From bd1ede4c5bb3cfc2d48127acf46b1b18b72044b7 Mon Sep 17 00:00:00 2001 From: Tomas Krizek Date: Fri, 11 Dec 2020 16:05:30 +0100 Subject: [PATCH] doc: make links to policies more consistent --- doc/config-network-forwarding.rst | 2 +- modules/dns64/README.rst | 2 +- modules/policy/README.rst | 6 +++--- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/doc/config-network-forwarding.rst b/doc/config-network-forwarding.rst index f16b48fe9..ea00d6042 100644 --- a/doc/config-network-forwarding.rst +++ b/doc/config-network-forwarding.rst @@ -14,7 +14,7 @@ Main use-cases are: Forwarding implementation in Knot Resolver has following properties: - Answers from *upstream* servers are cached. - - Answers from *upstream* servers are locally DNSSEC-validated, unless ``policy.STUB`` is used. + - Answers from *upstream* servers are locally DNSSEC-validated, unless :func:`policy.STUB` is used. - Resolver automatically selects which IP address from given set of IP addresses will be used (based on performance characteristics). - Forwarding can use either unencrypted DNS protocol, or :ref:`tls-forwarding`. diff --git a/modules/dns64/README.rst b/modules/dns64/README.rst index a90bb09d3..feceb1ccc 100644 --- a/modules/dns64/README.rst +++ b/modules/dns64/README.rst @@ -8,7 +8,7 @@ DNS64 The module for :rfc:`6147` DNS64 AAAA-from-A record synthesis, it is used to enable client-server communication between an IPv6-only client and an IPv4-only server. See the well written `introduction`_ in the PowerDNS documentation. If no address is passed (i.e. ``nil``), the well-known prefix ``64:ff9b::`` is used. -.. warning:: The module currently won't work well with :ref:`policy.STUB `. +.. warning:: The module currently won't work well with :func:`policy.STUB`. Also, the IPv6 passed in configuration is assumed to be ``/96``, and PTR synthesis and "exclusion prefixes" aren't implemented. diff --git a/modules/policy/README.rst b/modules/policy/README.rst index 8d4a7f064..85c524ad3 100644 --- a/modules/policy/README.rst +++ b/modules/policy/README.rst @@ -338,7 +338,7 @@ Forwarding over TLS protocol (DNS-over-TLS) ------------------------------------------- .. function:: TLS_FORWARD( { {ip_address, authentication}, [...] } ) - Same as :func:`FORWARD` but send query over DNS-over-TLS protocol (encrypted). + Same as :func:`policy.FORWARD` but send query over DNS-over-TLS protocol (encrypted). Each target IP address needs explicit configuration how to validate TLS certificate so each IP address is configured by pair: ``{ip_address, authentication}``. See sections below for more details. @@ -346,7 +346,7 @@ Forwarding over TLS protocol (DNS-over-TLS) Policy :func:`policy.TLS_FORWARD` allows you to forward queries using `Transport Layer Security`_ protocol, which hides the content of your queries from an attacker observing the network traffic. Further details about this protocol can be found in :rfc:`7858` and `IETF draft dprive-dtls-and-tls-profiles`_. -Queries affected by `TLS_FORWARD` policy will always be resolved over TLS connection. Knot Resolver does not implement fallback to non-TLS connection, so if TLS connection cannot be established or authenticated according to the configuration, the resolution will fail. +Queries affected by :func:`policy.TLS_FORWARD` will always be resolved over TLS connection. Knot Resolver does not implement fallback to non-TLS connection, so if TLS connection cannot be established or authenticated according to the configuration, the resolution will fail. To test this feature you need to either :ref:`configure Knot Resolver as DNS-over-TLS server `, or pick some public DNS-over-TLS server. Please see `DNS Privacy Project`_ homepage for list of public servers. @@ -532,7 +532,7 @@ The easiest work-around is to disable reading from cache for grafted domains. 'internal.example.com.', '2.0.192.in-addr.arpa.' -- this applies to reverse DNS tree as well }) - -- Beware: the rule order is important, as STUB is not a chain action. + -- Beware: the rule order is important, as policy.STUB is not a chain action. policy.add(policy.suffix(policy.FLAGS({'NO_CACHE'}), extraTrees)) policy.add(policy.suffix(policy.STUB({'2001:db8::1'}), extraTrees)) -- 2.47.2