summaryrefslogtreecommitdiff
path: root/doc/unbound.conf.5.in
diff options
context:
space:
mode:
Diffstat (limited to 'doc/unbound.conf.5.in')
-rw-r--r--doc/unbound.conf.5.in9
1 files changed, 7 insertions, 2 deletions
diff --git a/doc/unbound.conf.5.in b/doc/unbound.conf.5.in
index 6dd0216d0367..6c0cdde46010 100644
--- a/doc/unbound.conf.5.in
+++ b/doc/unbound.conf.5.in
@@ -1,4 +1,4 @@
-.TH "unbound.conf" "5" "Mar 21, 2013" "NLnet Labs" "unbound 1.4.20"
+.TH "unbound.conf" "5" "Sep 19, 2013" "NLnet Labs" "unbound 1.4.21"
.\"
.\" unbound.conf.5 -- unbound.conf manual
.\"
@@ -183,6 +183,11 @@ stringent path MTU problems, but is seen as extreme, since the amount
of TCP fallback generated is excessive (probably also for this resolver,
consider tuning the outgoing tcp number).
.TP
+.B max\-udp\-size: \fI<number>
+Maximum UDP response size (not applied to TCP response). 65536 disables the
+udp response size maximum, and uses the choice from the client, always.
+Suggested values are 512 to 4096. Default is 4096.
+.TP
.B msg\-buffer\-size: \fI<number>
Number of bytes size of the message buffers. Default is 65552 bytes, enough
for 64 Kb packets, the maximum DNS message size. No message larger than this
@@ -492,7 +497,7 @@ unsigned to badly signed often. If turned off you run the risk of a
downgrade attack that disables security for a zone. Default is on.
.TP
.B harden\-below\-nxdomain: \fI<yes or no>
-From draft-vixie-dnsext-resimprove, returns nxdomain to queries for a name
+From draft\-vixie\-dnsext\-resimprove, returns nxdomain to queries for a name
below another name that is already known to be nxdomain. DNSSEC mandates
noerror for empty nonterminals, hence this is possible. Very old software
might return nxdomain for empty nonterminals (that usually happen for reverse
generated by cgit v1.2.3 (git 2.25.1) at 2025-02-23 11:35:10 +0000