diff options
author | Robert Göhler <github@ghlr.de> | 2024-04-16 20:32:34 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2024-04-16 20:32:34 +0200 |
commit | cd911389ece7fbcac00c35bc813044494182623f (patch) | |
tree | f350c8fe718daaa5f3a38103a21559a2457993b7 /docs/_locale/de/configuration.pot | |
parent | 838c852ec3d83bca184d2102b5c9c38d4947fe6e (diff) | |
parent | cd705fbfb581172bbe2ac3366712088e53775ea4 (diff) | |
download | vyos-documentation-cd911389ece7fbcac00c35bc813044494182623f.tar.gz vyos-documentation-cd911389ece7fbcac00c35bc813044494182623f.zip |
Merge pull request #1379 from vyos/update-translations-master
Github: update translations
Diffstat (limited to 'docs/_locale/de/configuration.pot')
-rw-r--r-- | docs/_locale/de/configuration.pot | 400 |
1 files changed, 294 insertions, 106 deletions
diff --git a/docs/_locale/de/configuration.pot b/docs/_locale/de/configuration.pot index 9b1596cb..15fcb065 100644 --- a/docs/_locale/de/configuration.pot +++ b/docs/_locale/de/configuration.pot @@ -802,6 +802,14 @@ msgstr "**local side - commands**" msgid "**log-fail** In this mode, the recursor will attempt to validate all data it retrieves from authoritative servers, regardless of the client's DNSSEC desires, and will log the validation result. This mode can be used to determine the extra load and amount of possibly bogus answers before turning on full-blown validation. Responses to client queries are the same as with process." msgstr "**log-fail** In this mode, the recursor will attempt to validate all data it retrieves from authoritative servers, regardless of the client's DNSSEC desires, and will log the validation result. This mode can be used to determine the extra load and amount of possibly bogus answers before turning on full-blown validation. Responses to client queries are the same as with process." +#: ../../configuration/service/dns.rst:197 +msgid "**lookup-a** A Flag." +msgstr "**lookup-a** A Flag." + +#: ../../configuration/service/dns.rst:199 +msgid "**lookup-srv** S flag." +msgstr "**lookup-srv** S flag." + #: ../../configuration/protocols/isis.rst:100 msgid "**narrow** - Use old style of TLVs with narrow metric." msgstr "**narrow** - Use old style of TLVs with narrow metric." @@ -839,6 +847,10 @@ msgstr "**off** In this mode, no DNSSEC processing takes place. The recursor wil msgid "**on-failure**: Restart containers when they exit with a non-zero exit code, retrying indefinitely (default)" msgstr "**on-failure**: Restart containers when they exit with a non-zero exit code, retrying indefinitely (default)" +#: ../../configuration/service/dns.rst:201 +msgid "**order** Rule order. Requires `<value>`." +msgstr "**order** Rule order. Requires `<value>`." + #: ../../configuration/nat/nat44.rst:149 msgid "**outbound-interface** - applicable only to :ref:`source-nat`. It configures the interface which is used for the outside traffic that this translation rule applies to." msgstr "**outbound-interface** - applicable only to :ref:`source-nat`. It configures the interface which is used for the outside traffic that this translation rule applies to." @@ -872,6 +884,10 @@ msgstr "**prefer** - ask client for mppe, if it rejects don't fail" msgid "**prefer** - ask client for mppe, if it rejects don't fail. (Default value)" msgstr "**prefer** - ask client for mppe, if it rejects don't fail. (Default value)" +#: ../../configuration/service/dns.rst:203 +msgid "**preference** Rule preference. Requires `<value>`. Defaults to 0 if not set." +msgstr "**preference** Rule preference. Requires `<value>`. Defaults to 0 if not set." + #: ../../configuration/service/dns.rst:77 msgid "**process** When dnssec is set to process the behavior is similar to process-no-validate. However, the recursor will try to validate the data if at least one of the DO or AD bits is set in the query; in that case, it will set the AD-bit in the response when the data is validated successfully, or send SERVFAIL when the validation comes up bogus." msgstr "**process** When dnssec is set to process the behavior is similar to process-no-validate. However, the recursor will try to validate the data if at least one of the DO or AD bits is set in the query; in that case, it will set the AD-bit in the response when the data is validated successfully, or send SERVFAIL when the validation comes up bogus." @@ -884,6 +900,10 @@ msgstr "**process-no-validate** In this mode the recursor acts as a \"security a msgid "**protocol** - specify which types of protocols this translation rule applies to. Only packets matching the specified protocol are NATed. By default this applies to `all` protocols." msgstr "**protocol** - specify which types of protocols this translation rule applies to. Only packets matching the specified protocol are NATed. By default this applies to `all` protocols." +#: ../../configuration/service/dns.rst:205 +msgid "**protocol-specific** P flag." +msgstr "**protocol-specific** P flag." + #: ../../configuration/service/ipoe-server.rst:63 #: ../../configuration/service/pppoe-server.rst:41 #: ../../configuration/vpn/l2tp.rst:29 @@ -903,6 +923,10 @@ msgstr "**radius**: All authentication queries are handled by a configured RADIU msgid "**random** - Random interface identifier for IPv6" msgstr "**random** - Random interface identifier for IPv6" +#: ../../configuration/service/dns.rst:207 +msgid "**regexp** Regular expression. Requires `<value>`." +msgstr "**regexp** Regular expression. Requires `<value>`." + #: ../../configuration/interfaces/wireguard.rst:190 msgid "**remote side - commands**" msgstr "**remote side - commands**" @@ -915,6 +939,10 @@ msgstr "**replace**: Terminate first session when second is authorized **(defaul msgid "**replace:** Relay information already present in a packet is stripped and replaced with the router's own relay information set." msgstr "**replace:** Relay information already present in a packet is stripped and replaced with the router's own relay information set." +#: ../../configuration/service/dns.rst:209 +msgid "**replacement** Replacement DNS name." +msgstr "**replacement** Replacement DNS name." + #: ../../configuration/service/pppoe-server.rst:472 #: ../../configuration/vpn/l2tp.rst:426 #: ../../configuration/vpn/pptp.rst:350 @@ -936,10 +964,18 @@ msgstr "**require** - Require IPv6 negotiation" msgid "**require** - ask client for mppe, if it rejects drop connection" msgstr "**require** - ask client for mppe, if it rejects drop connection" +#: ../../configuration/service/dns.rst:211 +msgid "**resolve-uri** U flag." +msgstr "**resolve-uri** U flag." + #: ../../configuration/vpn/site2site_ipsec.rst:319 msgid "**right**" msgstr "**right**" +#: ../../configuration/service/dns.rst:213 +msgid "**service** Service type. Requires `<value>`." +msgstr "**service** Service type. Requires `<value>`." + #: ../../configuration/container/index.rst:127 msgid "**setpcap**: Capability sets (from bounded or inherited set)" msgstr "**setpcap**: Capability sets (from bounded or inherited set)" @@ -1503,6 +1539,10 @@ msgstr "A *bit* is written as **bit**," msgid "A BGP-speaking router like VyOS can retrieve ROA information from RPKI \"Relying Party software\" (often just called an \"RPKI server\" or \"RPKI validator\") by using :abbr:`RTR (RPKI to Router)` protocol. There are several open source implementations to choose from, such as NLNetLabs' Routinator_ (written in Rust), Cloudflare's GoRTR_ and OctoRPKI_ (written in Go), and RIPE NCC's RPKI Validator_ (written in Java). The RTR protocol is described in :rfc:`8210`." msgstr "A BGP-speaking router like VyOS can retrieve ROA information from RPKI \"Relying Party software\" (often just called an \"RPKI server\" or \"RPKI validator\") by using :abbr:`RTR (RPKI to Router)` protocol. There are several open source implementations to choose from, such as NLNetLabs' Routinator_ (written in Rust), Cloudflare's GoRTR_ and OctoRPKI_ (written in Go), and RIPE NCC's RPKI Validator_ (written in Java). The RTR protocol is described in :rfc:`8210`." +#: ../../configuration/protocols/rpki.rst:21 +msgid "A BGP-speaking router like VyOS can retrieve ROA information from RPKI \"Relying Party software\" (often just called an \"RPKI server\" or \"RPKI validator\") by using :abbr:`RTR (RPKI to Router)` protocol. There are several open source implementations to choose from, such as NLNetLabs' Routinator_ (written in Rust), OpenBSD's rpki-client_ (written in C), and StayRTR_ (written in Go). The RTR protocol is described in :rfc:`8210`." +msgstr "A BGP-speaking router like VyOS can retrieve ROA information from RPKI \"Relying Party software\" (often just called an \"RPKI server\" or \"RPKI validator\") by using :abbr:`RTR (RPKI to Router)` protocol. There are several open source implementations to choose from, such as NLNetLabs' Routinator_ (written in Rust), OpenBSD's rpki-client_ (written in C), and StayRTR_ (written in Go). The RTR protocol is described in :rfc:`8210`." + #: ../../configuration/protocols/bgp.rst:951 msgid "A BGP confederation divides our AS into sub-ASes to reduce the number of required IBGP peerings. Within a sub-AS we still require full-mesh IBGP but between these sub-ASes we use something that looks like EBGP but behaves like IBGP (called confederation BGP). Confederation mechanism is described in :rfc:`5065`" msgstr "A BGP confederation divides our AS into sub-ASes to reduce the number of required IBGP peerings. Within a sub-AS we still require full-mesh IBGP but between these sub-ASes we use something that looks like EBGP but behaves like IBGP (called confederation BGP). Confederation mechanism is described in :rfc:`5065`" @@ -1531,7 +1571,7 @@ msgstr "A VRF device is created with an associated route table. Network interfac msgid "A VyOS GRE tunnel can carry both IPv4 and IPv6 traffic and can also be created over either IPv4 (gre) or IPv6 (ip6gre)." msgstr "A VyOS GRE tunnel can carry both IPv4 and IPv6 traffic and can also be created over either IPv4 (gre) or IPv6 (ip6gre)." -#: ../../configuration/service/dns.rst:149 +#: ../../configuration/service/dns.rst:243 msgid "A VyOS router with two interfaces - eth0 (WAN) and eth1 (LAN) - is required to implement a split-horizon DNS configuration for example.com." msgstr "A VyOS router with two interfaces - eth0 (WAN) and eth1 (LAN) - is required to implement a split-horizon DNS configuration for example.com." @@ -1624,6 +1664,10 @@ msgstr "A human readable description what this certificate is about." msgid "A lookback interface is always up, thus it could be used for management traffic or as source/destination for and :abbr:`IGP (Interior Gateway Protocol)` like :ref:`routing-bgp` so your internal BGP link is not dependent on physical link states and multiple routes can be chosen to the destination. A :ref:`dummy-interface` Interface should always be preferred over a :ref:`loopback-interface` interface." msgstr "A lookback interface is always up, thus it could be used for management traffic or as source/destination for and :abbr:`IGP (Interior Gateway Protocol)` like :ref:`routing-bgp` so your internal BGP link is not dependent on physical link states and multiple routes can be chosen to the destination. A :ref:`dummy-interface` Interface should always be preferred over a :ref:`loopback-interface` interface." +#: ../../configuration/interfaces/loopback.rst:17 +msgid "A loopback interface is always up, thus it could be used for management traffic or as source/destination for and :abbr:`IGP (Interior Gateway Protocol)` like :ref:`routing-bgp` so your internal BGP link is not dependent on physical link states and multiple routes can be chosen to the destination. A :ref:`dummy-interface` Interface should always be preferred over a :ref:`loopback-interface` interface." +msgstr "A loopback interface is always up, thus it could be used for management traffic or as source/destination for and :abbr:`IGP (Interior Gateway Protocol)` like :ref:`routing-bgp` so your internal BGP link is not dependent on physical link states and multiple routes can be chosen to the destination. A :ref:`dummy-interface` Interface should always be preferred over a :ref:`loopback-interface` interface." + #: ../../configuration/service/snmp.rst:42 msgid "A managed device is a network node that implements an SNMP interface that allows unidirectional (read-only) or bidirectional (read and write) access to node-specific information. Managed devices exchange node-specific information with the NMSs. Sometimes called network elements, the managed devices can be any type of device, including, but not limited to, routers, access servers, switches, cable