search

NLnetLabs / unbound

Unbound is a validating, recursive, and caching DNS resolver.
https://nlnetlabs.nl/unbound
BSD 3-Clause "New" or "Revised" License
3.15k stars 359 forks source link

Typos in unbound.conf documentation #1163

Closed sunbearc22 closed 4 weeks ago

sunbearc22 commented 4 weeks ago

  1. Is there a typo in unbound.conf for the default value of the harden-short-bufsize argument. I think its default value should beno and not on.

    unbound conf_documentation_typo

  2. Also see this: image
    The argument for caps-whitelist should not be <yes or no> but should be <domain>.

  3. Another: image The argument for ipsecmod-whitelist should not be <yes or no> but should be <domain>.

gthess commented 4 weeks ago

Thanks for these! The default value for harden-short-bufsize should actually be yes. It is currently on because of the notion of on/off. But it is indeed confusing. I changed that and harden-large-queries below to use the available values instead.

I see you are still editing, so I will wait with committing (and closing the issue) until you give a signal that you have finished with reviewing the man page :)

sunbearc22 commented 4 weeks ago

@gthess Is the default value of harden-large-queries yes or no? It states that it should be off and writes no. So should it be yes? I did not quite understand it. What does harden mean?

sunbearc22 commented 4 weeks ago

@gthess BTW, is there an unbound forum where I can post my question on setting up unbound.conf and on how unbound works. Posting in Github issue seems inappropriate as they are questions on using unbound.

I have finished posting my edits. ;)

Below doc shows my condensed summary of unbound.conf arguments and their default values: unbound.conf_arguments_and_default_values.txt Are they correct?

gthess commented 4 weeks ago

The default value of harden-large-queries is indeed no. I changed the text to not use off. Harden is a term regularly used in security and means to fortify with (additional) security settings.

You can use the official mailing list to post questions about operating Unbound (https://lists.nlnetlabs.nl/mailman/listinfo/unbound-users)

You can find a similar document in the source code of Unbound (https://github.com/NLnetLabs/unbound/blob/master/doc/example.conf.in). This lists the default values for the options where it makes sense; otherwise provides an example configuration value. After installation this file can be found at doc/example.conf. Not sure if it is included with system packages though.

I have committed the documentation changes in the source code but the online documentation follows the latest release. So it will be updated when the new version is released.