Commit 907fa915 authored by Petr Špaček's avatar Petr Špaček

Merge branch 'doc-nitpicks' into 'master'

documentation nitpicks

See merge request !592
parents 1d7bdc1d 52a25b76
Pipeline #36559 passed with stages
in 9 minutes
......@@ -997,9 +997,9 @@ specified worker count and process rank.
Return current worker ID (starting from `0` up to `worker.count - 1`)
.. envvar:: pid (number)
.. envvar:: worker.pid
Current worker process PID.
Current worker process PID (number).
.. function:: worker.stats()
......
......@@ -14,18 +14,15 @@ to see how you can build it from sources (or package it), or use official `Docke
Platform considerations
-----------------------
.. csv-table::
:header: "Project", "Platforms", "Compatibility notes"
"``daemon``", "UNIX-like [#]_", "C99, libuv_ provides portable I/O"
"``library``", "UNIX-like", "MSVC_ not supported, needs MinGW_"
"``modules``", "*varies*", ""
"``tests/unit``", "*equivalent to library*", ""
"``tests/integration``", "UNIX-like", "Depends on library injection (see [2]_)"
Knot-resolver is written for UNIX-like systems, mainly in C99.
Portable I/O is provided by libuv_.
Some 64-bit systems with LuaJIT 2.1 may be affected by
`a problem <https://github.com/LuaJIT/LuaJIT/blob/v2.1/doc/status.html#L100>`_
-- Linux on x86_64 is unaffected but `Linux on aarch64 is
<https://gitlab.labs.nic.cz/knot/knot-resolver/issues/216>`_.
.. [#] Known to be running (not exclusively) on FreeBSD, Linux and OS X.
.. Windows status??? Modules are not supported yet, as the PE/DLL loading is different. Library injection is working with ELF *(or Mach-O flat namespace)* only.
Windows systems might theoretically work without large changes,
but it's most likely broken and currently not planned to be supported.
Requirements
------------
......@@ -36,12 +33,13 @@ The following is a list of software required to build Knot DNS Resolver from sou
:header: "Requirement", "Required by", "Notes"
"`GNU Make`_ 3.80+", "*all*", "*(build only)*"
"C compiler", "*all*", "*(build only)* [#]_"
"C and C++ compiler", "*all*", "*(build only)* [#]_"
"`pkg-config`_", "*all*", "*(build only)* [#]_"
"hexdump or xxd", "``daemon``", "*(build only)*"
"libknot_ 2.4.0+", "*all*", "Knot DNS library (requires autotools, GnuTLS and Jansson)."
"libknot_ 2.6.4+", "*all*", "Knot DNS libraries - requires autotools, GnuTLS, ..."
"LuaJIT_ 2.0+", "``daemon``", "Embedded scripting language."
"libuv_ 1.7+", "``daemon``", "Multiplatform I/O and services (libuv_ 1.0 with limitations [#]_)."
"lmdb", "``daemon``", "If missing, a static version is embedded."
There are also *optional* packages that enable specific functionality in Knot DNS Resolver, they are useful mainly for developers to build documentation and tests.
......@@ -51,9 +49,6 @@ There are also *optional* packages that enable specific functionality in Knot DN
"`lua-http`_", "``modules/http``", "HTTP/2 client/server for Lua."
"luasocket_", "``trust anchors, modules/stats``", "Sockets for Lua."
"luasec_", "``trust anchors``", "TLS for Lua."
"libmemcached_", "``modules/memcached``", "To build memcached backend module."
"hiredis_", "``modules/redis``", "To build redis backend module."
"Go_ 1.5+", "``modules``", "Build modules written in Go."
"cmocka_", "``unit tests``", "Unit testing framework."
"Doxygen_", "``documentation``", "Generating API documentation."
"Sphinx_ and sphinx_rtd_theme_", "``documentation``", "Building this HTML/PDF documentation."
......@@ -66,6 +61,10 @@ There are also *optional* packages that enable specific functionality in Knot DN
"`clang-tidy`_", "``lint-c``", "Syntax and static analysis checker for C."
