diff options
-rw-r--r-- | docs/configuration/service/dns.rst | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/docs/configuration/service/dns.rst b/docs/configuration/service/dns.rst index aee207a6..4315b6dc 100644 --- a/docs/configuration/service/dns.rst +++ b/docs/configuration/service/dns.rst @@ -21,6 +21,10 @@ avoid being tracked by the provider of your upstream DNS server. Forward incoming DNS queries to the DNS servers configured under the ``system name-server`` nodes. +.. cfgcmd:: set service dns forwarding dhcp <interface> + + Interfaces whose DHCP client nameservers to forward requests to. + .. cfgcmd:: set service dns forwarding name-server <address> Send all DNS queries to the IPv4/IPv6 DNS server specified under `<address>`. @@ -35,6 +39,15 @@ avoid being tracked by the provider of your upstream DNS server. .. note:: This also works for reverse-lookup zones (``18.172.in-addr.arpa``). +.. cfgcmd:: set service dns forwarding domain <domain-name> addnta + + Add NTA (negative trust anchor) for this domain. This must be set if the + domain does not support DNSSEC. + +.. cfgcmd:: set service dns forwarding domain <domain-name> recursion-desired + + Set the "recursion desired" bit in requests to the upstream nameserver. + .. cfgcmd:: set service dns forwarding allow-from <network> Given the fact that open DNS recursors could be used on DDoS amplification |