git: 9front

--- a/sys/man/8/ndb

+++ b/sys/man/8/ndb

@@ -437,6 +437,9 @@

 .I cert.pem

 is specified, also listen on TCP port 853 and handle

 DNS requests over TLS.

+Clients wanting to connect to this service must

+add the certificate or public key thumbprint into

+.BR /sys/lib/tls/dns .

.TP

 .B -x

 specifies the mount point of the network.

@@ -794,7 +797,13 @@

 .TF /lib/ndb/local.*xxx

.TP

 .B /env/DNSSERVER

-resolver's DNS servers' IP addresses.

+resolver's DNS servers' IP addresses

+.TP

+.B /env/DOTSERVER

+resolver's DNS over TLS servers' IP addresses

+.TP

+.B /sys/lib/tls/dns

+resolver's certificate / public-key thumbprints

.TP

 .B /lib/ndb/local

 first database file searched

--

⑨