Better explain what unbound is for.

While there fix some nits.
Problem pointed out by deraadt@
Input jmc@, schwarze@
wouter@ committed a slightly different diff upstream. Pull that on out
of svn and hand merge it.
OK schwarze@

1 files changed, 36 insertions, 10 deletions

diff --git a/usr.sbin/unbound/doc/unbound.8.in b/usr.sbin/unbound/doc/unbound.8.in
index fd67e71856b..c8cc6d82ee5 100644
--- a/usr.sbin/unbound/doc/unbound.8.in
+++ b/usr.sbin/unbound/doc/unbound.8.in
@@ -8,22 +8,47 @@
 .\"
 .\"
 .SH "NAME"
-.LP
 .B unbound
 \- Unbound DNS validating resolver 1.4.22.
 .SH "SYNOPSIS"
-.LP
 .B unbound
 .RB [ \-h ]
 .RB [ \-d ]
 .RB [ \-v ]
-.RB [ \-c 
+.RB [ \-c
 .IR cfgfile ]
 .SH "DESCRIPTION"
-.LP
-.B Unbound 
-is an implementation of a DNS resolver, that does caching and 
-DNSSEC validation.
+.B Unbound
+is a caching DNS resolver.
+.P
+It uses a built in list of authoritative nameservers for the root zone (.),
+the so called root hints.
+On receiving a DNS query it will ask the root nameservers for
+an answer and will in almost all cases receive a delegation to a top level
+domain (TLD) authoritative nameserver.
+It will then ask that nameserver for an answer.
+It will recursively continue until an answer is found or no answer is
+available (NXDOMAIN).
+For performance and efficiency reasons that answer is cached for a
+certain time (the answer's time\-to\-live or TTL).
+A second query for the same name will then be answered from the cache.
+Unbound can also do DNSSEC validation.
+.P
+To use a locally running
+.B Unbound
+for resolving put
+.sp
+.RS 6n
+nameserver 127.0.0.1
+.RE
+.sp
+into
+.IR resolv.conf (5).
+.P
+If authoritative DNS is needed as well using
+.IR nsd (8),
+careful setup is required because authoritative nameservers and
+resolvers are using the same port number (53).
 .P
 The available options are:
 .TP
@@ -31,7 +56,7 @@ The available options are:
 Show the version and commandline option help.
 .TP
 .B \-c\fI cfgfile
-Set the config file with settings for unbound to read instead of reading the 
+Set the config file with settings for unbound to read instead of reading the
 file at the default location, @ub_conf_file@. The syntax is
 described in \fIunbound.conf\fR(5).
 .TP
@@ -44,8 +69,9 @@ thread\-spawn time. So that most config and setup errors appear on stderr.
 Increase verbosity. If given multiple times, more information is logged.
 This is in addition to the verbosity (if any) from the config file.
 .SH "SEE ALSO"
-\fIunbound.conf\fR(5), 
-\fIunbound\-checkconf\fR(8).
+\fIunbound.conf\fR(5),
+\fIunbound\-checkconf\fR(8),
+\fInsd\fR(8).
 .SH "AUTHORS"
 .B Unbound
 developers are mentioned in the CREDITS file in the distribution.