blob: d1d44ce6c578e52f30f6532b76dd6797ab512dad (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
|
.. SPDX-License-Identifier: GPL-3.0-or-later
.. _policies:
*****************************************
Policy, access control, data manipulation
*****************************************
.. note::
Knot Resolver developers need your feedback to make the software even better!
We believe features described in this section are harder to use than
necessary. To fix this, we plan to rework these features, possibly even in
an incompatible way if we determine it is needed.
Please `participate in survey <https://www.knot-resolver.cz/survey/>`_
to provide developers with necessary information. Your answers will help us
tailor Knot Resolver to your needs. Thank you!
Features in this section allow to configure what clients can get access to what
DNS data, i.e. DNS data filtering and manipulation.
:ref:`mod-policy` specify global policies applicable to all requests,
e.g. for blocking access to particular domain. :ref:`mod-view` allow
to specify per-client policies, e.g. block or unblock access
to a domain only for subset of clients.
It is also possible to modify data returned to clients, either by providing
:ref:`mod-hints` (answers with statically configured IP addresses),
:ref:`mod-dns64` translation, or :ref:`mod-renumber`.
Additional modules offer protection against various DNS-based attacks,
see :ref:`mod-rebinding` and :ref:`mod-refuse_nord`.
At the very end, module :ref:`mod-daf` provides HTTP API for run-time policy
modification, and generally just offers different interface for previously
mentioned features.
.. toctree::
:maxdepth: 1
modules-policy
modules-view
modules-hints
modules-dns64
modules-renumber
config-answer-reordering
modules-rebinding
modules-refuse_nord
modules-daf
|
