diff options
Diffstat (limited to 'interface-definitions/service_dns_forwarding.xml.in')
| -rw-r--r-- | interface-definitions/service_dns_forwarding.xml.in | 703 |
1 files changed, 703 insertions, 0 deletions
diff --git a/interface-definitions/service_dns_forwarding.xml.in b/interface-definitions/service_dns_forwarding.xml.in new file mode 100644 index 000000000..7dce9b548 --- /dev/null +++ b/interface-definitions/service_dns_forwarding.xml.in @@ -0,0 +1,703 @@ +<?xml version="1.0"?> +<!-- DNS forwarder configuration --> +<interfaceDefinition> + <node name="service"> + <children> + <node name="dns"> + <properties> + <help>Domain Name System (DNS) related services</help> + </properties> + <children> + <node name="forwarding" owner="${vyos_conf_scripts_dir}/service_dns_forwarding.py"> + <properties> + <help>DNS forwarding</help> + <priority>918</priority> + </properties> + <children> + <leafNode name="cache-size"> + <properties> + <help>DNS forwarding cache size</help> + <valueHelp> + <format>u32:0-2147483647</format> + <description>DNS forwarding cache size</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-2147483647"/> + </constraint> + </properties> + <defaultValue>10000</defaultValue> + </leafNode> + <leafNode name="dhcp"> + <properties> + <help>Interfaces whose DHCP client nameservers to forward requests to</help> + <completionHelp> + <script>${vyos_completion_dir}/list_interfaces</script> + </completionHelp> + <multi/> + </properties> + </leafNode> + <leafNode name="dns64-prefix"> + <properties> + <help>Help to communicate between IPv6-only client and IPv4-only server</help> + <valueHelp> + <format>ipv6net</format> + <description>IPv6 address and /96 only prefix length</description> + </valueHelp> + <constraint> + <validator name="ipv6-prefix"/> + </constraint> + </properties> + </leafNode> + <leafNode name="dnssec"> + <properties> + <help>DNSSEC mode</help> + <completionHelp> + <list>off process-no-validate process log-fail validate</list> + </completionHelp> + <valueHelp> + <format>off</format> + <description>No DNSSEC processing whatsoever!</description> + </valueHelp> + <valueHelp> + <format>process-no-validate</format> + <description>Respond with DNSSEC records to clients that ask for it. No validation done at all!</description> + </valueHelp> + <valueHelp> + <format>process</format> + <description>Respond with DNSSEC records to clients that ask for it. Validation for clients that request it.</description> + </valueHelp> + <valueHelp> + <format>log-fail</format> + <description>Similar behaviour to process, but validate RRSIGs on responses and log bogus responses.</description> + </valueHelp> + <valueHelp> + <format>validate</format> + <description>Full blown DNSSEC validation. Send SERVFAIL to clients on bogus responses.</description> + </valueHelp> + <constraint> + <regex>(off|process-no-validate|process|log-fail|validate)</regex> + </constraint> + </properties> + <defaultValue>process-no-validate</defaultValue> + </leafNode> + <tagNode name="domain"> + <properties> + <help>Domain to forward to a custom DNS server</help> + <valueHelp> + <format>txt</format> + <description>An absolute DNS domain name</description> + </valueHelp> + <constraint> + <validator name="fqdn"/> + </constraint> + </properties> + <children> + #include <include/name-server-ipv4-ipv6-port.xml.i> + <leafNode name="addnta"> + <properties> + <help>Add NTA (negative trust anchor) for this domain (must be set if the domain does not support DNSSEC)</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="recursion-desired"> + <properties> + <help>Set the "recursion desired" bit in requests to the upstream nameserver</help> + <valueless/> + </properties> + </leafNode> + </children> + </tagNode> + <tagNode name="authoritative-domain"> + <properties> + <help>Domain to host authoritative records for</help> + <valueHelp> + <format>txt</format> + <description>An absolute DNS domain name</description> + </valueHelp> + <constraint> + <validator name="fqdn"/> + </constraint> + </properties> + <children> + <node name="records"> + <properties> + <help>DNS zone records</help> + </properties> + <children> + <tagNode name="a"> + <properties> + <help>A record</help> + <valueHelp> + <format>txt</format> + <description>A DNS name relative to the root record</description> + </valueHelp> + <valueHelp> + <format>@</format> + <description>Root record</description> + </valueHelp> + <valueHelp> + <format>any</format> + <description>Wildcard record (any subdomain)</description> + </valueHelp> + <constraint> + <regex>([-_a-zA-Z0-9.]