unbound-control.8.in - OpenGrok cross reference for /freebsd/contrib/unbound/doc/unbound-control.8.in

Lines Matching +full:performance +full:- +full:affecting
1 .TH "unbound-control" "8" "Apr 24, 2025" "NLnet Labs" "unbound 1.23.0"
3 .\" unbound-control.8 -- unbound remote control manual
11 .B unbound\-control,
12 .B unbound\-control\-setup
13 \- Unbound remote server control utility.
15 .B unbound\-control
16 .RB [ \-hq ]
17 .RB [ \-c
19 .RB [ \-s
23 .B Unbound\-control
30 .B \-h
33 .B \-c \fIcfgfile
37 .B \-s \fIserver[@port]
41 .B \-q
49 with the config file specified using \fI\-c\fR or the default config file.
89 access-control and similar options,
90 interface-action and similar options and
91 tcp-connection-limit.
93 define-tag
96 insecure-lan-zones,
97 domain-insecure,
98 trust-anchor-file,
99 trust-anchor,
100 trusted-keys-file,
101 auto-trust-anchor-file,
102 edns-client-string,
104 log-identity,
105 infra-cache-numhosts,
106 msg-cache-size,
107 rrset-cache-size,
108 key-cache-size,
109 ratelimit-size,
110 neg-cache-size,
111 num-queries-per-thread,
112 jostle-timeout,
113 use-caps-for-id,
114 unwanted-reply-threshold,
115 tls-use-sni,
116 outgoing-tcp-mss,
117 ip-dscp,
118 max-reuse-tcp-queries,
119 tcp-reuse-timeout,
120 tcp-auth-query-timeout,
121 delay-close.
125 outgoing-interface changes,
128 outgoing-port-permit,
129 outgoing-port-avoid,
130 msg-buffer-size,
131 any **\*-slabs** options and
132 statistics-interval changes.
135 dnstap-log-resolver-query-messages,
136 dnstap-log-resolver-response-messages,
137 dnstap-log-client-query-messages,
138 dnstap-log-client-response-messages,
139 dnstap-log-forwarder-query-messages and
140 dnstap-log-forwarder-response-messages.
143 dnstap-enable,
144 dnstap-bidirectional,
145 dnstap-socket-path,
146 dnstap-ip,
147 dnstap-tls,
148 dnstap-tls-server-name,
149 dnstap-tls-cert-bundle,
150 dnstap-tls-client-key-file and
151 dnstap-tls-client-cert-file.
154 dnstap-send-identity,
155 dnstap-send-version,
156 dnstap-identity, and
157 dnstap-version can be loaded
183 that fast reload works on without the nopause option: val-bogus-ttl,
184 val-override-date, val-sig-skew-min, val-sig-skew-max, val-max-restart,
185 val-nsec3-keysize-iterations, target-fetch-policy, outbound-msg-retry,
186 max-sent-count, max-query-restarts, do-not-query-address,
187 do-not-query-localhost, private-address, private-domain, caps-exempt,
188 nat64-prefix, do-nat64, infra-host-ttl, infra-keep-probing, ratelimit,
189 ip-ratelimit, ip-ratelimit-cookie, wait-limit-netblock,
190 wait-limit-cookie-netblock, ratelimit-below-domain, ratelimit-for-domain.
198 When there are changes to the config tags, from the \fBdefine\-tag\fR option,
224 controlled using the \fBstatistics\-cumulative\fR config statement.
236 Add new local zone with name and type. Like \fBlocal\-zone\fR config statement.
244 Add new local data, the given resource record. Like \fBlocal\-data\fR
257 Add local zones read from stdin of unbound\-control. Input is read per line,
261 Remove local zones read from stdin of unbound\-control. Input is one name per
265 Add local data RRs read from stdin of unbound\-control. Input is one RR per
269 Remove local data RRs read from stdin of unbound\-control. Input is one name per
275 Not supported in remote Unbounds in multi-process operation.
284 Not supported in remote Unbounds in multi-process operation.
309 with serve\-expired enabled, it'll serve that information but schedule a
319 iterator last-resort lookup failures from the rrset cache.
354 The values that work are: statistics\-interval, statistics\-cumulative,
355 do\-not\-query\-localhost, harden\-short\-bufsize, harden\-large\-queries,
356 harden\-glue, harden\-dnssec\-stripped, harden\-below\-nxdomain,
357 harden\-referral\-path, prefetch, prefetch\-key, log\-queries,
358 hide\-identity, hide\-version, identity, version, val\-log\-level,
359 val\-log\-squelch, ignore\-cd\-flag, add\-holddown, del\-holddown,
360 keep\-missing, tcp\-upstream, ssl\-upstream, max\-udp\-size, ratelimit,
361 ip\-ratelimit, cache\-max\-ttl, cache\-min\-ttl, cache\-max\-negative\-ttl.
382 List the zones with domain\-insecure.
391 Add a \fBdomain\-insecure\fR for the given zone, like the statement in unbound.conf.
392 Adds to the running Unbound without affecting the cache contents (which may
396 Removes domain\-insecure for the given zone.
400 \fIdomain\-insecure\fR for the zone (so it can resolve insecurely if you have
402 The addr can be IP4, IP6 or nameserver names, like \fIforward-zone\fR config
404 The +t option sets it to use tls upstream, like \fIforward\-tls\-upstream\fR: yes.
408 \fIdomain\-insecure\fR for the zone.
412 \fIdomain\-insecure\fR for the zone.  With +p the stub zone is set to prime,
414 names, like the \fIstub-zone\fR config in unbound.conf.
415 The +t option sets it to use tls upstream, like \fIstub\-tls\-upstream\fR: yes.
419 \fIdomain\-insecure\fR for the zone.
427 to is printed.  On startup this is from the forward\-zone "." configuration.
431 are used.  This can be used to avoid to avoid buggy or non\-DNSSEC supporting
464 you set Unbound to validate with for-upstream yes and that can be cleared with
525 \fBcookie\-secret\-file\fR option in the server section of the config file.
538 The unbound\-control program exits with status code 1 on error, 0 on success.
540 The setup requires a self\-signed certificate and private keys for both
541 the server and client.  The script \fIunbound\-control\-setup\fR generates
542 these in the default run directory, or with \-d in another directory.
544 who can use unbound\-control, by default owner and group but not all users.
548     sudo \-u unbound unbound\-control\-setup
554 After running the script as root, turn on \fBcontrol\-enable\fR in
575 number of queries removed due to discard-timeout by thread
578 number of queries removed due to wait-limit by thread
618 is only reported when sock-queue-timeout is enabled.
654 the time of the request.  This helps you spot if the incoming\-num\-tcp
792 Number of queries with query types 256\-65535.
798 num.query.class.other is printed for classes 256\-65535.
914 with the performance of the hash table, hash values are incorrect or malicious.
920 with the performance of the hash table, hash values are incorrect or malicious.
936 The number of queries answered from auth\-zone data, upstream queries.
941 The number of queries for downstream answered from auth\-zone data.
970 Possible actions are: nxdomain, nodata, passthru, drop, tcp\-only, local\-data,
971 disabled, and cname\-override.
979 self\-signed certificates (unbound_server.pem and unbound_control.pem).