- Document new DoH configuration options.

diff --git a/doc/example.conf.in b/doc/example.conf.in
index f7c6364a05e88bae1bb78fb77329e77d8cb06482..a7c26172320867219d240bd09280d5bd922a7bfc 100644 (file)
--- a/doc/example.conf.in
+++ b/doc/example.conf.in
@@ -773,6 +773,22 @@ server:
        # Also serve tls on these port numbers (eg. 443, ...), by listing
        # tls-additional-port: portno for each of the port numbers.
 
+       # HTTP endpoint to provide DNS-over-HTTPS service on.
+       # http-endpoint: "/dns-query"
+
+       # HTTP/2 SETTINGS_MAX_CONCURRENT_STREAMS value to use.
+       # http-max-streams: 100
+
+       # Maximum number of bytes used for all HTTP/2 query buffers.
+       # http-query-buffer-size: 4m
+
+       # Maximum number of bytes used for all HTTP/2 response buffers.
+       # http-response-buffer-size: 4m
+
+       # Set TCP_NODELAY socket option on sockets used for DNS-over-HTTPS
+       # service.
+       # http-nodelay: yes
+
        # DNS64 prefix. Must be specified when DNS64 is use.
        # Enable dns64 in module-config.  Used to synthesize IPv6 from IPv4.
        # dns64-prefix: 64:ff9b::0/96

diff --git a/doc/unbound.conf.5.in b/doc/unbound.conf.5.in
index 7ee52e7f58e2e7f43f7cf32cc337671bd1558dbc..55a0dbae979bd370682d8dc7f85fd1cc3d73ae9d 100644 (file)
--- a/doc/unbound.conf.5.in
+++ b/doc/unbound.conf.5.in
@@ -503,10 +503,6 @@ Alternate syntax for \fBtls\-service\-pem\fR.
 The port number on which to provide TCP TLS service, default 853, only
 interfaces configured with that port number as @number get the TLS service.
 .TP
-.B https\-port: \fI<number>
-The port number on which to provide DNS-over-HTTPS service, default 443, only
-interfaces configured with that port number as @number get the HTTPS service.
-.TP
 .B ssl\-port: \fI<number>
 Alternate syntax for \fBtls\-port\fR.
 .TP
@@ -556,6 +552,35 @@ Enable or disable sending the SNI extension on TLS connections.
 Default is yes.
 Changing the value requires a reload.
 .TP
+.B https\-port: \fI<number>
+The port number on which to provide DNS-over-HTTPS service, default 443, only
+interfaces configured with that port number as @number get the HTTPS service.
+.TP
+.B http\-endpoint: \fI<endpoint string>
+The HTTP endpoint to provide DNS-over-HTTPS service on. Default "/dns-query".
+.TP
+.B http\-max\-streams: \fI<number of streams>
+Number used in the SETTINGS_MAX_CONCURRENT_STREAMS parameter in the HTTP/2
+SETTINGS frame for DNS-over-HTTPS connections. Default 100.
+.TP
+.B http\-query\-buffer\-size: \fI<size in bytes>
+Maximum number of bytes used for all HTTP/2 query buffers combined. These
+buffers contain (partial) DNS queries waiting for request stream completion.
+An RST_STREAM frame will be send to streams exceeding this limit. Default is 4
+megabytes. A plain number is in bytes, append 'k', 'm' or 'g' for kilobytes,
+megabytes or gigabytes (1024*1024 bytes in a megabyte).
+.TP
+.B http\-response\-buffer\-size: \fI<size in bytes>
+Maximum number of bytes used for all HTTP/2 response buffers combined. These
+buffers contain DNS responses waiting to be written back to the clients.
+An RST_STREAM frame will be send to streams exceeding this limit. Default is 4
+megabytes. A plain number is in bytes, append 'k', 'm' or 'g' for kilobytes,
+megabytes or gigabytes (1024*1024 bytes in a megabyte).
+.TP
+.B http\-nodelay: \fI<yes or no>
+Set TCP_NODELAY socket option on sockets used to provide DNS-over-HTTPS service.
+Ignored if the option is not available. Default is yes.
+.TP
 .B use\-systemd: \fI<yes or no>
 Enable or disable systemd socket activation.
 Default is no.