From: TCY16 Date: Thu, 16 Dec 2021 10:45:18 +0000 (+0100) Subject: Document how the log-val-level: config options influences the returned EDE option... X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=79024484a70733768f7dc8f931fc000e34a02434;p=thirdparty%2Funbound.git Document how the log-val-level: config options influences the returned EDE option text --- diff --git a/doc/unbound.conf.5.in b/doc/unbound.conf.5.in index b6a2b6d1d..bd024abc9 100644 --- a/doc/unbound.conf.5.in +++ b/doc/unbound.conf.5.in @@ -30,7 +30,7 @@ can be used to check unbound.conf prior to usage. An example config file is shown below. Copy this to /etc/unbound/unbound.conf and start the server with: .P -.nf +.nfvalidator:val_inform_super $ unbound \-c /etc/unbound/unbound.conf .fi .P @@ -1178,6 +1178,8 @@ happens with validation. Use a diagnosis tool, such as dig or drill, to find out why validation is failing for these queries. At 2, not only the query that failed is printed but also the reason why Unbound thought it was wrong and which server sent the faulty data. +Enabling this influences the Extended DNS Errors (RFC 8914) messages, as +the reason is added in the EDE message. .TP .B val\-permissive\-mode: \fI Instruct the validator to mark bogus messages as indeterminate. The security @@ -1567,12 +1569,16 @@ If enabled, all local zones will respond with Extended DNS Errors (RFC8914). This is the global setting for the configuration, but it can be overwritten by specifing setting 'local\-zone\-do\-ede' to "yes". By default this option is disabled. +Note that the val\-log\-level influences the the reason for the error included +in the EDE message. .TP 5 .B local\-zone\-do\-ede: \fI If enabled, the responses from this local zone will include an Extended DNS Error (RFC8914). The type of error is dependent on the query. For example a query for a local-zone type "refuse" will result in EDE code 15 \- Blocked. By default this option is disabled. +Note that the val\-log\-level influences the the reason for the error included +in the EDE message. .TP 5 .B local\-zone\-default\-ede: \fI If enabled, this zone will respond to requests resulting in an Extended DNS @@ -1609,6 +1615,9 @@ EDE keywords: \h'5'\fIinvalid-data\fR .fi .TP 5 +Note that the val\-log\-level influences the the reason for the error included +in the EDE message. +.TP 5 .B response\-ip: \fI This requires use of the "respip" module. .IP diff --git a/testdata/ede.tdir/ede.test b/testdata/ede.tdir/ede.test index 9e66356b9..61cb14724 100644 --- a/testdata/ede.tdir/ede.test +++ b/testdata/ede.tdir/ede.test @@ -196,7 +196,7 @@ fi # @TODO DNSSEC indeterminate -# @TODO touch other validator codepath: val_inform_super() +# @TODO touch other validator codepath: val_inform_super() -> touched by other .rpls! # teardown kill_pid $UNBOUND_PID