From: Peter van Dijk Date: Fri, 27 Aug 2021 19:45:00 +0000 (+0200) Subject: document the two new auth settings X-Git-Tag: dnsdist-1.7.0-alpha1~14^2~11 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b50b220b65d0b3fb6fa5d3552550b2828c7fd1b3;p=thirdparty%2Fpdns.git document the two new auth settings --- diff --git a/.github/actions/spell-check/expect.txt b/.github/actions/spell-check/expect.txt index 9a6466515f..7ffae6de30 100644 --- a/.github/actions/spell-check/expect.txt +++ b/.github/actions/spell-check/expect.txt @@ -1158,6 +1158,7 @@ openssl opensuse openwall Opmeer +OPNUM optcode Opteron optmem diff --git a/docs/settings.rst b/docs/settings.rst index 693ee3061c..a5930e7eaf 100644 --- a/docs/settings.rst +++ b/docs/settings.rst @@ -1253,6 +1253,31 @@ prevent-self-notification to "no". Turn on operating as a primary. See :ref:`primary-operation`. +.. _setting-proxy-protocol-from + +``proxy-protocol-from`` +----------------------- +.. versionadded:: 4.6.0 + +- IP addresses or netmasks, separated by commas +- Default: empty + +Ranges that are required to send a Proxy Protocol version 2 header in front of UDP and TCP queries, to pass the original source and destination addresses and ports to the Authoritative. +Queries that are not prefixed with such a header will not be accepted from clients in these ranges. Queries prefixed by headers from clients that are not listed in these ranges will be dropped. + +Note that once a Proxy Protocol header has been received, the source address from the proxy header instead of the address of the proxy will be checked against primary addresses sending NOTIFYs, and the ACLs for any client requesting AXFRs. + +.. _setting-proxy-protocol-maximum-size: + +``proxy-protocol-maximum-size`` +------------------------------- +.. versionadded:: 4.6.0 + +- Integer +- Default: 512 + +The maximum size, in bytes, of a Proxy Protocol payload (header, addresses and ports, and TLV values). Queries with a larger payload will be dropped. + .. _setting-query-cache-ttl: ``query-cache-ttl``