summaryrefslogtreecommitdiff
path: root/interface-definitions/dns-forwarding.xml.in
diff options
context:
space:
mode:
Diffstat (limited to 'interface-definitions/dns-forwarding.xml.in')
-rw-r--r--interface-definitions/dns-forwarding.xml.in189
1 files changed, 189 insertions, 0 deletions
diff --git a/interface-definitions/dns-forwarding.xml.in b/interface-definitions/dns-forwarding.xml.in
new file mode 100644
index 000000000..aaf8bb27d
--- /dev/null
+++ b/interface-definitions/dns-forwarding.xml.in
@@ -0,0 +1,189 @@
+<?xml version="1.0"?>
+<!-- DNS forwarder configuration -->
+<interfaceDefinition>
+ <node name="service">
+ <children>
+ <node name="dns">
+ <properties>
+ <help>Domain Name System related services</help>
+ </properties>
+ <children>
+ <node name="forwarding" owner="${vyos_conf_scripts_dir}/dns_forwarding.py">
+ <properties>
+ <help>DNS forwarding</help>
+ <priority>918</priority>
+ </properties>
+ <children>
+ <leafNode name="cache-size">
+ <properties>
+ <help>DNS forwarding cache size</help>
+ <valueHelp>
+ <format>0-10000</format>
+ <description>DNS forwarding cache size</description>
+ </valueHelp>
+ <constraint>
+ <validator name="numeric" argument="--range 0-10000"/>
+ </constraint>
+ </properties>
+ </leafNode>
+ <leafNode name="dhcp">
+ <properties>
+ <help>Interfaces whose DHCP client nameservers to forward requests to</help>
+ <completionHelp>
+ <script>${vyos_completion_dir}/list_interfaces.py</script>
+ </completionHelp>
+ <multi/>
+ </properties>
+ </leafNode>
+ <leafNode name="dnssec">
+ <properties>
+ <help>DNSSEC mode</help>
+ <completionHelp>
+ <list>off process-no-validate process log-fail validate</list>
+ </completionHelp>
+ <valueHelp>
+ <format>off</format>
+ <description>No DNSSEC processing whatsoever!</description>
+ </valueHelp>
+ <valueHelp>
+ <format>process-no-validate</format>
+ <description>Respond with DNSSEC records to clients that ask for it. No validation done at all!</description>
+ </valueHelp>
+ <valueHelp>
+ <format>process</format>
+ <description>Respond with DNSSEC records to clients that ask for it. Validation for clients that request it.</description>
+ </valueHelp>
+ <valueHelp>
+ <format>log-fail</format>
+ <description>Similar behaviour to process, but validate RRSIGs on responses and log bogus responses.</description>
+ </valueHelp>
+ <valueHelp>
+ <format>validate</format>
+ <description>Full blown DNSSEC validation. Send SERVFAIL to clients on bogus responses.</description>
+ </valueHelp>
+ <constraint>
+ <regex>(off|process-no-validate|process|log-fail|validate)</regex>
+ </constraint>
+ </properties>
+ </leafNode>
+ <tagNode name="domain">
+ <properties>
+ <help>Domain to forward to a custom DNS server</help>
+ </properties>
+ <children>
+ <leafNode name="server">
+ <properties>
+ <help>Domain Name Server (DNS) to forward queries to</help>
+ <valueHelp>
+ <format>ipv4</format>
+ <description>Domain Name Server (DNS) IPv4 address</description>
+ </valueHelp>
+ <valueHelp>
+ <format>ipv6</format>
+ <description>Domain Name Server (DNS) IPv6 address</description>
+ </valueHelp>
+ <multi/>
+ <constraint>
+ <validator name="ipv4-address"/>
+ <validator name="ipv6-address"/>
+ </constraint>
+ </properties>
+ </leafNode>
+ <leafNode name="addnta">
+ <properties>
+ <help>Add NTA (negative trust anchor) for this domain (must be set if the domain does not support DNSSEC)</help>
+ <valueless/>
+ </properties>
+ </leafNode>
+ <leafNode name="recursion-desired">
+ <properties>
+ <help>Set the "recursion desired" bit in requests to the upstream nameserver</help>
+ <valueless/>
+ </properties>
+ </leafNode>
+ </children>
+ </tagNode>
+ <leafNode name="ignore-hosts-file">
+ <properties>
+ <help>Do not use local /etc/hosts file in name resolution</help>
+ <valueless/>
+ </properties>
+ </leafNode>
+ <leafNode name="allow-from">
+ <properties>
+ <help>Networks allowed to query this server</help>
+ <valueHelp>
+ <format>ipv4net</format>
+ <description>IP address and prefix length</description>
+ </valueHelp>
+ <valueHelp>
+ <format>ipv6net</format>
+ <description>IPv6 address and prefix length</description>
+ </valueHelp>
+ <multi/>
+ <constraint>
+ <validator name="ip-prefix"/>
+ </constraint>
+ </properties>
+ </leafNode>
+ <leafNode name="listen-address">
+ <properties>
+ <help>Addresses to listen for DNS queries [REQUIRED]</help>
+ <valueHelp>
+ <format>ipv4</format>
+ <description>Domain Name Server (DNS) IPv4 address</description>
+ </valueHelp>
+ <valueHelp>
+ <format>ipv6</format>
+ <description>Domain Name Server (DNS) IPv6 address</description>
+ </valueHelp>
+ <multi/>
+ <constraint>
+ <validator name="ipv4-address"/>
+ <validator name="ipv6-address"/>
+ </constraint>
+ </properties>
+ </leafNode>
+ <leafNode name="negative-ttl">
+ <properties>
+ <help>Maximum amount of time negative entries are cached</help>
+ <valueHelp>
+ <format>0-7200</format>
+ <description>Seconds to cache NXDOMAIN entries</description>
+ </valueHelp>
+ <constraint>
+ <validator name="numeric" argument="--range 0-7200"/>
+ </constraint>
+ </properties>
+ </leafNode>
+ <leafNode name="name-server">
+ <properties>
+ <help>Domain Name Servers (DNS) addresses [OPTIONAL]</help>
+ <valueHelp>
+ <format>ipv4</format>
+ <description>Domain Name Server (DNS) IPv4 address</description>
+ </valueHelp>
+ <valueHelp>
+ <format>ipv6</format>
+ <description>Domain Name Server (DNS) IPv6 address</description>
+ </valueHelp>
+ <multi/>
+ <constraint>
+ <validator name="ipv4-address"/>
+ <validator name="ipv6-address"/>
+ </constraint>
+ </properties>
+ </leafNode>
+ <leafNode name="system">
+ <properties>
+ <help>Use system name servers</help>
+ <valueless/>
+ </properties>
+ </leafNode>
+ </children>
+ </node>
+ </children>
+ </node>
+ </children>
+ </node>
+</interfaceDefinition>