From c9eaafd9f808aba8d29be73054e11d37577e539a Mon Sep 17 00:00:00 2001 From: Christian Breunig Date: Sat, 30 Dec 2023 23:25:20 +0100 Subject: T5474: establish common file name pattern for XML conf mode commands We will use _ as CLI level divider. The XML definition filename and also the Python helper should match the CLI node. Example: set interfaces ethernet -> interfaces_ethernet.xml.in set interfaces bond -> interfaces_bond.xml.in set service dhcp-server -> service_dhcp-server-xml.in (cherry picked from commit 4ef110fd2c501b718344c72d495ad7e16d2bd465) --- .../service_dns_forwarding.xml.in | 703 +++++++++++++++++++++ 1 file changed, 703 insertions(+) create mode 100644 interface-definitions/service_dns_forwarding.xml.in (limited to 'interface-definitions/service_dns_forwarding.xml.in') diff --git a/interface-definitions/service_dns_forwarding.xml.in b/interface-definitions/service_dns_forwarding.xml.in new file mode 100644 index 000000000..7dce9b548 --- /dev/null +++ b/interface-definitions/service_dns_forwarding.xml.in @@ -0,0 +1,703 @@ + + + + + + + + Domain Name System (DNS) related services + + + + + DNS forwarding + 918 + + + + + DNS forwarding cache size + + u32:0-2147483647 + DNS forwarding cache size + + + + + + 10000 + + + + Interfaces whose DHCP client nameservers to forward requests to + + + + + + + + + Help to communicate between IPv6-only client and IPv4-only server + + ipv6net + IPv6 address and /96 only prefix length + + + + + + + + + DNSSEC mode + + off process-no-validate process log-fail validate + + + off + No DNSSEC processing whatsoever! + + + process-no-validate + Respond with DNSSEC records to clients that ask for it. No validation done at all! + + + process + Respond with DNSSEC records to clients that ask for it. Validation for clients that request it. + + + log-fail + Similar behaviour to process, but validate RRSIGs on responses and log bogus responses. + + + validate + Full blown DNSSEC validation. Send SERVFAIL to clients on bogus responses. + + + (off|process-no-validate|process|log-fail|validate) + + + process-no-validate + + + + Domain to forward to a custom DNS server + + txt + An absolute DNS domain name + + + + + + + #include + + + Add NTA (negative trust anchor) for this domain (must be set if the domain does not support DNSSEC) + + + + + + Set the "recursion desired" bit in requests to the upstream nameserver + + + + + + + + Domain to host authoritative records for + + txt + An absolute DNS domain name + + + + + + + + + DNS zone records + + + + + A record + + txt + A DNS name relative to the root record + + + @ + Root record + + + any + Wildcard record (any subdomain) + + + ([-_a-zA-Z0-9.]{1,63}|@|any)(?<!\.) + + + + + + IPv4 address + + ipv4 + IPv4 address + + + + + + + + #include + + 300 + + #include + + + + + AAAA record + + txt + A DNS name relative to the root record + + + @ + Root record + + + any + Wildcard record (any subdomain) + + + ([-_a-zA-Z0-9.]{1,63}|@|any)(?<!\.) + + + + + + IPv6 address + + ipv6 + IPv6 address + + + + + + + + #include + + 300 + + #include + + + + + CNAME record + + txt + A DNS name relative to the root record + + + @ + Root record + + + ([-_a-zA-Z0-9.]{1,63}|@)(?<!\.) + + + + + + Target DNS name + + name.example.com + Absolute DNS name + + + [-_a-zA-Z0-9.]{1,63}(?<!\.) + + + + #include + + 300 + + #include + + + + + MX record + + txt + A DNS name relative to the root record + + + @ + Root record + + + ([-_a-zA-Z0-9.]{1,63}|@)(?<!\.) + + + + + + Mail server + + name.example.com + Absolute DNS name + + + [-_a-zA-Z0-9.]{1,63}(?<!\.) + + + + + + Server priority + + u32:1-999 + Server priority (lower numbers are higher priority) + + + + + + 10 + + + + #include + + 300 + + #include + + + + + NS record + + txt + A DNS name relative to the root record + + + ([-_a-zA-Z0-9.]{1,63}|@)(?<!\.) + + + + + + Target DNS server authoritative for subdomain + + nsXX.example.com + Absolute DNS name + + + [-_a-zA-Z0-9.]{1,63}(?<!\.) + + + + #include + + 300 + + #include + + + + + PTR record + + txt + A DNS name relative to the root record + + + @ + Root record + + + ([-_a-zA-Z0-9.]{1,63}|@)(?<!\.) + + + + + + Target DNS name + + name.example.com + Absolute DNS name + + + [-_a-zA-Z0-9.]{1,63}(?<!\.) + + + + #include + + 300 + + #include + + + + + TXT record + + txt + A DNS name relative to the root record + + + @ + Root record + + + ([-_a-zA-Z0-9.]{1,63}|@)(?<!\.) + + + + + + Record contents + + txt + Record contents + + + + + #include + + 300 + + #include + + + + + SPF record + + txt + A DNS name relative to the root record + + + @ + Root record + + + ([-_a-zA-Z0-9.]{1,63}|@)(?<!\.) + + + + + + Record contents + + txt + Record contents + + + + #include + + 300 + + #include + + + + + SRV record + + txt + A DNS name relative to the root record + + + @ + Root record + + + ([-_a-zA-Z0-9.]{1,63}|@)(?<!\.) + + + + + + Service entry + + u32:0-65535 + Entry number + + + + + + + + + Server hostname + + name.example.com + Absolute DNS name + + + [-_a-zA-Z0-9.]{1,63}(?<!\.) + + + + + + Port number + + u32:0-65535 + TCP/UDP port number + + + + + + + + + Entry priority + + u32:0-65535 + Entry priority (lower numbers are higher priority) + + + + + + 10 + + + + Entry weight + + u32:0-65535 + Entry weight + + + + + + 0 + + + + #include + + 300 + + #include + + + + + NAPTR record + + txt + A DNS name relative to the root record + + + @ + Root record + + + ([-_a-zA-Z0-9.]{1,63}|@)(?<!\.) + + + + + + NAPTR rule + + u32:0-65535 + Rule number + + + + + + + + + Rule order + + u32:0-65535 + Rule order (lower order is evaluated first) + + + + + + + + + Rule preference + + u32:0-65535 + Rule preference + + + + + + 0 + + + + S flag + + + + + + A flag + + + + + + U flag + + + + + + P flag + + + + + + Service type + + [a-zA-Z][a-zA-Z0-9]{0,31}(\+[a-zA-Z][a-zA-Z0-9]{0,31})? + + + + + + Regular expression + + + + + Replacement DNS name + + name.example.com + Absolute DNS name + + + [-_a-zA-Z0-9.]{1,63}(?<!\.) + + + + + + #include + + 300 + + #include + + + + + #include + + + + + Do not use local /etc/hosts file in name resolution + + + + + + Makes the server authoritatively not aware of RFC1918 addresses + + + + + + Networks allowed to query this server + + ipv4net + IP address and prefix length + + + ipv6net + IPv6 address and prefix length + + + + + + + + #include + #include + + 53 + + + + Maximum amount of time negative entries are cached + + u32:0-7200 + Seconds to cache NXDOMAIN entries + + + + + + 3600 + + + + Number of milliseconds to wait for a remote authoritative server to respond + + u32:10-60000 + Network timeout in milliseconds + + + + + + 1500 + + #include + #include + + 0.0.0.0 :: + + + + Use system name servers + + + + + + + + + + -- cgit v1.2.3