From: florian Date: Wed, 20 Aug 2014 19:13:03 +0000 (+0000) Subject: Better explain what unbound is for. X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=c7c87c30b325c2e69891942ae6d07c3329fab155;p=openbsd Better explain what unbound is for. While there fix some nits. Problem pointed out by deraadt@ Input jmc@, schwarze@ wouter@ committed a slightly different diff upstream. Pull that on out of svn and hand merge it. OK schwarze@ --- diff --git a/usr.sbin/unbound/doc/unbound.8.in b/usr.sbin/unbound/doc/unbound.8.in index fd67e71856b..c8cc6d82ee5 100644 --- a/usr.sbin/unbound/doc/unbound.8.in +++ b/usr.sbin/unbound/doc/unbound.8.in @@ -8,22 +8,47 @@ .\" .\" .SH "NAME" -.LP .B unbound \- Unbound DNS validating resolver 1.4.22. .SH "SYNOPSIS" -.LP .B unbound .RB [ \-h ] .RB [ \-d ] .RB [ \-v ] -.RB [ \-c +.RB [ \-c .IR cfgfile ] .SH "DESCRIPTION" -.LP -.B Unbound -is an implementation of a DNS resolver, that does caching and -DNSSEC validation. +.B Unbound +is a caching DNS resolver. +.P +It uses a built in list of authoritative nameservers for the root zone (.), +the so called root hints. +On receiving a DNS query it will ask the root nameservers for +an answer and will in almost all cases receive a delegation to a top level +domain (TLD) authoritative nameserver. +It will then ask that nameserver for an answer. +It will recursively continue until an answer is found or no answer is +available (NXDOMAIN). +For performance and efficiency reasons that answer is cached for a +certain time (the answer's time\-to\-live or TTL). +A second query for the same name will then be answered from the cache. +Unbound can also do DNSSEC validation. +.P +To use a locally running +.B Unbound +for resolving put +.sp +.RS 6n +nameserver 127.0.0.1 +.RE +.sp +into +.IR resolv.conf (5). +.P +If authoritative DNS is needed as well using +.IR nsd (8), +careful setup is required because authoritative nameservers and +resolvers are using the same port number (53). .P The available options are: .TP @@ -31,7 +56,7 @@ The available options are: Show the version and commandline option help. .TP .B \-c\fI cfgfile -Set the config file with settings for unbound to read instead of reading the +Set the config file with settings for unbound to read instead of reading the file at the default location, @ub_conf_file@. The syntax is described in \fIunbound.conf\fR(5). .TP @@ -44,8 +69,9 @@ thread\-spawn time. So that most config and setup errors appear on stderr. Increase verbosity. If given multiple times, more information is logged. This is in addition to the verbosity (if any) from the config file. .SH "SEE ALSO" -\fIunbound.conf\fR(5), -\fIunbound\-checkconf\fR(8). +\fIunbound.conf\fR(5), +\fIunbound\-checkconf\fR(8), +\fInsd\fR(8). .SH "AUTHORS" .B Unbound developers are mentioned in the CREDITS file in the distribution.