search

NLnetLabs / unbound

Unbound is a validating, recursive, and caching DNS resolver.
https://nlnetlabs.nl/unbound
BSD 3-Clause "New" or "Revised" License
3.1k stars 355 forks source link

Typos in unbound.conf documentation #1163

Open sunbearc22 opened 2 hours ago

sunbearc22 commented 2 hours ago

  1. Is there a typo in unbound.conf for the default value of the harden-short-bufsize argument. I think its default value should beno and not on.

    unbound conf_documentation_typo

  2. Also see this: image
    The argument for caps-whitelist should not be <yes or no> but should be <domain>.

  3. Another: image The argument for ipsecmod-whitelist should not be <yes or no> but should be <domain>.

gthess commented 2 hours ago

Thanks for these! The default value for harden-short-bufsize should actually be yes. It is currently on because of the notion of on/off. But it is indeed confusing. I changed that and harden-large-queries below to use the available values instead.

I see you are still editing, so I will wait with committing (and closing the issue) until you give a signal that you have finished with reviewing the man page :)

sunbearc22 commented 1 hour ago

@gthess Is the default value of harden-large-queries yes or no? It states that it should be off and writes no. So should it be yes? I did not quite understand it. What does harden mean?

sunbearc22 commented 46 minutes ago

@gthess BTW, is there an unbound forum where I can post my question on setting up unbound.conf and on how unbound works. Posting in Github issue seems inappropriate as they are questions on using unbound.

I have finished posting my edits. ;)

Below doc shows my condensed summary of unbound.conf arguments and their default values: unbound.conf_arguments_and_default_values.txt Are they correct?