diff options
Diffstat (limited to 'doc')
108 files changed, 4420 insertions, 0 deletions
diff --git a/doc/.packaging/centos/7/NOTSUPPORTED b/doc/.packaging/centos/7/NOTSUPPORTED new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/doc/.packaging/centos/7/NOTSUPPORTED diff --git a/doc/.packaging/centos/8/NOTSUPPORTED b/doc/.packaging/centos/8/NOTSUPPORTED new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/doc/.packaging/centos/8/NOTSUPPORTED diff --git a/doc/.packaging/debian/10/build.sh b/doc/.packaging/debian/10/build.sh new file mode 100755 index 0000000..e6084df --- /dev/null +++ b/doc/.packaging/debian/10/build.sh @@ -0,0 +1,19 @@ +#!/bin/sh +# SPDX-License-Identifier: GPL-3.0-or-later +[ -d /root/kresd/build_packaging ] && rm -rf /root/kresd/build_packaging/; +CFLAGS="$CFLAGS -Wall -pedantic -fno-omit-frame-pointer" +LDFLAGS="$LDFLAGS -Wl,--as-needed" +meson build_packaging \ + --buildtype=plain \ + --prefix=/root/kresd/install_packaging \ + --libdir=lib \ + --default-library=static \ + -Ddoc=enabled \ + -Dsystemd_files=enabled \ + -Dclient=enabled \ + -Dkeyfile_default=/usr/share/dns/root.key \ + -Droot_hints=/usr/share/dns/root.hints \ + -Dinstall_kresd_conf=enabled \ + -Dunit_tests=enabled \ + -Dc_args="${CFLAGS}" \ + -Dc_link_args="${LDFLAGS}"; diff --git a/doc/.packaging/debian/10/builddeps b/doc/.packaging/debian/10/builddeps new file mode 100644 index 0000000..81b7a5b --- /dev/null +++ b/doc/.packaging/debian/10/builddeps @@ -0,0 +1,4 @@ +doxygen +python3-sphinx +python3-breathe +python3-sphinx-rtd-theme diff --git a/doc/.packaging/debian/10/install.sh b/doc/.packaging/debian/10/install.sh new file mode 100755 index 0000000..3422d68 --- /dev/null +++ b/doc/.packaging/debian/10/install.sh @@ -0,0 +1,3 @@ +#!/bin/sh +# SPDX-License-Identifier: GPL-3.0-or-later +ninja -C build_packaging doc diff --git a/doc/.packaging/debian/9/build.sh b/doc/.packaging/debian/9/build.sh new file mode 100755 index 0000000..e6084df --- /dev/null +++ b/doc/.packaging/debian/9/build.sh @@ -0,0 +1,19 @@ +#!/bin/sh +# SPDX-License-Identifier: GPL-3.0-or-later +[ -d /root/kresd/build_packaging ] && rm -rf /root/kresd/build_packaging/; +CFLAGS="$CFLAGS -Wall -pedantic -fno-omit-frame-pointer" +LDFLAGS="$LDFLAGS -Wl,--as-needed" +meson build_packaging \ + --buildtype=plain \ + --prefix=/root/kresd/install_packaging \ + --libdir=lib \ + --default-library=static \ + -Ddoc=enabled \ + -Dsystemd_files=enabled \ + -Dclient=enabled \ + -Dkeyfile_default=/usr/share/dns/root.key \ + -Droot_hints=/usr/share/dns/root.hints \ + -Dinstall_kresd_conf=enabled \ + -Dunit_tests=enabled \ + -Dc_args="${CFLAGS}" \ + -Dc_link_args="${LDFLAGS}"; diff --git a/doc/.packaging/debian/9/builddeps b/doc/.packaging/debian/9/builddeps new file mode 100644 index 0000000..81b7a5b --- /dev/null +++ b/doc/.packaging/debian/9/builddeps @@ -0,0 +1,4 @@ +doxygen +python3-sphinx +python3-breathe +python3-sphinx-rtd-theme diff --git a/doc/.packaging/debian/9/install.sh b/doc/.packaging/debian/9/install.sh new file mode 100755 index 0000000..3422d68 --- /dev/null +++ b/doc/.packaging/debian/9/install.sh @@ -0,0 +1,3 @@ +#!