dns --- .. osdx:cfgcmd:: service dns .. raw:: html AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE Domain Name Server (DNS) parameters .. osdx:cfgcmd:: service dns dynamic .. raw:: html AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE Dynamic DNS :ref Required: .. osdx:cfgcmd:: service dns dynamic interface .. raw:: html AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE :arg ifc: Interface to send DDNS updates for :instances: Multiple :ref Required: .. osdx:cfgcmd:: service dns dynamic interface advisor .. raw:: html AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE Advisor to enable or disable DDNS on the interface :ref Reference: system advisor * .. osdx:cfgcmd:: service dns dynamic interface service .. raw:: html AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE :arg id: Service name used for DDNS :instances: Multiple :ref Required: :ref Required: :ref Required: :ref Required: .. osdx:cfgcmd:: service dns dynamic interface service domain .. raw:: html AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE Domain registered with DDNS service :arg hostname: Hostname registered with DDNS service :arg record: Record to be updated for RFC2136 :instances: Multiple .. osdx:cfgcmd:: service dns dynamic interface service encrypted-password .. raw:: html AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE Encripted password or shared secret for DDNS service :arg secret: Secret for RFC2136 .. osdx:cfgcmd:: service dns dynamic interface service login .. raw:: html AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE Login for DDNS service :arg login: Login for DDNS service :arg keyname: Keyname for RFC2136 .. osdx:cfgcmd:: service dns dynamic interface service password .. raw:: html AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE Password for DDNS service :arg password: Password for DDNS service :arg secret: Secret for RFC2136 .. osdx:cfgcmd:: service dns dynamic interface service server .. raw:: html AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE Server to send DDNS update to :arg ipv4: IP address of DDNS server :arg hostname: Hostname of DDNS server .. osdx:cfgcmd:: service dns dynamic interface service ttl .. raw:: html AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE :arg u32: Time To Live .. osdx:cfgcmd:: service dns dynamic interface service type .. raw:: html AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE Protocol used for DDNS service :arg id: Custom or predefined protocol .. osdx:cfgcmd:: service dns dynamic interface service zone .. raw:: html AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE :arg id: Zone to be updated .. osdx:cfgcmd:: service dns dynamic interface update-frecuency .. raw:: html AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE :arg u32: Time (in minutes) after which the domain is updated .. osdx:cfgcmd:: service dns dynamic interface use-web .. raw:: html AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE Web check used for obtaining the external IP address .. osdx:cfgcmd:: service dns dynamic interface use-web skip .. raw:: html AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE :arg id: Skip everything before this on the given URL .. osdx:cfgcmd:: service dns dynamic interface use-web url .. raw:: html AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE :arg txt: URL to obtain the current external IP address .. osdx:cfgcmd:: service dns forwarding .. raw:: html AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE DNS Forwarding .. osdx:cfgcmd:: service dns forwarding cache-size .. raw:: html AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE DNS forwarding cache size :arg u32: DNS forwarding cache size (0-10000) .. osdx:cfgcmd:: service dns forwarding dhcp .. raw:: html AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE Enable DNS servers received from DHCP .. osdx:cfgcmd:: service dns forwarding dhcp interface .. raw:: html AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE :arg ifc: Enable DNS servers received from DHCP for specified interface :instances: Multiple .. osdx:cfgcmd:: service dns forwarding dhcp interface priority .. raw:: html AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE DHCP DNS servers priority for specified interface :arg u32: Level of priorities allowed (0-9) .. osdx:cfgcmd:: service dns forwarding dhcp priority .. raw:: html AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE DHCP DNS servers priority :arg u32: Level of priorities allowed (0-9) .. osdx:cfgcmd:: service dns forwarding dhcpv6 .. raw:: html AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE Enable DNS servers received from DHCPv6 .. osdx:cfgcmd:: service dns forwarding dhcpv6 interface .. raw:: html AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE :arg ifc: Enable DNS servers received from DHCPv6 for specified interface :instances: Multiple .. osdx:cfgcmd:: service dns forwarding dhcpv6 interface priority .. raw:: html AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE DHCPv6 DNS servers priority :arg u32: Level of priorities allowed (0-9) .. osdx:cfgcmd:: service dns forwarding dhcpv6 priority .. raw:: html AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE DHCPv6 DNS servers priority :arg u32: Level of priorities allowed (0-9) .. osdx:cfgcmd:: service dns forwarding disable-local-service .. raw:: html AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE Disable local-service option to accept DNS queries from any host on any subnet .. osdx:cfgcmd:: service dns forwarding dnssec .. raw:: html AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE Enable DNSSEC validation and caching .. osdx:cfgcmd:: service dns forwarding dnssec check-unsigned .. raw:: html AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE Check if unsigned replies are legitimate This entails possible extra queries even for the majority of DNS zones which are not, at the moment, signed. If disabled, then those replies are assumed to be valid and passed on (without the "authentic data" bit set). This does not protect against an attacker forging unsigned replies for signed DNS zones, but it is fast. .. osdx:cfgcmd:: service dns forwarding dnssec proxy .. raw:: html AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE Copy the DNSSEC Authenticated Data bit from upstream servers to downstream clients This is an alternative to having dnsmasq validate DNSSEC, but it depends on the security of the network between dnsmasq and the upstream servers, and the trustworthiness of the upstream servers. Note that caching the Authenticated Data bit correctly in all cases is not technically possible. .. osdx:cfgcmd:: service dns forwarding domain .. raw:: html AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE DNS domain configuration :arg id: DNS domain name :instances: Multiple .. osdx:cfgcmd:: service dns forwarding domain dhcp .. raw:: html AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE Enable DNS servers received from DHCP .. osdx:cfgcmd:: service dns forwarding domain dhcp interface .. raw:: html AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE :arg ifc: Enable DNS servers received from DHCP for specified interface :instances: Multiple .. osdx:cfgcmd:: service dns forwarding domain dhcpv6 .. raw:: html AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE Enable DNS servers received from DHCPv6 .. osdx:cfgcmd:: service dns forwarding domain dhcpv6 interface .. raw:: html AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE :arg ifc: Enable DNS servers received from DHCPv6 for specified interface :instances: Multiple .. osdx:cfgcmd:: service dns forwarding domain name-server .. raw:: html AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE DNS servers :arg ipv4: DNS address IPv4 :arg ipv6: DNS address IPv6 :instances: Multiple .. osdx:cfgcmd:: service dns forwarding domain name-server local-address .. raw:: html AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE Local IP address to use as source for requests to this nameserver :arg ipv4: Local IPv4 address for this nameserver :arg ipv6: Local IPv6 address for this nameserver :Local IP address: .. osdx:cfgcmd:: service dns forwarding domain name-server local-interface .. raw:: html AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE :arg ifc: Interface to use as source for requests to this nameserver .. osdx:cfgcmd:: service dns forwarding domain name-server local-vrf .. raw:: html AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE VRF to use as source for requests to this nameserver :ref Reference: system vrf * .. osdx:cfgcmd:: service dns forwarding domain name-server port .. raw:: html AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE Port in which the DNS server is listening at. Defaults to port 53 :arg u32: DNS server listening port (1-65535) .. osdx:cfgcmd:: service dns forwarding domain ppp .. raw:: html AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE Enable DNS servers received from PPP .. osdx:cfgcmd:: service dns forwarding listen .. raw:: html AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE :arg ifc: Interfaces to listen for DNS queries :instances: Multiple .. osdx:cfgcmd:: service dns forwarding local-ttl .. raw:: html AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE :arg u32: TTL for static entries or DHCP leases .. osdx:cfgcmd:: service dns forwarding logs .. raw:: html AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE Enables DNS forwarding logs The DNS forwarding logs can be later on retreived by looking at the system journal. .. osdx:cfgcmd:: service dns forwarding max-cache-ttl .. raw:: html AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE :arg u32: Maximum TTL for Cache Entries .. osdx:cfgcmd:: service dns forwarding min-cache-ttl .. raw:: html AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE Minimum TTL for Cache Entries :arg u32: Minimum time for cache entries in seconds (1-3600) .. osdx:cfgcmd:: service dns forwarding name-server .. raw:: html AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE DNS servers :arg ipv4: DNS address IPv4 :arg ipv6: DNS address IPv6 :instances: Multiple .. osdx:cfgcmd:: service dns forwarding name-server local-address .. raw:: html AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE Local IP address to use as source for requests to this nameserver :arg ipv4: Local IPv4 address for this nameserver :arg ipv6: Local IPv6 address for this nameserver :Local IP address: .. osdx:cfgcmd:: service dns forwarding name-server local-interface .. raw:: html AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE :arg ifc: Interface to use as source for requests to this nameserver .. osdx:cfgcmd:: service dns forwarding name-server local-vrf .. raw:: html AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE VRF to use as source for requests to this nameserver :ref Reference: system vrf * .. osdx:cfgcmd:: service dns forwarding name-server port .. raw:: html AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE Port in which the DNS server is listening at. Defaults to port 53 :arg u32: DNS server listening port (1-65535) .. osdx:cfgcmd:: service dns forwarding name-server priority .. raw:: html AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE Local DNS servers priority (the lower the value is, the higher the priority gets) :arg u32: Level of priorities allowed (0-9) .. osdx:cfgcmd:: service dns forwarding ppp .. raw:: html AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE Enable DNS servers received from PPP .. osdx:cfgcmd:: service dns forwarding ppp priority .. raw:: html AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE PPP DNS servers priority :arg u32: Level of priorities allowed (0-9) .. osdx:cfgcmd:: service dns forwarding record .. raw:: html AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE DNS static records used when resolving a request .. osdx:cfgcmd:: service dns forwarding record cname .. raw:: html AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE :arg fqdn: CNAME record pointing to an existing host record :instances: Multiple :ref Required: service dns forwarding record host * .. osdx:cfgcmd:: service dns forwarding record cname target .. raw:: html AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE Host this record points to :ref Reference: service dns forwarding record host * .. osdx:cfgcmd:: service dns forwarding record cname ttl .. raw:: html AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE :arg u32: TTL for this host entry. By default, uses global configured value .. osdx:cfgcmd:: service dns forwarding record host .. raw:: html AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE :arg fqdn: Host records reference either an A, AAAA or PTR records to the DNS :instances: Multiple .. osdx:cfgcmd:: service dns forwarding record host ipv4-address .. raw:: html AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE :arg ipv4: IP address the host record points to :instances: Multiple .. osdx:cfgcmd:: service dns forwarding record host ipv6-address .. raw:: html AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE :arg ipv6: IP address the host record points to :instances: Multiple .. osdx:cfgcmd:: service dns forwarding record host ttl .. raw:: html AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE :arg u32: TTL for this host entry. By default, uses global configured value .. osdx:cfgcmd:: service dns forwarding record mx .. raw:: html AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE :arg fqdn: MX record for directing mail on a LAN to a server :instances: Multiple .. osdx:cfgcmd:: service dns forwarding record mx hostname .. raw:: html AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE Hostname the MX record is pointing to. Defaults to system's hostname :arg ipv4: IPv4 address the record points to :arg ipv6: IPv6 address the record points to :arg fqdn: Fully qualified domain name the record points to :arg id: Hostname the record points to .. osdx:cfgcmd:: service dns forwarding record mx preference .. raw:: html AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE :arg u32: Preference of the MX record when querying the hostname .. osdx:cfgcmd:: service dns forwarding record srv .. raw:: html AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE SRV DNS records as specified at RFC2782 :arg id: Service name for this SRV record :instances: Multiple :ref Required: .. osdx:cfgcmd:: service dns forwarding record srv protocol .. raw:: html AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE :arg id: Service protocol for this SRV record :instances: Multiple :ref Required: .. osdx:cfgcmd:: service dns forwarding record srv protocol domain .. raw:: html AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE :arg fqdn: Service domain this SRV record uses For example, if the SRV record refers to an IMAP mail server running at teldat.com domain, then domain will be "teldat.com". "domain" should not be confused with "target", which can have the same value but refer to different things. .. osdx:cfgcmd:: service dns forwarding record srv protocol port .. raw:: html AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE Service port this SRV points to :arg u32: Port in which the service is listening to connections (1-65535) .. osdx:cfgcmd:: service dns forwarding record srv protocol priority .. raw:: html AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE Priority of this SRV record :arg u32: Priority of this SRV record. The lower the value is, the higher the priority gets .. osdx:cfgcmd:: service dns forwarding record srv protocol target .. raw:: html AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE Service domain this SRV points to The target refers to the destination the SRV record is pointing to. In a mail server example, the target would be the FQDN in which the mail server lives. :ref Reference: service dns forwarding record host * .. osdx:cfgcmd:: service dns forwarding record srv protocol weight .. raw:: html AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE Weight of this SRV record :arg u32: Weight of this SRV record. The lower the value is, the higher the weight gets .. osdx:cfgcmd:: service dns proxy .. raw:: html AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE DNS proxy service configuration options :ref Required: .. osdx:cfgcmd:: service dns proxy balancing .. raw:: html AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE Load balancing algorithms for chosen servers The DNS proxy queries all the servers given by the source lists. Once populated, servers are sorted from quickest to lowest, and that order will be used for performing the load balancing. Each time a query is made to a server, the time it takes is used to adjust how fast the proxy thinks the server is, using an exponentially weighted average. If the new calculated time happens to be slower than a randomly chosen candidate from the list of servers, then the entries are swapped. When this operation is applied over time, every server will get compared to all the others and the list is progressively kept sorted. Notice that when source lists are used, the servers are placed around the world. If "ph" strategy is chosen, very probably some queries will end-up using slower servers - that is why "p2" is probably the best strategy to use (and therefore the best). Have a look at server response times before choosing the strategy. :arg first: Always pick the fastest server in the list :arg p2: Randomly choose between the top 2 fastest servers :arg ph: Randomly choose between the top fastest half of all servers :arg random: Just pick any random server from the list .. osdx:cfgcmd:: service dns proxy blocklist .. raw:: html AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE Configures sources to block .. osdx:cfgcmd:: service dns proxy blocklist ip .. raw:: html AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE Block IPs. RegEx is also supported .. osdx:cfgcmd:: service dns proxy blocklist ip address .. raw:: html AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE :arg txt: Block IPs based on a pattern Blocklist are made of patterns. Thus, the following patterns are valid: 127.* :instances: Multiple .. osdx:cfgcmd:: service dns proxy blocklist ip file .. raw:: html AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE :arg file: Loads a file containing the IPs to block :instances: Multiple .. osdx:cfgcmd:: service dns proxy blocklist name .. raw:: html AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE Block domains by name. RegEx is also supported .. osdx:cfgcmd:: service dns proxy blocklist name domain .. raw:: html AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE :arg txt: Block domain based on a pattern Blocklist are made of patterns. Thus, the following patterns are valid: example.com =example.com *sex* ads.* ads*.example.* Usually, these blocklist are handled directly with files. However, it is also possible to specify them manually. More information can be found at: :instances: Multiple .. osdx:cfgcmd:: service dns proxy blocklist name file .. raw:: html AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE :arg file: Loads a file containing the domains to block :instances: Multiple .. osdx:cfgcmd:: service dns proxy cache .. raw:: html AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE DNS proxy caching options .. osdx:cfgcmd:: service dns proxy cache max-negated-ttl .. raw:: html AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE :arg u32: How long, at most in seconds, a not found entry will be kept in cache .. osdx:cfgcmd:: service dns proxy cache max-ttl .. raw:: html AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE :arg u32: How long, at most in seconds, an entry will be kept in cache .. osdx:cfgcmd:: service dns proxy cache min-negated-ttl .. raw:: html AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE :arg u32: How long, at minimum in seconds, a not found entry will be kept in cache .. osdx:cfgcmd:: service dns proxy cache min-ttl .. raw:: html AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE :arg u32: How long, at minimum in seconds, an entry will be kept in cache .. osdx:cfgcmd:: service dns proxy cache size .. raw:: html AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE :arg u32: Maximum number of entries in the cache .. osdx:cfgcmd:: service dns proxy cipher .. raw:: html AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE Cipher algorithms ordered by preference When this field is not set, the best algorithm will be used based on hardware characteristics that do not compromise the exchanged data. Notice that these algorithms conform a "preference": If the server and the client agree on one, they will use it. However, if the server has no acceptable algorithm from the one the client asks for, it will just show a warning and choose the proper one. Notice that this feature will do nothing when the communication is encrypted using TLS v1.3: The best algorithm is automatically chosen based on hardware characteristics and connection speed. :arg u32: Preference of the encryption algorithm (1-18) :instances: Multiple :ref Required: .. osdx:cfgcmd:: service dns proxy cipher algorithm .. raw:: html AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE :arg id: Cipher algorithm to communicate with the server .. osdx:cfgcmd:: service dns proxy cloaking .. raw:: html AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE Configures a set of host entries to point to one or multiple addresses .. osdx:cfgcmd:: service dns proxy cloaking ignore-hosts .. raw:: html AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE Do not use system configured host entries .. osdx:cfgcmd:: service dns proxy cloaking name .. raw:: html AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE FQDN, IP, name or RegEx to match when cloaking An example is worth a thousand words: 1. example.com 2. *.example.com 3. *.example.* 4. example[0-9]* The examples above will match a FQDN (1), all subdomains of "example.com" (2), all subdomains and all top-level domains (3) and all domains containing either no or "N" numbers at the end, including all top-level domains too (4). Furthermore, as the input value can be anything, here IP addresses may fit too. :arg name: FQDN, IP, name or regular expression used to match incoming requests :instances: Multiple :ref Required: .. osdx:cfgcmd:: service dns proxy cloaking name destination .. raw:: html AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE Destination to point incoming petitions to The incoming traffic may be pointed to another domain, IP or IPv6 address. Moreover, that traffic may be load balanced when setting more than one destination address. :arg fqdn: Domain name to point to :arg ipv4: Address to point to :arg ipv6: IPv6 Address to point to :instances: Multiple .. osdx:cfgcmd:: service dns proxy cloaking ttl .. raw:: html AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE :arg u32: Cloaking TTL used when serving defined entries .. osdx:cfgcmd:: service dns proxy disable-protocol .. raw:: html AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE Choose the protocols that will not be used when securing DNS queries .. osdx:cfgcmd:: service dns proxy disable-protocol dnscrypt .. raw:: html AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE Skip the DNSCrypt protocol if the server implements it .. osdx:cfgcmd:: service dns proxy disable-protocol doh .. raw:: html AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE Skip the DNS-over-HTTPS protocol if the server implements it .. osdx:cfgcmd:: service dns proxy fallback .. raw:: html AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE Fallback DNS resolvers when no other connection is available These are normal, non-encrypted DNS resolvers, that will be only used for one-shot queries when retrieving the initial resolvers list and if the system DNS configuration doesn't work. :arg ipv4: IPv4 address where the resolver is listening at :arg ipv6: IPv6 address where the resolver is listening at :instances: Multiple .. osdx:cfgcmd:: service dns proxy fallback port .. raw:: html AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE Port in which the resolver is listening at :arg u32: Port where resolver is listening at (1-65535) .. osdx:cfgcmd:: service dns proxy force-tcp .. raw:: html AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE Always use TCP to connect to upstream servers This can be useful if you need to route everything through a proxy (like Tor). Otherwise, enabling this option does not improve security and will only increase the latency. .. osdx:cfgcmd:: service dns proxy ipv6 .. raw:: html AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE IPv6 options for configuring the service .. osdx:cfgcmd:: service dns proxy ipv6 block .. raw:: html AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE Block any IPv6 requests (useful when IPv6 is not available) .. osdx:cfgcmd:: service dns proxy ipv6 do-not-query .. raw:: html AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE Ignore DNS servers that are only accessible through IPv6 .. osdx:cfgcmd:: service dns proxy keepalive .. raw:: html AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE Keepalive for HTTP queries, in seconds :arg u32: Keepalive in seconds .. osdx:cfgcmd:: service dns proxy listen-address .. raw:: html AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE Address to listen to incoming connections :arg ipv4: IPv4 address to listen at :arg ipv6: IPv6 address to listen at :Local IP address: :instances: Multiple .. osdx:cfgcmd:: service dns proxy listen-address port .. raw:: html AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE Port to listen at :arg u32: Port to listen at (1-65535) .. osdx:cfgcmd:: service dns proxy log .. raw:: html AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE Enable logging and configure related options .. osdx:cfgcmd:: service dns proxy log level .. raw:: html AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE Log level to use. Defaults to "2" :arg u32: Verbosity level. 0 is very verbose; 6 only contains fatal errors (0-6) .. osdx:cfgcmd:: service dns proxy require .. raw:: html AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE Restrictions and limitations to apply to configured servers .. osdx:cfgcmd:: service dns proxy require dnssec .. raw:: html AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE Servers must support DNS security extensions (DNSSEC) .. osdx:cfgcmd:: service dns proxy require no-filter .. raw:: html AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE Servers must not enforce its own blocklist (for parental control, ad blocking, ...) .. osdx:cfgcmd:: service dns proxy require no-logs .. raw:: html AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE Servers must not log user queries (declarative) .. osdx:cfgcmd:: service dns proxy server .. raw:: html AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE Configure the DNS proxy as a DoH server too :ref Required: .. osdx:cfgcmd:: service dns proxy server cert .. raw:: html AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE Certificate to use for securing communications :ref Required: :ref Required: .. osdx:cfgcmd:: service dns proxy server cert file .. raw:: html AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE :arg file: Certificate file for the local DoH server This certificate file can be generated locally or with an external tool such as Let's Encrypt. With the first approach, the CA certificate has to be trusted by all clients. With the second approach, the CA certificate is usually trusted by all clients. .. osdx:cfgcmd:: service dns proxy server cert key .. raw:: html AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE :arg file: Key for the DoH server certificate .. osdx:cfgcmd:: service dns proxy server listen-address .. raw:: html AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE Address the local DoH server should listen to :arg ipv4: IPv4 address the local DoH server should listen to :arg ipv6: IPv6 address the local DoH server should listen to :Local IP address: :instances: Multiple .. osdx:cfgcmd:: service dns proxy server listen-address port .. raw:: html AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE Port to listen at :arg u32: Port to listen at (1-65535) .. osdx:cfgcmd:: service dns proxy server path .. raw:: html AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE :arg id: Path of the DoH URL This is not a file, but the part after the hostname in the URL. By convention, "/dns-query" is frequently chosen. For each listen address, the complete URL will have the form: .. osdx:cfgcmd:: service dns proxy server-name .. raw:: html AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE :arg id: Server to use when querying DNS records :instances: Multiple .. osdx:cfgcmd:: service dns proxy source .. raw:: html AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE Remote lists of available servers Remote lists are a set of servers that are available for querying DNS records. The lists themselves contain all the required information for a client to connect to a server by simply using a known name. For example, to use Cloudflare as the DNS provider by using a list, it would be as simple as defining "service dns proxy server-name cloudflare". That setting will automatically populate the DNS list for looking for the "cloudflare" provider data. Some companies publish their own lists with their servers. On the other hand, some projects decide to publish lists with generally available servers. An example is DNSCrypt: :arg source: Source identifier :instances: Multiple :ref Required: :ref Required: .. osdx:cfgcmd:: service dns proxy source minisign-key .. raw:: html AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE :arg id: Public key used to verify the content is legitimate Lists can be served from any location, even from an untrusted ISP. When this occurs, the DNS proxy will immediately detect and reject the source it has been tampered with. .. osdx:cfgcmd:: service dns proxy source prefix .. raw:: html AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE :arg id: To avoid collisions with other sources, prefix for the declared servers .. osdx:cfgcmd:: service dns proxy source refresh-delay .. raw:: html AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE Refresh delay for the cached source list :arg u32: Delay for cached source list in hours (24-720) .. osdx:cfgcmd:: service dns proxy source url .. raw:: html AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE :arg txt: URL to get the source from :instances: Multiple .. osdx:cfgcmd:: service dns proxy static .. raw:: html AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE Static configuration for server definitions :arg name: Static definition name :instances: Unique .. osdx:cfgcmd:: service dns proxy static protocol .. raw:: html AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE Protocol identifier for this node :instances: Unique .. osdx:cfgcmd:: service dns proxy static protocol dns-crypt .. raw:: html AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE The server uses DNSCrypt protocol :ref Required: :ref Required: .. osdx:cfgcmd:: service dns proxy static protocol dns-crypt dnssec .. raw:: html AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE The server supports DNSSEC .. osdx:cfgcmd:: service dns proxy static protocol dns-crypt ip .. raw:: html AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE :arg ipv4: IP address of the server :arg ipv6: IP address of the server .. osdx:cfgcmd:: service dns proxy static protocol dns-crypt no-filter .. raw:: html AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE The server does not intentionally block domains .. osdx:cfgcmd:: service dns proxy static protocol dns-crypt no-logs .. raw:: html AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE The server does not store any logs .. osdx:cfgcmd:: service dns proxy static protocol dns-crypt port .. raw:: html AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE Port where the server is listening at :arg u32: Port where the server is listening at (1-65535) .. osdx:cfgcmd:: service dns proxy static protocol dns-crypt provider .. raw:: html AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE DNS provider related data :ref Required: :ref Required: .. osdx:cfgcmd:: service dns proxy static protocol dns-crypt provider name .. raw:: html AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE :arg id: DNS provider name .. osdx:cfgcmd:: service dns proxy static protocol dns-crypt provider public-key .. raw:: html AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE Provider's Ed25519 public key, as 32 raw bytes :arg key: Ed25519 public key .. osdx:cfgcmd:: service dns proxy static protocol dns-over-https .. raw:: html AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE The server uses DNS over HTTPS (DoH) protocol :ref Required: .. osdx:cfgcmd:: service dns proxy static protocol dns-over-https dnssec .. raw:: html AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE The server supports DNSSEC .. osdx:cfgcmd:: service dns proxy static protocol dns-over-https hash .. raw:: html AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE The SHA256 digest of one of the TBS certificate The SHA256 digest of one of the TBS certificate found in the validation chain, typically the certificate used to sign the resolver's certificate. Multiple hashes can be provided for seamless rotations. :arg sha256: SHA256 digest of one of the TBS certificate :instances: Multiple .. osdx:cfgcmd:: service dns proxy static protocol dns-over-https host .. raw:: html AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE Server host related information :ref Required: .. osdx:cfgcmd:: service dns proxy static protocol dns-over-https host name .. raw:: html AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE :arg fqdn: Server hostname that will be used also as SNI name .. osdx:cfgcmd:: service dns proxy static protocol dns-over-https host path .. raw:: html AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE :arg txt: Absolute URI path. By default, "/dns-query" is used .. osdx:cfgcmd:: service dns proxy static protocol dns-over-https host port .. raw:: html AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE Server port number. If missing, port 443 is assumed :arg u32: Server port number (1-65535) .. osdx:cfgcmd:: service dns proxy static protocol dns-over-https ip .. raw:: html AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE :arg ipv4: IP address of the server The address can be left empty (unset). In that case, the host name will be resolved to an IP address using another resolver. :arg ipv6: IP address of the server The address can be left empty (unset). In that case, the host name will be resolved to an IP address using another resolver. .. osdx:cfgcmd:: service dns proxy static protocol dns-over-https no-filter .. raw:: html AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE The server does not intentionally block domains .. osdx:cfgcmd:: service dns proxy static protocol dns-over-https no-logs .. raw:: html AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE The server does not store any logs .. osdx:cfgcmd:: service dns proxy static stamp .. raw:: html AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE :arg id: String that encodes all the required parameters to connect to a server The stamp is a string that looks like: .. osdx:cfgcmd:: service dns proxy timeout .. raw:: html AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE Time to wait for a DNS query response, in milliseconds If the available network has a lot of latency, it could be interesting to increase this value. The startup may be slower if changed so do not increase it too much. :arg u32: Timeout in milliseconds .. osdx:cfgcmd:: service dns proxy whitelist .. raw:: html AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE Configures sources to allow .. osdx:cfgcmd:: service dns proxy whitelist ip .. raw:: html AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE Allow IPs. RegEx is also supported .. osdx:cfgcmd:: service dns proxy whitelist ip address .. raw:: html AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE :arg txt: Allow IPs based on a pattern Whitelist are made of patterns. Thus, the following patterns are valid: 127.* :instances: Multiple .. osdx:cfgcmd:: service dns proxy whitelist ip file .. raw:: html AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE :arg file: Loads a file containing the IPs to allow :instances: Multiple .. osdx:cfgcmd:: service dns proxy whitelist name .. raw:: html AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE Allow domains by name. RegEx is also supported .. osdx:cfgcmd:: service dns proxy whitelist name domain .. raw:: html AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE :arg txt: Allow domain based on a pattern Whitelist are made of patterns. Thus, the following patterns are valid: example.com =example.com *sex* ads.* ads*.example.* Usually, these whitelist are handled directly with files. However, it is also possible to specify them manually. More information can be found at: :instances: Multiple .. osdx:cfgcmd:: service dns proxy whitelist name file .. raw:: html AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE :arg file: Loads a file containing the domains to allow :instances: Multiple .. osdx:cfgcmd:: service dns resolver .. raw:: html AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE DNS Resolver .. osdx:cfgcmd:: service dns resolver dhcp .. raw:: html AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE Enable DNS servers received from DHCP .. osdx:cfgcmd:: service dns resolver dhcpv6 .. raw:: html AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE Enable DNS servers received from DHCPv6 .. osdx:cfgcmd:: service dns resolver local .. raw:: html AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE Resolves DNS queries by using a local service Enabling this option will forward all DNS queries to a local service, previously configured at "service dns forwarding" .. osdx:cfgcmd:: service dns resolver name-server .. raw:: html AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE DNS servers :arg ipv4: DNS address IPv4 :arg ipv6: DNS address IPv6 :instances: Multiple .. osdx:cfgcmd:: service dns resolver ppp .. raw:: html AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE Enable DNS servers received from PPP .. osdx:cfgcmd:: service dns static .. raw:: html AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE Static host entries .. osdx:cfgcmd:: service dns static host-name .. raw:: html AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE :arg txt: Host name for static address mapping :instances: Multiple :ref Required: .. osdx:cfgcmd:: service dns static host-name alias .. raw:: html AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE :arg id: Alias for this address :instances: Multiple .. osdx:cfgcmd:: service dns static host-name inet .. raw:: html AresC640 Atlas840 M10-Smart M2 RS420 RXL15000 SDE Address :arg ipv4: IPv4 address :arg ipv6: IPv6 address