{1,63}|@|any)(?<!\.)</regex> + </constraint> + </properties> + <children> + <leafNode name="address"> + <properties> + <help>IPv4 address</help> + <valueHelp> + <format>ipv4</format> + <description>IPv4 address</description> + </valueHelp> + <multi/> + <constraint> + <validator name="ipv4-address"/> + </constraint> + </properties> + </leafNode> + #include <include/dns/time-to-live.xml.i> + <leafNode name="ttl"> + <defaultValue>300</defaultValue> + </leafNode> + #include <include/generic-disable-node.xml.i> + </children> + </tagNode> + <tagNode name="aaaa"> + <properties> + <help>AAAA record</help> + <valueHelp> + <format>txt</format> + <description>A DNS name relative to the root record</description> + </valueHelp> + <valueHelp> + <format>@</format> + <description>Root record</description> + </valueHelp> + <valueHelp> + <format>any</format> + <description>Wildcard record (any subdomain)</description> + </valueHelp> + <constraint> + <regex>([-_a-zA-Z0-9.]{1,63}|@|any)(?<!\.)</regex> + </constraint> + </properties> + <children> + <leafNode name="address"> + <properties> + <help>IPv6 address</help> + <valueHelp> + <format>ipv6</format> + <description>IPv6 address</description> + </valueHelp> + <multi/> + <constraint> + <validator name="ipv6-address"/> + </constraint> + </properties> + </leafNode> + #include <include/dns/time-to-live.xml.i> + <leafNode name="ttl"> + <defaultValue>300</defaultValue> + </leafNode> + #include <include/generic-disable-node.xml.i> + </children> + </tagNode> + <tagNode name="cname"> + <properties> + <help>CNAME record</help> + <valueHelp> + <format>txt</format> + <description>A DNS name relative to the root record</description> + </valueHelp> + <valueHelp> + <format>@</format> + <description>Root record</description> + </valueHelp> + <constraint> + <regex>([-_a-zA-Z0-9.]{1,63}|@)(?<!\.)</regex> + </constraint> + </properties> + <children> + <leafNode name="target"> + <properties> + <help>Target DNS name</help> + <valueHelp> + <format>name.example.com</format> + <description>Absolute DNS name</description> + </valueHelp> + <constraint> + <regex>[-_a-zA-Z0-9.]{1,63}(?<!\.)</regex> + </constraint> + </properties> + </leafNode> + #include <include/dns/time-to-live.xml.i> + <leafNode name="ttl"> + <defaultValue>300</defaultValue> + </leafNode> + #include <include/generic-disable-node.xml.i> + </children> + </tagNode> + <tagNode name="mx"> + <properties> + <help>MX record</help> + <valueHelp> + <format>txt</format> + <description>A DNS name relative to the root record</description> + </valueHelp> + <valueHelp> + <format>@</format> + <description>Root record</description> + </valueHelp> + <constraint> + <regex>([-_a-zA-Z0-9.]{1,63}|@)(?<!\.)</regex> + </constraint> + </properties> + <children> + <tagNode name="server"> + <properties> + <help>Mail server</help> + <valueHelp> + <format>name.example.com</format> + <description>Absolute DNS name</description> + </valueHelp> + <constraint> + <regex>[-_a-zA-Z0-9.]{1,63}(?<!\.)</regex> + </constraint> + </properties> + <children> + <leafNode name="priority"> + <properties> + <help>Server priority</help> + <valueHelp> + <format>u32:1-999</format> + <description>Server priority (lower numbers are higher priority)</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-999"/> + </constraint> + </properties> + <defaultValue>10</defaultValue> + </leafNode> + </children> + </tagNode> + #include <include/dns/time-to-live.xml.i> + <leafNode name="ttl"> + <defaultValue>300</defaultValue> + </leafNode> + #include <include/generic-disable-node.xml.i> + </children> + </tagNode> + <tagNode name="ns"> + <properties> + <help>NS record</help> + <valueHelp> + <format>txt</format> + <description>A DNS name relative to the root record</description> + </valueHelp> + <constraint> + <regex>([-_a-zA-Z0-9.]{1,63}|@)(?<!\.)</regex> + </constraint> + </properties> + <children> + <leafNode name="target"> + <properties> + <help>Target DNS server authoritative for subdomain</help> + <valueHelp> + <format>nsXX.example.com</format> + <description>Absolute DNS name</description> + </valueHelp> + <constraint> + <regex>[-_a-zA-Z0-9.]{1,63}(?<!\.)</regex> + </constraint> + </properties> + </leafNode> + #include <include/dns/time-to-live.xml.i> + <leafNode name="ttl"> + <defaultValue>300</defaultValue> + </leafNode> + #include <include/generic-disable-node.xml.i> + </children> + </tagNode> + <tagNode name="ptr"> + <properties> + <help>PTR record</help> + <valueHelp> + <format>txt</format> + <description>A DNS name relative to the root record</description> + </valueHelp> + <valueHelp> + <format>@</format> + <description>Root record</description> + </valueHelp> + <constraint> + <regex>([-_a-zA-Z0-9.]