unbound-control.8.in - OpenGrok cross reference for /freebsd/contrib/unbound/doc/unbound-control.8.in

Lines Matching +full:over +full:- +full:current
1 .TH "unbound-control" "8" "Apr 24, 2025" "NLnet Labs" "unbound 1.23.0"
3 .\" unbound-control.8 -- unbound remote control manual
11 .B unbound\-control,
12 .B unbound\-control\-setup
13 \- Unbound remote server control utility.
15 .B unbound\-control
16 .RB [ \-hq ]
17 .RB [ \-c
19 .RB [ \-s
23 .B Unbound\-control
25 It reads the configuration file, contacts the Unbound server over SSL
30 .B \-h
33 .B \-c \fIcfgfile
37 .B \-s \fIserver[@port]
41 .B \-q
49 with the config file specified using \fI\-c\fR or the default config file.
75 This is because Unbound temporarily needs to store both current configuration
89 access-control and similar options,
90 interface-action and similar options and
91 tcp-connection-limit.
93 define-tag
96 insecure-lan-zones,
97 domain-insecure,
98 trust-anchor-file,
99 trust-anchor,
100 trusted-keys-file,
101 auto-trust-anchor-file,
102 edns-client-string,
104 log-identity,
105 infra-cache-numhosts,
106 msg-cache-size,
107 rrset-cache-size,
108 key-cache-size,
109 ratelimit-size,
110 neg-cache-size,
111 num-queries-per-thread,
112 jostle-timeout,
113 use-caps-for-id,
114 unwanted-reply-threshold,
115 tls-use-sni,
116 outgoing-tcp-mss,
117 ip-dscp,
118 max-reuse-tcp-queries,
119 tcp-reuse-timeout,
120 tcp-auth-query-timeout,
121 delay-close.
125 outgoing-interface changes,
128 outgoing-port-permit,
129 outgoing-port-avoid,
130 msg-buffer-size,
131 any **\*-slabs** options and
132 statistics-interval changes.
135 dnstap-log-resolver-query-messages,
136 dnstap-log-resolver-response-messages,
137 dnstap-log-client-query-messages,
138 dnstap-log-client-response-messages,
139 dnstap-log-forwarder-query-messages and
140 dnstap-log-forwarder-response-messages.
143 dnstap-enable,
144 dnstap-bidirectional,
145 dnstap-socket-path,
146 dnstap-ip,
147 dnstap-tls,
148 dnstap-tls-server-name,
149 dnstap-tls-cert-bundle,
150 dnstap-tls-client-key-file and
151 dnstap-tls-client-cert-file.
154 dnstap-send-identity,
155 dnstap-send-version,
156 dnstap-identity, and
157 dnstap-version can be loaded
183 that fast reload works on without the nopause option: val-bogus-ttl,
184 val-override-date, val-sig-skew-min, val-sig-skew-max, val-max-restart,
185 val-nsec3-keysize-iterations, target-fetch-policy, outbound-msg-retry,
186 max-sent-count, max-query-restarts, do-not-query-address,
187 do-not-query-localhost, private-address, private-domain, caps-exempt,
188 nat64-prefix, do-nat64, infra-host-ttl, infra-keep-probing, ratelimit,
189 ip-ratelimit, ip-ratelimit-cookie, wait-limit-netblock,
190 wait-limit-cookie-netblock, ratelimit-below-domain, ratelimit-for-domain.
198 When there are changes to the config tags, from the \fBdefine\-tag\fR option,
224 controlled using the \fBstatistics\-cumulative\fR config statement.
236 Add new local zone with name and type. Like \fBlocal\-zone\fR config statement.
244 Add new local data, the given resource record. Like \fBlocal\-data\fR
257 Add local zones read from stdin of unbound\-control. Input is read per line,
261 Remove local zones read from stdin of unbound\-control. Input is one name per
265 Add local data RRs read from stdin of unbound\-control. Input is one RR per
269 Remove local data RRs read from stdin of unbound\-control. Input is one name per
275 Not supported in remote Unbounds in multi-process operation.
284 Not supported in remote Unbounds in multi-process operation.
309 with serve\-expired enabled, it'll serve that information but schedule a
319 iterator last-resort lookup failures from the rrset cache.
