From: Pieter Lexis Date: Mon, 1 Dec 2014 19:40:11 +0000 (+0100) Subject: Use documentation subnets for examples X-Git-Tag: rec-3.7.0-rc1~149^2~4^2 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=refs%2Fpull%2F1902%2Fhead;p=thirdparty%2Fpdns.git Use documentation subnets for examples Also, change some use of doamin names to example.{com,net,org} --- diff --git a/modules/lmdbbackend/lmdb-example.pl b/modules/lmdbbackend/lmdb-example.pl index 15563bce47..2f96cd0040 100644 --- a/modules/lmdbbackend/lmdb-example.pl +++ b/modules/lmdbbackend/lmdb-example.pl @@ -30,9 +30,9 @@ my @entries = ( # host type data [ $zone, 'NS', "ns.$zone" ], # MX/SRV put priority data - [ $zone, 'MX', "10 mail.hotmail.com" ], + [ $zone, 'MX', "10 mail.example.com" ], # No SOA records - [ "test.$zone", 'A', '1.2.3.4' ], + [ "test.$zone", 'A', '192.0.2.66' ], [ "text.$zone", 'TXT', "test\n123" ], [ "longtext.$zone", 'TXT', "A" x 550 ], diff --git a/pdns/docs/markdown/authoritative/backend-generic-mypgsql.md b/pdns/docs/markdown/authoritative/backend-generic-mypgsql.md index ee47877186..37a8651127 100644 --- a/pdns/docs/markdown/authoritative/backend-generic-mypgsql.md +++ b/pdns/docs/markdown/authoritative/backend-generic-mypgsql.md @@ -292,10 +292,10 @@ insert into domains (name,type) values ('powerdns.com','NATIVE'); The records table can now be filled by with the domain\_id set to the id of the domains table row just inserted. ## Slave operation -These backends are fully slave capable. To become a slave of the 'powerdns.com' domain, execute this: +These backends are fully slave capable. To become a slave of the 'example.com' domain, execute this: ``` - insert into domains (name,master,type) values ('powerdns.com','213.244.168.217','SLAVE'); + insert into domains (name,master,type) values ('example.com','198.51.100.6','SLAVE'); ``` And wait a while for PDNS to pick up the addition - which happens within one minute. There is no need to inform PDNS that a new domain was added. Typical output is: @@ -315,13 +315,13 @@ From now on, PDNS is authoritative for the 'powerdns.com' zone and will respond Periodically, PDNS schedules checks to see if domains are still fresh. The default [`slave-cycle-interval`](settings.md#slave-cycle-interval) is 60 seconds, large installations may need to raise this value. Once a domain has been checked, it will not be checked before its SOA refresh timer has expired. Domains whose status is unknown get checked every 60 seconds by default. ## Superslave operation -To configure a supermaster with IP address 10.0.0.11 which lists this installation as 'autoslave.powerdns.com', issue the following: +To configure a supermaster with IP address 203.0.113.53 which lists this installation as 'autoslave.example.com', issue the following: ``` - insert into supermasters values ('10.0.0.11','autoslave.powerdns.com','internal'); + insert into supermasters values ('203.0.113.53','autoslave.example.com','internal'); ``` -From now on, valid notifies from 10.0.0.11 that list a NS record containing 'autoslave.powerdns.com' will lead to the provisioning of a slave domain under the account 'internal'. See [Supermaster](modes-of-operation.md#supermaster-automatic-provisioning-of-slaves) for details. +From now on, valid notifies from 203.0.113.53 that list a NS record containing 'autoslave.example.com' will lead to the provisioning of a slave domain under the account 'internal'. See [Supermaster](modes-of-operation.md#supermaster-automatic-provisioning-of-slaves) for details. ## 3.13. Master operation The PostgreSQL backend is fully master capable with automatic discovery of serial changes. Raising the serial number of a domain suffices to trigger PDNS to send out notifications. To configure