summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--docs/interfaces/addresses.rst2
-rw-r--r--docs/interfaces/geneve.rst19
-rw-r--r--docs/routing/arp.rst8
-rw-r--r--docs/services/dhcp.rst206
-rw-r--r--docs/services/dns-forwarding.rst125
-rw-r--r--docs/services/dynamic-dns.rst52
-rw-r--r--docs/services/lldp.rst33
7 files changed, 228 insertions, 217 deletions
diff --git a/docs/interfaces/addresses.rst b/docs/interfaces/addresses.rst
index 034fb0ef..709490c8 100644
--- a/docs/interfaces/addresses.rst
+++ b/docs/interfaces/addresses.rst
@@ -13,7 +13,7 @@ addresses might be:
.. cfgcmd:: set interfaces ethernet eth0 description 'OUTSIDE'
-An interface description is assigned using the following command:
+ An interface description is assigned using the following command:
IPv4
^^^^
diff --git a/docs/interfaces/geneve.rst b/docs/interfaces/geneve.rst
index 252668c1..dc762738 100644
--- a/docs/interfaces/geneve.rst
+++ b/docs/interfaces/geneve.rst
@@ -34,21 +34,22 @@ Geneve Header:
.. cfgcmd:: set interfaces geneve gnv0 address '192.0.2.2/24'
-Create GENEVE tunnel listening on local address `192.0.2.2/24`.
+ Create GENEVE tunnel listening on local address `192.0.2.2/24`.
.. cfgcmd:: set interfaces geneve gnv0 remote '172.18.204.10'
-Specify the IP address of the other end of the tunnel.
+ Specify the IP address of the other end of the tunnel.
.. cfgcmd:: set interfaces geneve gnv0 vni '1000'
-:abbr:`VNI (Virtual Network Identifier)` is an identifier for a unique element
-of a virtual network. In many situations this may represent an L2 segment,
-however, the control plane defines the forwarding semantics of decapsulated
-packets. The VNI MAY be used as part of ECMP forwarding decisions or MAY be
-used as a mechanism to distinguish between overlapping address spaces contained
-in the encapsulated packet when load balancing across CPUs.
+ :abbr:`VNI (Virtual Network Identifier)` is an identifier for a unique
+ element of a virtual network. In many situations this may represent an L2
+ segment, however, the control plane defines the forwarding semantics of
+ decapsulated packets. The VNI MAY be used as part of ECMP forwarding
+ decisions or MAY be used as a mechanism to distinguish between overlapping
+ address spaces contained in the encapsulated packet when load balancing
+ across CPUs.
.. cfgcmd:: set interfaces geneve gnv0 mtu
-Set interface :abbr:`MTU (Maximum Transfer Unit)` size.
+ Set interface :abbr:`MTU (Maximum Transfer Unit)` size.
diff --git a/docs/routing/arp.rst b/docs/routing/arp.rst
index 96a6ffeb..70d83503 100644
--- a/docs/routing/arp.rst
+++ b/docs/routing/arp.rst
@@ -21,15 +21,15 @@ Configure
.. cfgcmd:: set protocols static arp 192.0.2.100 hwaddr 00:53:27:de:23:aa
-This will configure a static ARP entry always resolving `192.0.2.100` to
-`00:53:27:de:23:aa`
+ This will configure a static ARP entry always resolving `192.0.2.100` to
+ `00:53:27:de:23:aa`
Operation
=========
.. opcmd:: show protocols static arp
-Display all known ARP table entries spanning accross all interfaces
+ Display all known ARP table entries spanning accross all interfaces
.. code-block:: none
@@ -41,7 +41,7 @@ Display all known ARP table entries spanning accross all interfaces
.. opcmd:: show protocols static arp interface eth1
-Display all known ARP table entries on a given interface only (`eth1`):
+ Display all known ARP table entries on a given interface only (`eth1`):
.. code-block:: none
diff --git a/docs/services/dhcp.rst b/docs/services/dhcp.rst
index 1303395a..19c92aac 100644
--- a/docs/services/dhcp.rst
+++ b/docs/services/dhcp.rst
@@ -52,38 +52,37 @@ Explanation
.. cfgcmd:: set service dhcp-server shared-network-name dhcpexample authoritative
-This says that this device is the only DHCP server for this network. If other
-devices are trying to offer DHCP leases, this machine will send 'DHCPNAK' to
-any device trying to request an IP address that is
-not valid for this network.
+ This says that this device is the only DHCP server for this network. If other
+ devices are trying to offer DHCP leases, this machine will send 'DHCPNAK' to
+ any device trying to request an IP address that is not valid for this
+ network.
.. cfgcmd:: set service dhcp-server shared-network-name dhcpexample subnet 192.0.2.0/24 default-router 192.0.2.1
-This is a configuration parameter for the subnet, saying that as part of the
-response, tell the client that I am the default router for this network
+ This is a configuration parameter for the subnet, saying that as part of the
+ response, tell the client that I am the default router for this network.
