From bc58e8cb1597d7390184c893860480800f72f996 Mon Sep 17 00:00:00 2001 From: Wouter Wijngaards Date: Mon, 3 Aug 2015 10:34:29 +0000 Subject: [PATCH] - Document in the manual more text about configuring locally served zones. git-svn-id: file:///svn/unbound/trunk@3465 be551aaa-1e26-0410-a405-d3ace91eadb9 --- doc/Changelog | 4 ++++ doc/example.conf.in | 2 ++ doc/unbound.conf.5.in | 6 ++++++ 3 files changed, 12 insertions(+) diff --git a/doc/Changelog b/doc/Changelog index bf2f51985..e70a9d07e 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -1,3 +1,7 @@ +3 August 2015: Wouter + - Document in the manual more text about configuring locally served + zones. + 30 July 2015: Wouter - please afl-gcc (llvm) for uninitialised variable warning. - Added permit-small-holddown config to debug fast 5011 rollover. diff --git a/doc/example.conf.in b/doc/example.conf.in index 11ab44e94..90491119e 100644 --- a/doc/example.conf.in +++ b/doc/example.conf.in @@ -626,6 +626,8 @@ remote-control: # nameservers by hostname or by ipaddress. If you set stub-prime to yes, # the list is treated as priming hints (default is no). # With stub-first yes, it attempts without the stub if it fails. +# Consider adding domain-insecure: name and local-zone: name nodefault +# to the server: section if the stub is a locally served zone. # stub-zone: # name: "example.com" # stub-addr: 192.0.2.68 diff --git a/doc/unbound.conf.5.in b/doc/unbound.conf.5.in index 3a2c76a4c..631b8b43e 100644 --- a/doc/unbound.conf.5.in +++ b/doc/unbound.conf.5.in @@ -1128,6 +1128,12 @@ bit on replies for the private zone (authoritative servers do not set the AD bit). This setup makes unbound capable of answering queries for the private zone, and can even set the AD bit ('authentic'), but the AA ('authoritative') bit is not set on these replies. +.P +Consider adding \fBserver:\fR statements for \fBdomain\-insecure:\fR and +for \fBlocal\-zone:\fI name nodefault\fR for the zone if it is a locally +served zone. The insecure clause stops DNSSEC from invalidating the +zone. The local zone nodefault (or \fItransparent\fR) clause makes the +(reverse\-) zone bypass unbound's filtering of RFC1918 zones. .TP .B name: \fI Name of the stub zone. -- 2.47.2