a domain for master operation instead of the default native replication, issue: diff --git a/pdns/docs/markdown/authoritative/backend-geoip.md b/pdns/docs/markdown/authoritative/backend-geoip.md index 911e74cd21..bae6d41554 100644 --- a/pdns/docs/markdown/authoritative/backend-geoip.md +++ b/pdns/docs/markdown/authoritative/backend-geoip.md @@ -47,8 +47,9 @@ domains: - ns: ns2.example.com - mx: 10 mx.example.com fin.eu.service.geo.example.com: - - a: 62.236.200.4 + - a: 198.51.100.221 - txt: hello world + - aaaa: 2001:DB8::12:34DE:3 services: service.geo.example.com: '%co.%cn.service.geo.example.com' ``` diff --git a/pdns/docs/markdown/authoritative/backend-lmdb.md b/pdns/docs/markdown/authoritative/backend-lmdb.md index b67dcfeeee..be6484d673 100644 --- a/pdns/docs/markdown/authoritative/backend-lmdb.md +++ b/pdns/docs/markdown/authoritative/backend-lmdb.md @@ -58,9 +58,9 @@ If the length of the value that you wish to insert into [the section called “d # perl dumpdb.pl /var/tmp/lmdb zone key: moc.elpmaxe; value: 1 300 ns.example.com. hostmaster.example.com. 2012021101 86400 7200 604800 86400 # perl dumpdb.pl /var/tmp/lmdb data -key: moc.elpmaxe MX; value: 1 300 10 mail.hotmail.com +key: moc.elpmaxe MX; value: 1 300 10 mail.example.com key: moc.elpmaxe NS; value: 1 300 ns.example.com -key: moc.elpmaxe.tset A; value: 1 300 1.2.3.4 +key: moc.elpmaxe.tset A; value: 1 300 192.0.2.66 key: moc.elpmaxe.txet TXT; value: 1 300 test\010123 key: moc.elpmaxe.txetgnol TXT; value: REF 1 # perl dumpdb.pl /var/tmp/lmdb extended_data diff --git a/pdns/docs/markdown/authoritative/backend-remote.md b/pdns/docs/markdown/authoritative/backend-remote.md index 0ec5f5cad1..d2fc8bff48 100644 --- a/pdns/docs/markdown/authoritative/backend-remote.md +++ b/pdns/docs/markdown/authoritative/backend-remote.md @@ -112,21 +112,21 @@ This method is used to do the basic query. You can omit auth, but if you are usi #### Example JSON/RPC Query: ``` -{"method":"lookup", "parameters":{"qtype":"ANY", "qname":"www.example.com", "remote":"192.168.0.24", "local":"192.168.0.1", "real-remote":"192.168.0.24", "zone-id":-1}} +{"method":"lookup", "parameters":{"qtype":"ANY", "qname":"www.example.com", "remote":"192.0.2.24", "local":"192.0.2.1", "real-remote":"192.0.2.24", "zone-id":-1}} ``` Response: ``` -{"result":[{"qtype":"A", "qname":"www.example.com", "content":"192.168.1.2", "ttl": 60}]} +{"result":[{"qtype":"A", "qname":"www.example.com", "content":"203.0.113.2", "ttl": 60}]} ``` #### Example HTTP/RPC Query: ``` GET /dnsapi/lookup/www.example.com/ANY HTTP/1.1 -X-RemoteBackend-remote: 192.168.0.24 -X-RemoteBackend-local: 192.168.0.1 -X-RemoteBackend-real-remote: 192.168.0.24 +X-RemoteBackend-remote: 192.0.2.24 +X-RemoteBackend-local: 192.0.2.1 +X-RemoteBackend-real-remote: 192.0.2.24 X-RemoteBackend-zone-id: -1 ``` @@ -135,7 +135,7 @@ Response: HTTP/1.1 200 OK Content-Type: text/javascript; charset=utf-8 -{"result":[{"qtype":"A", "qname":"www.example.com", "content":"192.168.1.2", "ttl": 60}]} +{"result":[{"qtype":"A", "qname":"www.example.com", "content":"203.0.113.2", "ttl": 60}]} ``` ### `list` @@ -159,9 +159,9 @@ Response (split into lines for ease of reading) {"qtype":"SOA", "qname":"example.com", "content":"dns1.icann.org. hostmaster.icann.org. 2012081600 7200 3600 1209600 3600", "ttl": 3600}, {"qtype":"NS", "qname":"example.com", "content":"ns1.example.com", "ttl": 60}, {"qtype":"MX", "qname":"example.com", "content":"10 mx1.example.com.", "ttl": 60}, - {"qtype":"A", "qname":"www.example.com", "content":"192.168.1.2", "ttl": 60}, - {"qtype":"A", "qname":"ns1.example.com", "content":"192.168.0.2", "ttl": 60}, - {"qtype":"A", "qname":"mx1.example.com", "content":"192.168.0.3", "ttl": 