From 9ca5e9dd89eabda161d974e7359ab2716fe56464 Mon Sep 17 00:00:00 2001 From: Christian Breunig Date: Sat, 6 Jan 2024 20:54:08 +0100 Subject: dns: T5900: add dont-throttle-netmasks and serve-stale-extensions powerdns features --- docs/configuration/service/dns.rst | 25 +++++++++++++++++++------ 1 file changed, 19 insertions(+), 6 deletions(-) (limited to 'docs/configuration/service/dns.rst') diff --git a/docs/configuration/service/dns.rst b/docs/configuration/service/dns.rst index 2caeb22d..7624d309 100644 --- a/docs/configuration/service/dns.rst +++ b/docs/configuration/service/dns.rst @@ -143,6 +143,19 @@ avoid being tracked by the provider of your upstream DNS server. 168.192.in-addr.arpa, 16-31.172.in-addr.arpa, which enabling upstream DNS server(s) to be used for reverse lookups of these zones. +.. cfgcmd:: set service dns forwarding serve-stale-extension <0-65535> + + Maximum number of times an expired record’s TTL is extended by 30s when + serving stale. Extension only occurs if a record cannot be refreshed. A + value of 0 means the Serve Stale mechanism is not used. To allow records + becoming stale to be served for an hour, use a value of 120. + +.. cfgcmd:: set service dns forwarding exclude-throttle-address + + When an authoritative server does not answer a query or sends a reply the + recursor does not like, it is throttled. Any servers matching the supplied + netmasks will never be throttled. + Example ======= @@ -381,12 +394,12 @@ By default, ddclient_ will update a dynamic dns record using the IP address directly attached to the interface. If your VyOS instance is behind NAT, your record will be updated to point to your internal IP. -Above, command syntax isn noted to configure dynamic dns on a specific interface. -It is possible to overlook the additional address option, web, when completeing -those commands. ddclient_ has another way to determine the WAN IP address, using -a web-based url to determine the external IP. Each of the commands above will -need to be modified to use 'web' as the 'interface' specified if this functionality -is to be utilized. +Above, command syntax isn noted to configure dynamic dns on a specific interface. +It is possible to overlook the additional address option, web, when completeing +those commands. ddclient_ has another way to determine the WAN IP address, using +a web-based url to determine the external IP. Each of the commands above will +need to be modified to use 'web' as the 'interface' specified if this functionality +is to be utilized. This functionality is controlled by adding the following configuration: -- cgit v1.2.3 From ce0b62678f791a18dcc58defc209fbe71b868fca Mon Sep 17 00:00:00 2001 From: khramshinr Date: Tue, 30 Jan 2024 21:02:23 +0700 Subject: dns forwarding: T5687: Implement ECS settings for PowerDNS recursor --- docs/configuration/service/dns.rst | 14 ++++++++++++++ 1 file changed, 14 insertions(+) (limited to 'docs/configuration/service/dns.rst') diff --git a/docs/configuration/service/dns.rst b/docs/configuration/service/dns.rst index 7624d309..e430dc73 100644 --- a/docs/configuration/service/dns.rst +++ b/docs/configuration/service/dns.rst @@ -156,6 +156,20 @@ avoid being tracked by the provider of your upstream DNS server. recursor does not like, it is throttled. Any servers matching the supplied netmasks will never be throttled. +.. cfgcmd:: set service dns forwarding options ecs-add-for
+ + The requestor netmask for which the requestor IP Address should be used as the + EDNS Client Subnet for outgoing queries. + +.. cfgcmd:: set service dns forwarding options ecs-ipv4-bits + + Number of bits of client IPv4 address to pass when sending EDNS Client Subnet + address information. + +.. cfgcmd:: set service dns forwarding options edns-subnet-allow-list + + The netmask or domain that EDNS Client Subnet should be enabled for in outgoing queries. + Example ======= -- cgit v1.2.3 From a2b0eec03a0c65ee693c14e523ad0dc23e26c9b3 Mon Sep 17 00:00:00 2001 From: "Ginko (Giggum)" <152240782+Giggum@users.noreply.github.com> Date: Wed, 6 Mar 2024 13:15:26 -0500 Subject: Rewrote Dynamic DNS documentation/examples to align with T5791 (cherry picked from commit 5a6aa7506d74b40db52a2852629898457cb5753f) --- docs/configuration/service/dns.rst | 198 +++++++++++++++++-------------------- 1 file changed, 93 insertions(+), 105 deletions(-) (limited to 'docs/configuration/service/dns.rst') diff --git a/docs/configuration/service/dns.rst b/docs/configuration/service/dns.rst index e430dc73..90bef4f8 100644 --- a/docs/configuration/service/dns.rst +++ b/docs/configuration/service/dns.rst @@ -143,33 +143,6 @@ avoid being tracked by the provider of your upstream DNS server. 