From: Remi Gacogne Date: Wed, 4 May 2022 08:50:31 +0000 (+0200) Subject: dnsdist: Fix formatting issues in the upgrade guide X-Git-Tag: auth-4.8.0-alpha0~108^2 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=refs%2Fpull%2F11603%2Fhead;p=thirdparty%2Fpdns.git dnsdist: Fix formatting issues in the upgrade guide --- diff --git a/pdns/dnsdistdist/docs/upgrade_guide.rst b/pdns/dnsdistdist/docs/upgrade_guide.rst index b03c083cef..e562c7f4e7 100644 --- a/pdns/dnsdistdist/docs/upgrade_guide.rst +++ b/pdns/dnsdistdist/docs/upgrade_guide.rst @@ -29,23 +29,25 @@ The new behaviour can cause a noticeable increase of TCP connections between dns This is especially true for setups with a large number of frontends (:func:`addLocal`, :func:`addTLSLocal`, and :func:`addDNSCryptBind` directives), as 1.6.0 sets the number of TCP workers to the number of TCP-enabled binds (with a minimum of 10), unless that number has been set explicitely via :func:`setMaxTCPClientThreads`. Several actions have been renamed so that almost all actions that allow further processing of rules start with 'Set', to prevent mistakes: -- ``DisableECSAction`` to :func:`SetDisableECSAction` -- ``DisableValidationAction`` to :func:`SetDisableValidationAction` -- ``ECSOverrideAction`` to :func:`SetECSOverrideAction` -- ``ECSPrefixLengthAction`` to :func:`SetECSPrefixLengthAction` -- ``MacAddrAction`` to :func:`SetMacAddrAction` -- ``NoRecurseAction`` to :func:`SetNoRecurseAction` -- ``SkipCacheAction`` to :func:`SetSkipCacheAction` -- ``TagAction`` to :func:`SetTagAction` -- ``TagResponseAction`` to :func:`SetTagResponseAction` -- ``TempFailureCacheTTLAction`` to :func:`SetAdditionalProxyProtocolValueAction` -- ``SetNegativeAndSOAAction`` to :func:`NegativeAndSOAAction` + +* ``DisableECSAction`` to :func:`SetDisableECSAction` +* ``DisableValidationAction`` to :func:`SetDisableValidationAction` +* ``ECSOverrideAction`` to :func:`SetECSOverrideAction` +* ``ECSPrefixLengthAction`` to :func:`SetECSPrefixLengthAction` +* ``MacAddrAction`` to :func:`SetMacAddrAction` +* ``NoRecurseAction`` to :func:`SetNoRecurseAction` +* ``SkipCacheAction`` to :func:`SetSkipCacheAction` +* ``TagAction`` to :func:`SetTagAction` +* ``TagResponseAction`` to :func:`SetTagResponseAction` +* ``TempFailureCacheTTLAction`` to :func:`SetAdditionalProxyProtocolValueAction` +* ``SetNegativeAndSOAAction`` to :func:`NegativeAndSOAAction` Some ambiguous commands have also been renamed to prevent mistakes: -- `topCacheHitResponseRule` to :func:`mvCacheHitResponseRuleToTop` -- `topResponseRule` to :func:`mvResponseRuleToTop` -- `topRule` to :func:`mvRuleToTop` -- `topSelfAnsweredResponseRule` to :func:`mvSelfAnsweredResponseRuleToTop` + +* `topCacheHitResponseRule` to :func:`mvCacheHitResponseRuleToTop` +* `topResponseRule` to :func:`mvResponseRuleToTop` +* `topRule` to :func:`mvRuleToTop` +* `topSelfAnsweredResponseRule` to :func:`mvSelfAnsweredResponseRuleToTop` The use of additional parameters on the :func:`webserver` command has been deprecated in favor of using :func:`setWebserverConfig`. @@ -59,6 +61,8 @@ For example, ``addDOHLocal('2001:db8:1:f00::1', '/etc/ssl/certs/example.com.pem' This change also impacts the HTTP response rules set via :meth:`DOHFrontend:setResponsesMap`, since queries whose paths are not allowed will be discarded before the rules are evaluated. If you want to accept DoH queries on ``/dns-query`` and redirect ``/rfc`` to the DoH RFC, you need to list ``/rfc`` in the list of paths: +.. code-block:: lua + addDOHLocal('2001:db8:1:f00::1', '/etc/ssl/certs/example.com.pem', '/etc/ssl/private/example.com.key', { '/dns-query', '/rfc'}) map = { newDOHResponseMapEntry("^/rfc$", 307, "https://www.rfc-editor.org/info/rfc8484") } dohFE = getDOHFrontend(0)