From: Yorgos Thessalonikefs <yorgos@nlnetlabs.nl>
Date: Mon, 13 Apr 2026 16:07:01 +0000 (+0200)
Subject: - Update the documentation of 'max-query-restarts' in the man page.
X-Git-Tag: release-1.25.0rc1~38
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=6a0d5e2cb15ace060b5a2b4265b1f1750cd5d7a5;p=thirdparty%2Funbound.git

- Update the documentation of 'max-query-restarts' in the man page.
---

diff --git a/doc/Changelog b/doc/Changelog
index 0cc46722d..9e38cc515 100644
--- a/doc/Changelog
+++ b/doc/Changelog
@@ -1,3 +1,6 @@
+13 April 2026: Yorgos
+	- Update the documentation of 'max-query-restarts' in the man page.
+
 10 April 2026: Wouter
 	- Fix for EDNS client subnet so that it does not store SERVFAIL in
 	  the global cache after a failed lookup, such as timeouts. A failure
diff --git a/doc/unbound.conf.rst b/doc/unbound.conf.rst
index 09278be12..a0daeb236 100644
--- a/doc/unbound.conf.rst
+++ b/doc/unbound.conf.rst
@@ -3269,6 +3269,10 @@ These options are part of the ``server:`` section.
     Hard limit on the number of times Unbound is allowed to restart a query
     upon encountering a CNAME record.
     Results in SERVFAIL when reached.
+    This applies to chained CNAME records but not sporadic CNAME records that
+    could be encountered in the lifetime of the query's resolution effort.
+    When a CNAME chain concludes, the counter keeping track of this limit is
+    reset.
     Changing this value needs caution as it can allow long CNAME chains to be
     accepted, where Unbound needs to verify (resolve) each link individually.