From: Ralph Dolmans Date: Wed, 13 May 2020 11:05:40 +0000 (+0200) Subject: - Document new DoH configuration options. X-Git-Tag: release-1.12.0rc1~22^2~14 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=4fc7b434d7a00e2d30fd21597a616e2b44ed46e4;p=thirdparty%2Funbound.git - Document new DoH configuration options. --- diff --git a/doc/example.conf.in b/doc/example.conf.in index f7c6364a0..a7c261723 100644 --- a/doc/example.conf.in +++ b/doc/example.conf.in @@ -773,6 +773,22 @@ server: # Also serve tls on these port numbers (eg. 443, ...), by listing # tls-additional-port: portno for each of the port numbers. + # HTTP endpoint to provide DNS-over-HTTPS service on. + # http-endpoint: "/dns-query" + + # HTTP/2 SETTINGS_MAX_CONCURRENT_STREAMS value to use. + # http-max-streams: 100 + + # Maximum number of bytes used for all HTTP/2 query buffers. + # http-query-buffer-size: 4m + + # Maximum number of bytes used for all HTTP/2 response buffers. + # http-response-buffer-size: 4m + + # Set TCP_NODELAY socket option on sockets used for DNS-over-HTTPS + # service. + # http-nodelay: yes + # DNS64 prefix. Must be specified when DNS64 is use. # Enable dns64 in module-config. Used to synthesize IPv6 from IPv4. # dns64-prefix: 64:ff9b::0/96 diff --git a/doc/unbound.conf.5.in b/doc/unbound.conf.5.in index 7ee52e7f5..55a0dbae9 100644 --- a/doc/unbound.conf.5.in +++ b/doc/unbound.conf.5.in @@ -503,10 +503,6 @@ Alternate syntax for \fBtls\-service\-pem\fR. The port number on which to provide TCP TLS service, default 853, only interfaces configured with that port number as @number get the TLS service. .TP -.B https\-port: \fI -The port number on which to provide DNS-over-HTTPS service, default 443, only -interfaces configured with that port number as @number get the HTTPS service. -.TP .B ssl\-port: \fI Alternate syntax for \fBtls\-port\fR. .TP @@ -556,6 +552,35 @@ Enable or disable sending the SNI extension on TLS connections. Default is yes. Changing the value requires a reload. .TP +.B https\-port: \fI +The port number on which to provide DNS-over-HTTPS service, default 443, only +interfaces configured with that port number as @number get the HTTPS service. +.TP +.B http\-endpoint: \fI +The HTTP endpoint to provide DNS-over-HTTPS service on. Default "/dns-query". +.TP +.B http\-max\-streams: \fI +Number used in the SETTINGS_MAX_CONCURRENT_STREAMS parameter in the HTTP/2 +SETTINGS frame for DNS-over-HTTPS connections. Default 100. +.TP +.B http\-query\-buffer\-size: \fI +Maximum number of bytes used for all HTTP/2 query buffers combined. These +buffers contain (partial) DNS queries waiting for request stream completion. +An RST_STREAM frame will be send to streams exceeding this limit. Default is 4 +megabytes. A plain number is in bytes, append 'k', 'm' or 'g' for kilobytes, +megabytes or gigabytes (1024*1024 bytes in a megabyte). +.TP +.B http\-response\-buffer\-size: \fI +Maximum number of bytes used for all HTTP/2 response buffers combined. These +buffers contain DNS responses waiting to be written back to the clients. +An RST_STREAM frame will be send to streams exceeding this limit. Default is 4 +megabytes. A plain number is in bytes, append 'k', 'm' or 'g' for kilobytes, +megabytes or gigabytes (1024*1024 bytes in a megabyte). +.TP +.B http\-nodelay: \fI +Set TCP_NODELAY socket option on sockets used to provide DNS-over-HTTPS service. +Ignored if the option is not available. Default is yes. +.TP .B use\-systemd: \fI Enable or disable systemd socket activation. Default is no.