diff options
Diffstat (limited to 'interface-definitions/dns-forwarding.xml.in')
-rw-r--r-- | interface-definitions/dns-forwarding.xml.in | 189 |
1 files changed, 189 insertions, 0 deletions
diff --git a/interface-definitions/dns-forwarding.xml.in b/interface-definitions/dns-forwarding.xml.in new file mode 100644 index 000000000..aaf8bb27d --- /dev/null +++ b/interface-definitions/dns-forwarding.xml.in @@ -0,0 +1,189 @@ +<?xml version="1.0"?> +<!-- DNS forwarder configuration --> +<interfaceDefinition> + <node name="service"> + <children> + <node name="dns"> + <properties> + <help>Domain Name System related services</help> + </properties> + <children> + <node name="forwarding" owner="${vyos_conf_scripts_dir}/dns_forwarding.py"> + <properties> + <help>DNS forwarding</help> + <priority>918</priority> + </properties> + <children> + <leafNode name="cache-size"> + <properties> + <help>DNS forwarding cache size</help> + <valueHelp> + <format>0-10000</format> + <description>DNS forwarding cache size</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-10000"/> + </constraint> + </properties> + </leafNode> + <leafNode name="dhcp"> + <properties> + <help>Interfaces whose DHCP client nameservers to forward requests to</help> + <completionHelp> + <script>${vyos_completion_dir}/list_interfaces.py</script> + </completionHelp> + <multi/> + </properties> + </leafNode> + <leafNode name="dnssec"> + <properties> + <help>DNSSEC mode</help> + <completionHelp> + <list>off process-no-validate process log-fail validate</list> + </completionHelp> + <valueHelp> + <format>off</format> + <description>No DNSSEC processing whatsoever!</description> + </valueHelp> + <valueHelp> + <format>process-no-validate</format> + <description>Respond with DNSSEC records to clients that ask for it. No validation done at all!</description> + </valueHelp> + <valueHelp> + <format>process</format> + <description>Respond with DNSSEC records to clients that ask for it. Validation for clients that request it.</description> + </valueHelp> + <valueHelp> + <format>log-fail</format> + <description>Similar behaviour to process, but validate RRSIGs on responses and log bogus responses.</description> + </valueHelp> + <valueHelp> + <format>validate</format> + <description>Full blown DNSSEC validation. Send SERVFAIL to clients on bogus responses.</description> + </valueHelp> + <constraint> + <regex>(off|process-no-validate|process|log-fail|validate)</regex> + </constraint> + </properties> + </leafNode> + <tagNode name="domain"> + <properties> + <help>Domain to forward to a custom DNS server</help> + </properties> + <children> + <leafNode name="server"> + <properties> + <help>Domain Name Server (DNS) to forward queries to</help> + <valueHelp> + <format>ipv4</format> + <description>Domain Name Server (DNS) IPv4 address</description> + </valueHelp> + <valueHelp> + <format>ipv6</format> + <description>Domain Name Server (DNS) IPv6 address</description> + </valueHelp> + <multi/> + <constraint> + <validator name="ipv4-address"/> + <validator name="ipv6-address"/> + </constraint> + </properties> + </leafNode> + <leafNode name="addnta"> + <properties> + <help>Add NTA (negative trust anchor) for this domain (must be set if the domain does not support DNSSEC)</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="recursion-desired"> + <properties> + <help>Set the "recursion desired" bit in requests to the upstream nameserver</help> + <valueless/> + </properties> + </leafNode> + </children> + </tagNode> + <leafNode name="ignore-hosts-file"> + <properties> + <help>Do not use local /etc/hosts file in name resolution</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="allow-from"> + <properties> + <help>Networks allowed to query this server</help> + <valueHelp> + <format>ipv4net</format> + <description>IP address and prefix length</description> + </valueHelp> + <valueHelp> + <format>ipv6net</format> + <description>IPv6 address and prefix length</description> + </valueHelp> + <multi/> + <constraint> + <validator name="ip-prefix"/> + </constraint> + </properties> + </leafNode> + <leafNode name="listen-address"> + <properties> + <help>Addresses to listen for DNS queries [REQUIRED]</help> + <valueHelp> + <format>ipv4</format> + <description>Domain Name Server (DNS) IPv4 address</description> + </valueHelp> + <valueHelp> + <format>ipv6</format> + <description>Domain Name Server (DNS) IPv6 address</description> + </valueHelp> + <multi/> + <constraint> + <validator name="ipv4-address"/> + <validator name="ipv6-address"/> + </constraint> + </properties> + </leafNode> + <leafNode name="negative-ttl"> + <properties> + <help>Maximum amount of time negative entries are cached</help> + <valueHelp> + <format>0-7200</format> + <description>Seconds to cache NXDOMAIN entries</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-7200"/> + </constraint> + </properties> + </leafNode> + <leafNode name="name-server"> + <properties> + <help>Domain Name Servers (DNS) addresses [OPTIONAL]</help> + <valueHelp> + <format>ipv4</format> + <description>Domain Name Server (DNS) IPv4 address</description> + </valueHelp> + <valueHelp> + <format>ipv6</format> + <description>Domain Name Server (DNS) IPv6 address</description> + </valueHelp> + <multi/> + <constraint> + <validator name="ipv4-address"/> + <validator name="ipv6-address"/> + </constraint> + </properties> + </leafNode> + <leafNode name="system"> + <properties> + <help>Use system name servers</help> + <valueless/> + </properties> + </leafNode> + </children> + </node> + </children> + </node> + </children> + </node> +</interfaceDefinition> |