summaryrefslogtreecommitdiff
path: root/docs/configuration
diff options
context:
space:
mode:
authorrebortg <github@ghlr.de>2023-01-30 15:27:41 +0100
committerrebortg <github@ghlr.de>2023-01-30 15:40:14 +0100
commit2923800d7d6f2e37e1f472fdd0e341c444c308b4 (patch)
tree7fe344391e1eae24767af98b22e98cdc169a801f /docs/configuration
parent4ef9d2634d1b88870f8410213a68083b33cc1d01 (diff)
downloadvyos-documentation-2923800d7d6f2e37e1f472fdd0e341c444c308b4.tar.gz
vyos-documentation-2923800d7d6f2e37e1f472fdd0e341c444c308b4.zip
dns: sync branches
Diffstat (limited to 'docs/configuration')
-rw-r--r--docs/configuration/service/dns.rst13
1 files changed, 13 insertions, 0 deletions
diff --git a/docs/configuration/service/dns.rst b/docs/configuration/service/dns.rst
index aee207a6..4315b6dc 100644
--- a/docs/configuration/service/dns.rst
+++ b/docs/configuration/service/dns.rst
@@ -21,6 +21,10 @@ avoid being tracked by the provider of your upstream DNS server.
Forward incoming DNS queries to the DNS servers configured under the ``system
name-server`` nodes.
+.. cfgcmd:: set service dns forwarding dhcp <interface>
+
+ Interfaces whose DHCP client nameservers to forward requests to.
+
.. cfgcmd:: set service dns forwarding name-server <address>
Send all DNS queries to the IPv4/IPv6 DNS server specified under `<address>`.
@@ -35,6 +39,15 @@ avoid being tracked by the provider of your upstream DNS server.
.. note:: This also works for reverse-lookup zones (``18.172.in-addr.arpa``).
+.. cfgcmd:: set service dns forwarding domain <domain-name> addnta
+
+ Add NTA (negative trust anchor) for this domain. This must be set if the
+ domain does not support DNSSEC.
+
+.. cfgcmd:: set service dns forwarding domain <domain-name> recursion-desired
+
+ Set the "recursion desired" bit in requests to the upstream nameserver.
+
.. cfgcmd:: set service dns forwarding allow-from <network>
Given the fact that open DNS recursors could be used on DDoS amplification