shithub: riscv

Download patch

ref: 95114db7e087da60a878df5c3e4cb5f7a1b3b28a
parent: 4dbb99f478d68eaeea4c043a839454cb807c2c7d
author: cinap_lenrek <cinap_lenrek@felloff.net>
date: Sun Jan 28 11:23:27 EST 2024

ndb(8): document thumbprint file for DoT

--- a/sys/man/8/ndb
+++ b/sys/man/8/ndb
@@ -437,6 +437,9 @@
 .I cert.pem
 is specified, also listen on TCP port 853 and handle
 DNS requests over TLS.
+Clients wanting to connect to this service must
+add the certificate or public key thumbprint into
+.BR /sys/lib/tls/dns .
 .TP
 .B -x
 specifies the mount point of the network.
@@ -794,7 +797,13 @@
 .TF /lib/ndb/local.*xxx
 .TP
 .B /env/DNSSERVER
-resolver's DNS servers' IP addresses.
+resolver's DNS servers' IP addresses
+.TP
+.B /env/DOTSERVER
+resolver's DNS over TLS servers' IP addresses
+.TP
+.B /sys/lib/tls/dns
+resolver's certificate / public-key thumbprints
 .TP
 .B /lib/ndb/local
 first database file searched