From 2923800d7d6f2e37e1f472fdd0e341c444c308b4 Mon Sep 17 00:00:00 2001 From: rebortg Date: Mon, 30 Jan 2023 15:27:41 +0100 Subject: dns: sync branches --- docs/configuration/service/dns.rst | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/docs/configuration/service/dns.rst b/docs/configuration/service/dns.rst index aee207a6..4315b6dc 100644 --- a/docs/configuration/service/dns.rst +++ b/docs/configuration/service/dns.rst @@ -21,6 +21,10 @@ avoid being tracked by the provider of your upstream DNS server. Forward incoming DNS queries to the DNS servers configured under the ``system name-server`` nodes. +.. cfgcmd:: set service dns forwarding dhcp + + Interfaces whose DHCP client nameservers to forward requests to. + .. cfgcmd:: set service dns forwarding name-server
Send all DNS queries to the IPv4/IPv6 DNS server specified under `
`. @@ -35,6 +39,15 @@ avoid being tracked by the provider of your upstream DNS server. .. note:: This also works for reverse-lookup zones (``18.172.in-addr.arpa``). +.. cfgcmd:: set service dns forwarding domain addnta + + Add NTA (negative trust anchor) for this domain. This must be set if the + domain does not support DNSSEC. + +.. cfgcmd:: set service dns forwarding domain recursion-desired + + Set the "recursion desired" bit in requests to the upstream nameserver. + .. cfgcmd:: set service dns forwarding allow-from Given the fact that open DNS recursors could be used on DDoS amplification -- cgit v1.2.3