60} + {"qtype":"A", "qname":"www.example.com", "content":"203.0.113.2", "ttl": 60}, + {"qtype":"A", "qname":"ns1.example.com", "content":"192.0.2.2", "ttl": 60}, + {"qtype":"A", "qname":"mx1.example.com", "content":"192.0.2.3", "ttl": 60} ]} ``` @@ -177,7 +177,7 @@ Response: HTTP/1.1 200 OK Content-Type: text/javascript; charset=utf-8 -{"result":[{"qtype":"SOA", "qname":"example.com", "content":"dns1.icann.org. hostmaster.icann.org. 2012081600 7200 3600 1209600 3600", "ttl": 3600},{"qtype":"NS", "qname":"example.com", "content":"ns1.example.com", "ttl": 60},{"qtype":"MX", "qname":"example.com", "content":"10 mx1.example.com.", "ttl": 60},{"qtype":"A", "qname":"www.example.com", "content":"192.168.1.2", "ttl": 60},{"qtype":"A", "qname":"ns1.example.com", "content":"192.168.0.2", "ttl": 60},{"qtype":"A", "qname":"mx1.example.com", "content":"192.168.0.3", "ttl": 60}]} +{"result":[{"qtype":"SOA", "qname":"example.com", "content":"dns1.icann.org. hostmaster.icann.org. 2012081600 7200 3600 1209600 3600", "ttl": 3600},{"qtype":"NS", "qname":"example.com", "content":"ns1.example.com", "ttl": 60},{"qtype":"MX", "qname":"example.com", "content":"10 mx1.example.com.", "ttl": 60},{"qtype":"A", "qname":"www.example.com", "content":"203.0.113.2", "ttl": 60},{"qtype":"A", "qname":"ns1.example.com", "content":"192.0.2.2", "ttl": 60},{"qtype":"A", "qname":"mx1.example.com", "content":"192.0.2.3", "ttl": 60}]} ``` ### `getBeforeAndAfterNamesAbsolute` @@ -619,7 +619,7 @@ Determines whether given IP is master for given domain name. #### Example JSON/RPC Query: ``` -{"method":"isMaster","parameters":{"name":"example.com","ip":"10.0.0.1"}} +{"method":"isMaster","parameters":{"name":"example.com","ip":"198.51.100.0.1"}} ``` Response: @@ -630,7 +630,7 @@ Response: #### Example HTTP/RPC Query: ``` -GET /dnsapi/isMaster/example.com/10.0.0.1 +GET /dnsapi/isMaster/example.com/198.51.100.0.1 ``` Response: @@ -651,7 +651,7 @@ Creates new domain with given record(s) as master servers. IP address is the add #### Example JSON/RPC Query: ``` -{"method":"superMasterBackend","parameters":{"ip":"10.0.0.1","domain":"example.com","nsset":[{"qtype":"NS","qname":"example.com","qclass":1,"content":"ns1.example.com","ttl":300,"auth":true},{"qtype":"NS","qname":"example.com","qclass":1,"content":"ns2.example.com","ttl":300,"auth":true}]}} +{"method":"superMasterBackend","parameters":{"ip":"198.51.100.0.1","domain":"example.com","nsset":[{"qtype":"NS","qname":"example.com","qclass":1,"content":"ns1.example.com","ttl":300,"auth":true},{"qtype":"NS","qname":"example.com","qclass":1,"content":"ns2.example.com","ttl":300,"auth":true}]}} ``` Response: @@ -667,7 +667,7 @@ Alternative response: #### Example HTTP/RPC Query: ``` -POST /dnsapi/supermasterbackend/10.0.0.1/example.com +POST /dnsapi/supermasterbackend/198.51.100.0.1/example.com Content-Type: application/x-www-form-urlencoded Content-Length: 317 @@ -701,7 +701,7 @@ Reply: true for success, false for failure #### Example JSON/RPC Query: ``` -{"method":"createSlaveDomain","parameters":{"ip":"10.0.0.1","domain":"pirate.unit.test"}} +{"method":"createSlaveDomain","parameters":{"ip":"198.51.100.0.1","domain":"pirate.example.net"}} ``` Response: @@ -712,7 +712,7 @@ Response: #### Example HTTP/RPC Query: ``` -POST /dnsapi/createslavedomain/10.0.0.1/pirate.unit.test +POST /dnsapi/createslavedomain/198.51.100.0.1/pirate.example.net Content-Type: application/x-www-form-urlencoded Content-Length: 0 ``` diff --git a/pdns/docs/markdown/authoritative/dnsupdate.md b/pdns/docs/markdown/authoritative/dnsupdate.md index 69b1d06673..07a9ddd384 100644 --- a/pdns/docs/markdown/authoritative/dnsupdate.md +++ b/pdns/docs/markdown/authoritative/dnsupdate.md @@ -18,7 +18,7 @@ There are two configuration parameters that can be used within the powerdns conf A setting to enable/disable DNS update support completely. The default is no, which means that DNS updates are ignored by PowerDNS (no message is logged about this!). Change the setting to **experimental-dnsupdate=yes** to enable DNS update support. Default is **no**. ## `allow-dnsupdate-from` -A list of IP ranges that are allowed to perform updates on any domain. The default is 0.0.0.0/0, which means that all ranges are accepted. Multiple entries can be used on this line (**allow-dnsupdate-from=10.0.0.0/8 192.168.1.2/32**). The option can be left empty to disallow everything, this then should be used in combination with the **allow-dnsupdate-from** domainmetadata setting per zone. +A list of IP ranges that are allowed to perform updates on any domain. The default is 0.0.0.0/0, which means that all ranges are accepted. Multiple entries can be used on this line (**allow-dnsupdate-from=198.51.100.0/8 203.0.113.2/32**). The option can be left empty to disallow everything, this then should be used in combination with the **allow-dnsupdate-from** domainmetadata setting per zone. ## `forward-dnsupdate` Tell PowerDNS to forward to the master server if the zone is configured as slave. Masters are determined by the masters field in the domains table. The default behaviour is enabled (yes), which means that it will try to forward. In the processing of the update packet, the **allow-dnsupdate-from** and **TSIG-2136-ALLOW** are processed first, so those permissions apply before the **forward-dnsupdate** is used. It will try all masters that you have configured until one is successful. @@ -38,20 +38,20 @@ For permissions, a number of per zone settings are available via the domain meta This setting has the same function as described in the configuration options (See [above](#configuration-options)). Only one item is allowed per row, but multiple rows can be added. An example: ``` {.programlisting} -sql> select id from domains where name='powerdnssec.org'; +sql> select id from domains where name='example.org'; 5 -sql> insert into domainmetadata(domain_id, kind, content) values(5, ‘ALLOW-DNSUPDATE-FROM’,’10.0.0.0/8’); -sql> insert into domainmetadata(domain_id, kind, content) values(5, ‘ALLOW-DNSUPDATE-FROM’,’192.168.1.2/32’); +sql> insert into domainmetadata(domain_id, kind, content) values(5, ‘ALLOW-DNSUPDATE-FROM’,’198.51.100.0/8’); +sql> insert into domainmetadata(domain_id, kind, content) values(5, ‘ALLOW-DNSUPDATE-FROM’,’203.0.113.2/32’); ``` -This will allow 10.0.0.0/8 and 192.168.1.2/32 to send DNS update messages for the powerdnssec.org domain. +This will allow 198.51.100.0/8 and 203.0.113.2/32 to send DNS update messages for the example.org domain. ## TSIG-ALLOW-DNSUPDATE This setting allows you to set the TSIG key required to do an DNS update. An example: ``` {.programlisting} sql> insert into tsigkeys (name, algorithm, secret) values ('test', 'hmac-md5', 'kp4/24gyYsEzbuTVJRUMoqGFmN3LYgVDzJ/3oRSP7ys='); -sql> select id from domains where name='powerdnssec.org'; +sql> select id from domains where name='example.org'; 5 sql> insert into domainmetadata (domain_id, kind, content) values (5, 'TSIG-ALLOW-DNSUPDATE', 'test'); ``` @@ -61,8 +61,8 @@ An example of how to use a TSIG key with the **nsupdate** command: ``` {.programlisting} nsupdate < -zone powerdnssec.org -update add test1.powerdnssec.org 3600 A 192.168.1.1 +zone example.org +update add test1.example.org 3600 A 203.0.113.1 key test kp4/24gyYsEzbuTVJRUMoqGFmN3LYgVDzJ/3oRSP7ys= send ! @@ -74,7 +74,7 @@ If a TSIG key is set for the domain, it is required to be used for the update. T See [Section 1, “Configuration options”](dnsupdate.html#dnsupdate-configuration "1. Configuration options") for what it does, but per domain. ``` {.programlisting} -sql> select id from domains where name='powerdnssec.org'; +sql> select id from domains where name='example.org'; 5 sql> insert into domainmetadata(domain_id, kind, content) values(5, ‘FORWARD-DNSUPDATE’,’’); ``` @@ -94,7 +94,7 @@ RFC2136 (Section 3.6) defines some specific behaviour for updates of SOA records An example: ``` {.programlisting} -sql> select id from domains where name='powerdnssec.org'; +sql> select id from domains where name='example.org'; 5 sql> insert into domainmetadata(domain_id, kind, content) values(5, ‘SOA-EDIT-DNSUPDATE’,’INCREASE’); ``` @@ -161,10 +161,10 @@ For more information on this, consult the dhcpd.conf manual. Per subnet, you also have to tell **dhcpd** which (reverse-)domain it should update and on which master domain server it is running. ``` {.programlisting} -ddns-domainname "powerdnssec.org"; +ddns-domainname "example.org"; ddns-rev-domainname "in-addr.arpa."; -zone powerdnssec.org { +zone example.org { primary 127.0.0.1; key dhcpdupdate; } @@ -177,7 +177,7 @@ zone 1.168.192.in-addr.arpa. { This tells **dhcpd** a number of things: -1. Which domain to use (**ddns-domainname "powerdnssec.org";**) +1. Which domain to use (**ddns-domainname "example.org";**) 2. Which reverse-domain to use (**dnssec-rev-domainname "in-addr.arpa.";**) 3. For the zones, where the primary master is located (**primary 127.0.0.1;**) 4. Which TSIG key to use (**key dhcpdupdate;**). We defined the key earlier. @@ -196,13 +196,13 @@ allow-dnsupdate-from= This tells PowerDNS to: -1. Enable DNS update support(**experimental-dnsupdate**) -2. Allow updates from NO ip-address (**allow-dnsupdate-from=**) +1. Enable DNS update support([`experimental-dnsupdate`](settings.md#experimental-dnsupdate)) +2. Allow updates from NO ip-address ([`allow-dnsupdate-from=`](settings.md#allow-dnsupdate-from)) -We just told powerdns (via the configuration file) that we accept updates from nobody via the **allow-dnsupdate-from** parameter. That's not very useful, so we're going to give permissions per zone, via the domainmetadata table. +We just told powerdns (via the configuration file) that we accept updates from nobody via the [`allow-dnsupdate-from`](settings.md#allow-dnsupdate-from) parameter. That's not very useful, so we're going to give permissions per zone, via the domainmetadata table. ``` {.programlisting} -sql> select id from domains where name='powerdnssec.org'; +sql> select id from domains where name='example.org'; 5 sql> insert into domainmetadata(domain_id, kind, content) values(5, ‘ALLOW-DNSUPDATE-FROM’,’127.0.0.1’); ``` @@ -213,7 +213,7 @@ Another thing we want to do, is add TSIG security. This can only be done via the ``` {.programlisting} sql> insert into tsigkeys (name, algorithm, secret) values ('dhcpdupdate', 'hmac-md5', 'FYhvwsW1ZtFZqWzsMpqhbg=='); -sql> select id from domains where name='powerdnssec.org'; +sql> select id from domains where name='example.org'; 5 sql> insert into domainmetadata (domain_id, kind, content) values (5, 'TSIG-ALLOW-DNSUPDATE', 'dhcpdupdate'); sql> select id from domains where name='1.168.192.in-addr.arpa'; diff --git a/pdns/docs/markdown/authoritative/recursion.md b/pdns/docs/markdown/authoritative/recursion.md index 103ae5ec5b..c377a1e97b 100644 --- a/pdns/docs/markdown/authoritative/recursion.md +++ b/pdns/docs/markdown/authoritative/recursion.md @@ -20,7 +20,7 @@ If a Recursion Desired packet arrives and PDNS is configured to allow recursion, It is also possible to use a resolver living on a different port. To do so, specify a recursor like this: `recursor=192.0.2.1:5300` -If the backend does not answer a question within a large amount of time, this