diff options
| author | Indrajit Raychaudhuri <irc@indrajit.com> | 2023-03-25 18:51:34 -0500 |
|---|---|---|
| committer | Indrajit Raychaudhuri <irc@indrajit.com> | 2023-03-27 01:42:38 -0500 |
| commit | c6494f12f92746cc4603fceca6b1a22fed010b93 (patch) | |
| tree | 030b60d9e082e0c6875f0166a11095fad0a8456a /interface-definitions/include | |
| parent | 8f1e8d720d63dffa2b5a3413c8827c9ad176f2ac (diff) | |
| download | vyos-1x-c6494f12f92746cc4603fceca6b1a22fed010b93.tar.gz vyos-1x-c6494f12f92746cc4603fceca6b1a22fed010b93.zip | |
dns: T5113: Support custom port for name-server forwarders
Support custom port for name-server forwarders that would allow using
custom ports in name server forwarders to enable forwarding to
alternative name servers (unbound, stubby, dnscrypt-proxy etc.)
operating on non-default port.
This would also allow using DNS Over TLS in PowerDNS Recursor 4.6 onwards
(pdns doesn't support certificate check for validity yet) by enabling
'dot-to-port-853'. This is set by default if compiled in with DoT support.
See: https://doc.powerdns.com/recursor/settings.html#dot-to-port-853
This also partially implements T921, T2195 (DoT without certificate check).
Implementation details:
- In 'dns/forwarding' configuration, 'name-server' now allows optional
'port' (defaults to 53).
- Instead of modifying 'name-server-ipv4-ipv6.xml.i' to add optional
'port', a new file 'name-server-ipv4-ipv6-port.xml.i' has been used
to avoid impacting other places where it is reused because not all of
them honor ports (mostly VPN related).
- The `host:port` entries to be used by PowerDNS recursor config are
normalized eagerly at the point of loading VyOS `Config` instead of
doing them lazily while rendering the Jinja2 template to keep the
implementation less intrusive. The alternative would entail making
quite a bit of change in how 'vyos-hostsd' processes 'static'
'name_servers' entries or persists their runtime states.
Diffstat (limited to 'interface-definitions/include')
| -rw-r--r-- | interface-definitions/include/name-server-ipv4-ipv6-port.xml.i | 25 |
1 files changed, 25 insertions, 0 deletions
diff --git a/interface-definitions/include/name-server-ipv4-ipv6-port.xml.i b/interface-definitions/include/name-server-ipv4-ipv6-port.xml.i new file mode 100644 index 000000000..cf86e66a2 --- /dev/null +++ b/interface-definitions/include/name-server-ipv4-ipv6-port.xml.i @@ -0,0 +1,25 @@ +<!-- include start from name-server-ipv4-ipv6-port.xml.i --> +<tagNode name="name-server"> + <properties> + <help>Domain Name Servers (DNS) addresses</help> + <valueHelp> + <format>ipv4</format> + <description>Domain Name Server (DNS) IPv4 address</description> + </valueHelp> + <valueHelp> + <format>ipv6</format> + <description>Domain Name Server (DNS) IPv6 address</description> + </valueHelp> + <constraint> + <validator name="ipv4-address"/> + <validator name="ipv6-address"/> + </constraint> + </properties> + <children> + #include <include/port-number.xml.i> + <leafNode name="port"> + <defaultValue>53</defaultValue> + </leafNode> + </children> +</tagNode> +<!-- include end --> |