summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorTom Herbers <mail@tomherbers.de>2022-10-08 14:43:52 +0200
committerVladimír Čunát <vladimir.cunat@nic.cz>2022-10-14 13:56:28 +0200
commit75e5f6725c9505fb871fe8bc73a62142a42db8e0 (patch)
treeb58db8247f7f62a09fd469271e345a960dae159c
parentMerge !1352: ci nixos-unstable:pkgbuild: fixup recent regression (diff)
downloadknot-resolver-75e5f6725c9505fb871fe8bc73a62142a42db8e0.tar.xz
knot-resolver-75e5f6725c9505fb871fe8bc73a62142a42db8e0.zip
modules/dns64: add recommendation to also disable DNS64 via IPv4
It's resonable to assume that people would also want to disable DNS64 for IPv4 source addresses if they only enable it for some IPv6 sources. Close https://github.com/CZ-NIC/knot-resolver/pull/83
Diffstat
-rw-r--r--modules/dns64/README.rst5
1 files changed, 4 insertions, 1 deletions
diff --git a/modules/dns64/README.rst b/modules/dns64/README.rst
index 07908c80..04d2427f 100644
--- a/modules/dns64/README.rst
+++ b/modules/dns64/README.rst
@@ -52,8 +52,11 @@ you can set ``DNS64_DISABLE`` flag via the :ref:`view module <mod-view>`.
.. code-block:: lua
modules = { 'dns64', 'view' }
- -- Disable dns64 for everyone, but re-enable it for two particular subnets.
+ -- disable dns64 for all IPv4 source addresses
+ view:addr('0.0.0.0/0', policy.all(policy.FLAGS('DNS64_DISABLE')))
+ -- disable dns64 for all IPv6 source addresses
view:addr('::/0', policy.all(policy.FLAGS('DNS64_DISABLE')))
+ -- re-enable dns64 for two IPv6 subnets
view:addr('2001:db8:11::/48', policy.all(policy.FLAGS(nil, 'DNS64_DISABLE')))
view:addr('2001:db8:93::/48', policy.all(policy.FLAGS(nil, 'DNS64_DISABLE')))
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-19 13:34:44 +0100