consider.
++ dns-0x20 fallback.
 
 *** from draft resolver-mitigation
-* Should be an option?   (Not right now)
-* direct queries for NS records
-       * careful caching, only NS query causes referral caching.
++ option harden-referral-path
++ direct queries for NS records
+* careful caching, only NS query causes referral caching.
 * direct queries for A, AAAA in-bailiwick from a referral.
 * trouble counter, cache wipe threshold.
-* 0x20 default with fallback?
 
 * off-path validation? 
 * root NS, root glue validation after prime

diff --git a/doc/unbound.conf.5.in b/doc/unbound.conf.5.in
index ef5a037a4bd0cf21e4607a6bae99cf3fb773e370..389f0f13b356afa232a24a128b8018bee7cbad9a 100644 (file)
--- a/doc/unbound.conf.5.in
+++ b/doc/unbound.conf.5.in
@@ -420,9 +420,7 @@ extra query load that is generated.  Experimental option.
 Use 0x20-encoded random bits in the query to foil spoof attempts.
 This perturbs the lowercase and uppercase of query names sent to 
 authority servers and checks if the reply still has the correct casing. 
-Disabled by default, because some caching forwarders may not
-support this. It is known that some authority servers do not support 0x20, 
-and resolution will fail for them. A solution is on the TODO list.
+Disabled by default. 
 This feature is an experimental implementation of draft dns\-0x20.
 .TP
 .B private\-address: \fI<IP address or subnet>