From: Frantisek Tobias <frantisek.tobias@nic.cz>
Date: Mon, 6 Oct 2025 10:43:36 +0000 (+0200)
Subject: doc/schema: add doq
X-Git-Tag: v6.2.0~2^2~34
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=0a7a89ea3b821e9f52cbbf3e1c563b6cea863f64;p=thirdparty%2Fknot-resolver.git

doc/schema: add doq
---

diff --git a/doc/_static/config.schema.json b/doc/_static/config.schema.json
index 4eb65d10c..aa58df77c 100644
--- a/doc/_static/config.schema.json
+++ b/doc/_static/config.schema.json
@@ -427,7 +427,8 @@
                                     "xdp",
                                     "dot",
                                     "doh-legacy",
-                                    "doh2"
+                                    "doh2",
+                                    "doq"
                                 ],
                                 "description": "Specifies DNS query transport protocol.",
                                 "default": "dns"
diff --git a/doc/user/config-network-server-tls.rst b/doc/user/config-network-server-tls.rst
index 1436b6e2d..34cf9c9e3 100644
--- a/doc/user/config-network-server-tls.rst
+++ b/doc/user/config-network-server-tls.rst
@@ -2,7 +2,7 @@
 
 .. _config-network-server-tls:
 
-DoT and DoH (encrypted DNS)
+DoT, DoH and DoQ (encrypted DNS)
 ---------------------------
 
 .. warning::
@@ -28,7 +28,7 @@ DNS-over-TLS (DoT)
 DNS-over-TLS server (:rfc:`7858`) can be configured using ``dot`` kind in
 :option:`network/listen <network/listen: <list>>`.  It is enabled on localhost by default.
 
-For certificate configuration, refer to :ref:`dot-doh-config-options`.
+For certificate configuration, refer to :ref:`dot-doh-doq-config-options`.
 
 .. _dns-over-https:
 
@@ -87,14 +87,14 @@ the following status codes:
    ``GET``, ``POST``, or ``HEAD``
 
 
-.. _dot-doh-config-options:
+.. _dot-doh-doq-config-options:
 
-Configuration options for DoT and DoH
+Configuration options for DoT, DoH and DoQ
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 
 .. note::
 
-   These settings affect both DNS-over-TLS and DNS-over-HTTPS (including the legacy implementation).
+   These settings affect DNS-over-TLS, DNS-over-HTTPS (including the legacy implementation) and DNS-over-QUIC.
 
 A self-signed certificate is generated by default.
 For serious deployments it is strongly recommended to configure your own TLS certificates signed by a trusted CA.
@@ -206,3 +206,15 @@ policies.
 ..       end
 
 .. _pfs: https://en.wikipedia.org/wiki/Forward_secrecy
+
+.. _dns-over-quic:
+
+DNS-over-QUIC (DoQ)
+^^^^^^^^^^^^^^^^^^^^
+.. note::
+   Forwarding over QUIC is not currently supported.
+
+DNS-over-QUIC server (:rfc:`9250`) can be configured using ``doq`` kind in
+:option:`network/listen <network/listen: <list>>`.
+
+For certificate configuration, refer to :ref:`dot-doh-doq-config-options`.