.. cfgcmd:: set service dhcp-server shared-network-name dhcpexample subnet 192.0.2.0/24 dns-server 192.0.2.1
-This is a configuration parameter for the subnet, saying that as part of the
-response, tell the client that I am the DNS server for this network. If you
-do not want to run a DNS server, you could also provide one of the public
-DNS servers, such as google's. You can add multiple entries by repeating the
-line.
+ This is a configuration parameter for the subnet, saying that as part of the
+ response, tell the client that I am the DNS server for this network. If you
+ do not want to run a DNS server, you could also provide one of the public
+ DNS servers, such as google's. You can add multiple entries by repeating the
+ line.
.. cfgcmd:: set service dhcp-server shared-network-name dhcpexample subnet 192.0.2.0/24 lease 86400
-Assign the IP address to this machine for 24 hours. It is unlikely you'd need
-to shorten this period, unless you are running a network with lots of devices
-appearing and disappearing.
-
+ Assign the IP address to this machine for 24 hours. It is unlikely you'd need
+ to shorten this period, unless you are running a network with lots of devices
+ appearing and disappearing.
.. cfgcmd:: set service dhcp-server shared-network-name dhcpexample subnet 192.0.2.0/24 range 0 start 192.0.2.100
-Make a range of addresses available for clients starting from .100 [...]
+ Make a range of addresses available for clients starting from .100 [...]
.. cfgcmd:: set service dhcp-server shared-network-name dhcpexample subnet 192.0.2.0/24 range 0 stop 192.0.2.199
-[...] and ending at .199.
+ [...] and ending at .199.
Failover
--------
@@ -93,22 +92,22 @@ explicitly by the following statements.
.. cfgcmd:: set service dhcp-server shared-network-name 'LAN' subnet '192.0.2.0/24' failover local-address '192.0.2.1'
-Local IP address used when communicating to the failover peer.
+ Local IP address used when communicating to the failover peer.
.. cfgcmd:: set service dhcp-server shared-network-name 'LAN' subnet '192.0.2.0/24' failover peer-address '192.0.2.2'
-Peer IP address of the second DHCP server in this failover cluster.
+ Peer IP address of the second DHCP server in this failover cluster.
.. cfgcmd:: set service dhcp-server shared-network-name 'LAN' subnet '192.0.2.0/24' failover name 'foo'
-A generic name referencing this sync service.
+ A generic name referencing this sync service.
.. note:: `name` must be identical on both sides!
.. cfgcmd:: set service dhcp-server shared-network-name 'LAN' subnet '192.0.2.0/24' failover status '{primary|secondary}'
-The primary and secondary statements determines whether the server is primary
-or secondary.
+ The primary and secondary statements determines whether the server is primary
+ or secondary.
.. note:: In order for the primary and the secondary DHCP server to keep
their lease tables in sync, they must be able to reach each other on TCP
@@ -131,12 +130,14 @@ inside the subnet definition but can be outside of the range statement.
.. cfgcmd:: set service dhcp-server shared-network-name dhcpexample subnet 192.0.2.0/24 static-mapping static-mapping-01 mac-address ff:ff:ff:ff:ff:ff
-Each host is uniquely identified by its MAC address.
+ Each host is uniquely identified by its MAC address.
.. cfgcmd:: set service dhcp-server shared-network-name dhcpexample subnet 192.0.2.0/24 static-mapping static-mapping-01 ip-address 192.0.2.10
-IP address to assign to this host. It must be inside the subnet in which it is defined but can be outside the dynamic range.
-If ip-address is not specified, an IP from the dynamic pool (as specified by ``range``) is used. This is useful, for example, in combination with hostfile update.
+ IP address to assign to this host. It must be inside the subnet in which it
+ is defined but can be outside the dynamic range. If ip-address is not
+ specified, an IP from the dynamic pool (as specified by ``range``) is used.
+ This is useful, for example, in combination with hostfile update.
.. hint:: This is the equivalent of the host block in dhcpd.conf of isc-dhcpd.
@@ -145,25 +146,25 @@ DHCP Options
.. cfgcmd:: set service dhcp-server shared-network-name '<name>' subnet 192.0.2.0/24 default-router '<address>'
-Specify the default routers IPv4 address which should be used in this subnet.
-This can - of course - be a VRRP address (DHCP option 003).
+ Specify the default routers IPv4 address which should be used in this subnet.
+ This can - of course - be a VRRP address (DHCP option 003).
.. cfgcmd:: set service dhcp-server shared-network-name '<name>' subnet 192.0.2.0/24 dns-server '<address>'
-Specify the DNS nameservers used (Option 006). This option may be used mulltiple
-times to specify additional DNS nameservers.