/bin/sh +# SPDX-License-Identifier: GPL-3.0-or-later +ninja -C build_packaging doc diff --git a/doc/.packaging/fedora/31/build.sh b/doc/.packaging/fedora/31/build.sh new file mode 100755 index 0000000..68ea49e --- /dev/null +++ b/doc/.packaging/fedora/31/build.sh @@ -0,0 +1,20 @@ +#!/bin/sh +# SPDX-License-Identifier: GPL-3.0-or-later +[ -d /root/kresd/build_packaging ] && rm -rf /root/kresd/build_packaging/; +CFLAGS="$CFLAGS -Wall -pedantic -fno-omit-frame-pointer" +LDFLAGS="$LDFLAGS -Wl,--as-needed" +meson build_packaging \ + --buildtype=plain \ + --prefix=/root/kresd/install_packaging \ + --sbindir=sbin \ + --libdir=lib \ + --includedir=include \ + --sysconfdir=etc \ + -Ddoc=enabled \ + -Dsystemd_files=enabled \ + -Dclient=enabled \ + -Dunit_tests=enabled \ + -Dmanaged_ta=enabled \ + -Dkeyfile_default=/var/lib/knot-resolver/root.keys \ + -Dinstall_root_keys=enabled \ + -Dinstall_kresd_conf=enabled; diff --git a/doc/.packaging/fedora/31/builddeps b/doc/.packaging/fedora/31/builddeps new file mode 100644 index 0000000..0a4b886 --- /dev/null +++ b/doc/.packaging/fedora/31/builddeps @@ -0,0 +1,4 @@ +doxygen +python3-sphinx +python3-breathe +python3-sphinx_rtd_theme diff --git a/doc/.packaging/fedora/31/install.sh b/doc/.packaging/fedora/31/install.sh new file mode 100755 index 0000000..3422d68 --- /dev/null +++ b/doc/.packaging/fedora/31/install.sh @@ -0,0 +1,3 @@ +#!/bin/sh +# SPDX-License-Identifier: GPL-3.0-or-later +ninja -C build_packaging doc diff --git a/doc/.packaging/fedora/32/30/build.sh b/doc/.packaging/fedora/32/30/build.sh new file mode 100755 index 0000000..68ea49e --- /dev/null +++ b/doc/.packaging/fedora/32/30/build.sh @@ -0,0 +1,20 @@ +#!/bin/sh +# SPDX-License-Identifier: GPL-3.0-or-later +[ -d /root/kresd/build_packaging ] && rm -rf /root/kresd/build_packaging/; +CFLAGS="$CFLAGS -Wall -pedantic -fno-omit-frame-pointer" +LDFLAGS="$LDFLAGS -Wl,--as-needed" +meson build_packaging \ + --buildtype=plain \ + --prefix=/root/kresd/install_packaging \ + --sbindir=sbin \ + --libdir=lib \ + --includedir=include \ + --sysconfdir=etc \ + -Ddoc=enabled \ + -Dsystemd_files=enabled \ + -Dclient=enabled \ + -Dunit_tests=enabled \ + -Dmanaged_ta=enabled \ + -Dkeyfile_default=/var/lib/knot-resolver/root.keys \ + -Dinstall_root_keys=enabled \ + -Dinstall_kresd_conf=enabled; diff --git a/doc/.packaging/fedora/32/30/builddeps b/doc/.packaging/fedora/32/30/builddeps new file mode 100644 index 0000000..0a4b886 --- /dev/null +++ b/doc/.packaging/fedora/32/30/builddeps @@ -0,0 +1,4 @@ +doxygen +python3-sphinx +python3-breathe +python3-sphinx_rtd_theme diff --git a/doc/.packaging/fedora/32/30/install.sh b/doc/.packaging/fedora/32/30/install.sh new file mode 100755 index 0000000..3422d68 --- /dev/null +++ b/doc/.packaging/fedora/32/30/install.sh @@ -0,0 +1,3 @@ +#!