{1,63}|@)(?<!\.)</regex> + </constraint> + </properties> + <children> + <leafNode name="target"> + <properties> + <help>Target DNS name</help> + <valueHelp> + <format>name.example.com</format> + <description>Absolute DNS name</description> + </valueHelp> + <constraint> + <regex>[-_a-zA-Z0-9.]{1,63}(?<!\.)</regex> + </constraint> + </properties> + </leafNode> + #include <include/dns/time-to-live.xml.i> + <leafNode name="ttl"> + <defaultValue>300</defaultValue> + </leafNode> + #include <include/generic-disable-node.xml.i> + </children> + </tagNode> + <tagNode name="txt"> + <properties> + <help>TXT record</help> + <valueHelp> + <format>txt</format> + <description>A DNS name relative to the root record</description> + </valueHelp> + <valueHelp> + <format>@</format> + <description>Root record</description> + </valueHelp> + <constraint> + <regex>([-_a-zA-Z0-9.]{1,63}|@)(?<!\.)</regex> + </constraint> + </properties> + <children> + <leafNode name="value"> + <properties> + <help>Record contents</help> + <valueHelp> + <format>txt</format> + <description>Record contents</description> + </valueHelp> + <multi/> + </properties> + </leafNode> + #include <include/dns/time-to-live.xml.i> + <leafNode name="ttl"> + <defaultValue>300</defaultValue> + </leafNode> + #include <include/generic-disable-node.xml.i> + </children> + </tagNode> + <tagNode name="spf"> + <properties> + <help>SPF record</help> + <valueHelp> + <format>txt</format> + <description>A DNS name relative to the root record</description> + </valueHelp> + <valueHelp> + <format>@</format> + <description>Root record</description> + </valueHelp> + <constraint> + <regex>([-_a-zA-Z0-9.]{1,63}|@)(?<!\.)</regex> + </constraint> + </properties> + <children> + <leafNode name="value"> + <properties> + <help>Record contents</help> + <valueHelp> + <format>txt</format> + <description>Record contents</description> + </valueHelp> + </properties> + </leafNode> + #include <include/dns/time-to-live.xml.i> + <leafNode name="ttl"> + <defaultValue>300</defaultValue> + </leafNode> + #include <include/generic-disable-node.xml.i> + </children> + </tagNode> + <tagNode name="srv"> + <properties> + <help>SRV record</help> + <valueHelp> + <format>txt</format> + <description>A DNS name relative to the root record</description> + </valueHelp> + <valueHelp> + <format>@</format> + <description>Root record</description> + </valueHelp> + <constraint> + <regex>([-_a-zA-Z0-9.]{1,63}|@)(?<!\.)</regex> + </constraint> + </properties> + <children> + <tagNode name="entry"> + <properties> + <help>Service entry</help> + <valueHelp> + <format>u32:0-65535</format> + <description>Entry number</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-65535"/> + </constraint> + </properties> + <children> + <leafNode name="hostname"> + <properties> + <help>Server hostname</help> + <valueHelp> + <format>name.example.com</format> + <description>Absolute DNS name</description> + </valueHelp> + <constraint> + <regex>[-_a-zA-Z0-9.]{1,63}(?<!\.)</regex> + </constraint> + </properties> + </leafNode> + <leafNode name="port"> + <properties> + <help>Port number</help> + <valueHelp> + <format>u32:0-65535</format> + <description>TCP/UDP port number</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-65536"/> + </constraint> + </properties> + </leafNode> + <leafNode name="priority"> + <properties> + <help>Entry priority</help> + <valueHelp> + <format>u32:0-65535</format> + <description>Entry priority (lower numbers are higher priority)</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-65535"/> + </constraint> + </properties> + <defaultValue>10</defaultValue> + </leafNode> + <leafNode name="weight"> + <properties> + <help>Entry weight</help> + <valueHelp> + <format>u32:0-65535</format> + <description>Entry weight</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-65535"/> + </constraint> + </properties> + <defaultValue>0</defaultValue> + </leafNode> + </children> + </tagNode> + #include <include/dns/time-to-live.xml.i> + <leafNode name="ttl"> + <defaultValue>300</defaultValue> + </leafNode> + #include <include/generic-disable-node.xml.i> + </children> + </tagNode> + <tagNode name="naptr"> + <properties> + <help>NAPTR record</help> + <valueHelp> + <format>txt</format> + <description>A DNS name relative to the root record</description> + </valueHelp> + <valueHelp> + <format>@</format> + <description>Root record</description> + </valueHelp> + <constraint> + <regex>([-_a-zA-Z0-9.]