modems, bridges, hubs, IP telephones, IP video cameras, computer hosts, and printers." msgstr "A managed device is a network node that implements an SNMP interface that allows unidirectional (read-only) or bidirectional (read and write) access to node-specific information. Managed devices exchange node-specific information with the NMSs. Sometimes called network elements, the managed devices can be any type of device, including, but not limited to, routers, access servers, switches, cable modems, bridges, hubs, IP telephones, IP video cameras, computer hosts, and printers." @@ -1920,7 +1964,7 @@ msgstr "Add the public CA certificate for the CA named `name` to the VyOS CLI." msgid "Adding a 2FA with an OTP-key" msgstr "Adding a 2FA with an OTP-key" -#: ../../configuration/loadbalancing/reverse-proxy.rst:260 +#: ../../configuration/loadbalancing/reverse-proxy.rst:263 msgid "Additional global parameters are set, including the maximum number connection limit of 4000 and a minimum TLS version of 1.3." msgstr "Additional global parameters are set, including the maximum number connection limit of 4000 and a minimum TLS version of 1.3." @@ -2052,7 +2096,7 @@ msgstr "Algorithm" msgid "Aliases" msgstr "Aliases" -#: ../../configuration/service/dns.rst:154 +#: ../../configuration/service/dns.rst:248 msgid "All DNS requests for example.com must be forwarded to a DNS server at 192.0.2.254 and 2001:db8:cafe::1" msgstr "All DNS requests for example.com must be forwarded to a DNS server at 192.0.2.254 and 2001:db8:cafe::1" @@ -2080,7 +2124,7 @@ msgstr "All interfaces used for the DHCP relay must be configured. This includes msgid "All items in a sync group should be similarly configured. If one VRRP group is set to a different preemption delay or priority, it would result in an endless transition loop." msgstr "All items in a sync group should be similarly configured. If one VRRP group is set to a different preemption delay or priority, it would result in an endless transition loop." -#: ../../configuration/service/dns.rst:156 +#: ../../configuration/service/dns.rst:250 msgid "All other DNS requests will be forwarded to a different set of DNS servers at 192.0.2.1, 192.0.2.2, 2001:db8::1:ffff and 2001:db8::2:ffff" msgstr "All other DNS requests will be forwarded to a different set of DNS servers at 192.0.2.1, 192.0.2.2, 2001:db8::1:ffff and 2001:db8::2:ffff" @@ -2136,7 +2180,7 @@ msgstr "Allow access to sites in a domain without retrieving them from the Proxy msgid "Allow bgp to negotiate the extended-nexthop capability with it’s peer. If you are peering over a IPv6 Link-Local address then this capability is turned on automatically. If you are peering over a IPv6 Global Address then turning on this command will allow BGP to install IPv4 routes with IPv6 nexthops if you do not have IPv4 configured on interfaces." msgstr "Allow bgp to negotiate the extended-nexthop capability with it’s peer. If you are peering over a IPv6 Link-Local address then this capability is turned on automatically. If you are peering over a IPv6 Global Address then turning on this command will allow BGP to install IPv4 routes with IPv6 nexthops if you do not have IPv4 configured on interfaces." -#: ../../configuration/service/dns.rst:362 +#: ../../configuration/service/dns.rst:456 msgid "Allow explicit IPv6 address for the interface." msgstr "Allow explicit IPv6 address for the interface." @@ -2679,6 +2723,10 @@ msgstr "Authentication token" msgid "Authentication – to verify that the message is from a valid source." msgstr "Authentication – to verify that the message is from a valid source." +#: ../../configuration/service/dns.rst:147 +msgid "Authoritative zones" +msgstr "Authoritative zones" + #: ../../configuration/service/monitoring.rst:92 msgid "Authorization token" msgstr "Authorization token" @@ -2803,6 +2851,10 @@ msgstr "Babel is a modern routing protocol designed to be robust and efficient b msgid "Backend" msgstr "Backend" +#: ../../configuration/loadbalancing/reverse-proxy.rst:299 +msgid "Backend service certificates are checked against the certificate authority specified in the configuration, which could be an internal CA." +msgstr "Backend service certificates are checked against the certificate authority specified in the configuration, which could be an internal CA." + #: ../../configuration/loadbalancing/reverse-proxy.rst:108 msgid "Balance algorithms:" msgstr "Balance algorithms:" @@ -2811,7 +2863,7 @@ msgstr "Balance algorithms:" msgid "Balancing Rules" msgstr "Balancing Rules" -#: ../../configuration/loadbalancing/reverse-proxy.rst:211 +#: ../../configuration/loadbalancing/reverse-proxy.rst:214 msgid "Balancing based on domain name" msgstr "Balancing based on domain name" @@ -2892,6 +2944,10 @@ msgstr "Before enabling any hardware segmentation offload a corresponding softwa msgid "Before you are able to apply a rule-set to a zone you have to create the zones first." msgstr "Before you are able to apply a rule-set to a zone you have to create the zones first." +#: ../../configuration/service/dns.rst:169 +msgid "Below are a list of record types available to be configured within VyOS. Some records support special `<name>` keywords:" +msgstr "Below are a list of record types available to be configured within VyOS. Some records support special `<name>` keywords:" + #: ../../configuration/vpn/site2site_ipsec.rst:425 msgid "Below flow-chart could be a quick reference for the close-action combination depending on how the peer is configured." msgstr "Below flow-chart could be a quick reference for the close-action combination depending on how the peer is configured." @@ -3037,11 +3093,11 @@ msgstr "By default, VyOS does not advertise a default route (0.0.0.0/0) even if msgid "By default, a new token is generated every 30 seconds by the mobile application. In order to compensate for possible time-skew between the client and the server, an extra token before and after the current time is allowed. This allows for a time skew of up to 30 seconds between authentication server and client." msgstr "By default, a new token is generated every 30 seconds by the mobile application. In order to compensate for possible time-skew between the client and the server, an extra token before and after the current time is allowed. This allows for a time skew of up to 30 seconds between authentication server and client." -#: ../../configuration/service/dns.rst:401 +#: ../../configuration/service/dns.rst:495 msgid "By default, ddclient_ will update a dynamic dns record using the IP address directly attached to the interface. If your VyOS instance is behind NAT, your record will be updated to point to your internal IP." msgstr "By default, ddclient_ will update a dynamic dns record using the IP address directly attached to the interface. If your VyOS instance is behind NAT, your record will be updated to point to your internal IP." -#: ../../configuration/protocols/rpki.rst:91 +#: ../../configuration/protocols/rpki.rst:89 msgid "By default, enabling RPKI does not change best path selection. In particular, invalid prefixes will still be considered during best path selection. However, the router can be configured to ignore all invalid prefixes." msgstr "By default, enabling RPKI does not change best path selection. In particular, invalid prefixes will still be considered during best path selection. However, the router can be configured to ignore all invalid prefixes." @@ -3372,7 +3428,7 @@ msgstr "Confidentiality – Encryption of packets to prevent snooping by an unau #: ../../configuration/protocols/isis.rst:28 #: ../../configuration/protocols/ospf.rst:22 #: ../../configuration/protocols/ospf.rst:1076 -#: ../../configuration/protocols/rpki.rst:104 +#: ../../configuration/protocols/rpki.rst:102 #: ../../configuration/service/broadcast-relay.rst:18 #: ../../configuration/service/conntrack-sync.rst:38 #: ../../configuration/service/console-server.rst:21 @@ -3381,7 +3437,7 @@ msgstr "Confidentiality – Encryption of packets to prevent snooping by an unau #: ../../configuration/service/dhcp-server.rst:22 #: ../../configuration/service/dhcp-server.rst:569 #: ../../configuration/service/dns.rst:8 -#: ../../configuration/service/dns.rst:214 +#: ../../configuration/service/dns.rst:308 #: ../../configuration/service/https.rst:14 #: ../../configuration/service/ids.rst:20 #: ../../configuration/service/lldp.rst:36 @@ -3480,11 +3536,11 @@ msgstr "Configure" msgid "Configure BFD" msgstr "Configure BFD" -#: ../../configuration/service/dns.rst:245 +#: ../../configuration/service/dns.rst:339 msgid "Configure DNS `<record>` which should be updated. This can be set multiple times." msgstr "Configure DNS `<record>` which should be updated. This can be set multiple times." -#: ../../configuration/service/dns.rst:241 +#: ../../configuration/service/dns.rst:335 msgid "Configure DNS `<zone>` to be updated." msgstr "Configure DNS `<zone>` to be updated." @@ -3550,7 +3606,7 @@ msgstr "Configure `<message>` which is shown after user has logged in to the sys msgid "Configure `<message>` which is shown during SSH connect and before a user is logged in." msgstr "Configure `<message>` which is shown during SSH connect and before a user is logged in." -#: ../../configuration/service/dns.rst:346 +#: ../../configuration/service/dns.rst:440 msgid "Configure `<password>` used when authenticating the update request for DynDNS service identified by `<service-name>`." msgstr "Configure `<password>` used when authenticating the update request for DynDNS service identified by `<service-name>`." @@ -3558,7 +3614,7 @@ msgstr "Configure `<password>` used when authenticating the update request for D msgid "Configure `<password>` used when authenticating the update request for DynDNS service identified by `<service>`." msgstr "Configure `<password>` used when authenticating the update request for DynDNS service identified by `<service>`." -#: ../../configuration/service/dns.rst:341 +#: ../../configuration/service/dns.rst:435 msgid "Configure `<username>` used when authenticating the update request for DynDNS service identified by `<service-name>`." msgstr "Configure `<username>` used when authenticating the update request for DynDNS service identified by `<service-name>`." @@ -3705,7 +3761,7 @@ msgstr "Configure one or more attributes to the given NTP server." msgid "Configure one or more servers for synchronisation. Server name can be either an IP address or :abbr:`FQDN (Fully Qualified Domain Name)`." msgstr "Configure one or more servers for synchronisation. Server name can be either an IP address or :abbr:`FQDN (Fully Qualified Domain Name)`." -#: ../../configuration/service/dns.rst:249 +#: ../../configuration/service/dns.rst:343 msgid "Configure optional TTL value on the given resource record. This defaults to 600 seconds." msgstr "Configure optional TTL value on the given resource record. This defaults to 600 seconds." @@ -3741,6 +3797,10 @@ msgstr "Configure protocol used for communication to remote syslog host. This ca msgid "Configure proxy port if it does not listen to the default port 80." msgstr "Configure proxy port if it does not listen to the default port 80." +#: ../../configuration/loadbalancing/reverse-proxy.rst:149 +msgid "Configure requests to the backend server to use SSL encryption and authenticate backend against <ca-certificate>" +msgstr "Configure requests to the backend server to use SSL encryption and authenticate backend against <ca-certificate>" + #: ../../configuration/system/sflow.rst:16 msgid "Configure sFlow agent IPv4 or IPv6 address" msgstr "Configure sFlow agent IPv4 or IPv6 address" @@ -3773,7 +3833,7 @@ msgstr "Configure the A-side router for NPTv6 using the prefixes above:" msgid "Configure the B-side router for NPTv6 using the prefixes above:" msgstr "Configure the B-side router for NPTv6 using the prefixes above:" -#: ../../configuration/service/dns.rst:236 +#: ../../configuration/service/dns.rst:330 msgid "Configure the DNS `<server>` IP/FQDN used when updating this dynamic assignment." msgstr "Configure the DNS `<server>` IP/FQDN used when updating this dynamic assignment." @@ -3793,7 +3853,7 @@ msgstr "Configure the discrete port under which the RADIUS server can be reached msgid "Configure the discrete port under which the TACACS server can be reached." msgstr "Configure the discrete port under which the TACACS server can be reached." -#: ../../configuration/loadbalancing/reverse-proxy.rst:172 +#: ../../configuration/loadbalancing/reverse-proxy.rst:175 msgid "Configure the load-balancing reverse-proxy service for HTTP." msgstr "Configure the load-balancing reverse-proxy