Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
Knot DNS
Project
Project
Details
Activity
Releases
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
24
Issues
24
List
Boards
Labels
Milestones
Merge Requests
7
Merge Requests
7
Packages
Packages
Container Registry
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Commits
Issue Boards
Open sidebar
Knot projects
Knot DNS
Commits
d74ae3ac
Commit
d74ae3ac
authored
Dec 02, 2014
by
Marek Vavruša
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
rose: added documentation
parent
cfc63b39
Changes
1
Show whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
63 additions
and
0 deletions
+63
-0
doc/configuration.rst
doc/configuration.rst
+63
-0
No files found.
doc/configuration.rst
View file @
d74ae3ac
...
@@ -469,3 +469,66 @@ Limitations
...
@@ -469,3 +469,66 @@ Limitations
NSEC or NSEC3 is supported) nor DNSSEC signed records. However,
NSEC or NSEC3 is supported) nor DNSSEC signed records. However,
since the module is hooked in the query processing plan, it will be
since the module is hooked in the query processing plan, it will be
possible to do online signing in the future.
possible to do online signing in the future.
``rose`` - Static resource records
---------------------------------------
The module provides a mean to override responses for certain queries before the record is searched in
the available zones. The modules comes with a tool ``rosedb_tool`` to manipulate with the database
of static records.
*Note: An entry in the database matches anything at or below it, i.e. 'myrecord.com' matches 'a.a.myrecord.com' as well.
This can be exploited to create a catch-all entries.*
For example, suppose we have a database of following records::
myrecord.com. 3600 IN A 127.0.0.1
www.myrecord.com. 3600 IN A 127.0.0.2
ipv6.myrecord.com. 3600 IN AAAA ::1
And we query the nameserver with following::
$ kdig IN A myrecord.com
... returns NOERROR, 127.0.0.1
$ kdig IN A www.myrecord.com
... returns NOERROR, 127.0.0.2
$ kdig IN A stuff.myrecord.com
... returns NOERROR, 127.0.0.1
$ kdig IN AAAA myrecord.com
... returns NXDOMAIN
$ kdig IN AAAA ipv6.myrecord.com
... returns NOERROR, ::1
In addition the module is able to log matching queries via remote syslog if you specify a syslog address endpoint and an
optional string code.
Here is an example on how to use the module:
* Create the entries in the database::
$ mkdir /tmp/static_rrdb
$ rosedb_tool /tmp/static_rrdb add myrecord.com. A 3600 "127.0.0.1" "-" "-" # No logging
$ rosedb_tool /tmp/static_rrdb add www.myrecord.com. A 3600 "127.0.0.1" "www_query" "10.0.0.1" # Syslog @ 10.0.0.1
$ rosedb_tool /tmp/static_rrdb add ipv6.myrecord.com. AAAA 3600 "::1" "ipv6_query" "10.0.0.1" # Syslog @ 10.0.0.1
$ rosedb_tool /tmp/static_rrdb list # Verify
www.myrecord.com. A RDATA=10B www_query 10.0.0.1
ipv6.myrecord.com. AAAA RDATA=22B ipv6_query 10.0.0.1
myrecord.com. A RDATA=10B - -
*Note: the database may be modified while the server is running later on.*
* Configure the query module and start the server::
$ vim knot.conf
knot.conf:
zones {
query_module {
rosedb "/tmp/static_rrdb";
}
}
$ knotd -c knot.conf
* Verify the running instance::
$ kdig @127.0.0.1#6667 A myrecord.com
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment
