summaryrefslogtreecommitdiff
path: root/src/conf_mode/dns_forwarding.py
AgeCommit message (Collapse)Author
2020-04-06util: T2226: covert most calls from os.system to utilThomas Mangin
As little change a possible but the function call The behaviour should be totally unchanged.
2020-04-05dns-forwarding: T2230: move inlined templates to dedicated filesChristian Poessinger
2019-08-26T1598: make dns_forwarding.py retrieve name servers from vyos-hostsd.Daniil Baturin
2019-08-20powerdns: T1595: remove 'listen-on' CLI optionChristian Poessinger
2019-08-20powerdns: T1524: support setting allow-from networkChristian Poessinger
Netmasks (both IPv4 and IPv6) that are allowed to use the server. The default allows access only from RFC 1918 private IP addresses. Due to the aggressive nature of the internet these days, it is highly recommended to not open up the recursor for the entire internet. Questions from IP addresses not listed here are ignored and do not get an answer. https://docs.powerdns.com/recursor/settings.html#allow-from Imagine an ISP network with non RFC1918 IP adresses - they can't make use of PowerDNS recursor. As of now VyOS hat allow-from set to 0.0.0.0/0 and ::/0 which created an open resolver. If there is no allow-from statement a config-migrator will add the appropriate nodes to the configuration, resulting in: service { dns { forwarding { allow-from 0.0.0.0/0 allow-from ::/0 cache-size 0 ignore-hosts-file listen-address 192.0.2.1 } } }
2019-07-14[dns-forwarding] T1333: handle domain forward and general recursion in one ↵Christian Poessinger
configuration line In the past we used the PowerDNS cofniguration option forward-zones and forward-zones-recurse, but only the latter one sets the recursion bit in the DNS query. Thus all recursions have been moved to this config statement.
2019-07-03Merge pull request #78 from qiuchengxuan/currentChristian Poessinger
[pdns-recursor] T1469 - specified dns forwarding not work
2019-07-03T1504: wait for commit lock before trying to update resolv.conf in the out ↵Daniil Baturin
of CLI mode.
2019-06-25[pdns-recursor] T1469 - specified dns forwarding not workqiuchengxuan
when conflict exists between forward-zone-recurse entry, the lower one hides the upper one, which leads to inactive dns forwarding configuration
2019-06-22[pdns-recursor] T1469 - replace forward-zones with forward-zones-recurse (#75)qiuchengxuan
forward-zones-recurse behaves identically to dnsmasq server option in legacy vyos 1.1.8, while forward-zones option disallow recursive name resolving, which leads to dns lookup failure
2019-06-04T1379: Deprecated functions in /sbin/dhclient-scriptKim Hagen
2019-01-12T1041: make upstream DNS server optionalChristian Poessinger
The name-server option under "service dns-forwarding" was never mandatory so users never needed to specify an upstream server. With the recent switch to PowerDNS recursor in VyOS 1.2.0 we will act as a full DNS recursor when there is no upstream DNS server configured.
2018-11-08T978: Support PowerDNS Recursor outbound queries over IPv6.Geoff Adams
This requires adding a query-local-address6 setting to enable outbound IPv6 queries in general, and also formatting upstream nameserver IPv6 addresses in such a way that Recursor can parse them.
2018-11-08T974: bugfix dns forwarder not listening on IPv6 addressesChristian Poessinger
By default PowerDNS only allows 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16 for incoming DNS queries - we changed this to 0.0.0.0/0 to be reachable by everyone. This only covered the IPv4 address space and any IPv6 related query was not handled by the server.
2018-08-02T754: add DNSSEC to DNS forwardermb300sd
2018-05-29dns_forwarding.py: use a more fancy jinja2 syntax for delimitersChristian Poessinger
2018-05-29T664: DNS forwarder config broken with more than 2 zonesChristian Poessinger
2018-05-24T128: make nonexistent listen-on interface in DNS forwarding a warning ↵Daniil Baturin
rather than an error.
2018-05-23Use normal assignment by key instead of setdefault() everywhere.Daniil Baturin
The setdefault() dict object method updates the value only if it's not already set, so it's useless for what we want to do, despite its deceptive name.
2018-05-21T588: Configurable Negative TTL caching in forwarderChristian Poessinger
2018-05-20T560: enable non-local bind in the defaults, add 'listen-address' option, ↵Daniil Baturin
and add a deprecation warning for the listen-on option.
2018-05-16conf_mode: remove generation time from config header and adjust scriptnameChristian Poessinger
2018-05-16T644: remove prefixing from all scripts and update environment variables ↵Daniil Baturin
with VyOS paths.