Merge branch 'michal/miscellaneous-text-tweaks-related-to-doh-and-dot' into 'main'

Miscellaneous text tweaks related to DNS-over-HTTPS and DNS-over-TLS See merge request isc-projects/bind9!5743
2025-08-31 06:25:31 +00:00 · 2022-01-20 17:38:50 +00:00
parent f74e2fb7fb e225c46376
commit 370d54e3bb
6 changed files with 15 additions and 14 deletions
--- a/bin/dig/dig.c
+++ b/bin/dig/dig.c
@@ -229,7 +229,7 @@ help(void) {
 	       "SERVFAIL)\n"
 	       "                 +[no]header-only    (Send query without a "
 	       "question section)\n"
-	       "                 +[no]https[=###]    (DNS over HTTPS mode) "
+	       "                 +[no]https[=###]    (DNS-over-HTTPS mode) "
 	       "[/]\n"
 	       "                 +[no]https-get      (Use GET instead of "
 	       "default POST method\n"
@@ -294,7 +294,7 @@ help(void) {
 	       "(+[no]tcflag))\n"
 	       "                 +[no]tcp            (TCP mode (+[no]vc))\n"
 	       "                 +timeout=###        (Set query timeout) [5]\n"
-	       "                 +[no]tls            (DNS over TLS mode)\n"
+	       "                 +[no]tls            (DNS-over-TLS mode)\n"
 	       "                 +[no]trace          (Trace delegation down "
 	       "from root "
 	       "[+dnssec])\n"
--- a/bin/dig/dig.rst
+++ b/bin/dig/dig.rst
@@ -340,7 +340,7 @@ abbreviation is unambiguous; for example, ``+cd`` is equivalent to
   are ignored when this is set.

 ``+[no]https[=value]``
-   This option indicates whether to use DNS-over-HTTPS (DoH) when querying
+   This option indicates whether to use DNS over HTTPS (DoH) when querying
   name servers.  When this option is in use, the port number defaults to 443.
   The HTTP POST request mode is used when sending the query.

@@ -537,7 +537,7 @@ abbreviation is unambiguous; for example, ``+cd`` is equivalent to
   5 seconds. An attempt to set ``T`` to less than 1 is silently set to 1.

 ``+[no]tls``
-   This option indicates whether to use DNS-over-TLS (DoT) when querying
+   This option indicates whether to use DNS over TLS (DoT) when querying
   name servers. When this option is in use, the port number defaults
   to 853.

--- a/configure.ac
+++ b/configure.ac
@@ -575,10 +575,11 @@ AC_ARG_WITH([libnghttp2],

 AS_IF([test "$enable_doh" = "yes"],
      [AS_CASE([$with_libnghttp2],
-	       [no],[AC_MSG_ERROR([Use '--disable-doh' to disable DoH])],
+	       [no],[AC_MSG_ERROR([Use '--disable-doh' to disable DNS-over-HTTPS support])],
 	       [auto|yes],[PKG_CHECK_MODULES([LIBNGHTTP2], [libnghttp2 >= 1.6.0],
-					     [AC_DEFINE([HAVE_LIBNGHTTP2], [1], [Build with DoH support])],
-					     [AC_MSG_ERROR([DoH requested, but libnghttp2 not found])])],
+					     [AC_DEFINE([HAVE_LIBNGHTTP2], [1], [Build with DNS-over-HTTPS support])],
+					     [AC_MSG_ERROR(m4_normalize([DNS-over-HTTPS support requested, but libnghttp2 not found.
+									 Either install libnghttp2 or use --disable-doh.]))])],
 	       [AC_MSG_ERROR([Specifying libnghttp2 installation path is not supported, adjust PKG_CONFIG_PATH instead])])])

 AM_CONDITIONAL([HAVE_LIBNGHTTP2], [test -n "$LIBNGHTTP2_LIBS"])
--- a/doc/arm/reference.rst
+++ b/doc/arm/reference.rst
@@ -2530,10 +2530,10 @@ Use of an ``http`` specification requires ``tls`` to be specified
 as well.  If an unencrypted connection is desired (for example,
 on load-sharing servers behind a reverse proxy), ``tls none`` may be used.

-If a port number is not specified, the default is 53 for standard DNS, 853
-for DNS over TLS, 443 for DNS over HTTPS, and 80 for DNS over unenecrypted
-HTTP.  These defaults may be overridden using the ``port``, ``tls-port``,
-``https-port`` and ``http-port`` options.
+If a port number is not specified, the default is 53 for standard DNS,
+853 for DNS over TLS, 443 for DNS over HTTPS, and 80 for
+DNS over HTTP (unencrypted).  These defaults may be overridden using the
+``port``, ``tls-port``, ``https-port`` and ``http-port`` options.

 Multiple ``listen-on`` statements are allowed. For example:

--- a/doc/arm/troubleshooting.rst
+++ b/doc/arm/troubleshooting.rst
@@ -77,7 +77,7 @@ Inspecting Encrypted DNS Traffic
   BIND 9 is built against.  For OpenSSL, version 1.1.1 or newer is
   required (use ``named -V`` to check).

-By definition, TLS-encrypted traffic (e.g. DNS-over-TLS, DNS-over-HTTPS)
+By definition, TLS-encrypted traffic (e.g. DNS over TLS, DNS over HTTPS)
 is opaque to packet sniffers, which makes debugging problems with
 encrypted DNS close to impossible. However, Wireshark_ offers a
 solution_ to this problem by being able to read key log files. In order
--- a/doc/man/dig.1in
+++ b/doc/man/dig.1in
@@ -362,7 +362,7 @@ default is to add a question section. The query type and query name
 are ignored when this is set.
 .TP
 .B \fB+[no]https[=value]\fP
-This option indicates whether to use DNS\-over\-HTTPS (DoH) when querying
+This option indicates whether to use DNS over HTTPS (DoH) when querying
 name servers.  When this option is in use, the port number defaults to 443.
 The HTTP POST request mode is used when sending the query.
 .sp
@@ -559,7 +559,7 @@ This option sets the timeout for a query to \fBT\fP seconds. The default timeout
 5 seconds. An attempt to set \fBT\fP to less than 1 is silently set to 1.
 .TP
 .B \fB+[no]tls\fP
-This option indicates whether to use DNS\-over\-TLS (DoT) when querying
+This option indicates whether to use DNS over TLS (DoT) when querying
 name servers. When this option is in use, the port number defaults
 to 853.
 .TP