From 12dcec2b1ea8017deb0347b8f971a6f7c297ca88 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Vladim=C3=ADr=20=C4=8Cun=C3=A1t?= Date: Thu, 16 Feb 2017 11:15:39 +0100 Subject: [PATCH] policy: document the FLAGS action --- modules/policy/README.rst | 5 +++-- modules/policy/policy.lua | 2 +- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/modules/policy/README.rst b/modules/policy/README.rst index a4f7249c9..6c22cd865 100644 --- a/modules/policy/README.rst +++ b/modules/policy/README.rst @@ -28,12 +28,13 @@ There are several defined actions: it can be a single IP (string) or a list of up to four IPs. * ``MIRROR(ip)`` - mirror query to given IP and continue solving it (useful for partial snooping) * ``REROUTE({{subnet,target}, ...})`` - reroute addresses in response matching given subnet to given target, e.g. ``{'192.0.2.0/24', '127.0.0.0'}`` will rewrite '192.0.2.55' to '127.0.0.55', see :ref:`renumber module ` for more information. -* ``QTRACE`` - pretty-print DNS response packets into the log (useful for debugging weird DNS servers) +* ``QTRACE`` - pretty-print DNS response packets into the log (useful for debugging weird DNS servers). +* ``FLAGS(set, clear)`` - set and/or clear some flags for the query. There can be multiple flags to set/clear, combined by ``bit.bor`` from ``kres.query.*`` values. .. warning:: The policy module only looks at the inbound DNS queries. Thus the ``FORWARD(ip)`` policy does only forward inbound query to the specified IP address(es) and it doesn't and it can't do DNSSEC validation. If you need DNSSEC validation, you either need to disable ``FORWARD(ip)`` policy or use an upstream DNSSEC-validating resolver. .. note:: The module (and ``kres``) expects domain names in wire format, not textual representation. So each label in name is prefixed with its length, e.g. "example.com" equals to ``"\7example\3com"``. You can use convenience function ``todname('example.com')`` for automatic conversion. - + Example configuration ^^^^^^^^^^^^^^^^^^^^^ diff --git a/modules/policy/policy.lua b/modules/policy/policy.lua index 793ecd802..360b4174e 100644 --- a/modules/policy/policy.lua +++ b/modules/policy/policy.lua @@ -97,7 +97,7 @@ local function reroute(tbl, names) return ren.rule(prefixes) end --- Set and clear some query flags (TODO: documentation). +-- Set and clear some query flags local function flags(opts_set, opts_clear) return function(state, req) req = kres.request_t(req) -- 2.47.2