168.192.in-addr.arpa, 16-31.172.in-addr.arpa, which enabling upstream DNS server(s) to be used for reverse lookups of these zones. -.. cfgcmd:: set service dns forwarding serve-stale-extension <0-65535> - - Maximum number of times an expired record’s TTL is extended by 30s when - serving stale. Extension only occurs if a record cannot be refreshed. A - value of 0 means the Serve Stale mechanism is not used. To allow records - becoming stale to be served for an hour, use a value of 120. - -.. cfgcmd:: set service dns forwarding exclude-throttle-address - - When an authoritative server does not answer a query or sends a reply the - recursor does not like, it is throttled. Any servers matching the supplied - netmasks will never be throttled. - -.. cfgcmd:: set service dns forwarding options ecs-add-for
- - The requestor netmask for which the requestor IP Address should be used as the - EDNS Client Subnet for outgoing queries. - -.. cfgcmd:: set service dns forwarding options ecs-ipv4-bits - - Number of bits of client IPv4 address to pass when sending EDNS Client Subnet - address information. - -.. cfgcmd:: set service dns forwarding options edns-subnet-allow-list - - The netmask or domain that EDNS Client Subnet should be enabled for in outgoing queries. - Example ======= @@ -231,8 +204,8 @@ this only one purpose. ddclient_ uses two methods to update a DNS record. The first one will send updates directly to the DNS daemon, in compliance with :rfc:`2136`. The second -one involves a third party service, like DynDNS.com or any other similar -website. This method uses HTTP requests to transmit the new IP address. You +one involves a third party service, like DynDNS.com or any other such +service provider. This method uses HTTP requests to transmit the new IP address. You can configure both in VyOS. .. _dns:dynmaic_config: @@ -243,46 +216,43 @@ Configuration :rfc:`2136` Based ----------------- -.. cfgcmd:: set service dns dynamic address rfc2136 +.. cfgcmd:: set service dns dynamic name address interface - Create new :rfc:`2136` DNS update configuration which will update the IP + Create new dynamic DNS update configuration which will update the IP address assigned to `` on the service you configured under ``. -.. cfgcmd:: set service dns dynamic address rfc2136 - key +.. cfgcmd:: set service dns dynamic name description + + Set description `` for dynamic DNS service being configured. + +.. cfgcmd:: set service dns dynamic name key - File identified by `` containing the secret RNDC key shared with - remote DNS server. + File identified by `` containing the TSIG authentication key for RFC2136 + nsupdate on remote DNS server. -.. cfgcmd:: set service dns dynamic address rfc2136 - server +.. cfgcmd:: set service dns dynamic name server Configure the DNS `` IP/FQDN used when updating this dynamic assignment. -.. cfgcmd:: set service dns dynamic address rfc2136 - zone +.. cfgcmd:: set service dns dynamic name zone Configure DNS `` to be updated. -.. cfgcmd:: set service dns dynamic address rfc2136 - record +.. cfgcmd:: set service dns dynamic name host-name - Configure DNS `` which should be updated. This can be set multiple - times. + Configure DNS `` which should be updated. This can be set multiple times.. -.. cfgcmd:: set service dns dynamic address rfc2136 - ttl +.. cfgcmd:: set service dns dynamic name ttl Configure optional TTL value on the given resource record. This defaults to 600 seconds. -.. cfgcmd:: set service dns dynamic timeout <60-3600> +.. cfgcmd:: set service dns dynamic interval <60-3600> - Specify timeout / update interval to check if IP address changed. - - This defaults to 300 seconds. + Specify interval in seconds to wait between Dynamic DNS updates. + The default is 300 seconds. .. _dns:dynmaic_example: @@ -295,32 +265,48 @@ Example .. code-block:: none + # Configuration commands entered: + # + set service dns dynamic name 'VyOS-DNS' address interface 'eth0' + set service dns dynamic name 'VyOS-DNS' description 'RFC 2136 dynamic dns service' + set service dns dynamic name 'VyOS-DNS' key '/config/auth/my.key' + set service dns dynamic name 'VyOS-DNS' server 'ns1.vyos.io' + set service dns dynamic name 'VyOS-DNS' zone 'vyos.io' + set service dns dynamic name 'VyOS-DNS' host-name 'example.vyos.io' + set service dns dynamic name 'VyOS-DNS' protocol 'nsupdate' + set service dns dynamic name 'VyOS-DNS' ttl '300' + + # Resulting config: + # vyos@vyos# show service dns dynamic - interface eth0.7 { - rfc2136 VyOS-DNS { - key /config/auth/my.key - record example.vyos.io - server ns1.vyos.io - ttl 300 - zone vyos.io + name VyOS-DNS { + address { + interface eth0 } + description "RFC 2136 dynamic dns service" + host-name example.vyos.io + key /config/auth/my.key + protocol nsupdate + server ns1.vyos.io + ttl 300 + zone vyos.io } This will render the following ddclient_ configuration entry: .. code-block:: none + # ddclient configuration for interface "eth0": # - # ddclient configuration for interface "eth0.7": - # - use=if, if=eth0.7 - - # RFC2136 dynamic DNS configuration for example.vyos.io.vyos.io - server=ns1.vyos.io - protocol=nsupdate - password=/config/auth/my.key - ttl=300 - zone=vyos.io + + # Web service dynamic DNS configuration for VyOS-DNS: [nsupdate, example.vyos.io] + use=if, \ + if=eth0, \ + protocol=nsupdate, \ + server=ns1.vyos.io, \ + zone=vyos.io, \ + password='/config/auth/my.key', \ + ttl=300 \ example.vyos.io .. note:: You can also keep different DNS zone updated. Just create a new @@ -335,40 +321,43 @@ VyOS is also able to use any service relying on protocols supported by ddclient. To use such a service, one must define a login, password, one or multiple hostnames, protocol and server. -.. cfgcmd:: set service dns dynamic address service - host-name +.. cfgcmd:: set service dns dynamic name address interface + + Create new dynamic DNS update configuration which will update the IP + address assigned to `` on the service you configured under + ``. + +.. cfgcmd:: set service dns dynamic name description + + Set description `` for dynamic DNS service being configured. + +.. cfgcmd:: set service dns dynamic name host-name Setup the dynamic DNS hostname `` associated with the DynDNS - provider identified by `` when the IP address on address - `` changes. + provider identified by ``. -.. cfgcmd:: set service dns dynamic address service - username +.. cfgcmd:: set service dns dynamic name username Configure `` used when authenticating the update request for - DynDNS service identified by ``. - For Namecheap, set the you wish to update. + DynDNS service identified by ``. -.. cfgcmd:: set service dns dynamic address service - password +.. cfgcmd:: set service dns dynamic name password Configure `` used when authenticating the update request for - DynDNS service identified by ``. + DynDNS service identified by ``. -.. cfgcmd:: set service dns dynamic address service - protocol +.. cfgcmd:: set service dns dynamic name protocol - When a ``custom`` DynDNS provider is used the protocol used for communicating + When a ``custom`` DynDNS provider is used, the protocol used for communicating to the provider must be specified under ``. See the embedded - completion helper for available protocols. + completion helper when entering above command for available protocols. -.. cfgcmd:: set service dns dynamic address service - server +.. cfgcmd:: set service dns dynamic name server When a ``custom`` DynDNS provider is used the `` where update requests are being sent to must be specified. -.. cfgcmd:: set service dns dynamic address ipv6-enable +.. cfgcmd:: set service dns dynamic name ip-version 'ipv6' Allow explicit IPv6 address for the interface. @@ -376,14 +365,17 @@ hostnames, protocol and server. Example: ^^^^^^^^ -Use DynDNS as your preferred provider: +Use deSEC (dedyn.io) as your preferred provider: .. code-block:: none - set service dns dynamic address eth0 service dyndns - set service dns dynamic address eth0 service dyndns username my-login - set service dns dynamic address eth0 service dyndns password my-password - set service dns dynamic address eth0 service dyndns host-name my-dyndns-hostname + set service dns dynamic name dedyn description 'deSEC dynamic dns service' + set service dns dynamic name dedyn username 'myusername' + set service dns dynamic name dedyn password 'mypassword' + set service dns dynamic name dedyn host-name 'myhostname.dedyn.io' + set service dns dynamic name dedyn protocol 'dyndns2' + set service dns dynamic name dedyn server 'update.dedyn.io' + set service dns dynamic name dedyn address interface 'eth0' .. note:: Multiple services can be used per interface. Just specify as many services per interface as you like! @@ -393,12 +385,14 @@ Example IPv6 only: .. code-block:: none - set service dns dynamic address eth0 ipv6-enable - set service dns dynamic address eth0 service dyndns6 username my-login - set service dns dynamic address eth0 service dyndns6 password my-password - set service dns dynamic address eth0 service dyndns6 host-name my-dyndns-hostname - set service dns dynamic address eth0 service dyndns6 protocol dyndns2 - set service dns dynamic address eth0 service dyndns6 server dyndns-v6-server + set service dns dynamic name dedyn description 'deSEC ipv6 dynamic dns service' + set service dns dynamic name dedyn username 'myusername' + set service dns dynamic name dedyn password 'mypassword' + set service dns dynamic name dedyn host-name 'myhostname.dedyn.io' + set service dns dynamic name dedyn protocol 'dyndns2' + set service dns dynamic name dedyn ip-version 'ipv6' + set service dns dynamic name dedyn server 'update6.dedyn.io' + set service dns dynamic name dedyn address interface 'eth0' Running Behind NAT @@ -408,21 +402,15 @@ By default, ddclient_ will update a dynamic dns record using the IP address directly attached to the interface. If your VyOS instance is behind NAT, your record will be updated to point to your internal IP. -Above, command syntax isn noted to configure dynamic dns on a specific interface. -It is possible to overlook the additional address option, web, when completeing -those commands. ddclient_ has another way to determine the WAN IP address, using -a web-based url to determine the external IP. Each of the commands above will -need to be modified to use 'web' as the 'interface' specified if this functionality -is to be utilized. - -This functionality is controlled by adding the following configuration: +ddclient_ has another way to determine the WAN IP address. This is controlled +by: -.. cfgcmd:: set service dns dynamic address web web-options url +.. cfgcmd:: set service dns dynamic name address web Use configured `` to determine your IP address. ddclient_ will load `` and tries to extract your IP address from the response. -.. cfgcmd:: set service dns dynamic address web web-options skip +.. cfgcmd:: set service dns dynamic name address web skip ddclient_ will skip any address located before the string set in ``. -- cgit v1.2.3 From d555426ef531128f0fc342e36e84fa8f4b009efc Mon Sep 17 00:00:00 2001 From: "Ginko (Giggum)" <152240782+Giggum@users.noreply.github.com> Date: Wed, 6 Mar 2024 13:51:09 -0500 Subject: Fixed line wrapping for previous PR #1313 (cherry picked from commit 0f413beec13b06fb32ae6b5b339525f69f389127) --- docs/configuration/service/dns.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'docs/configuration/service/dns.rst') diff --git a/docs/configuration/service/dns.rst b/docs/configuration/service/dns.rst index 90bef4f8..c6deb179 100644 --- a/docs/configuration/service/dns.rst +++ b/docs/configuration/service/dns.rst @@ -242,7 +242,7 @@ Configuration .. cfgcmd:: set service dns dynamic name host-name - Configure DNS `` which should be updated. This can be set multiple times.. + Configure DNS `` which should be updated. This can be set multiple times. .. cfgcmd:: set service dns dynamic name ttl -- cgit v1.2.3