]> git.ipfire.org Git - thirdparty/knot-resolver.git/commitdiff
projects / thirdparty / knot-resolver.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: da93abb)
modules/dns64: add recommendation to also disable DNS64 via IPv4
authorTom Herbers <mail@tomherbers.de>
Sat, 8 Oct 2022 12:43:52 +0000 (14:43 +0200)
committerVladimír Čunát <vladimir.cunat@nic.cz>
Fri, 14 Oct 2022 11:56:28 +0000 (13:56 +0200)
It's resonable to assume that people would also want to disable DNS64 for
IPv4 source addresses if they only enable it for some IPv6 sources.

Close https://github.com/CZ-NIC/knot-resolver/pull/83

modules/dns64/README.rst patch | blob | blame | history

diff --git a/modules/dns64/README.rst b/modules/dns64/README.rst
index 07908c80b6852ab442dc77c7fa3b837a8f2eb2bd..04d2427f644bc0c09a178cfa03414766a0171349 100644 (file)
--- a/modules/dns64/README.rst
+++ b/modules/dns64/README.rst
@@ -52,8 +52,11 @@ you can set ``DNS64_DISABLE`` flag via the :ref:`view module <mod-view>`.
 .. code-block:: lua
 
     modules = { 'dns64', 'view' }
-    -- Disable dns64 for everyone, but re-enable it for two particular subnets.
+    -- disable dns64 for all IPv4 source addresses
+    view:addr('0.0.0.0/0', policy.all(policy.FLAGS('DNS64_DISABLE')))
+    -- disable dns64 for all IPv6 source addresses
     view:addr('::/0', policy.all(policy.FLAGS('DNS64_DISABLE')))
+    -- re-enable dns64 for two IPv6 subnets
     view:addr('2001:db8:11::/48', policy.all(policy.FLAGS(nil, 'DNS64_DISABLE')))
     view:addr('2001:db8:93::/48', policy.all(policy.FLAGS(nil, 'DNS64_DISABLE')))
 
Mirror of https://gitlab.nic.cz/knot/knot-resolver.git