+ Specify the DNS nameservers used (Option 006). This option may be used
+ mulltiple times to specify additional DNS nameservers.
.. cfgcmd:: set service dhcp-server shared-network-name '<name>' subnet 192.0.2.0/24 domain-name '<domain-name>'
-The domain-name parameter should be the domain name that will be appended to
-the client's hostname to form a fully-qualified domain-name (FQDN) (DHCP
-Option 015).
+ The domain-name parameter should be the domain name that will be appended to
+ the client's hostname to form a fully-qualified domain-name (FQDN) (DHCP
+ Option 015).
.. cfgcmd:: set service dhcp-server shared-network-name '<name>' subnet 192.0.2.0/24 domain-search '<domain-name>'
-The domain-name parameter should be the domain name used when completing DNS
-request where no full FQDN is passed. This option can be given multiple times
-if you need multiple search domains (DHCP Option 119).
+ The domain-name parameter should be the domain name used when completing DNS
+ request where no full FQDN is passed. This option can be given multiple times
+ if you need multiple search domains (DHCP Option 119).
.. list-table::
:header-rows: 1
@@ -319,18 +320,18 @@ Example
.. opcmd:: set service dhcp-server shared-network-name dhcpexample subnet 192.0.2.0/24 static-mapping example static-mapping-parameters "option domain-name-servers 192.0.2.11, 192.0.2.12;"
-Override the static-mapping's dns-server with a custom one that will be sent only to this host.
+ Override the static-mapping's dns-server with a custom one that will be sent only to this host.
Operation Mode
--------------
.. opcmd:: restart dhcp server
-Restart the DHCP server
+ Restart the DHCP server
.. opcmd:: show dhcp server statistics
-Show the DHCP server statistics:
+ Show the DHCP server statistics:
.. code-block:: none
@@ -341,11 +342,11 @@ Show the DHCP server statistics:
.. opcmd:: show dhcp server statistics pool <pool>
-Show the DHCP server statistics for the specified pool.
+ Show the DHCP server statistics for the specified pool.
.. opcmd:: show dhcp server leases
-Show statuses of all active leases:
+ Show statuses of all active leases:
.. code-block:: none
@@ -355,19 +356,22 @@ Show statuses of all active leases:
192.0.2.104 aa:bb:cc:dd:ee:ff active 2019/12/05 14:24:23 2019/12/06 02:24:23 6:05:35 dhcpexample test1
192.0.2.115 ab:ac:ad:ae:af:bf active 2019/12/05 18:02:37 2019/12/06 06:02:37 9:43:49 dhcpexample test2
-.. hint:: Static mappings aren't shown. To show all states, use ``show dhcp server leases state all``.
+.. hint:: Static mappings aren't shown. To show all states, use
+ ``show dhcp server leases state all``.
.. opcmd:: show dhcp server leases pool <pool>
-Show only leases in the specified pool.
+ Show only leases in the specified pool.
.. opcmd:: show dhcp server leases sort <key>
-Sort the output by the specified key. Possible keys: ip, hardware_address, state, start, end, remaining, pool, hostname (default = ip)
+ Sort the output by the specified key. Possible keys: ip, hardware_address,
+ state, start, end, remaining, pool, hostname (default = ip)
.. opcmd:: show dhcp server leases state <state>
-Show only leases with the specified state. Possible states: all, active, free, expired, released, abandoned, reset, backup (default = active)
+ Show only leases with the specified state. Possible states: all, active,
+ free, expired, released, abandoned, reset, backup (default = active)
DHCPv6 Server
=============
@@ -380,47 +384,46 @@ Configuration Options
.. cfgcmd:: set service dhcpv6-server preference <preference value>
-Clients receiving advertise messages from multiple servers choose the server
-with the highest preference value. The range for this value is ``0...255``.
-
+ Clients receiving advertise messages from multiple servers choose the server
+ with the highest preference value. The range for this value is ``0...255``.
.. cfgcmd:: set service dhcpv6-server shared-network-name '<name>' subnet '<v6net>' lease-time {default | maximum | minimum}
-The default lease time for DHCPv6 leases is 24 hours. This can be changed by
-supplying a ``default-time``, ``maximum-time`` and ``minimum-time``. All values
-need to be supplied in seconds.
+ The default lease time for DHCPv6 leases is 24 hours. This can be changed by
+ supplying a ``default-time``, ``maximum-time`` and ``minimum-time``. All
+ values need to be supplied in seconds.
.. cfgcmd:: set service dhcpv6-server shared-network-name '<name>' subnet '<v6net>' nis-domain '<domain-name>'
-A :abbr:`NIS (Network Information Service)` domain can be set to be used for
-DHCPv6 clients.
+ A :abbr:`NIS (Network Information Service)` domain can be set to be used for
+ DHCPv6 clients.
