diff options
| author | Jason McIntyre <jmc@cvs.openbsd.org> | 2023-02-21 07:47:25 +0000 |
|---|---|---|
| committer | Jason McIntyre <jmc@cvs.openbsd.org> | 2023-02-21 07:47:25 +0000 |
| commit | 233b3cc48a08d82173e129d0d1f8668a83d7c965 (patch) | |
| tree | 05f6d5fe9c24dae87ec7b034f16b7aa6f4384fb5 /sbin/unwind | |
| parent | 410f80d0940ca08a0ece74d2bd59308a2ed4d251 (diff) | |
some nameserver proposal bits:
unwind.8: point to resolvd(8) for autoconf sources
unwind.conf.5: order preferred list by order of preference
resolvd.8: reformat to read better
route.8: no need to discuss unwind in the nameserver command
umb.4 + sppp.4: note the sending of nameserver proposals
the umb/sppp text is from claudio
tobhe confirmed iked sending proposals when configured to do so
much assistance and ok: florian claudio
Diffstat (limited to 'sbin/unwind')
| -rw-r--r-- | sbin/unwind/unwind.8 | 19 | ||||
| -rw-r--r-- | sbin/unwind/unwind.conf.5 | 49 |
2 files changed, 34 insertions, 34 deletions
diff --git a/sbin/unwind/unwind.8 b/sbin/unwind/unwind.8 index 2fb369c2261..2e8eeb41770 100644 --- a/sbin/unwind/unwind.8 +++ b/sbin/unwind/unwind.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: unwind.8,v 1.12 2023/01/03 20:58:05 deraadt Exp $ +.\" $OpenBSD: unwind.8,v 1.13 2023/02/21 07:47:24 jmc Exp $ .\" .\" Copyright (c) 2018 Florian Obser <florian@openbsd.org> .\" Copyright (c) 2016 Kenneth R Westerback <kwesterback@gmail.com> @@ -15,7 +15,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: January 3 2023 $ +.Dd $Mdocdate: February 21 2023 $ .Dt UNWIND 8 .Os .Sh NAME @@ -31,15 +31,16 @@ is a validating DNS resolver. It is intended to run on client machines like workstations or laptops and only listens on localhost. +.Pp .Nm -sends DNS queries to nameservers to answer queries and switches to resolvers -learned from -.Xr dhcpleased 8 -or -.Xr slaacd 8 -if it detects that DNS queries are blocked by the local network. +sends DNS queries to nameservers to answer queries. +If it detects that DNS queries are blocked by the local network, +it can switch to resolvers learned through autoconfiguration. It periodically probes if DNS is no longer blocked and switches back to querying nameservers itself. +A list of sources for proposals learned through autoconfiguration +is documented in +.Xr resolvd 8 . .Pp .Nm keeps the DNS answers in a cache shared by the different DNS name @@ -103,8 +104,6 @@ socket used for communication with .El .Sh SEE ALSO .Xr unwind.conf 5 , -.Xr dhcpleased 8 , -.Xr slaacd 8 , .Xr unbound 8 , .Xr unwindctl 8 .Sh STANDARDS diff --git a/sbin/unwind/unwind.conf.5 b/sbin/unwind/unwind.conf.5 index ae6ee220542..dd64e3e4dd2 100644 --- a/sbin/unwind/unwind.conf.5 +++ b/sbin/unwind/unwind.conf.5 @@ -1,4 +1,4 @@ -.\" $OpenBSD: unwind.conf.5,v 1.32 2022/03/31 17:27:20 naddy Exp $ +.\" $OpenBSD: unwind.conf.5,v 1.33 2023/02/21 07:47:24 jmc Exp $ .\" .\" Copyright (c) 2018 Florian Obser <florian@openbsd.org> .\" Copyright (c) 2005 Esben Norby <norby@openbsd.org> @@ -18,7 +18,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: March 31 2022 $ +.Dd $Mdocdate: February 21 2023 $ .Dt UNWIND.CONF 5 .Os .Sh NAME @@ -90,40 +90,41 @@ A list of DNS name server types to specify the order in which name servers are picked when measured round-trip time medians are equal. Additionally, the first mentioned type gets a time bonus. Validating name servers are always picked over non-validating name servers. -DNS name server types are: -.Pp -.Bl -tag -width "oDoT-forwarder" -compact -.It Ic stub -Name servers learned via DHCP or SLAAC, queried using the libc functions. -See -.Xr asr_run 3 . -Will never validate. -Useful when running behind broken middle boxes that do not like edns0. -DNS answers from stub name servers are not cached. -.It Ic autoconf -Name servers learned via DHCP or SLAAC. -.It Ic oDoT-autoconf -Name servers learned via DHCP or SLAAC. -.Nm unwind -tries to opportunistically use DNS over TLS. +DNS name server types are, +in default order of preference: +.Bl -tag -width "oDoT-forwarder" .It Ic DoT DNS over TLS name servers configured in .Nm . -.It Ic forwarder -Name servers configured in -.Nm . .It Ic oDoT-forwarder Name servers configured in .Nm . .Nm unwind tries to opportunistically use DNS over TLS. +.It Ic forwarder +Name servers configured in +.Nm . .It Ic recursor .Nm unwind itself recursively resolves names. +.It Ic oDoT-autoconf +Name servers learned from autoconfiguration. +A list of sources for proposals learned through autoconfiguration +is documented in +.Xr resolvd 8 . +.Nm unwind +tries to opportunistically use DNS over TLS. +.It Ic autoconf +Name servers learned from autoconfiguration. +.It Ic stub +Name servers learned from autoconfiguration, +queried using the libc functions +(see +.Xr asr_run 3 ) . +Will never validate. +Useful when running behind broken middle boxes that do not like edns0. +DNS answers from stub name servers are not cached. .El -.Pp -The default preference is -.Ic DoT oDoT-forwarder forwarder recursor oDoT-autoconf autoconf stub . .It Ic force Oo Cm accept bogus Oc Ar type Brq Ar name ... Force resolving of .Ar name |