Commit ce68c1b8 authored by Marek Vavruša's avatar Marek Vavruša

doc: updated dnstap, RRL slip value

parent 55b0b6c5
......@@ -219,11 +219,14 @@ default. You can enable it with the :ref:`rate-limit` option in the
:ref:`system` section. Setting to a value greater than ``0`` means
that every flow is allowed N responses per second, (i.e. ``rate-limit
50;`` means ``50`` responses per second). It is also possible to
configure SLIP interval, which causes every Nth blocked response to be
slipped as a truncated response. Not that some error responses cannot
be truncated and are slipped as-is. For more information, refer to
:ref:`rate-limit-slip`. It is advisable to not set slip interval to a
value larger than 1.
configure SLIP interval, which causes every Nth ``blocked`` response to be
slipped as a truncated response. Note that some error responses cannot
be truncated. For more information, refer to the :ref:`rate-limit-slip`.
It is advisable to not set slip interval to a value larger than 2,
as too large slip value means more denial of service for legitimate
requestors, and introduces excessive timeouts during resolution.
On the other hand, slipping truncated answer gives the legitimate
requestors a chance to reconnect over TCP.
Example configuration::
......@@ -360,13 +363,17 @@ or a UNIX socket prefixed with *unix:*.
For example::
zones {
query_module "/tmp/capture.tap";
query_module {
dnstap "/tmp/capture.tap";
}
}
You can also log to a UNIX socket with the prefix::
zones {
query_module "unix:/tmp/capture.tap";
query_module {
dnstap "unix:/tmp/capture.tap";
}
}
.. _dnstap: http://dnstap.info/
......
......@@ -704,7 +704,6 @@ The ``zones`` statement contains definition of zones served by Knot DNS.
[ notify-in remote_id [, remote_id, ... ]; ]
[ notify-out remote_id [, remote_id, ... ]; ]
[ update-in remote_id [, remote_id, ... ]; ]
[ query_module { module_name "string"; [ module_name "string"; ... ] } ]
[ zone_options ]
}
}
......@@ -723,6 +722,7 @@ The ``zones`` statement contains definition of zones served by Knot DNS.
[ dnssec-enable ( on | off ); ]
[ signature-lifetime ( integer | integer(s | m | h | d); ) ]
[ serial-policy ( increment | unixtime ); ]
[ query_module { module_name "string"; [ module_name "string"; ... ] } ]
.. _zones Statement Definition and Grammar:
......
......@@ -293,6 +293,13 @@ zones {
# Default value: increment
# serial-policy increment;
# Query modules are dynamically loaded modules that can alter query plan processing
# Configuration is always module-specific, but passed as a simple string here
# Query modules listed here are effective for all queries (even those without assigned zone)
query_module {
module_name "configuration string";
}
# Zone entry
#
# Format: <zone-name> { file "<path-to-zone-file>"; }
......@@ -390,6 +397,7 @@ zones {
module_one "configuration string";
module_two "specific configuration string";
}
}
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment