dns --- .. osdx:cfgcmd:: service dns .. raw:: html Devices Domain Name Server (DNS) parameters .. osdx:cfgcmd:: service dns dynamic .. raw:: html Devices Dynamic DNS :ref Required: service dns dynamic interface * .. osdx:cfgcmd:: service dns dynamic interface .. raw:: html Devices :arg ifc: Interface to send DDNS updates for :instances: Multiple :ref Required: service dns dynamic interface * service * .. osdx:cfgcmd:: service dns dynamic interface advisor .. raw:: html Devices Advisor to enable or disable DDNS on the interface :ref Reference: system advisor * .. osdx:cfgcmd:: service dns dynamic interface service .. raw:: html Devices :arg id: Service name used for DDNS :instances: Multiple :ref Required: service dns dynamic interface * service * domain * :ref Required: service dns dynamic interface * service * login * :ref Required: service dns dynamic interface * service * encrypted-password * :ref Required: service dns dynamic interface * service * type * .. osdx:cfgcmd:: service dns dynamic interface service domain .. raw:: html Devices Domain registered with DDNS service :arg hostname: Hostname registered with DDNS service :arg record: Record to be updated for RFC2136 :instances: Multiple .. osdx:cfgcmd:: service dns dynamic interface service encrypted-password .. raw:: html Devices Encripted password or shared secret for DDNS service :arg secret: Secret for RFC2136 .. osdx:cfgcmd:: service dns dynamic interface service login .. raw:: html Devices Login for DDNS service :arg login: Login for DDNS service :arg keyname: Keyname for RFC2136 .. osdx:cfgcmd:: service dns dynamic interface service password .. raw:: html Devices Password for DDNS service :arg password: Password for DDNS service :arg secret: Secret for RFC2136 .. osdx:cfgcmd:: service dns dynamic interface service server .. raw:: html Devices Server to send DDNS update to :arg ipv4: IP address of DDNS server :arg hostname: Hostname of DDNS server .. osdx:cfgcmd:: service dns dynamic interface service ttl .. raw:: html Devices :arg u32: Time To Live .. osdx:cfgcmd:: service dns dynamic interface service type .. raw:: html Devices Protocol used for DDNS service :arg id: Custom or predefined protocol .. osdx:cfgcmd:: service dns dynamic interface service zone .. raw:: html Devices :arg id: Zone to be updated .. osdx:cfgcmd:: service dns dynamic interface update-frecuency .. raw:: html Devices :arg u32: Time (in minutes) after which the domain is updated .. osdx:cfgcmd:: service dns dynamic interface use-web .. raw:: html Devices Web check used for obtaining the external IP address .. osdx:cfgcmd:: service dns dynamic interface use-web skip .. raw:: html Devices :arg id: Skip everything before this on the given URL .. osdx:cfgcmd:: service dns dynamic interface use-web url .. raw:: html Devices :arg txt: URL to obtain the current external IP address .. osdx:cfgcmd:: service dns forwarding .. raw:: html Devices DNS Forwarding .. osdx:cfgcmd:: service dns forwarding cache-size .. raw:: html Devices DNS forwarding cache size :arg u32: DNS forwarding cache size (0-10000) .. osdx:cfgcmd:: service dns forwarding dhcp .. raw:: html Devices Enable DNS servers received from DHCP .. osdx:cfgcmd:: service dns forwarding dhcp interface .. raw:: html Devices :arg ifc: Enable DNS servers received from DHCP for specified interface :instances: Multiple .. osdx:cfgcmd:: service dns forwarding dhcp interface priority .. raw:: html Devices DHCP DNS servers priority for specified interface :arg u32: Level of priorities allowed (0-9) .. osdx:cfgcmd:: service dns forwarding dhcp priority .. raw:: html Devices DHCP DNS servers priority :arg u32: Level of priorities allowed (0-9) .. osdx:cfgcmd:: service dns forwarding dhcpv6 .. raw:: html Devices Enable DNS servers received from DHCPv6 .. osdx:cfgcmd:: service dns forwarding dhcpv6 interface .. raw:: html Devices :arg ifc: Enable DNS servers received from DHCPv6 for specified interface :instances: Multiple .. osdx:cfgcmd:: service dns forwarding dhcpv6 interface priority .. raw:: html Devices DHCPv6 DNS servers priority :arg u32: Level of priorities allowed (0-9) .. osdx:cfgcmd:: service dns forwarding dhcpv6 priority .. raw:: html Devices DHCPv6 DNS servers priority :arg u32: Level of priorities allowed (0-9) .. osdx:cfgcmd:: service dns forwarding disable-local-service .. raw:: html Devices Disable local-service option to accept DNS queries from any host on any subnet .. osdx:cfgcmd:: service dns forwarding dnssec .. raw:: html Devices Enable DNSSEC validation and caching .. osdx:cfgcmd:: service dns forwarding dnssec check-unsigned .. raw:: html Devices Check if unsigned replies are legitimate This entails possible extra queries even for the majority of DNS zones which are not, at the moment, signed. If disabled, then those replies are assumed to be valid and passed on (without the "authentic data" bit set). This does not protect against an attacker forging unsigned replies for signed DNS zones, but it is fast. .. osdx:cfgcmd:: service dns forwarding dnssec proxy .. raw:: html Devices Copy the DNSSEC Authenticated Data bit from upstream servers to downstream clients This is an alternative to having dnsmasq validate DNSSEC, but it depends on the security of the network between dnsmasq and the upstream servers, and the trustworthiness of the upstream servers. Note that caching the Authenticated Data bit correctly in all cases is not technically possible. .. osdx:cfgcmd:: service dns forwarding domain .. raw:: html Devices DNS domain configuration :arg id: DNS domain name :instances: Multiple .. osdx:cfgcmd:: service dns forwarding domain dhcp .. raw:: html Devices Enable DNS servers received from DHCP .. osdx:cfgcmd:: service dns forwarding domain dhcp interface .. raw:: html Devices :arg ifc: Enable DNS servers received from DHCP for specified interface :instances: Multiple .. osdx:cfgcmd:: service dns forwarding domain dhcpv6 .. raw:: html Devices Enable DNS servers received from DHCPv6 .. osdx:cfgcmd:: service dns forwarding domain dhcpv6 interface .. raw:: html Devices :arg ifc: Enable DNS servers received from DHCPv6 for specified interface :instances: Multiple .. osdx:cfgcmd:: service dns forwarding domain name-server .. raw:: html Devices DNS servers :arg ipv4: DNS address IPv4 :arg ipv6: DNS address IPv6 :instances: Multiple .. osdx:cfgcmd:: service dns forwarding domain name-server local-address .. raw:: html Devices Local IP address to use as source for requests to this nameserver :arg ipv4: Local IPv4 address for this nameserver :arg ipv6: Local IPv6 address for this nameserver :Local IP address: .. osdx:cfgcmd:: service dns forwarding domain name-server local-interface .. raw:: html Devices :arg ifc: Interface to use as source for requests to this nameserver .. osdx:cfgcmd:: service dns forwarding domain name-server local-vrf .. raw:: html Devices VRF to use as source for requests to this nameserver :ref Reference: system vrf * .. osdx:cfgcmd:: service dns forwarding domain name-server port .. raw:: html Devices Port in which the DNS server is listening at. Defaults to port 53 :arg u32: DNS server listening port (1-65535) .. osdx:cfgcmd:: service dns forwarding domain ppp .. raw:: html Devices Enable DNS servers received from PPP .. osdx:cfgcmd:: service dns forwarding domain ppp interface .. raw:: html Devices Enable DNS servers received from PPP for specified interface :ref Reference: interfaces pppoe * :instances: Multiple .. osdx:cfgcmd:: service dns forwarding listen .. raw:: html Devices :arg ifc: Interfaces to listen for DNS queries :instances: Multiple .. osdx:cfgcmd:: service dns forwarding local-ttl .. raw:: html Devices :arg u32: TTL for static entries or DHCP leases .. osdx:cfgcmd:: service dns forwarding logs .. raw:: html Devices Enables DNS forwarding logs The DNS forwarding logs can be later on retreived by looking at the system journal. .. osdx:cfgcmd:: service dns forwarding max-cache-ttl .. raw:: html Devices :arg u32: Maximum TTL for Cache Entries .. osdx:cfgcmd:: service dns forwarding min-cache-ttl .. raw:: html Devices Minimum TTL for Cache Entries :arg u32: Minimum time for cache entries in seconds (1-3600) .. osdx:cfgcmd:: service dns forwarding name-server .. raw:: html Devices DNS servers :arg ipv4: DNS address IPv4 :arg ipv6: DNS address IPv6 :instances: Multiple .. osdx:cfgcmd:: service dns forwarding name-server local-address .. raw:: html Devices Local IP address to use as source for requests to this nameserver :arg ipv4: Local IPv4 address for this nameserver :arg ipv6: Local IPv6 address for this nameserver :Local IP address: .. osdx:cfgcmd:: service dns forwarding name-server local-interface .. raw:: html Devices :arg ifc: Interface to use as source for requests to this nameserver .. osdx:cfgcmd:: service dns forwarding name-server local-vrf .. raw:: html Devices VRF to use as source for requests to this nameserver :ref Reference: system vrf * .. osdx:cfgcmd:: service dns forwarding name-server port .. raw:: html Devices Port in which the DNS server is listening at. Defaults to port 53 :arg u32: DNS server listening port (1-65535) .. osdx:cfgcmd:: service dns forwarding name-server priority .. raw:: html Devices Local DNS servers priority (the lower the value is, the higher the priority gets) :arg u32: Level of priorities allowed (0-9) .. osdx:cfgcmd:: service dns forwarding ppp .. raw:: html Devices Enable DNS servers received from PPP .. osdx:cfgcmd:: service dns forwarding ppp interface .. raw:: html Devices Enable DNS servers received from PPP for specified interface :ref Reference: interfaces pppoe * :instances: Multiple .. osdx:cfgcmd:: service dns forwarding ppp interface priority .. raw:: html Devices PPP DNS servers priority :arg u32: Level of priorities allowed (0-9) .. osdx:cfgcmd:: service dns forwarding ppp priority .. raw:: html Devices PPP DNS servers priority :arg u32: Level of priorities allowed (0-9) .. osdx:cfgcmd:: service dns forwarding record .. raw:: html Devices DNS static records used when resolving a request .. osdx:cfgcmd:: service dns forwarding record cname .. raw:: html Devices :arg fqdn: CNAME record pointing to an existing host record :instances: Multiple :ref Required: service dns forwarding record host * .. osdx:cfgcmd:: service dns forwarding record cname target .. raw:: html Devices Host this record points to :ref Reference: service dns forwarding record host * .. osdx:cfgcmd:: service dns forwarding record cname ttl .. raw:: html Devices :arg u32: TTL for this host entry. By default, uses global configured value .. osdx:cfgcmd:: service dns forwarding record host .. raw:: html Devices :arg fqdn: Host records reference either an A, AAAA or PTR records to the DNS :instances: Multiple .. osdx:cfgcmd:: service dns forwarding record host ipv4-address .. raw:: html Devices :arg ipv4: IP address the host record points to :instances: Multiple .. osdx:cfgcmd:: service dns forwarding record host ipv6-address .. raw:: html Devices :arg ipv6: IP address the host record points to :instances: Multiple .. osdx:cfgcmd:: service dns forwarding record host ttl .. raw:: html Devices :arg u32: TTL for this host entry. By default, uses global configured value .. osdx:cfgcmd:: service dns forwarding record mx .. raw:: html Devices :arg fqdn: MX record for directing mail on a LAN to a server :instances: Multiple .. osdx:cfgcmd:: service dns forwarding record mx hostname .. raw:: html Devices Hostname the MX record is pointing to. Defaults to system's hostname :arg ipv4: IPv4 address the record points to :arg ipv6: IPv6 address the record points to :arg fqdn: Fully qualified domain name the record points to :arg id: Hostname the record points to .. osdx:cfgcmd:: service dns forwarding record mx preference .. raw:: html Devices :arg u32: Preference of the MX record when querying the hostname .. osdx:cfgcmd:: service dns forwarding record srv .. raw:: html Devices SRV DNS records as specified at RFC2782 :arg id: Service name for this SRV record :instances: Multiple :ref Required: service dns forwarding record srv * protocol * .. osdx:cfgcmd:: service dns forwarding record srv protocol .. raw:: html Devices :arg id: Service protocol for this SRV record :instances: Multiple :ref Required: service dns forwarding record srv * protocol * domain * .. osdx:cfgcmd:: service dns forwarding record srv protocol domain .. raw:: html Devices :arg fqdn: Service domain this SRV record uses For example, if the SRV record refers to an IMAP mail server running at teldat.com domain, then domain will be "teldat.com". "domain" should not be confused with "target", which can have the same value but refer to different things. .. osdx:cfgcmd:: service dns forwarding record srv protocol port .. raw:: html Devices Service port this SRV points to :arg u32: Port in which the service is listening to connections (1-65535) .. osdx:cfgcmd:: service dns forwarding record srv protocol priority .. raw:: html Devices Priority of this SRV record :arg u32: Priority of this SRV record. The lower the value is, the higher the priority gets .. osdx:cfgcmd:: service dns forwarding record srv protocol target .. raw:: html Devices Service domain this SRV points to The target refers to the destination the SRV record is pointing to. In a mail server example, the target would be the FQDN in which the mail server lives. :ref Reference: service dns forwarding record host * .. osdx:cfgcmd:: service dns forwarding record srv protocol weight .. raw:: html Devices Weight of this SRV record :arg u32: Weight of this SRV record. The lower the value is, the higher the weight gets .. osdx:cfgcmd:: service dns proxy .. raw:: html Devices DNS proxy service configuration options :ref Required: service dns proxy server-name * .. osdx:cfgcmd:: service dns proxy balancing .. raw:: html Devices Load balancing algorithms for chosen servers The DNS proxy queries all the servers given by the source lists. Once populated, servers are sorted from quickest to lowest, and that order will be used for performing the load balancing. Each time a query is made to a server, the time it takes is used to adjust how fast the proxy thinks the server is, using an exponentially weighted average. If the new calculated time happens to be slower than a randomly chosen candidate from the list of servers, then the entries are swapped. When this operation is applied over time, every server will get compared to all the others and the list is progressively kept sorted. Notice that when source lists are used, the servers are placed around the world. If "ph" strategy is chosen, very probably some queries will end-up using slower servers - that is why "p2" is probably the best strategy to use (and therefore the best). Have a look at server response times before choosing the strategy. :arg first: Always pick the fastest server in the list :arg p2: Randomly choose between the top 2 fastest servers :arg ph: Randomly choose between the top fastest half of all servers :arg random: Just pick any random server from the list .. osdx:cfgcmd:: service dns proxy blocklist .. raw:: html Devices Configures sources to block .. osdx:cfgcmd:: service dns proxy blocklist ip .. raw:: html Devices Block IPs. RegEx is also supported .. osdx:cfgcmd:: service dns proxy blocklist ip address .. raw:: html Devices :arg txt: Block IPs based on a pattern Blocklist are made of patterns. Thus, the following patterns are valid: 127.* :instances: Multiple .. osdx:cfgcmd:: service dns proxy blocklist ip file .. raw:: html Devices :arg file: Loads a file containing the IPs to block :instances: Multiple .. osdx:cfgcmd:: service dns proxy blocklist name .. raw:: html Devices Block domains by name. RegEx is also supported .. osdx:cfgcmd:: service dns proxy blocklist name domain .. raw:: html Devices :arg txt: Block domain based on a pattern Blocklist are made of patterns. Thus, the following patterns are valid: example.com =example.com *sex* ads.* ads*.example.* Usually, these blocklist are handled directly with files. However, it is also possible to specify them manually. More information can be found at: :instances: Multiple .. osdx:cfgcmd:: service dns proxy blocklist name file .. raw:: html Devices :arg file: Loads a file containing the domains to block :instances: Multiple .. osdx:cfgcmd:: service dns proxy cache .. raw:: html Devices DNS proxy caching options .. osdx:cfgcmd:: service dns proxy cache max-negated-ttl .. raw:: html Devices :arg u32: How long, at most in seconds, a not found entry will be kept in cache .. osdx:cfgcmd:: service dns proxy cache max-ttl .. raw:: html Devices :arg u32: How long, at most in seconds, an entry will be kept in cache .. osdx:cfgcmd:: service dns proxy cache min-negated-ttl .. raw:: html Devices :arg u32: How long, at minimum in seconds, a not found entry will be kept in cache .. osdx:cfgcmd:: service dns proxy cache min-ttl .. raw:: html Devices :arg u32: How long, at minimum in seconds, an entry will be kept in cache .. osdx:cfgcmd:: service dns proxy cache size .. raw:: html Devices :arg u32: Maximum number of entries in the cache .. osdx:cfgcmd:: service dns proxy cipher .. raw:: html Devices Cipher algorithms ordered by preference When this field is not set, the best algorithm will be used based on hardware characteristics that do not compromise the exchanged data. Notice that these algorithms conform a "preference": If the server and the client agree on one, they will use it. However, if the server has no acceptable algorithm from the one the client asks for, it will just show a warning and choose the proper one. Notice that this feature will do nothing when the communication is encrypted using TLS v1.3: The best algorithm is automatically chosen based on hardware characteristics and connection speed. :arg u32: Preference of the encryption algorithm (1-18) :instances: Multiple :ref Required: service dns proxy cipher * algorithm * .. osdx:cfgcmd:: service dns proxy cipher algorithm .. raw:: html Devices :arg id: Cipher algorithm to communicate with the server .. osdx:cfgcmd:: service dns proxy cloaking .. raw:: html Devices Configures a set of host entries to point to one or multiple addresses .. osdx:cfgcmd:: service dns proxy cloaking ignore-hosts .. raw:: html Devices Do not use system configured host entries .. osdx:cfgcmd:: service dns proxy cloaking name .. raw:: html Devices FQDN, IP, name or RegEx to match when cloaking An example is worth a thousand words: 1. example.com 2. *.example.com 3. *.example.* 4. example[0-9]* The examples above will match a FQDN (1), all subdomains of "example.com" (2), all subdomains and all top-level domains (3) and all domains containing either no or "N" numbers at the end, including all top-level domains too (4). Furthermore, as the input value can be anything, here IP addresses may fit too. :arg name: FQDN, IP, name or regular expression used to match incoming requests :instances: Multiple :ref Required: service dns proxy cloaking name * destination * .. osdx:cfgcmd:: service dns proxy cloaking name destination .. raw:: html Devices Destination to point incoming petitions to The incoming traffic may be pointed to another domain, IP or IPv6 address. Moreover, that traffic may be load balanced when setting more than one destination address. :arg fqdn: Domain name to point to :arg ipv4: Address to point to :arg ipv6: IPv6 Address to point to :instances: Multiple .. osdx:cfgcmd:: service dns proxy cloaking ttl .. raw:: html Devices :arg u32: Cloaking TTL used when serving defined entries .. osdx:cfgcmd:: service dns proxy disable-protocol .. raw:: html Devices Choose the protocols that will not be used when securing DNS queries .. osdx:cfgcmd:: service dns proxy disable-protocol dnscrypt .. raw:: html Devices Skip the DNSCrypt protocol if the server implements it .. osdx:cfgcmd:: service dns proxy disable-protocol doh .. raw:: html Devices Skip the DNS-over-HTTPS protocol if the server implements it .. osdx:cfgcmd:: service dns proxy fallback .. raw:: html Devices Fallback DNS resolvers when no other connection is available These are normal, non-encrypted DNS resolvers, that will be only used for one-shot queries when retrieving the initial resolvers list and if the system DNS configuration doesn't work. :arg ipv4: IPv4 address where the resolver is listening at :arg ipv6: IPv6 address where the resolver is listening at :instances: Multiple .. osdx:cfgcmd:: service dns proxy fallback port .. raw:: html Devices Port in which the resolver is listening at :arg u32: Port where resolver is listening at (1-65535) .. osdx:cfgcmd:: service dns proxy force-tcp .. raw:: html Devices Always use TCP to connect to upstream servers This can be useful if you need to route everything through a proxy (like Tor). Otherwise, enabling this option does not improve security and will only increase the latency. .. osdx:cfgcmd:: service dns proxy ipv6 .. raw:: html Devices IPv6 options for configuring the service .. osdx:cfgcmd:: service dns proxy ipv6 block .. raw:: html Devices Block any IPv6 requests (useful when IPv6 is not available) .. osdx:cfgcmd:: service dns proxy ipv6 do-not-query .. raw:: html Devices Ignore DNS servers that are only accessible through IPv6 .. osdx:cfgcmd:: service dns proxy keepalive .. raw:: html Devices Keepalive for HTTP queries, in seconds :arg u32: Keepalive in seconds .. osdx:cfgcmd:: service dns proxy listen-address .. raw:: html Devices Address to listen to incoming connections :arg ipv4: IPv4 address to listen at :arg ipv6: IPv6 address to listen at :Local IP address: :instances: Multiple .. osdx:cfgcmd:: service dns proxy listen-address port .. raw:: html Devices Port to listen at :arg u32: Port to listen at (1-65535) .. osdx:cfgcmd:: service dns proxy log .. raw:: html Devices Enable logging and configure related options .. osdx:cfgcmd:: service dns proxy log level .. raw:: html Devices Log level to use. Defaults to "2" :arg u32: Verbosity level. 0 is very verbose; 6 only contains fatal errors (0-6) .. osdx:cfgcmd:: service dns proxy require .. raw:: html Devices Restrictions and limitations to apply to configured servers .. osdx:cfgcmd:: service dns proxy require dnssec .. raw:: html Devices Servers must support DNS security extensions (DNSSEC) .. osdx:cfgcmd:: service dns proxy require no-filter .. raw:: html Devices Servers must not enforce its own blocklist (for parental control, ad blocking, ...) .. osdx:cfgcmd:: service dns proxy require no-logs .. raw:: html Devices Servers must not log user queries (declarative) .. osdx:cfgcmd:: service dns proxy server .. raw:: html Devices Configure the DNS proxy as a DoH server too :ref Required: service dns proxy server cert .. osdx:cfgcmd:: service dns proxy server cert .. raw:: html Devices Certificate to use for securing communications :ref Required: service dns proxy server cert file * :ref Required: service dns proxy server cert key * .. osdx:cfgcmd:: service dns proxy server cert file .. raw:: html Devices :arg file: Certificate file for the local DoH server This certificate file can be generated locally or with an external tool such as Let's Encrypt. With the first approach, the CA certificate has to be trusted by all clients. With the second approach, the CA certificate is usually trusted by all clients. .. osdx:cfgcmd:: service dns proxy server cert key .. raw:: html Devices :arg file: Key for the DoH server certificate .. osdx:cfgcmd:: service dns proxy server listen-address .. raw:: html Devices Address the local DoH server should listen to :arg ipv4: IPv4 address the local DoH server should listen to :arg ipv6: IPv6 address the local DoH server should listen to :Local IP address: :instances: Multiple .. osdx:cfgcmd:: service dns proxy server listen-address port .. raw:: html Devices Port to listen at :arg u32: Port to listen at (1-65535) .. osdx:cfgcmd:: service dns proxy server path .. raw:: html Devices :arg id: Path of the DoH URL This is not a file, but the part after the hostname in the URL. By convention, "/dns-query" is frequently chosen. For each listen address, the complete URL will have the form: .. osdx:cfgcmd:: service dns proxy server-name .. raw:: html Devices :arg id: Server to use when querying DNS records :instances: Multiple .. osdx:cfgcmd:: service dns proxy source .. raw:: html Devices Remote lists of available servers Remote lists are a set of servers that are available for querying DNS records. The lists themselves contain all the required information for a client to connect to a server by simply using a known name. For example, to use Cloudflare as the DNS provider by using a list, it would be as simple as defining "service dns proxy server-name cloudflare". That setting will automatically populate the DNS list for looking for the "cloudflare" provider data. Some companies publish their own lists with their servers. On the other hand, some projects decide to publish lists with generally available servers. An example is DNSCrypt: :arg source: Source identifier :instances: Multiple :ref Required: service dns proxy source * url * :ref Required: service dns proxy source * minisign-key * .. osdx:cfgcmd:: service dns proxy source minisign-key .. raw:: html Devices :arg id: Public key used to verify the content is legitimate Lists can be served from any location, even from an untrusted ISP. When this occurs, the DNS proxy will immediately detect and reject the source it has been tampered with. .. osdx:cfgcmd:: service dns proxy source prefix .. raw:: html Devices :arg id: To avoid collisions with other sources, prefix for the declared servers .. osdx:cfgcmd:: service dns proxy source refresh-delay .. raw:: html Devices Refresh delay for the cached source list :arg u32: Delay for cached source list in hours (24-720) .. osdx:cfgcmd:: service dns proxy source url .. raw:: html Devices :arg txt: URL to get the source from :instances: Multiple .. osdx:cfgcmd:: service dns proxy ssl-allow-insecure .. raw:: html Devices Disable validation of CA certificate .. osdx:cfgcmd:: service dns proxy static .. raw:: html Devices Static configuration for server definitions :arg name: Static definition name :instances: Unique .. osdx:cfgcmd:: service dns proxy static protocol .. raw:: html Devices Protocol identifier for this node :instances: Unique .. osdx:cfgcmd:: service dns proxy static protocol dns-crypt .. raw:: html Devices The server uses DNSCrypt protocol :ref Required: service dns proxy static * protocol dns-crypt ip * :ref Required: service dns proxy static * protocol dns-crypt provider .. osdx:cfgcmd:: service dns proxy static protocol dns-crypt dnssec .. raw:: html Devices The server supports DNSSEC .. osdx:cfgcmd:: service dns proxy static protocol dns-crypt ip .. raw:: html Devices :arg ipv4: IP address of the server :arg ipv6: IP address of the server .. osdx:cfgcmd:: service dns proxy static protocol dns-crypt no-filter .. raw:: html Devices The server does not intentionally block domains .. osdx:cfgcmd:: service dns proxy static protocol dns-crypt no-logs .. raw:: html Devices The server does not store any logs .. osdx:cfgcmd:: service dns proxy static protocol dns-crypt port .. raw:: html Devices Port where the server is listening at :arg u32: Port where the server is listening at (1-65535) .. osdx:cfgcmd:: service dns proxy static protocol dns-crypt provider .. raw:: html Devices DNS provider related data :ref Required: service dns proxy static * protocol dns-crypt provider name * :ref Required: service dns proxy static * protocol dns-crypt provider public-key * .. osdx:cfgcmd:: service dns proxy static protocol dns-crypt provider name .. raw:: html Devices :arg id: DNS provider name .. osdx:cfgcmd:: service dns proxy static protocol dns-crypt provider public-key .. raw:: html Devices Provider's Ed25519 public key, as 32 raw bytes :arg key: Ed25519 public key .. osdx:cfgcmd:: service dns proxy static protocol dns-over-https .. raw:: html Devices The server uses DNS over HTTPS (DoH) protocol :ref Required: service dns proxy static * protocol dns-over-https host .. osdx:cfgcmd:: service dns proxy static protocol dns-over-https dnssec .. raw:: html Devices The server supports DNSSEC .. osdx:cfgcmd:: service dns proxy static protocol dns-over-https hash .. raw:: html Devices The SHA256 digest of one of the TBS certificate The SHA256 digest of one of the TBS certificate found in the validation chain, typically the certificate used to sign the resolver's certificate. Multiple hashes can be provided for seamless rotations. :arg sha256: SHA256 digest of one of the TBS certificate :instances: Multiple .. osdx:cfgcmd:: service dns proxy static protocol dns-over-https host .. raw:: html Devices Server host related information :ref Required: service dns proxy static * protocol dns-over-https host name * .. osdx:cfgcmd:: service dns proxy static protocol dns-over-https host name .. raw:: html Devices :arg fqdn: Server hostname that will be used also as SNI name .. osdx:cfgcmd:: service dns proxy static protocol dns-over-https host path .. raw:: html Devices :arg txt: Absolute URI path. By default, "/dns-query" is used .. osdx:cfgcmd:: service dns proxy static protocol dns-over-https host port .. raw:: html Devices Server port number. If missing, port 443 is assumed :arg u32: Server port number (1-65535) .. osdx:cfgcmd:: service dns proxy static protocol dns-over-https ip .. raw:: html Devices :arg ipv4: IP address of the server The address can be left empty (unset). In that case, the host name will be resolved to an IP address using another resolver. :arg ipv6: IP address of the server The address can be left empty (unset). In that case, the host name will be resolved to an IP address using another resolver. .. osdx:cfgcmd:: service dns proxy static protocol dns-over-https no-filter .. raw:: html Devices The server does not intentionally block domains .. osdx:cfgcmd:: service dns proxy static protocol dns-over-https no-logs .. raw:: html Devices The server does not store any logs .. osdx:cfgcmd:: service dns proxy static stamp .. raw:: html Devices :arg id: String that encodes all the required parameters to connect to a server The stamp is a string that looks like: .. osdx:cfgcmd:: service dns proxy timeout .. raw:: html Devices Time to wait for a DNS query response, in milliseconds If the available network has a lot of latency, it could be interesting to increase this value. The startup may be slower if changed so do not increase it too much. :arg u32: Timeout in milliseconds .. osdx:cfgcmd:: service dns proxy whitelist .. raw:: html Devices Configures sources to allow .. osdx:cfgcmd:: service dns proxy whitelist ip .. raw:: html Devices Allow IPs. RegEx is also supported .. osdx:cfgcmd:: service dns proxy whitelist ip address .. raw:: html Devices :arg txt: Allow IPs based on a pattern Whitelist are made of patterns. Thus, the following patterns are valid: 127.* :instances: Multiple .. osdx:cfgcmd:: service dns proxy whitelist ip file .. raw:: html Devices :arg file: Loads a file containing the IPs to allow :instances: Multiple .. osdx:cfgcmd:: service dns proxy whitelist name .. raw:: html Devices Allow domains by name. RegEx is also supported .. osdx:cfgcmd:: service dns proxy whitelist name domain .. raw:: html Devices :arg txt: Allow domain based on a pattern Whitelist are made of patterns. Thus, the following patterns are valid: example.com =example.com *sex* ads.* ads*.example.* Usually, these whitelist are handled directly with files. However, it is also possible to specify them manually. More information can be found at: :instances: Multiple .. osdx:cfgcmd:: service dns proxy whitelist name file .. raw:: html Devices :arg file: Loads a file containing the domains to allow :instances: Multiple .. osdx:cfgcmd:: service dns resolver .. raw:: html Devices DNS Resolver .. osdx:cfgcmd:: service dns resolver dhcp .. raw:: html Devices Enable DNS servers received from DHCP .. osdx:cfgcmd:: service dns resolver dhcpv6 .. raw:: html Devices Enable DNS servers received from DHCPv6 .. osdx:cfgcmd:: service dns resolver local .. raw:: html Devices Resolves DNS queries by using a local service Enabling this option will forward all DNS queries to a local service, previously configured at "service dns forwarding" .. osdx:cfgcmd:: service dns resolver name-server .. raw:: html Devices DNS servers :arg ipv4: DNS address IPv4 :arg ipv6: DNS address IPv6 :instances: Multiple .. osdx:cfgcmd:: service dns resolver ppp .. raw:: html Devices Enable DNS servers received from PPP .. osdx:cfgcmd:: service dns static .. raw:: html Devices Static host entries .. osdx:cfgcmd:: service dns static host-name .. raw:: html Devices :arg txt: Host name for static address mapping :instances: Multiple :ref Required: service dns static host-name * inet * .. osdx:cfgcmd:: service dns static host-name alias .. raw:: html Devices :arg id: Alias for this address :instances: Multiple .. osdx:cfgcmd:: service dns static host-name inet .. raw:: html Devices Address :arg ipv4: IPv4 address :arg ipv6: IPv6 address