diff options
| author | Christian Poessinger <christian@poessinger.com> | 2019-12-10 09:33:59 +0100 |
|---|---|---|
| committer | Christian Poessinger <christian@poessinger.com> | 2019-12-10 09:33:59 +0100 |
| commit | de12bf3757f25e61d40cae88f5ba10ee3a04db8f (patch) | |
| tree | 4b12ba8772db77d9c409c2cc548356883d90399d /interface-definitions/dns-forwarding.xml.in | |
| parent | e9bf6cc7f20d93f35c2d7dc57c9a5a173fe7fc5d (diff) | |
| parent | a68d72122c3cc032b5a7b05dafc0578e64244c4f (diff) | |
| download | vyos-1x-de12bf3757f25e61d40cae88f5ba10ee3a04db8f.tar.gz vyos-1x-de12bf3757f25e61d40cae88f5ba10ee3a04db8f.zip | |
Merge branch 'current' of github.com:vyos/vyos-1x into equuleus
* 'current' of github.com:vyos/vyos-1x:
T1855, T1826: Restore support for reboot/poweroff in M minutes.
vyos.config: T1764: allow for list argument to exists, in value case
vyos.config: T1846: ignore edit level when obtaining working config
T1843: use include files for interface proxy-arp-pvlan option
T1843: use include files for interface proxy-arp configuration
T1843: use include files for interface arp-cache-timeout configuration
T1843: use include files for interface link-detect feature
T1843: use include files for interface MTU size
T1843: use include files for interface MAC address
T1843: use include files to disable interface (admin down)
T1843: use include files for interface description
T1843: use include files for DHCP/DHCPv6 options
T1843: recursively include IP address definitions in VIF/VIF-S definitions
T1843: add support for recursive includes
T1843: use include files for VIF/VIF-S interfaces
T1843: use include files for IPv4/IPv6 interface address configuration
T1843: run interface-definitions though GCC preprocessor
Diffstat (limited to 'interface-definitions/dns-forwarding.xml.in')
| -rw-r--r-- | interface-definitions/dns-forwarding.xml.in | 177 |
1 files changed, 177 insertions, 0 deletions
diff --git a/interface-definitions/dns-forwarding.xml.in b/interface-definitions/dns-forwarding.xml.in new file mode 100644 index 000000000..8b89bf758 --- /dev/null +++ b/interface-definitions/dns-forwarding.xml.in @@ -0,0 +1,177 @@ +<?xml version="1.0"?> +<!-- DNS forwarder configuration --> +<interfaceDefinition> + <node name="service"> + <children> + <node name="dns"> + <properties> + <help>Domain Name System related services</help> + </properties> + <children> + <node name="forwarding" owner="${vyos_conf_scripts_dir}/dns_forwarding.py"> + <properties> + <help>DNS forwarding</help> + <priority>918</priority> + </properties> + <children> + <leafNode name="cache-size"> + <properties> + <help>DNS forwarding cache size</help> + <valueHelp> + <format>0-10000</format> + <description>DNS forwarding cache size</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-10000"/> + </constraint> + </properties> + </leafNode> + <leafNode name="dhcp"> + <properties> + <help>Use DNS servers received from DHCP server for specified interface</help> + <completionHelp> + <script>${vyos_completion_dir}/list_interfaces.py</script> + </completionHelp> + <multi/> + </properties> + </leafNode> + <leafNode name="dnssec"> + <properties> + <help>DNSSEC mode</help> + <completionHelp> + <list>off process-no-validate process log-fail validate</list> + </completionHelp> + <valueHelp> + <format>off</format> + <description>No DNSSEC processing whatsoever!</description> + </valueHelp> + <valueHelp> + <format>process-no-validate</format> + <description>Respond with DNSSEC records to clients that ask for it. No validation done at all!</description> + </valueHelp> + <valueHelp> + <format>process</format> + <description>Respond with DNSSEC records to clients that ask for it. Validation for clients that request it.</description> + </valueHelp> + <valueHelp> + <format>log-fail</format> + <description>Similar behaviour to process, but validate RRSIGs on responses and log bogus responses.</description> + </valueHelp> + <valueHelp> + <format>validate</format> + <description>Full blown DNSSEC validation. Send SERVFAIL to clients on bogus responses.</description> + </valueHelp> + <constraint> + <regex>(off|process-no-validate|process|log-fail|validate)</regex> + </constraint> + </properties> + </leafNode> + <tagNode name="domain"> + <properties> + <help>Domain to forward to a custom DNS server</help> + </properties> + <children> + <leafNode name="server"> + <properties> + <help>Domain Name Server (DNS) to forward queries to</help> + <valueHelp> + <format>ipv4</format> + <description>Domain Name Server (DNS) IPv4 address</description> + </valueHelp> + <valueHelp> + <format>ipv6</format> + <description>Domain Name Server (DNS) IPv6 address</description> + </valueHelp> + <multi/> + <constraint> + <validator name="ipv4-address"/> + <validator name="ipv6-address"/> + </constraint> + </properties> + </leafNode> + </children> + </tagNode> + <leafNode name="ignore-hosts-file"> + <properties> + <help>Do not use local /etc/hosts file in name resolution</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="allow-from"> + <properties> + <help>Networks allowed to query this server</help> + <valueHelp> + <format>ipv4net</format> + <description>IP address and prefix length</description> + </valueHelp> + <valueHelp> + <format>ipv6net</format> + <description>IPv6 address and prefix length</description> + </valueHelp> + <multi/> + <constraint> + <validator name="ip-prefix"/> + </constraint> + </properties> + </leafNode> + <leafNode name="listen-address"> + <properties> + <help>Addresses to listen for DNS queries [REQUIRED]</help> + <valueHelp> + <format>ipv4</format> + <description>Domain Name Server (DNS) IPv4 address</description> + </valueHelp> + <valueHelp> + <format>ipv6</format> + <description>Domain Name Server (DNS) IPv6 address</description> + </valueHelp> + <multi/> + <constraint> + <validator name="ipv4-address"/> + <validator name="ipv6-address"/> + </constraint> + </properties> + </leafNode> + <leafNode name="negative-ttl"> + <properties> + <help>Maximum amount of time negative entries are cached</help> + <valueHelp> + <format>0-7200</format> + <description>Seconds to cache NXDOMAIN entries</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-7200"/> + </constraint> + </properties> + </leafNode> + <leafNode name="name-server"> + <properties> + <help>Domain Name Servers (DNS) addresses [OPTIONAL]</help> + <valueHelp> + <format>ipv4</format> + <description>Domain Name Server (DNS) IPv4 address</description> + </valueHelp> + <valueHelp> + <format>ipv6</format> + <description>Domain Name Server (DNS) IPv6 address</description> + </valueHelp> + <multi/> + <constraint> + <validator name="ipv4-address"/> + <validator name="ipv6-address"/> + </constraint> + </properties> + </leafNode> + <leafNode name="system"> + <properties> + <help>Use system name servers</help> + <valueless/> + </properties> + </leafNode> + </children> + </node> + </children> + </node> + </children> + </node> +</interfaceDefinition> |