.. cfgcmd:: set service dhcpv6-server shared-network-name '<name>' subnet '<v6net>' nisplus-domain '<domain-name>'
-The procedure to specify a :abbr:`NIS+ (Network Information Service Plus)`
-domain is similar to the NIS domain one:
+ The procedure to specify a :abbr:`NIS+ (Network Information Service Plus)`
+ domain is similar to the NIS domain one:
.. cfgcmd:: set service dhcpv6-server shared-network-name '<name>' subnet '<v6net>' nis-server '<address>'
-Specify a NIS server address for DHCPv6 clients.
+ Specify a NIS server address for DHCPv6 clients.
.. cfgcmd:: set service dhcpv6-server shared-network-name '<name>' subnet '<v6net>' nisplus-server '<address>'
-Specify a NIS+ server address for DHCPv6 clients.
+ Specify a NIS+ server address for DHCPv6 clients.
.. cfgcmd:: set service dhcpv6-server shared-network-name '<name>' subnet '<v6net>' sip-server-address '<address>'
-Specify a :abbr:`SIP (Session Initiation Protocol)` server by IPv6 address for
-all DHCPv6 clients.
+ Specify a :abbr:`SIP (Session Initiation Protocol)` server by IPv6 address
+ for all DHCPv6 clients.
.. cfgcmd:: set service dhcpv6-server shared-network-name '<name>' subnet '<v6net>' sip-server-name '<fqdn>'
-Specify a :abbr:`SIP (Session Initiation Protocol)` server by FQDN for all
-DHCPv6 clients.
+ Specify a :abbr:`SIP (Session Initiation Protocol)` server by FQDN for all
+ DHCPv6 clients.
.. cfgcmd:: set service dhcpv6-server shared-network-name '<name>' subnet '<v6net>' sntp-server-address '<address>'
-A SNTP server address can be specified for DHCPv6 clients:
+ A SNTP server address can be specified for DHCPv6 clients.
Address pools
-------------
@@ -468,9 +471,11 @@ be created. The following example explains the process.
* IPv6 address ``2001:db8::101`` shall be statically mapped
* Host specific mapping shall be named ``client1``
-.. hint:: The identifier is the device's DUID: colon-separated hex list (as used by isc-dhcp option dhcpv6.client-id).
- If the device already has a dynamic lease from the DHCPv6 server, its DUID can be found with ``show service dhcpv6 server leases``.
- The DUID begins at the 5th octet (after the 4th colon) of IAID_DUID.
+.. hint:: The identifier is the device's DUID: colon-separated hex list (as
+ used by isc-dhcp option dhcpv6.client-id). If the device already has a
+ dynamic lease from the DHCPv6 server, its DUID can be found with ``show
+ service dhcpv6 server leases``. The DUID begins at the 5th octet (after the
+ 4th colon) of IAID_DUID.
.. code-block:: none
@@ -502,15 +507,15 @@ Operation Mode
.. opcmd:: restart dhcpv6 server
-To restart the DHCPv6 server
+ To restart the DHCPv6 server
.. opcmd:: show dhcpv6 server status
-To show the current status of the DHCPv6 server.
+ To show the current status of the DHCPv6 server.
.. opcmd:: show dhcpv6 server leases
-Show statuses of all assigned leases:
+ Show statuses of all assigned leases:
.. code-block:: none
@@ -520,19 +525,22 @@ Show statuses of all assigned leases:
2001:db8::101 active 2019/12/05 19:40:10 2019/12/06 07:40:10 11:45:21 non-temporary NET1 98:76:54:32:00:01:00:01:12:34:56:78:aa:bb:cc:dd:ee:ff
2001:db8::102 active 2019/12/05 14:01:23 2019/12/06 02:01:23 6:06:34 non-temporary NET1 87:65:43:21:00:01:00:01:11:22:33:44:fa:fb:fc:fd:fe:ff
-.. hint:: Static mappings aren't shown. To show all states, use ``show dhcp server leases state all``.
+.. hint:: Static mappings aren't shown. To show all states, use ``show dhcp
+ server leases state all``.
.. opcmd:: show dhcpv6 server leases pool <pool>
-Show only leases in the specified pool.
+ Show only leases in the specified pool.
.. opcmd:: show dhcpv6 server leases sort <key>
-Sort the output by the specified key. Possible keys: expires, iaid_duid, ip, last_comm, pool, remaining, state, type (default = ip)
+ Sort the output by the specified key. Possible keys: expires, iaid_duid, ip,
+ last_comm, pool, remaining, state, type (default = ip)
.. opcmd:: show dhcpv6 server leases state <state>
-Show only leases with the specified state. Possible states: abandoned, active, all, backup, expired, free, released, reset (default = active)
+ Show only leases with the specified state. Possible states: abandoned,
+ active, all, backup, expired, free, released, reset (default = active)
DHCP Relay
==========
@@ -550,16 +558,16 @@ Configuration
.. cfgcmd:: set service dhcp-relay interface '<interface>'
-Enable the DHCP relay service on the given interface.
+ Enable the DHCP relay service on the given interface.
.. cfgcmd:: set service dhcp-relay server 10.0.1.4
-Configure IP address of the DHCP server
+ Configure IP address of the DHCP server
.. cfgcmd:: set service dhcp-relay relay-options relay-agents-packets discard
-The router should discard DHCP packages already containing relay agent
-information to ensure that only requests from DHCP clients are forwarded.
+ The router should discard DHCP packages already containing relay agent
+ information to ensure that only requests from DHCP clients are forwarded.
Example
-------
@@ -592,38 +600,38 @@ Options
.. cfgcmd:: set service dhcp-relay relay-options hop-count 'count'
-Set the maximum hop count before packets are discarded. Range 0...255,
-default 10.
+ Set the maximum hop count before packets are discarded. Range 0...255,
+ default 10.
.. cfgcmd:: set service dhcp-relay relay-options max-size 'size'
-Set maximum size of DHCP packets including relay agent information. If a
-DHCP packet size surpasses this value it will be forwarded without appending
-relay agent information. Range 64...1400, default 576.
+ Set maximum size of DHCP packets including relay agent information. If a
+ DHCP packet size surpasses this value it will be forwarded without appending
+ relay agent information. Range 64...1400, default 576.
.. cfgcmd:: set service dhcp-relay relay-options relay-agents-packet 'policy'
-Four policies for reforwarding DHCP packets exist:
+ Four policies for reforwarding DHCP packets exist:
-* **append:** The relay agent is allowed to append its own relay information
- to a received DHCP packet, disregarding relay information already present in
- the packet.
+ * **append:** The relay agent is allowed to append its own relay information
+ to a received DHCP packet, disregarding relay information already present in
+ the packet.
-* **discard:** Received packets which already contain relay information will
- be discarded.
+ * **discard:** Received packets which already contain relay information will
+ be discarded.
-* **forward:** All packets are forwarded, relay information already present
- will be ignored.
+ * **forward:** All packets are forwarded, relay information already present
+ will be ignored.
-* **replace:** Relay information already present in a packet is stripped and
- replaced with the router's own relay information set.
+ * **replace:** Relay information already present in a packet is stripped and
+ replaced with the router's own relay information set.
Operation
---------
.. opcmd:: restart dhcp relay-agent
-Restart DHCP relay service
+ Restart DHCP relay service
DHCPv6 relay
============
@@ -633,12 +641,12 @@ Configuration
.. cfgcmd:: set service dhcpv6-relay listen-interface eth1
-Set eth1 to be the listening interface for the DHCPv6 relay:
+ Set eth1 to be the listening interface for the DHCPv6 relay:
.. cfgcmd:: set service dhcpv6-relay upstream-interface eth2 address 2001:db8::4
-Set eth2 to be the upstream interface and specify the IPv6 address of
-the DHCPv6 server:
+ Set eth2 to be the upstream interface and specify the IPv6 address of
+ the DHCPv6 server:
Example
^^^^^^^
@@ -670,20 +678,20 @@ Options
.. cfgcmd:: set service dhcpv6-relay max-hop-count 'count'
-Set maximum hop count before packets are discarded, default: 10
+ Set maximum hop count before packets are discarded, default: 10
.. cfgcmd:: set service dhcpv6-relay use-interface-id-option
-If this is set the relay agent will insert the interface ID. This option is
-set automatically if more than one listening interfaces are in use.
+ If this is set the relay agent will insert the interface ID. This option is
+ set automatically if more than one listening interfaces are in use.
Operation
---------
.. opcmd:: show dhcpv6 relay-agent status
-Show the current status of the DHCPv6 relay agent:
+ Show the current status of the DHCPv6 relay agent:
.. opcmd:: restart dhcpv6 relay-agent
-Restart DHCPv6 relay agent immediately.
+ Restart DHCPv6 relay agent immediately.
diff --git a/docs/services/dns-forwarding.rst b/docs/services/dns-forwarding.rst
index a4fbdd9f..fb996709 100644
--- a/docs/services/dns-forwarding.rst
+++ b/docs/services/dns-forwarding.rst
@@ -18,91 +18,92 @@ avoid to be tracked by the provider of your upstream DNS server.
.. cfgcmd:: set service dns forwarding system
-Forward incoming DNS queries to the DNS servers configured under the ``system
-name-server`` nodes.
+ Forward incoming DNS queries to the DNS servers configured under the ``system
+ name-server`` nodes.
.. cfgcmd:: set service dns forwarding name-server <address>
-Send all DNS queries to the IPv4/IPv6 DNS server specified under `<address>`.
-You can configure multiple nameservers here.
+ Send all DNS queries to the IPv4/IPv6 DNS server specified under `<address>`.
+ You can configure multiple nameservers here.
.. cfgcmd:: set service dns forwarding domain <domain-name> server <address>
-Forward received queries for a particular domain (specified via `domain-name`)
-to a given name-server. Multiple nameservers can be specified.
+ Forward received queries for a particular domain (specified via `domain-name`)
+ to a given name-server. Multiple nameservers can be specified.
.. note:: This also works for reverse-lookup zones e.g. ``18.172.in-addr.arpa``.
.. cfgcmd:: set service dns forwarding allow-from <network>
-Given the fact that open DNS recursors could be used on DDOS amplification
-attacts, you must configure the networks which are allowed to use this recursor.
-A network of ``0.0.0.0/0`` or ``::/0`` would allow all IPv4 and IPv6 networks
-to query this server. This is on general a bad idea.
+ Given the fact that open DNS recursors could be used on DDOS amplification
+ attacts, you must configure the networks which are allowed to use this
+ recursor. A network of ``0.0.0.0/0`` or ``::/0`` would allow all IPv4 and
+ IPv6 networks to query this server. This is on general a bad idea.
.. cfgcmd:: set service dns forwarding dnssec <off | process-no-validate | process | log-fail | validate>
-The PowerDNS Recursor has 5 different levels of DNSSEC processing, which can
-be set with the dnssec setting. In order from least to most processing, these
-are:
-
-* **off** In this mode, no DNSSEC processing takes place. The recursor will not
- set the DNSSEC OK (DO) bit in the outgoing queries and will ignore the DO and
- AD bits in queries.
-
-* **process-no-validate** In this mode the Recursor acts as a "security aware,
- non-validating" nameserver, meaning it will set the DO-bit on outgoing queries
- and will provide DNSSEC related RRsets (NSEC, RRSIG) to clients that ask for
- them (by means of a DO-bit in the query), except for zones provided through
- the auth-zones setting. It will not do any validation in this mode, not even
- when requested by the client.
-
-* **process** When dnssec is set to process the behaviour is similar to
- process-no-validate. However, the recursor will try to validate the data if
- at least one of the DO or AD bits is set in the query; in that case, it will
- set the AD-bit in the response when the data is validated successfully, or
- send SERVFAIL when the validation comes up bogus.
-
-* **log-fail** In this mode, the recursor will attempt to validate all data it
- retrieves from authoritative servers, regardless of the client's DNSSEC
- desires, and will log the validation result. This mode can be used to
- determine the extra load and amount of possibly bogus answers before turning
- on full-blown validation. Responses to client queries are the same as with
- process.
-
-* **validate** The highest mode of DNSSEC processing. In this mode, all queries
- will be be validated and will be answered with a SERVFAIL in case of bogus
- data, regardless of the client's request.
-
-.. note:: The famous UNIX/Linux ``dig`` tool sets the AD-bit in the query. This
- might lead to unexpected query results when testing. Set ``+noad`` on the
- ``dig`` commandline when this is the case.
-
-.. note:: The ``CD``-bit is honored correctly for process and validate. For
- log-fail, failures will be logged too.
+ The PowerDNS Recursor has 5 different levels of DNSSEC processing, which can
+ be set with the dnssec setting. In order from least to most processing, these
+ are:
+
+ * **off** In this mode, no DNSSEC processing takes place. The recursor will
+ not set the DNSSEC OK (DO) bit in the outgoing queries and will ignore the
+ DO and AD bits in queries.
+
+ * **process-no-validate** In this mode the Recursor acts as a "security
+ aware, non-validating" nameserver, meaning it will set the DO-bit on
+ outgoing queries and will provide DNSSEC related RRsets (NSEC, RRSIG) to
+ clients that ask for them (by means of a DO-bit in the query), except for
+ zones provided through the auth-zones setting. It will not do any
+ validation in this mode, not even when requested by the client.
+
+ * **process** When dnssec is set to process the behaviour is similar to
+ process-no-validate. However, the recursor will try to validate the data
+ if at least one of the DO or AD bits is set in the query; in that case,
+ it will set the AD-bit in the response when the data is validated
+ successfully, or send SERVFAIL when the validation comes up bogus.
+
+ * **log-fail** In this mode, the recursor will attempt to validate all data
+ it retrieves from authoritative servers, regardless of the client's DNSSEC
+ desires, and will log the validation result. This mode can be used to
+ determine the extra load and amount of possibly bogus answers before
+ turning on full-blown validation. Responses to client queries are the same
+ as with process.
+
+ * **validate** The highest mode of DNSSEC processing. In this mode, all
+ queries will be be validated and will be answered with a SERVFAIL in case
+ of bogus data, regardless of the client's request.
+
+ .. note:: The famous UNIX/Linux ``dig`` tool sets the AD-bit in the query.
+ This might lead to unexpected query results when testing. Set ``+noad``
+ on the ``dig`` commandline when this is the case.
