add textual elaborations and python docs

source/getting-started/configuration.rst

@@ -43,7 +43,7 @@ By default the Unbound config uses `chroot <https://wiki.archlinux.org/title/chr
 	# disable chroot
 	chroot: ""
 
-By default Unbound assumes that a user named "unbound" exists, which you can add this user with an account management tool available on your system. You can also disable this feature by adding ``username: ""`` in the config. If it is enabled, after the setup, any other user privileges are dropped and the configured username is assumed.
+By default Unbound assumes that a user named "unbound" exists, which you can add this user with an account management tool available on your system. You can also disable this feature by adding ``username: ""`` in the config. If it is enabled, after the setup, any other user privileges are dropped and the configured username is assumed. If this user  needs access to files (such as the 'trust anchor' mentioned below) these can be created by executing with ``sudo -u unbound`` in front of it.
 
 .. Important:: Unbound comes with the :command:`unbound-checkconf` tool. This tool allows you to check the config file for errors before starting Unbound. It is very convenient because if any errors are found it tells you where they are, which is particularly useful when Unbound is already running to avoid failure to restart due to a configuration error.
 
@@ -88,7 +88,8 @@ Set up Trust Anchor (Enable DNSSEC)
 
 To enable `DNSSEC <https://www.sidn.nl/en/cybersecurity/dnssec-explained>`_, which we strongly recommend, we need to set up a trust anchor as it allows the verification of the integrity of the responses to the queries you send.
 
-To help, we can use the :command:`unbound-anchor` command. :command:`unbound-anchor` performs the setup by configuring a trust anchor. The default location that :command:`unbound-anchor` creates this in is determined by your installation method. Usually the default directory is ``/usr/local/etc/unbound/``.
+To help, we can use the :command:`unbound-anchor` command. :command:`unbound-anchor` performs the setup by configuring a trust anchor. This trust anchor will only serve as the initial anchor from builtin values. To keep this anchor up to date, Unbound must be able to read and write to this file.
+The default location that :command:`unbound-anchor` creates this in is determined by your installation method. Usually the default directory is ``/usr/local/etc/unbound/``.
 
 .. code::bash
 
@@ -104,16 +105,13 @@ To enable DNSSEC, we add ``auto-trust-anchor-file`` under the ``server`` options
 
 Note that on some systems the ``/usr/local/etc/unbound/`` directory might be write-protected. 
 
-If the :command:`unbound-control-setup` command fails due to the insufficient permissions, instead run the command as the correct user.
+If the :command:`unbound-control-setup` command fails due to the insufficient permissions, run the command as the correct user, here we use the user ``unbound`` as this is the default user.
 
 .. code:: bash
 
 	sudo -u unbound unbound-anchor
 
-
-.. https://sizeof.cat/post/unbound-on-macos/
-
-
+This step is also important when using the ``chroot`` jail.
 
 
 .. @TODO Write ACL's -> access-control

source/getting-started/installation.rst

@@ -109,6 +109,8 @@ When we have a successful compilation, we can install Unbound to make available
 
 We now have fully compiled and installed version of Unbound, and :ref:`continue to testing it<Testing>`.
 
+Please note that the default configuration file is located at ``/usr/local/etc/unbound/unbound.conf`` and created during the :command:`make` step. This file contains all possible configuration options for Unbound.
+
 .. Ref to testing
 
 macOS Big Sur

source/index.rst

@@ -76,18 +76,20 @@ license, with attribution to NLnet Labs.
       topics/performance
       topics/monitoring
 
-..
-   .. toctree::
+
+.. toctree::
       :maxdepth: 2
       :caption: Internals
-
+
+      internals/python-modules
+..
       internals/server-selection
       internals/compliance
       internals/architecture
       internals/code-structure
-      internals/python-modules
       internals/trust-anchors
 
+
 .. toctree::
    :maxdepth: 2
    :caption: Unbound Library Tutorial

source/internals/python-modules.rst

@@ -1,6 +1,48 @@
 Python Modules
 --------------
 
-This section talks about Python modules for Unbound. Using Unbound from
-Python is discussed in the libunbound section.
+Pyunbound
+*********
 
+Unbound supports bindings for Python which we call 'pyunbound'. We enable this functionility in the :command:`configure` step of the installation using the following command.
+
+.. code:: bash
+
+    ./configure --with-pyunbound
+
+We can then generate the documentation for this using:
+
+.. code:: bash
+
+    make doc
+
+This command will genereate the docs in ``doc/html/pyunbound``, which can be browsed in a webbrowser by opening ``index.html``.
+
+Another option of gereating the files is available if you are using :command:`sphinx`.
+
+.. code:: bash
+
+    sphinx-build -b html libunbound/python/doc doc/html/pyunbound/
+
+Pythonmod
+*********
+
+Unbound also contains a module that executes python code called "pythonmod". The supplied Python code has to follow module operation semantics. This module is enabled in the :command:`configure` step of the installation using the following command.
+
+./configure --with-pythonmodule
+
+The full documentation for it can be build using:
+
+We can then generate the documentation for this using:
+
+.. code:: bash
+
+    make doc
+
+This command will genereate the docs in ``doc/html/pythonmod``, which can be browsed in a webbrowser by opening ``index.html``. 
+
+Another option of gereating the files is available if you are using :command:`sphinx`.
+
+.. code:: bash
+
+    sphinx-build -b html pythonmod/doc/ doc/html/pythonmod/