diff options
Diffstat (limited to 'doc/unbound.conf.5.in')
| -rw-r--r-- | doc/unbound.conf.5.in | 33 |
1 files changed, 22 insertions, 11 deletions
diff --git a/doc/unbound.conf.5.in b/doc/unbound.conf.5.in index f08a01b31844..9b23fd64da1b 100644 --- a/doc/unbound.conf.5.in +++ b/doc/unbound.conf.5.in @@ -958,36 +958,47 @@ to setup SSLv3 / TLSv1 security for the connection. The section for options. To setup the correct self\-signed certificates use the \fIunbound\-control\-setup\fR(8) utility. .TP 5 -.B control\-enable: \fI<yes or no> +.B control\-enable: \fI<yes or no> The option is used to enable remote control, default is "no". If turned off, the server does not listen for control commands. .TP 5 -.B control\-interface: <ip address> -Give IPv4 or IPv6 addresses to listen on for control commands. +.B control\-interface: \fI<ip address or path> +Give IPv4 or IPv6 addresses or local socket path to listen on for +control commands. By default localhost (127.0.0.1 and ::1) is listened to. Use 0.0.0.0 and ::0 to listen to all interfaces. +If you change this and permissions have been dropped, you must restart +the server for the change to take effect. .TP 5 -.B control\-port: <port number> -The port number to listen on for control commands, default is 8953. -If you change this port number, and permissions have been dropped, -a reload is not sufficient to open the port again, you must then restart. +.B control\-port: \fI<port number> +The port number to listen on for IPv4 or IPv6 control interfaces, +default is 8953. +If you change this and permissions have been dropped, you must restart +the server for the change to take effect. .TP 5 -.B server\-key\-file: "<private key file>" +.B control-use-cert: \fI<yes or no> +Whether to require certificate authentication of control connections. +The default is "yes". +This should not be changed unless there are other mechanisms in place +to prevent untrusted users from accessing the remote control +interface. +.TP 5 +.B server\-key\-file: \fI<private key file> Path to the server private key, by default unbound_server.key. This file is generated by the \fIunbound\-control\-setup\fR utility. This file is used by the unbound server, but not by \fIunbound\-control\fR. .TP 5 -.B server\-cert\-file: "<certificate file.pem>" +.B server\-cert\-file: \fI<certificate file.pem> Path to the server self signed certificate, by default unbound_server.pem. This file is generated by the \fIunbound\-control\-setup\fR utility. This file is used by the unbound server, and also by \fIunbound\-control\fR. .TP 5 -.B control\-key\-file: "<private key file>" +.B control\-key\-file: \fI<private key file> Path to the control client private key, by default unbound_control.key. This file is generated by the \fIunbound\-control\-setup\fR utility. This file is used by \fIunbound\-control\fR. .TP 5 -.B control\-cert\-file: "<certificate file.pem>" +.B control\-cert\-file: \fI<certificate file.pem> Path to the control client certificate, by default unbound_control.pem. This certificate has to be signed with the server certificate. This file is generated by the \fIunbound\-control\-setup\fR utility. |