Clarify the role of dns.domain outside of the DHCP context

Signed-off-by: DL6ER <[email protected]>

src/config/config.c

@@ -502,7 +502,7 @@ static void initConfig(struct config *conf)
 	conf->dns.expandHosts.c = validate_stub; // Only type-based checking
 
 	conf->dns.domain.k = "dns.domain";
-	conf->dns.domain.h = "The DNS domain used by your Pi-hole to expand hosts and for DHCP.\n\n Only if DHCP is enabled below: For DHCP, this has two effects; firstly it causes the DHCP server to return the domain to any hosts which request it, and secondly it sets the domain which it is legal for DHCP-configured hosts to claim. The intention is to constrain hostnames so that an untrusted host on the LAN cannot advertise its name via DHCP as e.g. \"google.com\" and capture traffic not meant for it. If no domain suffix is specified, then any DHCP hostname with a domain part (ie with a period) will be disallowed and logged. If a domain is specified, then hostnames with a domain part are allowed, provided the domain part matches the suffix. In addition, when a suffix is set then hostnames without a domain part have the suffix added as an optional domain part. For instance, we can set domain=mylab.com and have a machine whose DHCP hostname is \"laptop\". The IP address for that machine is available both as \"laptop\" and \"laptop.mylab.com\".\n\n You can disable setting a domain by setting this option to an empty string.";
+	conf->dns.domain.h = "The DNS domain used by your Pi-hole.\n\n This DNS domain in purely local. FTL may answer queries from its local cache and configuration but *never* forwards any requests upstream *unless* you have configured a dns.revServer exactly for this domain. In the latter case, all queries for this domain are sent exclusively to this server (including reverse lookups).\n\n For DHCP, this has two effects; firstly it causes the DHCP server to return the domain to any hosts which request it, and secondly it sets the domain which it is legal for DHCP-configured hosts to claim. The intention is to constrain hostnames so that an untrusted host on the LAN cannot advertise its name via DHCP as e.g. \"google.com\" and capture traffic not meant for it. If no domain suffix is specified, then any DHCP hostname with a domain part (ie with a period) will be disallowed and logged. If a domain is specified, then hostnames with a domain part are allowed, provided the domain part matches the suffix. In addition, when a suffix is set then hostnames without a domain part have the suffix added as an optional domain part. For instance, we can set domain=mylab.com and have a machine whose DHCP hostname is \"laptop\". The IP address for that machine is available both as \"laptop\" and \"laptop.mylab.com\".\n\n You can disable setting a domain by setting this option to an empty string.";
 	conf->dns.domain.a = cJSON_CreateStringReference("<any valid domain>");
 	conf->dns.domain.t = CONF_STRING;
 	conf->dns.domain.f = FLAG_RESTART_FTL;

test/pihole.toml

@@ -1,7 +1,7 @@
-# Pi-hole configuration file (v5.25.2-2556-g3cf56990-dirty)
+# Pi-hole configuration file (v6.0.1-3-g03cc1d34-dirty)
 # Encoding: UTF-8
 # This file is managed by pihole-FTL
-# Last updated on 2025-01-25 17:33:51 UTC
+# Last updated on 2025-02-21 10:58:04 UTC
 
 [dns]
   # Array of upstream DNS servers used by Pi-hole
@@ -112,20 +112,25 @@
   # same way as for DHCP-derived names
   expandHosts = false
 
-  # The DNS domain used by your Pi-hole to expand hosts and for DHCP.
+  # The DNS domain used by your Pi-hole.
   #
-  # Only if DHCP is enabled below: For DHCP, this has two effects; firstly it causes the
-  # DHCP server to return the domain to any hosts which request it, and secondly it sets
-  # the domain which it is legal for DHCP-configured hosts to claim. The intention is to
-  # constrain hostnames so that an untrusted host on the LAN cannot advertise its name
-  # via DHCP as e.g. "google.com" and capture traffic not meant for it. If no domain
-  # suffix is specified, then any DHCP hostname with a domain part (ie with a period)
-  # will be disallowed and logged. If a domain is specified, then hostnames with a
-  # domain part are allowed, provided the domain part matches the suffix. In addition,
-  # when a suffix is set then hostnames without a domain part have the suffix added as
-  # an optional domain part. For instance, we can set domain=mylab.com and have a
-  # machine whose DHCP hostname is "laptop". The IP address for that machine is
-  # available both as "laptop" and "laptop.mylab.com".
+  # This DNS domain in purely local. FTL may answer queries from its local cache and
+  # configuration but *never* forwards any requests upstream *unless* you have
+  # configured a dns.revServer exactly for this domain. In the latter case, all queries
+  # for this domain are sent exclusively to this server (including reverse lookups).
+  #
+  # For DHCP, this has two effects; firstly it causes the DHCP server to return the
+  # domain to any hosts which request it, and secondly it sets the domain which it is
+  # legal for DHCP-configured hosts to claim. The intention is to constrain hostnames so
+  # that an untrusted host on the LAN cannot advertise its name via DHCP as e.g.
+  # "google.com" and capture traffic not meant for it. If no domain suffix is specified,
+  # then any DHCP hostname with a domain part (ie with a period) will be disallowed and
+  # logged. If a domain is specified, then hostnames with a domain part are allowed,
+  # provided the domain part matches the suffix. In addition, when a suffix is set then
+  # hostnames without a domain part have the suffix added as an optional domain part.
+  # For instance, we can set domain=mylab.com and have a machine whose DHCP hostname is
+  # "laptop". The IP address for that machine is available both as "laptop" and
+  # "laptop.mylab.com".
   #
   # You can disable setting a domain by setting this option to an empty string.
   #