ref: 95114db7e087da60a878df5c3e4cb5f7a1b3b28a
parent: 4dbb99f478d68eaeea4c043a839454cb807c2c7d
author: cinap_lenrek <cinap_lenrek@felloff.net>
date: Sun Jan 28 11:23:27 EST 2024
ndb(8): document thumbprint file for DoT
--- a/sys/man/8/ndb
+++ b/sys/man/8/ndb
@@ -437,6 +437,9 @@
.I cert.pem
is specified, also listen on TCP port 853 and handle
DNS requests over TLS.
+Clients wanting to connect to this service must
+add the certificate or public key thumbprint into
+.BR /sys/lib/tls/dns .
.TP
.B -x
specifies the mount point of the network.
@@ -794,7 +797,13 @@
.TF /lib/ndb/local.*xxx
.TP
.B /env/DNSSERVER
-resolver's DNS servers' IP addresses.
+resolver's DNS servers' IP addresses
+.TP
+.B /env/DOTSERVER
+resolver's DNS over TLS servers' IP addresses
+.TP
+.B /sys/lib/tls/dns
+resolver's certificate / public-key thumbprints
.TP
.B /lib/ndb/local
first database file searched