service for HTTP." @@ -3894,7 +3954,7 @@ msgstr "Connections to the RPKI caching server can not only be established by HT msgid "Connections to the RPKI caching server can not only be established by HTTP/TLS but you can also rely on a secure SSH session to the server. To enable SSH you first need to create yoursels an SSH client keypair using ``generate ssh client-key /config/auth/id_rsa_rpki``. Once your key is created you can setup the connection." msgstr "Connections to the RPKI caching server can not only be established by HTTP/TLS but you can also rely on a secure SSH session to the server. To enable SSH you first need to create yoursels an SSH client keypair using ``generate ssh client-key /config/auth/id_rsa_rpki``. Once your key is created you can setup the connection." -#: ../../configuration/protocols/rpki.rst:143 +#: ../../configuration/protocols/rpki.rst:141 msgid "Connections to the RPKI caching server can not only be established by TCP using the RTR protocol but you can also rely on a secure SSH session to the server. This provides transport integrity and confidentiality and it is a good idea if your validation software supports it. To enable SSH, first you need to create an SSH client keypair using ``generate ssh client-key /config/auth/id_rsa_rpki``. Once your key is created you can setup the connection." msgstr "Connections to the RPKI caching server can not only be established by TCP using the RTR protocol but you can also rely on a secure SSH session to the server. This provides transport integrity and confidentiality and it is a good idea if your validation software supports it. To enable SSH, first you need to create an SSH client keypair using ``generate ssh client-key /config/auth/id_rsa_rpki``. Once your key is created you can setup the connection." @@ -4093,8 +4153,8 @@ msgstr "Create new VRF instance with `<name>`. The name is used when placing ind msgid "Create new :rfc:`2136` DNS update configuration which will update the IP address assigned to `<interface>` on the service you configured under `<service-name>`." msgstr "Create new :rfc:`2136` DNS update configuration which will update the IP address assigned to `<interface>` on the service you configured under `<service-name>`." -#: ../../configuration/service/dns.rst:221 -#: ../../configuration/service/dns.rst:326 +#: ../../configuration/service/dns.rst:315 +#: ../../configuration/service/dns.rst:420 msgid "Create new dynamic DNS update configuration which will update the IP address assigned to `<interface>` on the service you configured under `<service-name>`." msgstr "Create new dynamic DNS update configuration which will update the IP address assigned to `<interface>` on the service you configured under `<service-name>`." @@ -4507,7 +4567,7 @@ msgstr "Define number of packets to queue inside the kernel before sending them msgid "Define operation mode of High Availability feature. Default value if command is not specified is `active-active`" msgstr "Define operation mode of High Availability feature. Default value if command is not specified is `active-active`" -#: ../../configuration/protocols/rpki.rst:108 +#: ../../configuration/protocols/rpki.rst:106 msgid "Define the time interval to update the local cache" msgstr "Define the time interval to update the local cache" @@ -4523,7 +4583,7 @@ msgstr "Define type of offload to be used by the flowtable: ``hardware`` or ``so msgid "Define used ethertype of bridge interface." msgstr "Define used ethertype of bridge interface." -#: ../../configuration/protocols/rpki.rst:128 +#: ../../configuration/protocols/rpki.rst:126 msgid "Defined the IPv4, IPv6 or FQDN and port number of the caching RPKI caching instance which is used." msgstr "Defined the IPv4, IPv6 or FQDN and port number of the caching RPKI caching instance which is used." @@ -4744,6 +4804,10 @@ msgstr "Disable dhcpv6-relay service." msgid "Disable given `<interface>`. It will be placed in administratively down (``A/D``) state." msgstr "Disable given `<interface>`. It will be placed in administratively down (``A/D``) state." +#: ../../configuration/service/dns.rst:153 +msgid "Disable hosting authoritative zone for `<domain-name>` without deleting from configuration." +msgstr "Disable hosting authoritative zone for `<domain-name>` without deleting from configuration." + #: ../../configuration/protocols/bgp.rst:628 msgid "Disable immediate session reset if peer's connected link goes down." msgstr "Disable immediate session reset if peer's connected link goes down." @@ -4756,6 +4820,10 @@ msgstr "Disable password based authentication. Login via SSH keys only. This har msgid "Disable sending and receiving PIM control packets on the interface." msgstr "Disable sending and receiving PIM control packets on the interface." +#: ../../configuration/service/dns.rst:159 +msgid "Disable specific record without deleting it from configuration." +msgstr "Disable specific record without deleting it from configuration." + #: ../../configuration/service/ssh.rst:64 msgid "Disable the host validation through reverse DNS lookups - can speedup login time when reverse lookup is not possible." msgstr "Disable the host validation through reverse DNS lookups - can speedup login time when reverse lookup is not possible." @@ -5034,7 +5102,7 @@ msgstr "During profile import, the user is asked to enter its IPSec credentials msgid "Dynamic-protection" msgstr "Dynamic-protection" -#: ../../configuration/service/dns.rst:199 +#: ../../configuration/service/dns.rst:293 msgid "Dynamic DNS" msgstr "Dynamic DNS" @@ -5535,14 +5603,14 @@ msgstr "Every connection/remote-access pool we configure also needs a pool where #: ../../configuration/protocols/failover.rst:63 #: ../../configuration/protocols/igmp-proxy.rst:61 #: ../../configuration/protocols/pim.rst:217 -#: ../../configuration/protocols/rpki.rst:168 +#: ../../configuration/protocols/rpki.rst:166 #: ../../configuration/service/broadcast-relay.rst:55 #: ../../configuration/service/conntrack-sync.rst:195 #: ../../configuration/service/dhcp-relay.rst:85 #: ../../configuration/service/dhcp-relay.rst:174 #: ../../configuration/service/dhcp-server.rst:418 -#: ../../configuration/service/dns.rst:147 -#: ../../configuration/service/dns.rst:260 +#: ../../configuration/service/dns.rst:241 +#: ../../configuration/service/dns.rst:354 #: ../../configuration/service/eventhandler.rst:83 #: ../../configuration/service/ids.rst:82 #: ../../configuration/service/mdns.rst:50 @@ -5586,7 +5654,7 @@ msgstr "Example, from radius-server send command for disconnect client with user #: ../../configuration/protocols/static.rst:67 #: ../../configuration/protocols/static.rst:135 #: ../../configuration/protocols/static.rst:207 -#: ../../configuration/service/dns.rst:366 +#: ../../configuration/service/dns.rst:460 #: ../../configuration/service/monitoring.rst:69 #: ../../configuration/service/monitoring.rst:98 #: ../../configuration/service/ssh.rst:165 @@ -5683,7 +5751,7 @@ msgstr "Example: to be appended is set to ``vyos.net`` and the URL received is ` msgid "Example Configuration" msgstr "Example Configuration" -#: ../../configuration/service/dns.rst:384 +#: ../../configuration/service/dns.rst:478 msgid "Example IPv6 only:" msgstr "Example IPv6 only:" @@ -5721,7 +5789,7 @@ msgstr "Example synproxy" #: ../../configuration/interfaces/bridge.rst:196 #: ../../configuration/interfaces/macsec.rst:153 #: ../../configuration/interfaces/wireless.rst:541 -#: ../../configuration/loadbalancing/reverse-proxy.rst:187 +#: ../../configuration/loadbalancing/reverse-proxy.rst:190 #: ../../configuration/policy/index.rst:46 #: ../../configuration/protocols/bgp.rst:1118 #: ../../configuration/protocols/isis.rst:336 @@ -5849,6 +5917,10 @@ msgstr "Failover mechanism to use for conntrack-sync." msgid "Failover routes are manually configured routes, but they install to the routing table if the health-check target is alive. If the target is not alive the route is removed from the routing table until the target will be available." msgstr "Failover routes are manually configured routes, but they install to the routing table if the health-check target is alive. If the target is not alive the route is removed from the routing table until the target will be available." +#: ../../configuration/protocols/failover.rst:5 +msgid "Failover routes are manually configured routes, but they only install to the routing table if the health-check target is alive. If the target is not alive the route is removed from the routing table until the target becomes available." +msgstr "Failover routes are manually configured routes, but they only install to the routing table if the health-check target is alive. If the target is not alive the route is removed from the routing table until the target becomes available." + #: ../../configuration/trafficpolicy/index.rst:384 msgid "Fair Queue" msgstr "Fair Queue" @@ -5869,7 +5941,7 @@ msgstr "FastNetMon" msgid "FastNetMon is a high-performance DDoS detector/sensor built on top of multiple packet capture engines: NetFlow, IPFIX, sFlow, AF_PACKET (port mirror). It can detect hosts in the deployed network sending or receiving large volumes of traffic, packets/bytes/flows per second and perform a configurable action to handle that event, such as calling a custom script." msgstr "FastNetMon is a high-performance DDoS detector/sensor built on top of multiple packet capture engines: NetFlow, IPFIX, sFlow, AF_PACKET (port mirror). It can detect hosts in the deployed network sending or receiving large volumes of traffic, packets/bytes/flows per second and perform a configurable action to handle that event, such as calling a custom script." -#: ../../configuration/protocols/rpki.rst:78 +#: ../../configuration/protocols/rpki.rst:76 msgid "Features of the Current Implementation" msgstr "Features of the Current Implementation" @@ -5877,7 +5949,7 @@ msgstr "Features of the Current Implementation" msgid "Field" msgstr "Field" -#: ../../configuration/service/dns.rst:231 +#: ../../configuration/service/dns.rst:325 msgid "File identified by `<filename>` containing the TSIG authentication key for RFC2136 nsupdate on remote DNS server." msgstr "File identified by `<filename>` containing the TSIG authentication key for RFC2136 nsupdate on remote DNS server." @@ -6038,6 +6110,10 @@ msgstr "First the OTP keys must be generated and sent to the user and to the con msgid "First we need to specify the basic settings. 1194/UDP is the default. The ``persistent-tunnel`` option is recommended, it prevents the TUN/TAP device from closing on connection resets or daemon reloads." msgstr "First we need to specify the basic settings. 1194/UDP is the default. The ``persistent-tunnel`` option is recommended, it prevents the TUN/TAP device from closing on connection resets or daemon reloads." +#: ../../configuration/protocols/rpki.rst:40 +msgid "First you will need to deploy an RPKI validator for your routers to use. NLnet Labs provides a collection of software_ you can compare and settle on one. Once your server is running you can start validating announcements." +msgstr "First you will need to deploy an RPKI validator for your routers to use. NLnet Labs provides a collection of software_ you can compare and settle on one. Once your server is running you can start validating announcements." + #: ../../configuration/protocols/rpki.rst:41 msgid "First you will need to deploy an RPKI validator for your routers to use. The RIPE NCC helpfully provide `some instructions`_ to get you started with several different options. Once your server is running you can start validating announcements." msgstr "First you will need to deploy an RPKI validator for your routers to use. The RIPE NCC helpfully provide `some instructions`_ to get you started with several different options. Once your server is running you can start validating announcements." @@ -6461,7 +6537,7 @@ msgstr "Get detailed information about LLDP neighbors." msgid "Get the DHCPv6-PD prefixes from both routers:" msgstr "Get the DHCPv6-PD prefixes from both routers:" -#: ../../configuration/protocols/rpki.rst:39 +#: ../../configuration/protocols/rpki.rst:38 msgid "Getting started" msgstr "Getting started" @@ -6477,6 +6553,10 @@ msgstr "Given the following example we have one VyOS router acting as OpenVPN se msgid "Gloabal" msgstr "Gloabal" +#: ../../configuration/loadbalancing/reverse-proxy.rst:153 +msgid "Global" +msgstr "Global" + #: ../../configuration/service/ipoe-server.rst:352 #: ../../configuration/service/pppoe-server.rst:518 #: ../../configuration/vpn/l2tp.rst:472 @@ -6497,7 +6577,7 @@ msgstr "Global Options Firewall Configuration" msgid "Global options" msgstr "Global options" -#: ../../configuration/loadbalancing/reverse-proxy.rst:152 +#: ../../configuration/loadbalancing/reverse-proxy.rst:155 msgid "Global parameters" msgstr "Global parameters" @@ -6534,7 +6614,7 @@ msgstr "HTTP-API" msgid "HTTP API" msgstr "HTTP API" -#: ../../configuration/service/dns.rst:317 +#: ../../configuration/service/dns.rst:411 msgid "HTTP based services" msgstr "HTTP based services" @@ -6611,7 +6691,7 @@ msgstr "Here is a second example of a dual-stack tunnel over IPv6 between a VyOS msgid "Here is an example :abbr:`NET (Network Entity Title)` value:" msgstr "Here is an example :abbr:`NET (Network Entity Title)` value:" -#: ../../configuration/protocols/rpki.rst:179 +#: ../../configuration/protocols/rpki.rst:177 msgid "Here is an example route-map to apply to routes learned at import. In this filter we reject prefixes with the state `invalid`, and set a higher `local-preference` if the prefix is RPKI `valid` rather than merely `notfound`." msgstr "Here is an example route-map to apply to routes learned at import. In this filter we reject prefixes with the state `invalid`, and set a higher `local-preference` if the prefix is RPKI `valid` rather than merely `notfound`." @@ -7227,7 +7307,7 @@ msgstr "If making use of multiple tunnels, OpenVPN must have a way to distinguis msgid "If multi-pathing is enabled, then check whether the routes not yet distinguished in preference may be considered equal. If :cfgcmd:`bgp bestpath as-path multipath-relax` is set, all such routes are considered equal, otherwise routes received via iBGP with identical AS_PATHs or routes received from eBGP neighbours in the same AS are considered equal." msgstr "If multi-pathing is enabled, then check whether the routes not yet distinguished in preference may be considered equal. If :cfgcmd:`bgp bestpath as-path multipath-relax` is set, all such routes are considered equal, otherwise routes received via iBGP with identical AS_PATHs or routes received from eBGP neighbours in the same AS are considered equal." -#: ../../configuration/protocols/rpki.rst:86 +#: ../../configuration/protocols/rpki.rst:84 msgid "If no connection to an RPKI cache server can be established after a pre-defined timeout, the router will process routes without prefix origin validation. It still will try to establish a connection to an RPKI cache server in the background." msgstr "If no connection to an RPKI cache server can be established after a pre-defined timeout, the router will process routes without prefix origin validation. It still will try to establish a connection to an RPKI cache server in the background." @@ -7439,10 +7519,14 @@ msgstr "If you are a hacker or want to try on your own we support passing raw Op msgid "If you are configuring a VRF for management purposes, there is currently no way to force system DNS traffic via a specific VRF." msgstr "If you are configuring a VRF for management purposes, there is currently no way to force system DNS traffic via a specific VRF." -#: ../../configuration/protocols/rpki.rst:30 +#: ../../configuration/protocols/rpki.rst:29 msgid "If you are new to these routing security technologies then there is an `excellent guide to RPKI`_ by NLnet Labs which will get you up to speed very quickly. Their documentation explains everything from what RPKI is to deploying it in production. It also has some `help and operational guidance`_ including \"What can I do about my route having an Invalid state?\"" msgstr "If you are new to these routing security technologies then there is an `excellent guide to RPKI`_ by NLnet Labs which will get you up to speed very quickly. Their documentation explains everything from what RPKI is to deploying it in production. It also has some `help and operational guidance`_ including \"What can I do about my route having an Invalid state?\"" +#: ../../configuration/protocols/rpki.rst:62 +msgid "If you are responsible for the global addresses assigned to your network, please make sure that your prefixes have ROAs associated with them to avoid being `notfound` by RPKI. For most ASNs this will involve publishing ROAs via your :abbr:`RIR (Regional Internet Registry)` (RIPE NCC, APNIC, ARIN, LACNIC, or AFRINIC), and is something you are encouraged to do whenever you plan to announce addresses into the DFZ." +msgstr "If you are responsible for the global addresses assigned to your network, please make sure that your prefixes have ROAs associated with them to avoid being `notfound` by RPKI. For most ASNs this will involve publishing ROAs via your :abbr:`RIR (Regional Internet Registry)` (RIPE NCC, APNIC, ARIN, LACNIC, or AFRINIC), and is something you are encouraged to do whenever you plan to announce addresses into the DFZ." + #: ../../configuration/protocols/rpki.rst:64 msgid "If you are responsible for the global addresses assigned to your network, please make sure that your prefixes have ROAs associated with them to avoid being `notfound` by RPKI. For most ASNs this will involve publishing ROAs via your :abbr:`RIR (Regional Internet Registry)` (RIPE NCC, APNIC, ARIN, LACNIC or AFRINIC), and is something you are encouraged to do whenever you plan to announce addresses into the DFZ." msgstr "If you are responsible for the global addresses assigned to your network, please make sure that your prefixes have ROAs associated with them to avoid being `notfound` by RPKI. For most ASNs this will involve publishing ROAs via your :abbr:`RIR (Regional Internet Registry)` (RIPE NCC, APNIC, ARIN, LACNIC or AFRINIC), and is something you are encouraged to do whenever you plan to announce addresses into the DFZ." @@ -7609,7 +7693,7 @@ msgstr "Import the private key of the certificate to the VyOS CLI. This should n msgid "Import the public CA certificate from the defined file to VyOS CLI." msgstr "Import the public CA certificate from the defined file to VyOS CLI." -#: ../../configuration/protocols/rpki.rst:46 +#: ../../configuration/protocols/rpki.rst:44 msgid "Imported prefixes during the validation may have values:" msgstr "Imported prefixes during the validation may have values:" @@ -7653,7 +7737,7 @@ msgstr "In a minimal configuration, the following must be provided:" msgid "In a multiple VLAN header context, out of convenience the term \"VLAN tag\" or just \"tag\" for short is often used in place of \"802.1q_ VLAN header\". QinQ allows multiple VLAN tags in an Ethernet frame; together these tags constitute a tag stack. When used in the context of an Ethernet frame, a QinQ frame is a frame that has 2 VLAN 802.1q_ headers (double-tagged)." msgstr "In a multiple VLAN header context, out of convenience the term \"VLAN tag\" or just \"tag\" for short is often used in place of \"802.1q_ VLAN header\". QinQ allows multiple VLAN tags in an Ethernet frame; together these tags constitute a tag stack. When used in the context of an Ethernet frame, a QinQ frame is a frame that has 2 VLAN 802.1q_ headers (double-tagged)." -#: ../../configuration/protocols/rpki.rst:80 +#: ../../configuration/protocols/rpki.rst:78 msgid "In a nutshell, the current implementation provides the following features:" msgstr "In a nutshell, the current implementation provides the following features:" @@ -7919,7 +8003,7 @@ msgstr "In this example we will use the most complicated case: a setup where eac msgid "In this method, the DSL Modem/Router connects to the ISP for you with your credentials preprogrammed into the device. This gives you an :rfc:`1918` address, such as ``192.168.1.0/24`` by default." msgstr "In this method, the DSL Modem/Router connects to the ISP for you with your credentials preprogrammed into the device. This gives you an :rfc:`1918` address, such as ``192.168.1.0/24`` by default." -#: ../../configuration/service/dns.rst:152 +#: ../../configuration/service/dns.rst:246 msgid "In this scenario:" msgstr "In this scenario:" @@ -8436,7 +8520,7 @@ msgstr "Let SNMP daemon listen only on IP address 192.0.2.1" msgid "Lets assume the following topology:" msgstr "Lets assume the following topology:" -#: ../../configuration/loadbalancing/reverse-proxy.rst:190 +#: ../../configuration/loadbalancing/reverse-proxy.rst:193 msgid "Level 4 balancing" msgstr "Level 4 balancing" @@ -8456,7 +8540,7 @@ msgstr "Lifetime is decremented by the number of seconds since the last RA - use msgid "Like on Microsoft Windows, Apple iOS/iPadOS out of the box does not expose all available VPN options via the device GUI." msgstr "Like on Microsoft Windows, Apple iOS/iPadOS out of the box does not expose all available VPN options via the device GUI." -#: ../../configuration/loadbalancing/reverse-proxy.rst:162 +#: ../../configuration/loadbalancing/reverse-proxy.rst:165 msgid "Limit allowed cipher algorithms used during SSL/TLS handshake" msgstr "Limit allowed cipher algorithms used during SSL/TLS handshake" @@ -8468,7 +8552,7 @@ msgstr "Limit logins to `<limit>` per every ``rate-time`` seconds. Rate limit mu msgid "Limit logins to ``rate-limit`` attemps per every `<seconds>`. Rate time must be between 15 and 600 seconds." msgstr "Limit logins to ``rate-limit`` attemps per every `<seconds>`. Rate time must be between 15 and 600 seconds." -#: ../../configuration/loadbalancing/reverse-proxy.rst:157 +#: ../../configuration/loadbalancing/reverse-proxy.rst:160 msgid "Limit maximum number of connections" msgstr "Limit maximum number of connections" @@ -8541,6 +8625,10 @@ msgid "Load-balancing" msgstr "Load-balancing" #: ../../configuration/loadbalancing/reverse-proxy.rst:100 +msgid "Load-balancing algorithms to be used for distributed requests among the available servers" +msgstr "Load-balancing algorithms to be used for distributed requests among the available servers" + +#: ../../configuration/loadbalancing/reverse-proxy.rst:100 msgid "Load-balancing algorithms to be used for distributind requests among the vailable servers" msgstr "Load-balancing algorithms to be used for distributind requests among the vailable servers" @@ -8609,11 +8697,11 @@ msgstr "Local User Account" msgid "Local path that includes the known hosts file." msgstr "Local path that includes the known hosts file." -#: ../../configuration/protocols/rpki.rst:157 +#: ../../configuration/protocols/rpki.rst:155 msgid "Local path that includes the private key file of the router." msgstr "Local path that includes the private key file of the router." -#: ../../configuration/protocols/rpki.rst:161 +#: ../../configuration/protocols/rpki.rst:159 msgid "Local path that includes the public key file of the router." msgstr "Local path that includes the public key file of the router." @@ -9238,7 +9326,7 @@ msgstr "Multicast receivers will talk MLD to their local router, so, besides hav msgid "Multiple DNS servers can be defined." msgstr "Multiple DNS servers can be defined." -#: ../../configuration/protocols/rpki.rst:135 +#: ../../configuration/protocols/rpki.rst:133 msgid "Multiple RPKI caching instances can be supplied and they need a preference in which their result sets are used." msgstr "Multiple RPKI caching instances can be supplied and they need a preference in which their result sets are used." @@ -9275,7 +9363,7 @@ msgstr "Multiple networks/client IP addresses can be configured." msgid "Multiple servers can be specified." msgstr "Multiple servers can be specified." -#: ../../configuration/service/dns.rst:380 +#: ../../configuration/service/dns.rst:474 msgid "Multiple services can be used per interface. Just specify as many services per interface as you like!" msgstr "Multiple services can be used per interface. Just specify as many services per interface as you like!" @@ -9543,6 +9631,10 @@ msgstr "Nexthop Tracking" msgid "Nexthop tracking resolve nexthops via the default route by default. This is enabled by default for a traditional profile of FRR which we use. It and can be disabled if you do not wan't to e.g. allow BGP to peer across the default route." msgstr "Nexthop tracking resolve nexthops via the default route by default. This is enabled by default for a traditional profile of FRR which we use. It and can be disabled if you do not wan't to e.g. allow BGP to peer across the default route." +#: ../../configuration/protocols/rpki.rst:57 +msgid "No ROA exists which covers that prefix. Unfortunately this is the case for about 40%-50% of the prefixes which were announced to the :abbr:`DFZ (default-free zone)` at the start of 2024." +msgstr "No ROA exists which covers that prefix. Unfortunately this is the case for about 40%-50% of the prefixes which were announced to the :abbr:`DFZ (default-free zone)` at the start of 2024." + #: ../../configuration/protocols/rpki.rst:59 