diff options
Diffstat (limited to 'docs/configuration/service/dns.rst')
| -rw-r--r-- | docs/configuration/service/dns.rst | 22 |
1 files changed, 19 insertions, 3 deletions
diff --git a/docs/configuration/service/dns.rst b/docs/configuration/service/dns.rst index aee207a6..5fe408f1 100644 --- a/docs/configuration/service/dns.rst +++ b/docs/configuration/service/dns.rst @@ -21,10 +21,15 @@ avoid being tracked by the provider of your upstream DNS server. Forward incoming DNS queries to the DNS servers configured under the ``system name-server`` nodes. -.. cfgcmd:: set service dns forwarding name-server <address> +.. cfgcmd:: set service dns forwarding dhcp <interface> - Send all DNS queries to the IPv4/IPv6 DNS server specified under `<address>`. - You can configure multiple nameservers here. + Interfaces whose DHCP client nameservers to forward requests to. + +.. cfgcmd:: set service dns forwarding name-server <address> port <port> + + Send all DNS queries to the IPv4/IPv6 DNS server specified under `<address>` + on optional port specified under `<port>`. The port defaults to 53. You can + configure multiple nameservers here. .. cfgcmd:: set service dns forwarding domain <domain-name> server <address> @@ -35,6 +40,15 @@ avoid being tracked by the provider of your upstream DNS server. .. note:: This also works for reverse-lookup zones (``18.172.in-addr.arpa``). +.. cfgcmd:: set service dns forwarding domain <domain-name> addnta + + Add NTA (negative trust anchor) for this domain. This must be set if the + domain does not support DNSSEC. + +.. cfgcmd:: set service dns forwarding domain <domain-name> recursion-desired + + Set the "recursion desired" bit in requests to the upstream nameserver. + .. cfgcmd:: set service dns forwarding allow-from <network> Given the fact that open DNS recursors could be used on DDoS amplification @@ -154,8 +168,10 @@ In this scenario: set service dns forwarding domain example.com server 2001:db8:cafe::1 set service dns forwarding name-server 192.0.2.1 set service dns forwarding name-server 192.0.2.2 + set service dns forwarding name-server 192.0.2.3 port 853 set service dns forwarding name-server 2001:db8::1:ffff set service dns forwarding name-server 2001:db8::2:ffff + set service dns forwarding name-server 2001:db8::3:ffff port 8053 set service dns forwarding listen-address 192.168.1.254 set service dns forwarding listen-address 2001:db8::ffff set service dns forwarding allow-from 192.168.1.0/24 |