From 3d0386f27ca66379acf50199e1d1298386eeeeb8 Mon Sep 17 00:00:00 2001
From: Daniel Baumann <daniel.baumann@progress-linux.org>
Date: Mon, 6 May 2024 02:55:53 +0200
Subject: Adding upstream version 3.2.1.

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
---
 modules/renumber/README.rst | 25 +++++++++++++++++++++++++
 1 file changed, 25 insertions(+)
 create mode 100644 modules/renumber/README.rst

(limited to 'modules/renumber/README.rst')

diff --git a/modules/renumber/README.rst b/modules/renumber/README.rst
new file mode 100644
index 0000000..07a4a35
--- /dev/null
+++ b/modules/renumber/README.rst
@@ -0,0 +1,25 @@
+.. _mod-renumber:
+
+Renumber
+--------
+
+The module renumbers addresses in answers to different address space.
+e.g. you can redirect malicious addresses to a blackhole, or use private address ranges
+in local zones, that will be remapped to real addresses by the resolver.
+
+
+.. warning:: While requests are still validated using DNSSEC, the signatures are stripped from final answer. The reason is that the address synthesis breaks signatures. You can see whether an answer was valid or not based on the AD flag.
+
+Example configuration
+^^^^^^^^^^^^^^^^^^^^^
+
+.. code-block:: lua
+
+	modules = {
+		renumber = {
+			-- Source subnet, destination subnet
+			{'10.10.10.0/24', '192.168.1.0'},
+			-- Remap /16 block to localhost address range
+			{'166.66.0.0/16', '127.0.0.0'}
+		}
+	}
-- 
cgit v1.2.3