/bin/sh +# SPDX-License-Identifier: GPL-3.0-or-later +ninja -C build_packaging doc diff --git a/doc/.packaging/fedora/32/build.sh b/doc/.packaging/fedora/32/build.sh new file mode 100755 index 0000000..68ea49e --- /dev/null +++ b/doc/.packaging/fedora/32/build.sh @@ -0,0 +1,20 @@ +#!/bin/sh +# SPDX-License-Identifier: GPL-3.0-or-later +[ -d /root/kresd/build_packaging ] && rm -rf /root/kresd/build_packaging/; +CFLAGS="$CFLAGS -Wall -pedantic -fno-omit-frame-pointer" +LDFLAGS="$LDFLAGS -Wl,--as-needed" +meson build_packaging \ + --buildtype=plain \ + --prefix=/root/kresd/install_packaging \ + --sbindir=sbin \ + --libdir=lib \ + --includedir=include \ + --sysconfdir=etc \ + -Ddoc=enabled \ + -Dsystemd_files=enabled \ + -Dclient=enabled \ + -Dunit_tests=enabled \ + -Dmanaged_ta=enabled \ + -Dkeyfile_default=/var/lib/knot-resolver/root.keys \ + -Dinstall_root_keys=enabled \ + -Dinstall_kresd_conf=enabled; diff --git a/doc/.packaging/fedora/32/builddeps b/doc/.packaging/fedora/32/builddeps new file mode 100644 index 0000000..0a4b886 --- /dev/null +++ b/doc/.packaging/fedora/32/builddeps @@ -0,0 +1,4 @@ +doxygen +python3-sphinx +python3-breathe +python3-sphinx_rtd_theme diff --git a/doc/.packaging/fedora/32/install.sh b/doc/.packaging/fedora/32/install.sh new file mode 100755 index 0000000..3422d68 --- /dev/null +++ b/doc/.packaging/fedora/32/install.sh @@ -0,0 +1,3 @@ +#!/bin/sh +# SPDX-License-Identifier: GPL-3.0-or-later +ninja -C build_packaging doc diff --git a/doc/.packaging/leap/15.2/build.sh b/doc/.packaging/leap/15.2/build.sh new file mode 100755 index 0000000..68ea49e --- /dev/null +++ b/doc/.packaging/leap/15.2/build.sh @@ -0,0 +1,20 @@ +#!/bin/sh +# SPDX-License-Identifier: GPL-3.0-or-later +[ -d /root/kresd/build_packaging ] && rm -rf /root/kresd/build_packaging/; +CFLAGS="$CFLAGS -Wall -pedantic -fno-omit-frame-pointer" +LDFLAGS="$LDFLAGS -Wl,--as-needed" +meson build_packaging \ + --buildtype=plain \ + --prefix=/root/kresd/install_packaging \ + --sbindir=sbin \ + --libdir=lib \ + --includedir=include \ + --sysconfdir=etc \ + -Ddoc=enabled \ + -Dsystemd_files=enabled \ + -Dclient=enabled \ + -Dunit_tests=enabled \ + -Dmanaged_ta=enabled \ + -Dkeyfile_default=/var/lib/knot-resolver/root.keys \ + -Dinstall_root_keys=enabled \ + -Dinstall_kresd_conf=enabled; diff --git a/doc/.packaging/leap/15.2/builddeps b/doc/.packaging/leap/15.2/builddeps new file mode 100644 index 0000000..60daf9c --- /dev/null +++ b/doc/.packaging/leap/15.2/builddeps @@ -0,0 +1,4 @@ +doxygen +python3-Sphinx +python3-breathe +python3-sphinx_rtd_theme diff --git a/doc/.packaging/leap/15.2/install.sh b/doc/.packaging/leap/15.2/install.sh new file mode 100755 index 0000000..3422d68 --- /dev/null +++ b/doc/.packaging/leap/15.2/install.sh @@ -0,0 +1,3 @@ +#!