traffic. Default is off.
.TP 5
.B outbound\-msg\-retry: \fI<number>
-The number of retries Unbound will do in case of a non positive response is
-received. If a forward nameserver is used, this is the number of retries per
-forward nameserver in case of throwaway response.
+The number of retries, per upstream nameserver in a delegation, that Unbound
+will attempt in case a throwaway response is received.
+No response (timeout) contributes to the retry counter.
+If a forward/stub zone is used, this is the number of retries per nameserver in
+the zone.
+Default is 5.
+.TP 5
+.B max\-sent\-count: \fI<number>
+Hard limit on the number of outgoing queries Unbound will make while resolving
+a name, making sure large NS sets do not loop.
+It resets on query restarts (e.g., CNAME) and referrals.
+Default is 32.
+.TP 5
++.B max\-query\-restarts: \fI<number>
++Set the maximum number of times a query is allowed to restart upon encountering
++a CNAME record.
++If a query encounters more than the specified number of CNAME
++records before resolving, Unbound will reply with SERVFAIL.
++Default is 11.
+ .TP 5
.B fast\-server\-permil: \fI<number>
Specify how many times out of 1000 to pick from the set of fastest servers.
0 turns the feature off. A value of 900 would pick from the fastest
A value from the `Reserved for Local/Experimental` range (65001-65534) should
be used. Default is 65001.
.TP 5
-.B max\-query\-restarts: \fI<number>
-Set the maximum number of times a query is allowed to restart upon encountering
-a CNAME record. If a query encounters more than the specified number of CNAME
-records before resolving, unbound will reply with SERVFAIL. Default is 8.
+.B ede: \fI<yes or no>
+If enabled, Unbound will respond with Extended DNS Error codes (RFC8914).
+These EDEs attach informative error messages to a response for various
+errors. Default is "no".
+
+When the \fBval-log-level\fR option is also set to \fB2\fR, responses with
+Extended DNS Errors concerning DNSSEC failures that are not served from cache,
+will also contain a descriptive text message about the reason for the failure.
- .TP
++.TP 5
+.B ede\-serve\-expired: \fI<yes or no>
+If enabled, Unbound will attach an Extended DNS Error (RFC8914) Code 3 - Stale
+Answer as EDNS0 option to the expired response. Note that this will not attach
+the EDE code without setting the global \fBede\fR option to "yes" as well.
+Default is "no".
.SS "Remote Control Options"
In the
.B remote\-control:
else S_YNO("ip-ratelimit-backoff:", ip_ratelimit_backoff)
else S_YNO("ratelimit-backoff:", ratelimit_backoff)
else S_NUMBER_NONZERO("outbound-msg-retry:", outbound_msg_retry)
+ else S_NUMBER_NONZERO("max-sent-count", max_sent_count)
++ else S_SIZET_NONZERO("max-query-restarts:", max_query_restarts)
else S_SIZET_NONZERO("fast-server-num:", fast_server_num)
else S_NUMBER_OR_ZERO("fast-server-permil:", fast_server_permil)
else S_YNO("qname-minimisation:", qname_minimisation)
else O_YNO(opt, "ip-ratelimit-backoff", ip_ratelimit_backoff)
else O_YNO(opt, "ratelimit-backoff", ratelimit_backoff)
else O_UNS(opt, "outbound-msg-retry", outbound_msg_retry)
+ else O_UNS(opt, "max-sent-count", max_sent_count)
++ else O_DEC(opt, "max-query-restarts", max_query_restarts)
else O_DEC(opt, "fast-server-num", fast_server_num)
else O_DEC(opt, "fast-server-permil", fast_server_permil)
else O_DEC(opt, "val-sig-skew-min", val_sig_skew_min)
projects / thirdparty / unbound.git / commitdiff