msgid "No ROA exists which covers that prefix. Unfortunately this is the case for about 80% of the IPv4 prefixes which were announced to the :abbr:`DFZ (default-free zone)` at the start of 2020" msgstr "No ROA exists which covers that prefix. Unfortunately this is the case for about 80% of the IPv4 prefixes which were announced to the :abbr:`DFZ (default-free zone)` at the start of 2020" @@ -9815,6 +9907,10 @@ msgstr "Once you have an Ethernet device connected, i.e. `eth0`, then you can co msgid "Once you have setup your SSTP server there comes the time to do some basic testing. The Linux client used for testing is called sstpc_. sstpc_ requires a PPP configuration/peer file." msgstr "Once you have setup your SSTP server there comes the time to do some basic testing. The Linux client used for testing is called sstpc_. sstpc_ requires a PPP configuration/peer file." +#: ../../configuration/protocols/rpki.rst:193 +msgid "Once your routers are configured to reject RPKI-invalid prefixes, you can test whether the configuration is working correctly using Cloudflare's test_ website. Keep in mind that in order for this to work, you need to have no default routes or anything else that would still send traffic to RPKI-invalid destinations." +msgstr "Once your routers are configured to reject RPKI-invalid prefixes, you can test whether the configuration is working correctly using Cloudflare's test_ website. Keep in mind that in order for this to work, you need to have no default routes or anything else that would still send traffic to RPKI-invalid destinations." + #: ../../configuration/protocols/rpki.rst:195 msgid "Once your routers are configured to reject RPKI-invalid prefixes, you can test whether the configuration is working correctly using the `RIPE Labs RPKI Test`_ experimental tool." msgstr "Once your routers are configured to reject RPKI-invalid prefixes, you can test whether the configuration is working correctly using the `RIPE Labs RPKI Test`_ experimental tool." @@ -9958,7 +10054,7 @@ msgstr "Operating Modes" #: ../../configuration/service/console-server.rst:76 #: ../../configuration/service/dhcp-relay.rst:124 #: ../../configuration/service/dhcp-relay.rst:201 -#: ../../configuration/service/dns.rst:182 +#: ../../configuration/service/dns.rst:276 #: ../../configuration/service/lldp.rst:71 #: ../../configuration/service/mdns.rst:79 #: ../../configuration/service/ssh.rst:145 @@ -10257,7 +10353,7 @@ msgstr "PPTP-Server" msgid "Packet-based balancing can lead to a better balance across interfaces when out of order packets are no issue. Per-packet-based balancing can be set for a balancing rule with:" msgstr "Packet-based balancing can lead to a better balance across interfaces when out of order packets are no issue. Per-packet-based balancing can be set for a balancing rule with:" -#: ../../configuration/protocols/rpki.rst:71 +#: ../../configuration/protocols/rpki.rst:69 msgid "Particularly large networks may wish to run their own RPKI certificate authority and publication server instead of publishing ROAs via their RIR. This is a subject far beyond the scope of VyOS' documentation. Consider reading about Krill_ if this is a rabbit hole you need or especially want to dive down." msgstr "Particularly large networks may wish to run their own RPKI certificate authority and publication server instead of publishing ROAs via their RIR. This is a subject far beyond the scope of VyOS' documentation. Consider reading about Krill_ if this is a rabbit hole you need or especially want to dive down." @@ -10923,7 +11019,11 @@ msgstr "Received RADIUS attributes have a higher priority than parameters define msgid "Recommended for larger installations." msgstr "Recommended for larger installations." -#: ../../configuration/loadbalancing/reverse-proxy.rst:171 +#: ../../configuration/service/dns.rst:167 +msgid "Record types" +msgstr "Record types" + +#: ../../configuration/loadbalancing/reverse-proxy.rst:174 msgid "Redirect HTTP to HTTPS" msgstr "Redirect HTTP to HTTPS" @@ -10951,7 +11051,7 @@ msgstr "Redistribution Configuration" msgid "Redundancy and load sharing. There are multiple NAT66 devices at the edge of an IPv6 network to another IPv6 network. The path through the NAT66 device to another IPv6 network forms an equivalent route, and traffic can be load-shared on these NAT66 devices. In this case, you can configure the same source address translation rules on these NAT66 devices, so that any NAT66 device can handle IPv6 traffic between different sites." msgstr "Redundancy and load sharing. There are multiple NAT66 devices at the edge of an IPv6 network to another IPv6 network. The path through the NAT66 device to another IPv6 network forms an equivalent route, and traffic can be load-shared on these NAT66 devices. In this case, you can configure the same source address translation rules on these NAT66 devices, so that any NAT66 device can handle IPv6 traffic between different sites." -#: ../../configuration/service/dns.rst:262 +#: ../../configuration/service/dns.rst:356 msgid "Register DNS record ``example.vyos.io`` on DNS server ``ns1.vyos.io``" msgstr "Register DNS record ``example.vyos.io`` on DNS server ``ns1.vyos.io``" @@ -11102,7 +11202,7 @@ msgstr "Reset OpenVPN" msgid "Reset commands" msgstr "Reset commands" -#: ../../configuration/service/dns.rst:186 +#: ../../configuration/service/dns.rst:280 msgid "Resets the local DNS forwarding cache database. You can reset the cache for all entries or only for entries to a specific domain." msgstr "Resets the local DNS forwarding cache database. You can reset the cache for all entries or only for entries to a specific domain." @@ -11138,7 +11238,7 @@ msgstr "Restart the IGMP proxy process." msgid "Restart the SSH daemon process, the current session is not affected, only the background daemon is restarted." msgstr "Restart the SSH daemon process, the current session is not affected, only the background daemon is restarted." -#: ../../configuration/service/dns.rst:191 +#: ../../configuration/service/dns.rst:285 msgid "Restarts the DNS recursor process. This also invalidates the local DNS forwarding cache." msgstr "Restarts the DNS recursor process. This also invalidates the local DNS forwarding cache." @@ -11232,7 +11332,7 @@ msgstr "Route filter can be applied using a route-map:" msgid "Route map is a powerfull command, that gives network administrators a very useful and flexible tool for traffic manipulation." msgstr "Route map is a powerfull command, that gives network administrators a very useful and flexible tool for traffic manipulation." -#: ../../configuration/protocols/rpki.rst:95 +#: ../../configuration/protocols/rpki.rst:93 msgid "Route maps can be configured to match a specific RPKI validation state. This allows the creation of local policies, which handle BGP routes based on the outcome of the Prefix Origin Validation." msgstr "Route maps can be configured to match a specific RPKI validation state. This allows the creation of local policies, which handle BGP routes based on the outcome of the Prefix Origin Validation." @@ -11302,11 +11402,11 @@ msgstr "Rule-Sets" msgid "Rule-set overview" msgstr "Rule-set overview" -#: ../../configuration/loadbalancing/reverse-proxy.rst:217 +#: ../../configuration/loadbalancing/reverse-proxy.rst:220 msgid "Rule 10 matches requests with the domain name ``node1.example.com`` forwards to the backend ``bk-api-01``" msgstr "Rule 10 matches requests with the domain name ``node1.example.com`` forwards to the backend ``bk-api-01``" -#: ../../configuration/loadbalancing/reverse-proxy.rst:254 +#: ../../configuration/loadbalancing/reverse-proxy.rst:257 msgid "Rule 10 matches requests with the exact URL path ``/.well-known/xxx`` and redirects to location ``/certs/``." msgstr "Rule 10 matches requests with the exact URL path ``/.well-known/xxx`` and redirects to location ``/certs/``." @@ -11314,11 +11414,11 @@ msgstr "Rule 10 matches requests with the exact URL path ``/.well-known/xxx`` an msgid "Rule 110 is hit, so connection is accepted." msgstr "Rule 110 is hit, so connection is accepted." -#: ../../configuration/loadbalancing/reverse-proxy.rst:257 +#: ../../configuration/loadbalancing/reverse-proxy.rst:260 msgid "Rule 20 matches requests with URL paths ending in ``/mail`` or exact path ``/email/bar`` redirect to location ``/postfix/``." msgstr "Rule 20 matches requests with URL paths ending in ``/mail`` or exact path ``/email/bar`` redirect to location ``/postfix/``." -#: ../../configuration/loadbalancing/reverse-proxy.rst:220 +#: ../../configuration/loadbalancing/reverse-proxy.rst:223 msgid "Rule 20 matches requests with the domain name ``node2.example.com`` forwards to the backend ``bk-api-02``" msgstr "Rule 20 matches requests with the domain name ``node2.example.com`` forwards to the backend ``bk-api-02``" @@ -11340,7 +11440,7 @@ msgstr "Rules allow to control and route incoming traffic to specific backend ba msgid "Rules will be created for both :ref:`source-nat` and :ref:`destination-nat`." msgstr "Rules will be created for both :ref:`source-nat` and :ref:`destination-nat`." -#: ../../configuration/service/dns.rst:399 +#: ../../configuration/service/dns.rst:493 msgid "Running Behind NAT" msgstr "Running Behind NAT" @@ -11404,7 +11504,7 @@ msgstr "SNMPv3 (version 3 of the SNMP protocol) introduced a whole slew of new s msgid "SPAN port mirroring can copy the inbound/outbound traffic of the interface to the specified interface, usually the interface can be connected to some special equipment, such as behavior control system, intrusion detection system and traffic collector, and can copy all related traffic from this port. The benefit of mirroring the traffic is that the application is isolated from the source traffic and so application processing does not affect the traffic or the system performance." msgstr "SPAN port mirroring can copy the inbound/outbound traffic of the interface to the specified interface, usually the interface can be connected to some special equipment, such as behavior control system, intrusion detection system and traffic collector, and can copy all related traffic from this port. The benefit of mirroring the traffic is that the application is isolated from the source traffic and so application processing does not affect the traffic or the system performance." -#: ../../configuration/protocols/rpki.rst:141 +#: ../../configuration/protocols/rpki.rst:139 #: ../../configuration/service/ssh.rst:5 msgid "SSH" msgstr "SSH" @@ -11425,7 +11525,7 @@ msgstr "SSH client" msgid "SSH provides a secure channel over an unsecured network in a client-server architecture, connecting an SSH client application with an SSH server. Common applications include remote command-line login and remote command execution, but any network service can be secured with SSH. The protocol specification distinguishes between two major versions, referred to as SSH-1 and SSH-2." msgstr "SSH provides a secure channel over an unsecured network in a client-server architecture, connecting an SSH client application with an SSH server. Common applications include remote command-line login and remote command execution, but any network service can be secured with SSH. The protocol specification distinguishes between two major versions, referred to as SSH-1 and SSH-2." -#: ../../configuration/protocols/rpki.rst:153 +#: ../../configuration/protocols/rpki.rst:151 msgid "SSH username to establish an SSH connection to the cache server." msgstr "SSH username to establish an SSH connection to the cache server." @@ -11437,6 +11537,10 @@ msgstr "SSH was designed as a replacement for Telnet and for unsecured remote sh msgid "SSID to be used in IEEE 802.11 management frames" msgstr "SSID to be used in IEEE 802.11 management frames" +#: ../../configuration/loadbalancing/reverse-proxy.rst:294 +msgid "SSL Bridging" +msgstr "SSL Bridging" + #: ../../configuration/vpn/openconnect.rst:24 msgid "SSL Certificates" msgstr "SSL Certificates" @@ -11732,12 +11836,16 @@ msgstr "Set SNAT rule 30 to only NAT packets arriving from the 203.0.113.0/24 ne msgid "Set SSL certeficate <name> for service <name>" msgstr "Set SSL certeficate <name> for service <name>" +#: ../../configuration/loadbalancing/reverse-proxy.rst:46 +msgid "Set SSL certificate <name> for service <name>" +msgstr "Set SSL certificate <name> for service <name>" + #: ../../configuration/firewall/ipv4.rst:941 #: ../../configuration/firewall/ipv6.rst:927 msgid "Set TCP-MSS (maximum segment size) for the connection" msgstr "Set TCP-MSS (maximum segment size) for the connection" -#: ../../configuration/service/dns.rst:264 +#: ../../configuration/service/dns.rst:358 msgid "Set TTL to 300 seconds" msgstr "Set TTL to 300 seconds" @@ -11800,6 +11908,42 @@ msgstr "Set action to take on entries matching this rule." msgid "Set an API-KEY is the minimal configuration to get a working API Endpoint." msgstr "Set an API-KEY is the minimal configuration to get a working API Endpoint." +#: ../../configuration/service/dns.rst:184 +msgid "Set an :abbr:`AAAA (IPv6 Address)` record. Supports ``@`` and ``any`` keywords." +msgstr "Set an :abbr:`AAAA (IPv6 Address)` record. Supports ``@`` and ``any`` keywords." + +#: ../../configuration/service/dns.rst:179 +msgid "Set an :abbr:`A (Address)` record. Supports ``@`` and ``any`` keywords." +msgstr "Set an :abbr:`A (Address)` record. Supports ``@`` and ``any`` keywords." + +#: ../../configuration/service/dns.rst:189 +msgid "Set an :abbr:`CNAME (Canonical name)` record. Supports ``@`` keyword." +msgstr "Set an :abbr:`CNAME (Canonical name)` record. Supports ``@`` keyword." + +#: ../../configuration/service/dns.rst:194 +msgid "Set an :abbr:`NAPTR (Naming authority pointer)` record. Supports ``@`` keyword. NAPTR records support the following options:" +msgstr "Set an :abbr:`NAPTR (Naming authority pointer)` record. Supports ``@`` keyword. NAPTR records support the following options:" + +#: ../../configuration/service/dns.rst:218 +msgid "Set an :abbr:`NS (Nameserver)` record." +msgstr "Set an :abbr:`NS (Nameserver)` record." + +#: ../../configuration/service/dns.rst:223 +msgid "Set an :abbr:`PTR (Pointer record)` record. Supports ``@`` keyword." +msgstr "Set an :abbr:`PTR (Pointer record)` record. Supports ``@`` keyword." + +#: ../../configuration/service/dns.rst:228 +msgid "Set an :abbr:`SPF (Sender policy framework)` record. Supports ``@`` keyword." +msgstr "Set an :abbr:`SPF (Sender policy framework)` record. Supports ``@`` keyword." + +#: ../../configuration/service/dns.rst:233 +msgid "Set an :abbr:`SRV (Service)` record. Supports ``@`` keyword." +msgstr "Set an :abbr:`SRV (Service)` record. Supports ``@`` keyword." + +#: ../../configuration/service/dns.rst:238 +msgid "Set an :abbr:`TXT (Text)` record. Supports ``@`` keyword." +msgstr "Set an :abbr:`TXT (Text)` record. Supports ``@`` keyword." + #: ../../configuration/service/ipoe-server.rst:60 #: ../../configuration/service/ipoe-server.rst:88 #: ../../configuration/service/pppoe-server.rst:38 @@ -11829,8 +11973,8 @@ msgstr "Set delay for second set of gratuitous ARPs after transition to MASTER." msgid "Set description." msgstr "Set description." -#: ../../configuration/service/dns.rst:227 -#: ../../configuration/service/dns.rst:332 +#: ../../configuration/service/dns.rst:321 +#: ../../configuration/service/dns.rst:426 msgid "Set description `<text>` for dynamic DNS service being configured." msgstr "Set description `<text>` for dynamic DNS service being configured." @@ -12149,6 +12293,10 @@ msgstr "Set the :abbr:`DR (Designated Router)` Priority for the interface. This msgid "Set the :abbr:`MRU (Maximum Receive Unit)` to `mru`. PPPd will ask the peer to send packets of no more than `mru` bytes. The value of `mru` must be between 128 and 16384." msgstr "Set the :abbr:`MRU (Maximum Receive Unit)` to `mru`. PPPd will ask the peer to send packets of no more than `mru` bytes. The value of `mru` must be between 128 and 16384." +#: ../../configuration/service/dns.rst:164 +msgid "Set the :abbr:`TTL (Time-to-live)` for the record in seconds. Default is 300 seconds." +msgstr "Set the :abbr:`TTL (Time-to-live)` for the record in seconds. Default is 300 seconds." + #: ../../configuration/service/ssh.rst:106 msgid "Set the ``sshd`` log level. The default is ``info``." msgstr "Set the ``sshd`` log level. The default is ``info``." @@ -12237,11 +12385,11 @@ msgstr "Set the number of TCP maximum retransmit attempts." msgid "Set the number of health check failures before an interface is marked as unavailable, range for number is 1 to 10, default 1. Or set the number of successful health checks before an interface is added back to the interface pool, range for number is 1 to 10, default 1." msgstr "Set the number of health check failures before an interface is marked as unavailable, range for number is 1 to 10, default 1. Or set the number of successful health checks before an interface is added back to the interface pool, range for number is 1 to 10, default 1." -#: ../../configuration/protocols/rpki.rst:121 +#: ../../configuration/protocols/rpki.rst:119 msgid "Set the number of seconds the router waits until retrying to connect to the cache server." msgstr "Set the number of seconds the router waits until retrying to connect to the cache server." -#: ../../configuration/protocols/rpki.rst:114 +#: ../../configuration/protocols/rpki.rst:112 msgid "Set the number of seconds the router waits until the router expires the cache." msgstr "Set the number of seconds the router waits until the router expires the cache." @@ -12388,7 +12536,7 @@ msgstr "Setup the `<timeout>` in seconds when querying the RADIUS server." msgid "Setup the `<timeout>` in seconds when querying the TACACS server." msgstr "Setup the `<timeout>` in seconds when querying the TACACS server." -#: ../../configuration/service/dns.rst:336 +#: ../../configuration/service/dns.rst:430 msgid "Setup the dynamic DNS hostname `<hostname>` associated with the DynDNS provider identified by `<service-name>`." msgstr "Setup the dynamic DNS hostname `<hostname>` associated with the DynDNS provider identified by `<service-name>`." @@ -13281,7 +13429,7 @@ msgstr "Specify an alternate AS for this BGP process when interacting with the s msgid "Specify an alternate TCP port where the ldap server is listening if other than the default LDAP port 389." msgstr "Specify an alternate TCP port where the ldap server is listening if other than the default LDAP port 389." -#: ../../configuration/service/dns.rst:254 +#: ../../configuration/service/dns.rst:348 msgid "Specify interval in seconds to wait between Dynamic DNS updates. The default is 300 seconds." msgstr "Specify interval in seconds to wait between Dynamic DNS updates. The default is 300 seconds." @@ -13327,7 +13475,7 @@ msgstr "Specify the identifier value of the site-level aggregator (SLA) on the i msgid "Specify the interface address used locally on the interface where the prefix has been delegated to. ID must be a decimal integer." msgstr "Specify the interface address used locally on the interface where the prefix has been delegated to. ID must be a decimal integer." -#: ../../configuration/loadbalancing/reverse-proxy.rst:167 +#: ../../configuration/loadbalancing/reverse-proxy.rst:170 msgid "Specify the minimum required TLS version 1.2 or 1.3" msgstr "Specify the minimum required TLS version 1.2 or 1.3" @@ -13695,7 +13843,7 @@ msgstr "Temporary disable this RADIUS server. It won't be queried." msgid "Temporary disable this TACACS server. It won't be queried." msgstr "Temporary disable this TACACS server. It won't be queried." -#: ../../configuration/loadbalancing/reverse-proxy.rst:245 +#: ../../configuration/loadbalancing/reverse-proxy.rst:248 msgid "Terminate SSL" msgstr "Terminate SSL" @@ -13747,7 +13895,7 @@ msgstr "The ARP monitor works by periodically checking the slave devices to dete msgid "The ASP has documented their IPSec requirements:" msgstr "The ASP has documented their IPSec requirements:" -#: ../../configuration/protocols/rpki.rst:82 +#: ../../configuration/protocols/rpki.rst:80 msgid "The BGP router can connect to one or more RPKI cache servers to receive validated prefix to origin AS mappings. Advanced failover can be implemented by server sockets with different preference values." msgstr "The BGP router can connect to one or more RPKI cache servers to receive validated prefix to origin AS mappings. Advanced failover can be implemented by server sockets with different preference values." @@ -13775,7 +13923,7 @@ msgstr "The DN and password to bind as while performing searches. As the passwor msgid "The FQ-CoDel policy distributes the traffic into 1024 FIFO queues and tries to provide good service between all of them. It also tries to keep the length of all the queues short." msgstr "The FQ-CoDel policy distributes the traffic into 1024 FIFO queues and tries to provide good service between all of them. It also tries to keep the length of all the queues short." -#: ../../configuration/loadbalancing/reverse-proxy.rst:215 +#: ../../configuration/loadbalancing/reverse-proxy.rst:218 msgid "The HTTP service listen on TCP port 80." msgstr "The HTTP service listen on TCP port 80." @@ -13827,19 +13975,23 @@ msgstr "The UDP port number used by your apllication. It is mandatory for this k msgid "The VXLAN specification was originally created by VMware, Arista Networks and Cisco. Other backers of the VXLAN technology include Huawei, Broadcom, Citrix, Pica8, Big Switch Networks, Cumulus Networks, Dell EMC, Ericsson, Mellanox, FreeBSD, OpenBSD, Red Hat, Joyent, and Juniper Networks." msgstr "The VXLAN specification was originally created by VMware, Arista Networks and Cisco. Other backers of the VXLAN technology include Huawei, Broadcom, Citrix, Pica8, Big Switch Networks, Cumulus Networks, Dell EMC, Ericsson, Mellanox, FreeBSD, OpenBSD, Red Hat, Joyent, and Juniper Networks." +#: ../../configuration/service/dns.rst:149 +msgid "The VyOS DNS forwarder can also be configured to host authoritative records for a domain." +msgstr "The VyOS DNS forwarder can also be configured to host authoritative records for a domain." + #: ../../configuration/service/dns.rst:14 msgid "The VyOS DNS forwarder does not require an upstream DNS server. It can serve as a full recursive DNS server - but it can also forward queries to configurable upstream DNS servers. By not configuring any upstream DNS servers you also avoid being tracked by the provider of your upstream DNS server." msgstr "The VyOS DNS forwarder does not require an upstream DNS server. It can serve as a full recursive DNS server - but it can also forward queries to configurable upstream DNS servers. By not configuring any upstream DNS servers you also avoid being tracked by the provider of your upstream DNS server." -#: ../../configuration/service/dns.rst:160 +#: ../../configuration/service/dns.rst:254 msgid "The VyOS DNS forwarder will only accept lookup requests from the LAN subnets - 192.168.1.0/24 and 2001:db8::/64" msgstr "The VyOS DNS forwarder will only accept lookup requests from the LAN subnets - 192.168.1.0/24 and 2001:db8::/64" -#: ../../configuration/service/dns.rst:158 +#: ../../configuration/service/dns.rst:252 msgid "The VyOS DNS forwarder will only listen for requests on the eth1 (LAN) interface addresses - 192.168.1.254 for IPv4 and 2001:db8::ffff for IPv6" msgstr "The VyOS DNS forwarder will only listen for requests on the eth1 (LAN) interface addresses - 192.168.1.254 for IPv4 and 2001:db8::ffff for IPv6" -#: ../../configuration/service/dns.rst:162 +#: ../../configuration/service/dns.rst:256 msgid "The VyOS DNS forwarder will pass reverse lookups for 10.in-addr.arpa, 168.192.in-addr.arpa, 16-31.172.in-addr.arpa zones to upstream server." msgstr "The VyOS DNS forwarder will pass reverse lookups for 10.in-addr.arpa, 168.192.in-addr.arpa, 16-31.172.in-addr.arpa zones to upstream server." @@ -13888,11 +14040,27 @@ msgstr "The ``address`` can be configured either on the VRRP interface or on not msgid "The ``address`` parameter can be either an IPv4 or IPv6 address, but you can not mix IPv4 and IPv6 in the same group, and will need to create groups with different VRIDs specially for IPv4 and IPv6. If you want to use IPv4 + IPv6 address you can use option ``excluded-address``" msgstr "The ``address`` parameter can be either an IPv4 or IPv6 address, but you can not mix IPv4 and IPv6 in the same group, and will need to create groups with different VRIDs specially for IPv4 and IPv6. If you want to use IPv4 + IPv6 address you can use option ``excluded-address``" +#: ../../configuration/loadbalancing/reverse-proxy.rst:305 +msgid "The ``bk-bridge-ssl`` backend connects to sr01 server on port 443 via HTTPS and checks backend server has a valid certificate trusted by CA ``cacert``" +msgstr "The ``bk-bridge-ssl`` backend connects to sr01 server on port 443 via HTTPS and checks backend server has a valid certificate trusted by CA ``cacert``" + #: ../../configuration/loadbalancing/reverse-proxy.rst:248 msgid "The ``http`` service is lestens on port 80 and force redirects from HTTP to HTTPS." msgstr "The ``http`` service is lestens on port 80 and force redirects from HTTP to HTTPS." #: ../../configuration/loadbalancing/reverse-proxy.rst:251 +msgid "The ``http`` service is listens on port 80 and force redirects from HTTP to HTTPS." +msgstr "The ``http`` service is listens on port 80 and force redirects from HTTP to HTTPS." + +#: ../../configuration/loadbalancing/reverse-proxy.rst:302 +msgid "The ``https`` service listens on port 443 with backend ``bk-bridge-ssl`` to handle HTTPS traffic. It uses certificate named ``cert`` for SSL termination." +msgstr "The ``https`` service listens on port 443 with backend ``bk-bridge-ssl`` to handle HTTPS traffic. It uses certificate named ``cert`` for SSL termination." + +#: ../../configuration/loadbalancing/reverse-proxy.rst:254 +msgid "The ``https`` service listens on port 443 with backend ``bk-default`` to handle HTTPS traffic. It uses certificate named ``cert`` for SSL termination." +msgstr "The ``https`` service listens on port 443 with backend ``bk-default`` to handle HTTPS traffic. It uses certificate named ``cert`` for SSL termination." + +#: ../../configuration/loadbalancing/reverse-proxy.rst:251 msgid "The ``https`` service listens on port 443 with backend `bk-default` to handle HTTPS traffic. It uses certificate named ``cert`` for SSL termination." msgstr "The ``https`` service listens on port 443 with backend `bk-default` to handle HTTPS traffic. It uses certificate named ``cert`` for SSL termination." @@ -14071,7 +14239,7 @@ msgstr "The default value corresponds to 64." msgid "The default value is 0. This will cause the carrier to be asserted (for 802.3ad mode) whenever there is an active aggregator, regardless of the number of available links in that aggregator." msgstr "The default value is 0. This will cause the carrier to be asserted (for 802.3ad mode) whenever there is an active aggregator, regardless of the number of available links in that aggregator." -#: ../../configuration/protocols/rpki.rst:110 +#: ../../configuration/protocols/rpki.rst:108 msgid "The default value is 300 seconds." msgstr "The default value is 300 seconds." @@ -14083,11 +14251,11 @@ msgstr "The default value is 3." msgid "The default value is 3 packets." msgstr "The default value is 3 packets." -#: ../../configuration/protocols/rpki.rst:124 +#: ../../configuration/protocols/rpki.rst:122 msgid "The default value is 600 seconds." msgstr "The default value is 600 seconds." -#: ../../configuration/protocols/rpki.rst:117 +#: ../../configuration/protocols/rpki.rst:115 msgid "The default value is 7200 seconds." msgstr "The default value is 7200 seconds." @@ -14229,7 +14397,7 @@ msgstr "The following commands translate to \"--net host\" when the container is msgid "The following commands would be required to set options for a given dynamic routing protocol inside a given vrf:" msgstr "The following commands would be required to set options for a given dynamic routing protocol inside a given vrf:" -#: ../../configuration/loadbalancing/reverse-proxy.rst:212 +#: ../../configuration/loadbalancing/reverse-proxy.rst:215 msgid "The following configuration demonstrates how to use VyOS to achieve load balancing based on the domain name." msgstr "The following configuration demonstrates how to use VyOS to achieve load balancing based on the domain name." @@ -14245,6 +14413,14 @@ msgstr "The following configuration on VyOS applies to all following 3rd party v msgid "The following configuration reverse-proxy terminate SSL." msgstr "The following configuration reverse-proxy terminate SSL." +#: ../../configuration/loadbalancing/reverse-proxy.rst:249 +msgid "The following configuration terminates SSL on the router." +msgstr "The following configuration terminates SSL on the router." + +#: ../../configuration/loadbalancing/reverse-proxy.rst:295 +msgid "The following configuration terminates incoming HTTPS traffic on the router, then re-encrypts the traffic and sends to the backend server via HTTPS. This is useful if encryption is required for both legs, but you do not want to install publicly trusted certificates on each backend server." +msgstr "The following configuration terminates incoming HTTPS traffic on the router, then re-encrypts the traffic and sends to the backend server via HTTPS. This is useful if encryption is required for both legs, but you do not want to install publicly trusted certificates on each backend server." + #: ../../configuration/interfaces/pppoe.rst:383 msgid "The following configuration will assign a /64 prefix out of a /56 delegation to eth0. The IPv6 address assigned to eth0 will be <prefix>::ffff/64. If you do not know the prefix size delegated to you, start with sla-len 0." msgstr "The following configuration will assign a /64 prefix out of a /56 delegation to eth0. The IPv6 address assigned to eth0 will be <prefix>::ffff/64. If you do not know the prefix size delegated to you, start with sla-len 0." @@ -14442,7 +14618,7 @@ msgstr "The most visible application of the protocol is for access to shell acco msgid "The multicast-group used by all leaves for this vlan extension. Has to be the same on all leaves that has this interface." msgstr "The multicast-group used by all leaves for this vlan extension. Has to be the same on all leaves that has this interface." -#: ../../configuration/loadbalancing/reverse-proxy.rst:182 +#: ../../configuration/loadbalancing/reverse-proxy.rst:185 msgid "The name of the service can be different, in this example it is only for convenience." msgstr "The name of the service can be different, in this example it is only for convenience." @@ -14522,11 +14698,11 @@ msgstr "The popular Unix/Linux ``dig`` tool sets the AD-bit in the query. This m msgid "The pre-shared key mode is deprecated and will be removed from future OpenVPN versions, so VyOS will have to remove support for that option as well. The reason is that using pre-shared keys is significantly less secure than using TLS." msgstr "The pre-shared key mode is deprecated and will be removed from future OpenVPN versions, so VyOS will have to remove support for that option as well. The reason is that using pre-shared keys is significantly less secure than using TLS." -#: ../../configuration/protocols/rpki.rst:49 +#: ../../configuration/protocols/rpki.rst:47 msgid "The prefix and ASN that originated it match a signed ROA. These are probably trustworthy route announcements." msgstr "The prefix and ASN that originated it match a signed ROA. These are probably trustworthy route announcements." -#: ../../configuration/protocols/rpki.rst:53 +#: ../../configuration/protocols/rpki.rst:51 msgid "The prefix or prefix length and ASN that originated it doesn't match any existing ROA. This could be the result of a prefix hijack, or merely a misconfiguration, but should probably be treated as untrustworthy route announcements." msgstr "The prefix or prefix length and ASN that originated it doesn't match any existing ROA. This could be the result of a prefix hijack, or merely a misconfiguration, but should probably be treated as untrustworthy route announcements." @@ -15985,11 +16161,11 @@ msgstr "This commands creates a bridge that is used to bind traffic on eth1 vlan msgid "This commands specifies the Finite State Machine (FSM) intended to control the timing of the execution of SPF calculations in response to IGP events. The process described in :rfc:`8405`." msgstr "This commands specifies the Finite State Machine (FSM) intended to control the timing of the execution of SPF calculations in response to IGP events. The process described in :rfc:`8405`." -#: ../../configuration/loadbalancing/reverse-proxy.rst:192 +#: ../../configuration/loadbalancing/reverse-proxy.rst:195 msgid "This configuration enables the TCP reverse proxy for the \"my-tcp-api\" service. Incoming TCP connections on port 8888 will be load balanced across the backend servers (srv01 and srv02) using the round-robin load-balancing algorithm." msgstr "This configuration enables the TCP reverse proxy for the \"my-tcp-api\" service. Incoming TCP connections on port 8888 will be load balanced across the backend servers (srv01 and srv02) using the round-robin load-balancing algorithm." -#: ../../configuration/loadbalancing/reverse-proxy.rst:174 +#: ../../configuration/loadbalancing/reverse-proxy.rst:177 msgid "This configuration listen on port 80 and redirect incoming requests to HTTPS:" msgstr "This configuration listen on port 80 and redirect incoming requests to HTTPS:" @@ -16164,8 +16340,8 @@ msgstr "This is a mandatory command. Sets the full path to the script. The scrip msgid "This is a mandatory option" msgstr "This is a mandatory option" -#: ../../configuration/protocols/rpki.rst:131 -#: ../../configuration/protocols/rpki.rst:138 +#: ../../configuration/protocols/rpki.rst:129 +#: ../../configuration/protocols/rpki.rst:136 msgid "This is a mandatory setting." msgstr "This is a mandatory setting." @@ -16455,7 +16631,7 @@ msgstr "This will configure a static ARP entry always resolving `<address>` to ` msgid "This will match TCP traffic with source port 80." msgstr "This will match TCP traffic with source port 80." -#: ../../configuration/service/dns.rst:295 +#: ../../configuration/service/dns.rst:389 msgid "This will render the following ddclient_ configuration entry:" msgstr "This will render the following ddclient_ configuration entry:" @@ -16832,7 +17008,7 @@ msgstr "To use a RADIUS server for authentication and bandwidth-shaping, the fol msgid "To use a radius server, you need to switch to authentication mode RADIUS and then configure it." msgstr "To use a radius server, you need to switch to authentication mode RADIUS and then configure it." -#: ../../configuration/service/dns.rst:321 +#: ../../configuration/service/dns.rst:415 msgid "To use such a service, one must define a login, password, one or multiple hostnames, protocol and server." msgstr "To use such a service, one must define a login, password, one or multiple hostnames, protocol and server." @@ -17057,7 +17233,7 @@ msgstr "Update geoip database" msgid "Updates" msgstr "Updates" -#: ../../configuration/protocols/rpki.rst:99 +#: ../../configuration/protocols/rpki.rst:97 msgid "Updates from the RPKI cache servers are directly applied and path selection is updated accordingly. (Soft reconfiguration must be enabled for this to work)." msgstr "Updates from the RPKI cache servers are directly applied and path selection is updated accordingly. (Soft reconfiguration must be enabled for this to work)." @@ -17162,7 +17338,7 @@ msgstr "Use an automatically generated self-signed certificate" msgid "Use any local address, configured on any interface if this is not set." msgstr "Use any local address, configured on any interface if this is not set." -#: ../../configuration/service/dns.rst:263 +#: ../../configuration/service/dns.rst:357 msgid "Use auth key file at ``/config/auth/my.key``" msgstr "Use auth key file at ``/config/auth/my.key``" @@ -17170,11 +17346,11 @@ msgstr "Use auth key file at ``/config/auth/my.key``" msgid "Use certificate from PKI subsystem" msgstr "Use certificate from PKI subsystem" -#: ../../configuration/service/dns.rst:410 +#: ../../configuration/service/dns.rst:504 msgid "Use configured `<url>` to determine your IP address. ddclient_ will load `<url>` and tries to extract your IP address from the response." msgstr "Use configured `<url>` to determine your IP address. ddclient_ will load `<url>` and tries to extract your IP address from the response." -#: ../../configuration/service/dns.rst:368 +#: ../../configuration/service/dns.rst:462 msgid "Use deSEC (dedyn.io) as your preferred provider:" msgstr "Use deSEC (dedyn.io) as your preferred provider:" @@ -18323,11 +18499,11 @@ msgstr "VyOS facilitates IPv6 Multicast by supporting **PIMv6** and **MLD**." msgid "VyOS includes the FastNetMon Community Edition." msgstr "VyOS includes the FastNetMon Community Edition." -#: ../../configuration/service/dns.rst:201 +#: ../../configuration/service/dns.rst:295 msgid "VyOS is able to update a remote DNS record when an interface gets a new IP address. In order to do so, VyOS includes ddclient_, a Perl script written for this only one purpose." msgstr "VyOS is able to update a remote DNS record when an interface gets a new IP address. In order to do so, VyOS includes ddclient_, a Perl script written for this only one purpose." -#: ../../configuration/service/dns.rst:319 +#: ../../configuration/service/dns.rst:413 msgid "VyOS is also able to use any service relying on protocols supported by ddclient." msgstr "VyOS is also able to use any service relying on protocols supported by ddclient." @@ -18536,7 +18712,7 @@ msgstr "We can't support all displays from the beginning. If your display