354 The values that work are: statistics\-interval, statistics\-cumulative,
355 do\-not\-query\-localhost, harden\-short\-bufsize, harden\-large\-queries,
356 harden\-glue, harden\-dnssec\-stripped, harden\-below\-nxdomain,
357 harden\-referral\-path, prefetch, prefetch\-key, log\-queries,
358 hide\-identity, hide\-version, identity, version, val\-log\-level,
359 val\-log\-squelch, ignore\-cd\-flag, add\-holddown, del\-holddown,
360 keep\-missing, tcp\-upstream, ssl\-upstream, max\-udp\-size, ratelimit,
361 ip\-ratelimit, cache\-max\-ttl, cache\-min\-ttl, cache\-max\-negative\-ttl.
382 List the zones with domain\-insecure.
391 Add a \fBdomain\-insecure\fR for the given zone, like the statement in unbound.conf.
396 Removes domain\-insecure for the given zone.
400 \fIdomain\-insecure\fR for the zone (so it can resolve insecurely if you have
402 The addr can be IP4, IP6 or nameserver names, like \fIforward-zone\fR config
404 The +t option sets it to use tls upstream, like \fIforward\-tls\-upstream\fR: yes.
408 \fIdomain\-insecure\fR for the zone.
412 \fIdomain\-insecure\fR for the zone.  With +p the stub zone is set to prime,
414 names, like the \fIstub-zone\fR config in unbound.conf.
415 The +t option sets it to use tls upstream, like \fIstub\-tls\-upstream\fR: yes.
419 \fIdomain\-insecure\fR for the zone.
424 the current config.  You could pass the nameservers after a DHCP update.
426 Without arguments the current list of addresses used to forward all queries
427 to is printed.  On startup this is from the forward\-zone "." configuration.
431 are used.  This can be used to avoid to avoid buggy or non\-DNSSEC supporting
443 List the domains that are ratelimited.  Printed one per line with current
450 List the ip addresses that are ratelimited.  Printed one per line with current
457 indicating if the zone is expired and current serial number.  Configured RPZ
462 overwriting the current contents of the zone in memory.  This changes the auth
464 you set Unbound to validate with for-upstream yes and that can be cleared with
510 state of the current cookie secrets can be printed with the
525 \fBcookie\-secret\-file\fR option in the server section of the config file.
532 Make the current \fIstaging\fR cookie secret \fIactive\fR, and the current
536 Show the current configured cookie secrets with their status.
538 The unbound\-control program exits with status code 1 on error, 0 on success.
540 The setup requires a self\-signed certificate and private keys for both
541 the server and client.  The script \fIunbound\-control\-setup\fR generates
542 these in the default run directory, or with \-d in another directory.
544 who can use unbound\-control, by default owner and group but not all users.
548     sudo \-u unbound unbound\-control\-setup
554 After running the script as root, turn on \fBcontrol\-enable\fR in
575 number of queries removed due to discard-timeout by thread
578 number of queries removed due to wait-limit by thread
618 is only reported when sock-queue-timeout is enabled.
635 .I threadX.requestlist.current.all
636 Current size of the request list, includes internally generated queries (such
639 .I threadX.requestlist.current.user
640 Current size of the request list, only the requests from client queries.
654 the time of the request.  This helps you spot if the incoming\-num\-tcp
658 summed over threads.
661 summed over threads.
664 summed over threads.
667 summed over threads.
670 summed over threads.
673 summed over threads.
676 summed over threads.
679 summed over threads.
682 summed over threads.
685 summed over threads.
688 summed over threads.
691 summed over threads.
694 summed over threads.
697 summed over threads.
700 summed over threads.
703 summed over threads.
706 summed over threads.
712 summed over threads.
715 averaged over threads.
721 summed over threads.
724 summed over threads.
726 .I total.requestlist.current.all
727 summed over threads.
730 averaged over threads.
733 summed over threads.
736 current time in seconds since 1970.
781 Shows a histogram, summed over all threads. Every element counts the
787 The total number of queries over all threads with query type A.
792 Number of queries with query types 256\-65535.
795 The total number of queries over all threads with query class IN (internet).
798 num.query.class.other is printed for classes 256\-65535.
801 The total number of queries over all threads with query opcode QUERY.
820 Number of TLS session resumptions, these are queries over TLS towards
936 The number of queries answered from auth\-zone data, upstream queries.
941 The number of queries for downstream answered from auth\-zone data.
970 Possible actions are: nxdomain, nodata, passthru, drop, tcp\-only, local\-data,
971 disabled, and cname\-override.
979 self\-signed certificates (unbound_server.pem and unbound_control.pem).