summaryrefslogtreecommitdiffstats
path: root/doc/config-policy.rst
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-27 10:41:58 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-27 10:41:58 +0000
commit1852910ef0fd7393da62b88aee66ee092208748e (patch)
treead3b659dbbe622b58a5bda4fe0b5e1d80eee9277 /doc/config-policy.rst
parentInitial commit. (diff)
downloadknot-resolver-1852910ef0fd7393da62b88aee66ee092208748e.tar.xz
knot-resolver-1852910ef0fd7393da62b88aee66ee092208748e.zip
Adding upstream version 5.3.1.upstream/5.3.1upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'doc/config-policy.rst')
-rw-r--r--doc/config-policy.rst54
1 files changed, 54 insertions, 0 deletions
diff --git a/doc/config-policy.rst b/doc/config-policy.rst
new file mode 100644
index 0000000..d1d44ce
--- /dev/null
+++ b/doc/config-policy.rst
@@ -0,0 +1,54 @@
+.. SPDX-License-Identifier: GPL-3.0-or-later
+
+.. _policies:
+
+*****************************************
+Policy, access control, data manipulation
+*****************************************
+
+.. note::
+
+ Knot Resolver developers need your feedback to make the software even better!
+
+ We believe features described in this section are harder to use than
+ necessary. To fix this, we plan to rework these features, possibly even in
+ an incompatible way if we determine it is needed.
+
+ Please `participate in survey <https://www.knot-resolver.cz/survey/>`_
+ to provide developers with necessary information. Your answers will help us
+ tailor Knot Resolver to your needs. Thank you!
+
+
+Features in this section allow to configure what clients can get access to what
+DNS data, i.e. DNS data filtering and manipulation.
+
+:ref:`mod-policy` specify global policies applicable to all requests,
+e.g. for blocking access to particular domain. :ref:`mod-view` allow
+to specify per-client policies, e.g. block or unblock access
+to a domain only for subset of clients.
+
+It is also possible to modify data returned to clients, either by providing
+:ref:`mod-hints` (answers with statically configured IP addresses),
+:ref:`mod-dns64` translation, or :ref:`mod-renumber`.
+
+Additional modules offer protection against various DNS-based attacks,
+see :ref:`mod-rebinding` and :ref:`mod-refuse_nord`.
+
+At the very end, module :ref:`mod-daf` provides HTTP API for run-time policy
+modification, and generally just offers different interface for previously
+mentioned features.
+
+
+.. toctree::
+ :maxdepth: 1
+
+ modules-policy
+ modules-view
+ modules-hints
+ modules-dns64
+ modules-renumber
+ config-answer-reordering
+ modules-rebinding
+ modules-refuse_nord
+ modules-daf
+