From: Petr Špaček Date: Wed, 8 Jan 2020 11:37:46 +0000 (+0100) Subject: doc: polish config/policy section X-Git-Tag: v5.0.0~8^2~15 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=c8f49d3537f7cafdcd4a035baecf03c4f6fe58b4;p=thirdparty%2Fknot-resolver.git doc: polish config/policy section --- diff --git a/doc/config-policy.rst b/doc/config-policy.rst index 3a1c786ba..6c7afbb15 100644 --- a/doc/config-policy.rst +++ b/doc/config-policy.rst @@ -5,16 +5,33 @@ Policy, access control, data manipulation Features in this section allow to configure what clients can get access to what DNS data, i.e. DNS data filtering and manipulation. +:ref:`mod-policy` specify global policies applicable to all requests, +e.g. for blocking access to particular domain. :ref:`mod-view` allow +to specify per-client policies, e.g. block or unblock access +to a domain only for subset of clients. + +It is also possible to modify data returned to clients, either by providing +:ref:`mod-hints` (answers with statically configured IP addresses), +:ref:`mod-dns64` translation, or :ref:`mod-renumber`. + +Additional modules offer protection against various DNS-based attacks, +see :ref:`mod-rebinding` and :ref:`mod-refuse_nord`. + +At the very end, module :ref:`mod-daf` provides HTTP API for run-time policy +modification, and generally just offers different interface for previously +mentioned features. + + .. toctree:: :maxdepth: 1 - modules-hints modules-policy modules-view - modules-daf - modules-rebinding - modules-refuse_nord + modules-hints modules-dns64 modules-renumber config-answer-reordering + modules-rebinding + modules-refuse_nord + modules-daf diff --git a/modules/renumber/README.rst b/modules/renumber/README.rst index f58546282..d5fb2fd73 100644 --- a/modules/renumber/README.rst +++ b/modules/renumber/README.rst @@ -1,7 +1,7 @@ .. _mod-renumber: -Renumber -======== +IP address renumbering +====================== The module renumbers addresses in answers to different address space. e.g. you can redirect malicious addresses to a blackhole, or use private address ranges