type i msgid "We can also create the certificates using Cerbort which is an easy-to-use client that fetches a certificate from Let's Encrypt an open certificate authority launched by the EFF, Mozilla, and others and deploys it to a web server." msgstr "We can also create the certificates using Cerbort which is an easy-to-use client that fetches a certificate from Let's Encrypt an open certificate authority launched by the EFF, Mozilla, and others and deploys it to a web server." -#: ../../configuration/protocols/rpki.rst:170 +#: ../../configuration/protocols/rpki.rst:168 msgid "We can build route-maps for import based on these states. Here is a simple RPKI configuration, where `routinator` is the RPKI-validating \"cache\" server with ip `192.0.2.1`:" msgstr "We can build route-maps for import based on these states. Here is a simple RPKI configuration, where `routinator` is the RPKI-validating \"cache\" server with ip `192.0.2.1`:" @@ -18620,11 +18796,11 @@ msgstr "When PIM receives a register packet the source of the packet will be com msgid "When VRFs are used it is not only mandatory to create a VRF but also the VRF itself needs to be assigned to an interface." msgstr "When VRFs are used it is not only mandatory to create a VRF but also the VRF itself needs to be assigned to an interface." -#: ../../configuration/service/dns.rst:351 +#: ../../configuration/service/dns.rst:445 msgid "When a ``custom`` DynDNS provider is used, the protocol used for communicating to the provider must be specified under `<protocol>`. See the embedded completion helper when entering above command for available protocols." msgstr "When a ``custom`` DynDNS provider is used, the protocol used for communicating to the provider must be specified under `<protocol>`. See the embedded completion helper when entering above command for available protocols." -#: ../../configuration/service/dns.rst:357 +#: ../../configuration/service/dns.rst:451 msgid "When a ``custom`` DynDNS provider is used the `<server>` where update requests are being sent to must be specified." msgstr "When a ``custom`` DynDNS provider is used the `<server>` where update requests are being sent to must be specified." @@ -18797,7 +18973,7 @@ msgstr "When using NAT for a large number of host systems it recommended that a msgid "When using SSH, known-hosts-file, private-key-file and public-key-file are mandatory options." msgstr "When using SSH, known-hosts-file, private-key-file and public-key-file are mandatory options." -#: ../../configuration/protocols/rpki.rst:163 +#: ../../configuration/protocols/rpki.rst:161 msgid "When using SSH, private-key-file and public-key-file are mandatory options." msgstr "When using SSH, private-key-file and public-key-file are mandatory options." @@ -19008,7 +19184,7 @@ msgstr "You can also configure the time interval for preemption with the \"preem msgid "You can also define custom timeout values to apply to a specific subset of connections, based on a packet and flow selector. To do this, you need to create a rule defining the packet and flow selector." msgstr "You can also define custom timeout values to apply to a specific subset of connections, based on a packet and flow selector. To do this, you need to create a rule defining the packet and flow selector." -#: ../../configuration/service/dns.rst:312 +#: ../../configuration/service/dns.rst:406 msgid "You can also keep different DNS zone updated. Just create a new config node: ``set service dns dynamic interface <interface> rfc2136 <other-service-name>``" msgstr "You can also keep different DNS zone updated. Just create a new config node: ``set service dns dynamic interface <interface> rfc2136 <other-service-name>``" @@ -19348,6 +19524,10 @@ msgstr ":abbr:`RIP (Routing Information Protocol)` is a widely deployed interior msgid ":abbr:`RPKI (Resource Public Key Infrastructure)` is a framework :abbr:`PKI (Public Key Infrastructure)` designed to secure the Internet routing infrastructure. It associates BGP route announcements with the correct originating :abbr:`ASN (Autonomus System Number)` which BGP routers can then use to check each route against the corresponding :abbr:`ROA (Route Origin Authorisation)` for validity. RPKI is described in :rfc:`6480`." msgstr ":abbr:`RPKI (Resource Public Key Infrastructure)` is a framework :abbr:`PKI (Public Key Infrastructure)` designed to secure the Internet routing infrastructure. It associates BGP route announcements with the correct originating :abbr:`ASN (Autonomus System Number)` which BGP routers can then use to check each route against the corresponding :abbr:`ROA (Route Origin Authorisation)` for validity. RPKI is described in :rfc:`6480`." +#: ../../configuration/protocols/rpki.rst:14 +msgid ":abbr:`RPKI (Resource Public Key Infrastructure)` is a framework designed to secure the Internet routing infrastructure. It associates BGP route announcements with the correct originating :abbr:`ASN (Autonomus System Number)` which BGP routers can then use to check each route against the corresponding :abbr:`ROA (Route Origin Authorisation)` for validity. RPKI is described in :rfc:`6480`." +msgstr ":abbr:`RPKI (Resource Public Key Infrastructure)` is a framework designed to secure the Internet routing infrastructure. It associates BGP route announcements with the correct originating :abbr:`ASN (Autonomus System Number)` which BGP routers can then use to check each route against the corresponding :abbr:`ROA (Route Origin Authorisation)` for validity. RPKI is described in :rfc:`6480`." + #: ../../configuration/interfaces/ethernet.rst:82 msgid ":abbr:`RPS (Receive Packet Steering)` is logically a software implementation of :abbr:`RSS (Receive Side Scaling)`. Being in software, it is necessarily called later in the datapath. Whereas RSS selects the queue and hence CPU that will run the hardware interrupt handler, RPS selects the CPU to perform protocol processing above the interrupt handler. This is accomplished by placing the packet on the desired CPU's backlog queue and waking up the CPU for processing. RPS has some advantages over RSS:" msgstr ":abbr:`RPS (Receive Packet Steering)` is logically a software implementation of :abbr:`RSS (Receive Side Scaling)`. Being in software, it is necessarily called later in the datapath. Whereas RSS selects the queue and hence CPU that will run the hardware interrupt handler, RPS selects the CPU to perform protocol processing above the interrupt handler. This is accomplished by placing the packet on the desired CPU's backlog queue and waking up the CPU for processing. RPS has some advantages over RSS:" @@ -19512,7 +19692,7 @@ msgstr ":ref:`routing-static`: ``set vrf name <name> protocols static ...``" msgid ":rfc:`2131` states: The client MAY choose to explicitly provide the identifier through the 'client identifier' option. If the client supplies a 'client identifier', the client MUST use the same 'client identifier' in all subsequent messages, and the server MUST use that identifier to identify the client." msgstr ":rfc:`2131` states: The client MAY choose to explicitly provide the identifier through the 'client identifier' option. If the client supplies a 'client identifier', the client MUST use the same 'client identifier' in all subsequent messages, and the server MUST use that identifier to identify the client." -#: ../../configuration/service/dns.rst:217 +#: ../../configuration/service/dns.rst:311 msgid ":rfc:`2136` Based" msgstr ":rfc:`2136` Based" @@ -19664,6 +19844,10 @@ msgstr "``9600`` - 9600 bps" msgid "``< dh-group >`` defines a Diffie-Hellman group for PFS;" msgstr "``< dh-group >`` defines a Diffie-Hellman group for PFS;" +#: ../../configuration/service/dns.rst:172 +msgid "``@`` Use @ as record name to set the record for the root domain." +msgstr "``@`` Use @ as record name to set the record for the root domain." + #: ../../configuration/protocols/segment-routing.rst:41 msgid "``Known limitations:``" msgstr "``Known limitations:``" @@ -19734,6 +19918,10 @@ msgstr "``all-available`` all checking target addresses must be available to pas msgid "``any-available`` any of the checking target addresses must be available to pass this check" msgstr "``any-available`` any of the checking target addresses must be available to pass this check" +#: ../../configuration/service/dns.rst:174 +msgid "``any`` Use any as record name to configure the record as a wildcard." +msgstr "``any`` Use any as record name to configure the record as a wildcard." + #: ../../configuration/vpn/site2site_ipsec.rst:388 msgid "``authentication local-id/remote-id`` - IKE identification is used for validation of VPN peer devices during IKE negotiation. If you do not configure local/remote-identity, the device uses the IPv4 or IPv6 address that corresponds to the local/remote peer by default. In certain network setups (like ipsec interface with dynamic address, or behind the NAT ), the IKE ID received from the peer does not match the IKE gateway configured on the device. This can lead to a Phase 1 validation failure. So, make sure to configure the local/remote id explicitly and ensure that the IKE ID is the same as the remote-identity configured on the peer device." msgstr "``authentication local-id/remote-id`` - IKE identification is used for validation of VPN peer devices during IKE negotiation. If you do not configure local/remote-identity, the device uses the IPv4 or IPv6 address that corresponds to the local/remote peer by default. In certain network setups (like ipsec interface with dynamic address, or behind the NAT ), the IKE ID received from the peer does not match the IKE gateway configured on the device. This can lead to a Phase 1 validation failure. So, make sure to configure the local/remote id explicitly and ensure that the IKE ID is the same as the remote-identity configured on the peer device." @@ -20855,7 +21043,7 @@ msgstr "cron" msgid "daemon" msgstr "daemon" -#: ../../configuration/service/dns.rst:405 +#: ../../configuration/service/dns.rst:499 msgid "ddclient_ has another way to determine the WAN IP address. This is controlled by:" msgstr "ddclient_ has another way to determine the WAN IP address. This is controlled by:" @@ -20863,11 +21051,11 @@ msgstr "ddclient_ has another way to determine the WAN IP address. This is contr msgid "ddclient_ uses two methods to update a DNS record. The first one will send updates directly to the DNS daemon, in compliance with :rfc:`2136`. The second one involves a third party service, like DynDNS.com or any other similar website. This method uses HTTP requests to transmit the new IP address. You can configure both in VyOS." msgstr "ddclient_ uses two methods to update a DNS record. The first one will send updates directly to the DNS daemon, in compliance with :rfc:`2136`. The second one involves a third party service, like DynDNS.com or any other similar website. This method uses HTTP requests to transmit the new IP address. You can configure both in VyOS." -#: ../../configuration/service/dns.rst:205 +#: ../../configuration/service/dns.rst:299 msgid "ddclient_ uses two methods to update a DNS record. The first one will send updates directly to the DNS daemon, in compliance with :rfc:`2136`. The second one involves a third party service, like DynDNS.com or any other such service provider. This method uses HTTP requests to transmit the new IP address. You can configure both in VyOS." msgstr "ddclient_ uses two methods to update a DNS record. The first one will send updates directly to the DNS daemon, in compliance with :rfc:`2136`. The second one involves a third party service, like DynDNS.com or any other such service provider. This method uses HTTP requests to transmit the new IP address. You can configure both in VyOS." -#: ../../configuration/service/dns.rst:415 +#: ../../configuration/service/dns.rst:509 msgid "ddclient_ will skip any address located before the string set in `<pattern>`." msgstr "ddclient_ will skip any address located before the string set in `<pattern>`." @@ -21044,7 +21232,7 @@ msgstr "info" msgid "interval" msgstr "interval" -#: ../../configuration/protocols/rpki.rst:56 +#: ../../configuration/protocols/rpki.rst:54 msgid "invalid" msgstr "invalid" @@ -21276,7 +21464,7 @@ msgstr "no-autonomous-flag" msgid "no-on-link-flag" msgstr "no-on-link-flag" -#: ../../configuration/protocols/rpki.rst:61 +#: ../../configuration/protocols/rpki.rst:59 msgid "notfound" msgstr "notfound" @@ -21549,7 +21737,7 @@ msgstr "user" msgid "uucp" msgstr "uucp" -#: ../../configuration/protocols/rpki.rst:50 +#: ../../configuration/protocols/rpki.rst:48 msgid "valid" msgstr "valid" |