{1,63}|@)(?<!\.)</regex> + </constraint> + </properties> + <children> + <tagNode name="rule"> + <properties> + <help>NAPTR rule</help> + <valueHelp> + <format>u32:0-65535</format> + <description>Rule number</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-65535"/> + </constraint> + </properties> + <children> + <leafNode name="order"> + <properties> + <help>Rule order</help> + <valueHelp> + <format>u32:0-65535</format> + <description>Rule order (lower order is evaluated first)</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-65535"/> + </constraint> + </properties> + </leafNode> + <leafNode name="preference"> + <properties> + <help>Rule preference</help> + <valueHelp> + <format>u32:0-65535</format> + <description>Rule preference</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-65535"/> + </constraint> + </properties> + <defaultValue>0</defaultValue> + </leafNode> + <leafNode name="lookup-srv"> + <properties> + <help>S flag</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="lookup-a"> + <properties> + <help>A flag</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="resolve-uri"> + <properties> + <help>U flag</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="protocol-specific"> + <properties> + <help>P flag</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="service"> + <properties> + <help>Service type</help> + <constraint> + <regex>[a-zA-Z][a-zA-Z0-9]{0,31}(\+[a-zA-Z][a-zA-Z0-9]{0,31})?</regex> + </constraint> + </properties> + </leafNode> + <leafNode name="regexp"> + <properties> + <help>Regular expression</help> + </properties> + </leafNode> + <leafNode name="replacement"> + <properties> + <help>Replacement DNS name</help> + <valueHelp> + <format>name.example.com</format> + <description>Absolute DNS name</description> + </valueHelp> + <constraint> + <regex>[-_a-zA-Z0-9.]{1,63}(?<!\.)</regex> + </constraint> + </properties> + </leafNode> + </children> + </tagNode> + #include <include/dns/time-to-live.xml.i> + <leafNode name="ttl"> + <defaultValue>300</defaultValue> + </leafNode> + #include <include/generic-disable-node.xml.i> + </children> + </tagNode> + </children> + </node> + #include <include/generic-disable-node.xml.i> + </children> + </tagNode> + <leafNode name="ignore-hosts-file"> + <properties> + <help>Do not use local /etc/hosts file in name resolution</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="no-serve-rfc1918"> + <properties> + <help>Makes the server authoritatively not aware of RFC1918 addresses</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="allow-from"> + <properties> + <help>Networks allowed to query this server</help> + <valueHelp> + <format>ipv4net</format> + <description>IP address and prefix length</description> + </valueHelp> + <valueHelp> + <format>ipv6net</format> + <description>IPv6 address and prefix length</description> + </valueHelp> + <multi/> + <constraint> + <validator name="ip-prefix"/> + </constraint> + </properties> + </leafNode> + #include <include/listen-address.xml.i> + #include <include/port-number.xml.i> + <leafNode name="port"> + <defaultValue>53</defaultValue> + </leafNode> + <leafNode name="negative-ttl"> + <properties> + <help>Maximum amount of time negative entries are cached</help> + <valueHelp> + <format>u32:0-7200</format> + <description>Seconds to cache NXDOMAIN entries</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-7200"/> + </constraint> + </properties> + <defaultValue>3600</defaultValue> + </leafNode> + <leafNode name="timeout"> + <properties> + <help>Number of milliseconds to wait for a remote authoritative server to respond</help> + <valueHelp> + <format>u32:10-60000</format> + <description>Network timeout in milliseconds</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 10-60000"/> + </constraint> + </properties> + <defaultValue>1500</defaultValue> + </leafNode> + #include <include/name-server-ipv4-ipv6-port.xml.i> + #include <include/source-address-ipv4-ipv6-multi.xml.i> + <leafNode name="source-address"> + <defaultValue>0.0.0.0 ::</defaultValue> + </leafNode> + <leafNode name="system"> + <properties> + <help>Use system name servers</help> + <valueless/> + </properties> + </leafNode> + </children> + </node> + </children> + </node> + </children> + </node> +</interfaceDefinition> |