+
+ .. note:: The ``CD``-bit is honored correctly for process and validate. For
+ log-fail, failures will be logged too.
.. cfgcmd:: set service dns forwarding ignore-hosts-file
-Do not use local ``/etc/hosts`` file in name resolution. VyOS DHCP server will
-use this file to add resolvers to assigned addresses.
+ Do not use local ``/etc/hosts`` file in name resolution. VyOS DHCP server
+ will use this file to add resolvers to assigned addresses.
.. cfgcmd:: set service dns forwarding max-cache-entries
-Maximum number of DNS cache entries. 1 million per CPU core will generally
-suffice for most installations.
+ Maximum number of DNS cache entries. 1 million per CPU core will generally
+ suffice for most installations.
.. cfgcmd:: set service dns forwarding negative-ttl
-A query for which there is authoritatively no answer is cached to quickly deny
-a record's existence later on, without putting a heavy load on the remote
-server. In practice, caches can become saturated with hundreds of thousands of
-hosts which are tried only once. This setting, which defaults to 3600 seconds,
-puts a maximum on the amount of time negative entries are cached.
+ A query for which there is authoritatively no answer is cached to quickly
+ deny a record's existence later on, without putting a heavy load on the
+ remote server. In practice, caches can become saturated with hundreds of
+ thousands of hosts which are tried only once. This setting, which defaults
+ to 3600 seconds, puts a maximum on the amount of time negative entries are
+ cached.
.. cfgcmd:: set service dns forwarding listen-address
-Local IPv4 or IPv6 addresses to bind to - waiting on this address for incoming
-connections.
+ Local IPv4 or IPv6 addresses to bind to - waiting on this address for
+ incoming connections.
Example
=======
@@ -137,9 +138,9 @@ Operation
.. opcmd:: reset dns forwarding <all | domain>
-Reset local DNS forwarding cache database. You can reset the cache for all
-entries or only for entries to a specific domain.
+ Reset local DNS forwarding cache database. You can reset the cache for all
+ entries or only for entries to a specific domain.
.. opcmd:: restart dns forwarding
-Restart DNS recursor process which also invalidates the cache.
+ Restart DNS recursor process which also invalidates the cache.
diff --git a/docs/services/dynamic-dns.rst b/docs/services/dynamic-dns.rst
index 154f9023..3842c1c4 100644
--- a/docs/services/dynamic-dns.rst
+++ b/docs/services/dynamic-dns.rst
@@ -22,31 +22,33 @@ Configuration
.. cfgcmd:: set service dns dynamic interface <interface> rfc2136 <service-name>
-Create new :rfc:`2136` DNS update configuration which will update the IP address
-assigned to `<interface>` on the service you configured under `<service-name>`.
+ Create new :rfc:`2136` DNS update configuration which will update the IP
+ address assigned to `<interface>` on the service you configured under
+ `<service-name>`.
.. cfgcmd:: set service dns dynamic interface <interface> rfc2136 <service-name> key <keyfile>
-File identified by `<keyfile>` containing the secret RNDC key shared with
-remote DNS server.
+ File identified by `<keyfile>` containing the secret RNDC key shared with
+ remote DNS server.
.. cfgcmd:: set service dns dynamic interface <interface> rfc2136 <service-name> server <server>
-Configure the DNS `<server>` IP/FQDN used when updating this dynamic assignemnt.
+ Configure the DNS `<server>` IP/FQDN used when updating this dynamic
+ assignemnt.
.. cfgcmd:: set service dns dynamic interface <interface> rfc2136 <service-name> zone <zone>
-Configure DNS `<zone>` to be updated.
+ Configure DNS `<zone>` to be updated.
.. cfgcmd:: set service dns dynamic interface <interface> rfc2136 <service-name> record <record>
-Configure DNS `<record>` which should be updated. This can be set multiple
-times.
+ Configure DNS `<record>` which should be updated. This can be set multiple
+ times.
.. cfgcmd:: set service dns dynamic interface <interface> rfc2136 <service-name> ttl <ttl>
-Configure optional TTL value on the given resource record. This defualts to 600
-seconds.
+ Configure optional TTL value on the given resource record. This defualts to
+ 600 seconds.
Example
^^^^^^^
@@ -99,30 +101,30 @@ hostnames, protocol and server.
.. cfgcmd:: set service dns dynamic interface <interface> service <service> host-name <hostname>
-Setup the dynamic DNS hostname `<hostname>` associated with the DynDNS provider
-identified by `<service>` when the IP address on interface `<interface>`
-changes.
+ Setup the dynamic DNS hostname `<hostname>` associated with the DynDNS
+ provider identified by `<service>` when the IP address on interface
+ `<interface>` changes.
.. cfgcmd:: set service dns dynamic interface <interface> service <service> login <username>
-Configure `<username>` used when authenticating the update request for DynDNS
-service identified by `<service>`.
