summaryrefslogtreecommitdiff
path: root/docs/configuration/service/dns.rst
diff options
context:
space:
mode:
authorIgor Melnyk <igor_melnyk@ukr.net>2021-05-05 23:18:34 +0300
committerChristian Poessinger <christian@poessinger.com>2021-10-13 09:34:59 +0200
commit3eab2b01b831af83284df9832ccbdba721e9ac52 (patch)
tree06f800e7eca19231c3db677c86fc9875bb7fe6e1 /docs/configuration/service/dns.rst
parent0386e8f8f6f428425ed7fb3bfbe122f7495c85fb (diff)
downloadvyos-documentation-3eab2b01b831af83284df9832ccbdba721e9ac52.tar.gz
vyos-documentation-3eab2b01b831af83284df9832ccbdba721e9ac52.zip
dns: T3277: support no reverse zones rfc1918 lookup
(cherry picked from commit 25ba7e113a81ec30953dbfe8c78657473c1f5412)
Diffstat (limited to 'docs/configuration/service/dns.rst')
-rw-r--r--docs/configuration/service/dns.rst9
1 files changed, 9 insertions, 0 deletions
diff --git a/docs/configuration/service/dns.rst b/docs/configuration/service/dns.rst
index d0fe32b3..72123c5d 100644
--- a/docs/configuration/service/dns.rst
+++ b/docs/configuration/service/dns.rst
@@ -111,6 +111,12 @@ avoid being tracked by the provider of your upstream DNS server.
The local IPv4 or IPv6 addresses to bind the DNS forwarder to. The forwarder
will listen on this address for incoming connections.
+.. cfgcmd:: set service dns forwarding no-server-rfc1918
+
+ This makes the server authoritatively not aware of: 10.in-addr.arpa,
+ 168.192.in-addr.arpa, 16-31.172.in-addr.arpa, which enabling upstream
+ DNS server(s) to be used for reverse lookups of these zones.
+
Example
=======
@@ -127,6 +133,8 @@ In this scenario:
interface addresses - 192.168.1.254 for IPv4 and 2001:db8::ffff for IPv6
* The VyOS DNS forwarder will only accept lookup requests from the
LAN subnets - 192.168.1.0/24 and 2001:db8::/64
+* The VyOS DNS forwarder will pass reverse lookups for 10.in-addr.arpa,
+ 168.192.in-addr.arpa, 16-31.172.in-addr.arpa zones to upstream server.
.. code-block:: none
@@ -140,6 +148,7 @@ In this scenario:
set service dns forwarding listen-address 2001:db8::ffff
set service dns forwarding allow-from 192.168.1.0/24
set service dns forwarding allow-from 2001:db8::/64
+ set service dns forwarding no-serve-rfc1918
Operation
=========