"luacov_", "``check-config``", "Code coverage analysis for Lua modules."
.. "libmemcached_", "``modules/memcached``", "To build memcached backend module."
"hiredis_", "``modules/redis``", "To build redis backend module."
"Go_ 1.5+", "``modules``", "Build modules written in Go."
.. [#] Requires C99, ``__attribute__((cleanup))`` and ``-MMD -MP`` for dependency file generation. GCC, Clang and ICC are supported.
.. [#] You can use variables ``<dependency>_CFLAGS`` and ``<dependency>_LIBS`` to configure dependencies manually (i.e. ``libknot_CFLAGS`` and ``libknot_LIBS``).
.. [#] libuv 1.7 brings SO_REUSEPORT support that is needed for multiple forks. libuv < 1.7 can be still used, but only in single-process mode. Use :ref:`different method <daemon-reuseport>` for load balancing.
......
......@@ -2,9 +2,9 @@
Knot DNS Resolver
#################
The Knot DNS Resolver is a minimalistic caching resolver implementation.
The project provides both a resolver library and a small daemon.
Modular architecture of the library keeps the core tiny and efficient, and provides a state-machine like API for extensions.
Knot Resolver is a minimalistic implementation of a caching validating DNS resolver.
Modular architecture keeps the core tiny and efficient,
and it provides a state-machine like API for extensions.
.. toctree::
:maxdepth: 2
......
......@@ -22,7 +22,7 @@ A *filter* selects which queries will be affected by specified *action*. There a
- applies the action if QNAME suffix matches one of suffixes in the table (useful for "is domain in zone" rules),
uses `Aho-Corasick`_ string matching algorithm `from CloudFlare <https://github.com/cloudflare/lua-aho-corasick>`_ (BSD 3-clause)
* :any:`policy.suffix_common`
* ``rpz``
* ``rpz(default_action, path)``
- implements a subset of RPZ_ in zonefile format. See below for details: :any:`policy.rpz`.
* custom filter function
......@@ -182,9 +182,9 @@ Most properties (actions, filters) are described above.
Like suffix match, but you can also provide a common suffix of all matches for faster processing (nil otherwise).
This function is faster for small suffix tables (in the order of "hundreds").
.. function:: policy.rpz(action, path[, format])
.. function:: policy.rpz(action, path)
:param action: the default action for match in the zone (e.g. RH-value `.`)
:param action: the default action for match in the zone; typically you want ``policy.DENY``
:param path: path to zone file | database
Enforce RPZ_ rules. This can be used in conjunction with published blocklist feeds.
......@@ -194,13 +194,16 @@ Most properties (actions, filters) are described above.
.. csv-table::
:header: "Policy Action", "RH Value", "Support"
"NXDOMAIN", "``.``", "**yes**"
"NODATA", "``*.``", "*partial*, implemented as NXDOMAIN"
"Unchanged", "``rpz-passthru.``", "**yes**"
"Nothing", "``rpz-drop.``", "**yes**"
"Truncated", "``rpz-tcp-only.``", "**yes**"
"``action`` is used", "``.``", "**yes**, if ``action`` is ``DENY``"
"``action`` is used ", "``*.``", "*partial* [#]_"
"``policy.PASS``", "``rpz-passthru.``", "**yes**"
"``policy.DROP``", "``rpz-drop.``", "**yes**"
"``policy.TC``", "``rpz-tcp-only.``", "**yes**"
"Modified", "anything", "no"
.. [#] The specification for ``*.`` wants a ``NODATA`` answer.
For now, ``policy.DENY`` action doing ``NXDOMAIN`` is typically used instead.
.. csv-table::
:header: "Policy Trigger", "Support"
......
......@@ -9,7 +9,7 @@ filters and ACLs, sort of like ISC BIND views.
There are two identification mechanisms:
* ``subnet``
* ``addr``
- identifies the client based on his subnet
* ``tsig``
- identifies the client based on a TSIG key
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment