summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--docs/configuration/service/dns.rst13
1 files changed, 13 insertions, 0 deletions
diff --git a/docs/configuration/service/dns.rst b/docs/configuration/service/dns.rst
index aee207a6..4315b6dc 100644
--- a/docs/configuration/service/dns.rst
+++ b/docs/configuration/service/dns.rst
@@ -21,6 +21,10 @@ avoid being tracked by the provider of your upstream DNS server.
Forward incoming DNS queries to the DNS servers configured under the ``system
name-server`` nodes.
+.. cfgcmd:: set service dns forwarding dhcp <interface>
+
+ Interfaces whose DHCP client nameservers to forward requests to.
+
.. cfgcmd:: set service dns forwarding name-server <address>
Send all DNS queries to the IPv4/IPv6 DNS server specified under `<address>`.
@@ -35,6 +39,15 @@ avoid being tracked by the provider of your upstream DNS server.
.. note:: This also works for reverse-lookup zones (``18.172.in-addr.arpa``).
+.. cfgcmd:: set service dns forwarding domain <domain-name> addnta
+
+ Add NTA (negative trust anchor) for this domain. This must be set if the
+ domain does not support DNSSEC.
+
+.. cfgcmd:: set service dns forwarding domain <domain-name> recursion-desired
+
+ Set the "recursion desired" bit in requests to the upstream nameserver.
+
.. cfgcmd:: set service dns forwarding allow-from <network>
Given the fact that open DNS recursors could be used on DDoS amplification