From: Wouter Wijngaards Date: Tue, 20 May 2014 11:39:41 +0000 (+0000) Subject: review fixes. X-Git-Tag: release-1.5.0rc1~125 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=1773696a7e95f5352040371e03d90fbbf9192e89;p=thirdparty%2Funbound.git review fixes. git-svn-id: file:///svn/unbound/trunk@3134 be551aaa-1e26-0410-a405-d3ace91eadb9 --- diff --git a/doc/example.conf.in b/doc/example.conf.in index 12dc35649..d3249824a 100644 --- a/doc/example.conf.in +++ b/doc/example.conf.in @@ -483,7 +483,7 @@ server: # if unbound is running service for the local host then it is useful # to perform lan-wide lookups to the upstream, and unblock the # long list of local-zones above. If this unbound is a dns server - # for the network, likely the default is better and stops information + # for a network of computers, disabled is better and stops information # leakage of local lan information. # unblock-lan-zones: no diff --git a/doc/unbound.conf.5.in b/doc/unbound.conf.5.in index b2e7b8bec..d175b4a0b 100644 --- a/doc/unbound.conf.5.in +++ b/doc/unbound.conf.5.in @@ -784,11 +784,12 @@ or gigabytes (1024*1024 bytes in a megabyte). Default is disabled. If enabled, then for private address space, the reverse lookups are no longer filtered. This allows unbound when running as dns service on a host where it provides service for that host, -to put out all of the queries for the 'lan' upstream. By default is no, -that is for unbound running as a (DHCP-) DNS network resolver for a group -of machines, where such lookups should be filtered (RFC compliance), -this also stops potential data leakage about the local network to the -upstream DNS servers. +to put out all of the queries for the 'lan' upstream. When enabled, +only localhost, 127.0.0.1 reverse and ::1 reverse zones are configured +with default local zones. Disable the option when unbound is running +as a (DHCP-) DNS network resolver for a group of machines, where such +lookups should be filtered (RFC compliance), this also stops potential +data leakage about the local network to the upstream DNS servers. .TP .B local\-zone: \fI Configure a local zone. The type determines the answer to give if diff --git a/util/config_file.c b/util/config_file.c index 57072913e..daf69e8c4 100644 --- a/util/config_file.c +++ b/util/config_file.c @@ -692,7 +692,7 @@ config_get_option(struct config_file* cfg, const char* opt, else O_UNS(opt, "val-override-date", val_date_override) else O_YNO(opt, "minimal-responses", minimal_responses) else O_YNO(opt, "rrset-roundrobin", rrset_roundrobin) - else O_YNO(opt, "unblock_lan_zones", unblock_lan_zones) + else O_YNO(opt, "unblock-lan-zones", unblock_lan_zones) else O_DEC(opt, "max-udp-size", max_udp_size) else O_STR(opt, "python-script", python_script) else O_DEC(opt, "val-sig-skew-min", val_sig_skew_min)