is logged as 'Recursive query for remote 10.96.0.2 with internal id 0 was not answered by backend within timeout, reusing id'. This may happen when using 'BIND' as a recursor as it is prone to drop queries which it can't answer immediately. +If the backend does not answer a question within a large amount of time, this is logged as 'Recursive query for remote 198.51.100.15 with internal id 0 was not answered by backend within timeout, reusing id'. This may happen when using 'BIND' as a recursor as it is prone to drop queries which it can't answer immediately. To make sure that the local authoritative database overrides recursive information, PowerDNS first tries to answer a question from its own database. If that succeeds, the answer packet is sent back immediately without involving the recursor in any way. This means that for questions for which there is no answer, PowerDNS will consult the recursor for an recursive query, even if PowerDNS is authoritative for a domain! This will only cause problems if you 'fake' domains which don't really exist. diff --git a/pdns/docs/markdown/authoritative/settings.md b/pdns/docs/markdown/authoritative/settings.md index b7731be4cd..ba153a8947 100644 --- a/pdns/docs/markdown/authoritative/settings.md +++ b/pdns/docs/markdown/authoritative/settings.md @@ -17,10 +17,10 @@ Behaviour post 2.9.10: If set, only these IP addresses or netmasks will be able From 3.4 onward. Allow DNS updates from these IP ranges. ## `allow-recursion` -By specifying `allow-recursion`, recursion can be restricted to netmasks specified. The default is to allow recursion from everywhere. Example: `allow-recursion=192.168.0.0/24, 10.0.0.0/8, 192.0.2.4`. +By specifying `allow-recursion`, recursion can be restricted to netmasks specified. The default is to allow recursion from everywhere. Example: `allow-recursion=198.51.100.0/24, 10.0.0.0/8, 192.0.2.4`. ## `also-notify` -When notifying a domain, also notify these nameservers. Example: `also-notify=192.168.0.1, 10.0.0.1`. The IP adresses listed in `also-notify` always receive a notification. Even if they do not match the list in `only-notify`. +When notifying a domain, also notify these nameservers. Example: `also-notify=192.0.2.1, 203.0.113.167`. The IP adresses listed in `also-notify` always receive a notification. Even if they do not match the list in `only-notify`. ## `any-to-tcp` Boolean value (`yes` or `no`). Answer questions for the ANY and RRSIG types on UDP with a truncated packet that refers the remote server to TCP. Useful for mitigating reflection attacks. Defaults to `no`. Available since 3.3. diff --git a/pdns/docs/markdown/httpapi/README/index.html b/pdns/docs/markdown/httpapi/README/index.html index 375e7e9b86..5198fe4bb1 100644 --- a/pdns/docs/markdown/httpapi/README/index.html +++ b/pdns/docs/markdown/httpapi/README/index.html @@ -401,4 +401,4 @@ curl -v http://a:changeme@127.0.0.1:8082/servers/localhost/zones | jq . - \ No newline at end of file + diff --git a/pdns/docs/markdown/httpapi/api_spec.md b/pdns/docs/markdown/httpapi/api_spec.md index 447a3d7e73..c8f928bb23 100644 --- a/pdns/docs/markdown/httpapi/api_spec.md +++ b/pdns/docs/markdown/httpapi/api_spec.md @@ -837,7 +837,7 @@ override\_type "override": "replace", "domain": "www.cnn.com", "rrtype": "AAAA", - "values": ["1.1.1.1", "2.2.2.2"], + "values": ["203.0.113.4", "203.0.113..2"], "until": , "created": } diff --git a/pdns/docs/markdown/httpapi/api_spec/index.html b/pdns/docs/markdown/httpapi/api_spec/index.html index 059cf8a759..06b6bc4bff 100644 --- a/pdns/docs/markdown/httpapi/api_spec/index.html +++ b/pdns/docs/markdown/httpapi/api_spec/index.html @@ -1074,4 +1074,4 @@ MUST contain failed_parent.

- \ No newline at end of file +