+ Configure `<username>` used when authenticating the update request for
+ DynDNS service identified by `<service>`.
.. cfgcmd:: set service dns dynamic interface <interface> service <service> password <password>
-Configure `<password>` used when authenticating the update request for DynDNS
-service identified by `<service>`.
+ Configure `<password>` used when authenticating the update request for
+ DynDNS service identified by `<service>`.
.. cfgcmd:: set service dns dynamic interface <interface> service <service> protocol <protocol>
-When a ``custom`` DynDNS provider is used the protocol used for communicating to
-the provider must be specified under `<protocol>`. See the embedded completion
-helper for available protocols.
+ When a ``custom`` DynDNS provider is used the protocol used for communicating
+ to the provider must be specified under `<protocol>`. See the embedded
+ completion helper for available protocols.
.. cfgcmd:: set service dns dynamic interface <interface> service <service> server <server>
-When a ``custom`` DynDNS provider is used the `<server>` where update requests
-are beeing sent to must be specified.
+ When a ``custom`` DynDNS provider is used the `<server>` where update
+ requests are beeing sent to must be specified.
Example:
^^^^^^^^
@@ -151,11 +153,11 @@ by:
.. cfgcmd:: set service dns dynamic interface <interface> use-web url <url>
-Use configured `<url>` to determine your IP address. ddclient_ will load `<url>`
-and tries to extract your IP address from the response.
+ Use configured `<url>` to determine your IP address. ddclient_ will load
+ `<url>` and tries to extract your IP address from the response.
.. cfgcmd:: set service dns dynamic interface <interface> use-web skip <pattern>
-ddclient_ will skip any address located before the string set in `<pattern>`.
+ ddclient_ will skip any address located before the string set in `<pattern>`.
.. _ddclient: https://github.com/ddclient/ddclient
diff --git a/docs/services/lldp.rst b/docs/services/lldp.rst
index 05c187b0..c1f39fba 100644
--- a/docs/services/lldp.rst
+++ b/docs/services/lldp.rst
@@ -36,42 +36,41 @@ Configuration
.. cfgcmd:: set service lldp
-Enable LLDP service
+ Enable LLDP service
.. cfgcmd:: set service lldp management-address <address>
-Define IPv4 management address transmitted via LLDP.
+ Define IPv4 management address transmitted via LLDP.
.. cfgcmd:: set service lldp interface <interface>
-Enable transmission of LLDP information on given `<interface>`. You can also
-say ``all`` here so LLDP is turned on on every interface.
+ Enable transmission of LLDP information on given `<interface>`. You can also
+ say ``all`` here so LLDP is turned on on every interface.
.. cfgcmd:: set service lldp interface <interface> disable
-Disable transmit of LLDP frames on given `<interface>`. Useful to exclude
-certain interfaces from LLDP when ``all`` have been enabled.
+ Disable transmit of LLDP frames on given `<interface>`. Useful to exclude
+ certain interfaces from LLDP when ``all`` have been enabled.
.. cfgcmd:: set service lldp snmp enable
-Enable SNMP queries of the LLDP database
-
+ Enable SNMP queries of the LLDP database
.. cfgcmd:: set service lldp legacy-protocols <cdp|edp|fdp|sonmp>
-Enable given legacy protocol on this LLDP instance. Legacy protocols include:
+ Enable given legacy protocol on this LLDP instance. Legacy protocols include:
-* ``cdp`` - Listen for CDP for Cisco routers/switches
-* ``edp`` - Listen for EDP for Extreme routers/switches
-* ``fdp`` - Listen for FDP for Foundry routers/switches
-* ``sonmp`` - Listen for SONMP for Nortel routers/switches
+ * ``cdp`` - Listen for CDP for Cisco routers/switches
+ * ``edp`` - Listen for EDP for Extreme routers/switches
+ * ``fdp`` - Listen for FDP for Foundry routers/switches
+ * ``sonmp`` - Listen for SONMP for Nortel routers/switches
Operation
=========
.. opcmd:: show lldp neighbors
-Displays information about all neighbors discovered via LLDP.
+ Displays information about all neighbors discovered via LLDP.
.. code-block:: none
@@ -85,7 +84,7 @@ Displays information about all neighbors discovered via LLDP.
.. opcmd:: show lldp neighbors detail
-Get detailed information about LLDP neighbors.
+ Get detailed information about LLDP neighbors.
.. code-block:: none
@@ -135,8 +134,8 @@ Get detailed information about LLDP neighbors.
.. opcmd:: show lldp neighbors interface <interface>
-Show LLDP neighbors connected via interface `<interface>`.
+ Show LLDP neighbors connected via interface `<interface>`.
.. opcmd:: show log lldp
-Used for troubleshooting.
+ Used for troubleshooting.