From: Tom Herbers <mail@tomherbers.de>
Date: Sat, 8 Oct 2022 12:43:52 +0000 (+0200)
Subject: modules/dns64: add recommendation to also disable DNS64 via IPv4
X-Git-Tag: v5.6.0~17^2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=75e5f6725c9505fb871fe8bc73a62142a42db8e0;p=thirdparty%2Fknot-resolver.git

modules/dns64: add recommendation to also disable DNS64 via IPv4

It's resonable to assume that people would also want to disable DNS64 for
IPv4 source addresses if they only enable it for some IPv6 sources.

Close https://github.com/CZ-NIC/knot-resolver/pull/83
---

diff --git a/modules/dns64/README.rst b/modules/dns64/README.rst
index 07908c80b..04d2427f6 100644
--- a/modules/dns64/README.rst
+++ b/modules/dns64/README.rst
@@ -52,8 +52,11 @@ you can set ``DNS64_DISABLE`` flag via the :ref:`view module <mod-view>`.
 .. code-block:: lua
 
     modules = { 'dns64', 'view' }
-    -- Disable dns64 for everyone, but re-enable it for two particular subnets.
+    -- disable dns64 for all IPv4 source addresses
+    view:addr('0.0.0.0/0', policy.all(policy.FLAGS('DNS64_DISABLE')))
+    -- disable dns64 for all IPv6 source addresses
     view:addr('::/0', policy.all(policy.FLAGS('DNS64_DISABLE')))
+    -- re-enable dns64 for two IPv6 subnets
     view:addr('2001:db8:11::/48', policy.all(policy.FLAGS(nil, 'DNS64_DISABLE')))
     view:addr('2001:db8:93::/48', policy.all(policy.FLAGS(nil, 'DNS64_DISABLE')))