/bin/sh +# SPDX-License-Identifier: GPL-3.0-or-later +ninja -C build_packaging doc diff --git a/doc/.packaging/test.sh b/doc/.packaging/test.sh new file mode 100755 index 0000000..33bf175 --- /dev/null +++ b/doc/.packaging/test.sh @@ -0,0 +1,3 @@ +#!/bin/sh +# SPDX-License-Identifier: GPL-3.0-or-later +test -e ../doc/html/index.html diff --git a/doc/.packaging/ubuntu/16.04/build.sh b/doc/.packaging/ubuntu/16.04/build.sh new file mode 100755 index 0000000..e6084df --- /dev/null +++ b/doc/.packaging/ubuntu/16.04/build.sh @@ -0,0 +1,19 @@ +#!/bin/sh +# SPDX-License-Identifier: GPL-3.0-or-later +[ -d /root/kresd/build_packaging ] && rm -rf /root/kresd/build_packaging/; +CFLAGS="$CFLAGS -Wall -pedantic -fno-omit-frame-pointer" +LDFLAGS="$LDFLAGS -Wl,--as-needed" +meson build_packaging \ + --buildtype=plain \ + --prefix=/root/kresd/install_packaging \ + --libdir=lib \ + --default-library=static \ + -Ddoc=enabled \ + -Dsystemd_files=enabled \ + -Dclient=enabled \ + -Dkeyfile_default=/usr/share/dns/root.key \ + -Droot_hints=/usr/share/dns/root.hints \ + -Dinstall_kresd_conf=enabled \ + -Dunit_tests=enabled \ + -Dc_args="${CFLAGS}" \ + -Dc_link_args="${LDFLAGS}"; diff --git a/doc/.packaging/ubuntu/16.04/builddeps b/doc/.packaging/ubuntu/16.04/builddeps new file mode 100644 index 0000000..81b7a5b --- /dev/null +++ b/doc/.packaging/ubuntu/16.04/builddeps @@ -0,0 +1,4 @@ +doxygen +python3-sphinx +python3-breathe +python3-sphinx-rtd-theme diff --git a/doc/.packaging/ubuntu/16.04/install.sh b/doc/.packaging/ubuntu/16.04/install.sh new file mode 100755 index 0000000..3422d68 --- /dev/null +++ b/doc/.packaging/ubuntu/16.04/install.sh @@ -0,0 +1,3 @@ +#!/bin/sh +# SPDX-License-Identifier: GPL-3.0-or-later +ninja -C build_packaging doc diff --git a/doc/.packaging/ubuntu/18.04/build.sh b/doc/.packaging/ubuntu/18.04/build.sh new file mode 100755 index 0000000..e6084df --- /dev/null +++ b/doc/.packaging/ubuntu/18.04/build.sh @@ -0,0 +1,19 @@ +#!/bin/sh +# SPDX-License-Identifier: GPL-3.0-or-later +[ -d /root/kresd/build_packaging ] && rm -rf /root/kresd/build_packaging/; +CFLAGS="$CFLAGS -Wall -pedantic -fno-omit-frame-pointer" +LDFLAGS="$LDFLAGS -Wl,--as-needed" +meson build_packaging \ + --buildtype=plain \ + --prefix=/root/kresd/install_packaging \ + --libdir=lib \ + --default-library=static \ + -Ddoc=enabled \ + -Dsystemd_files=enabled \ + -Dclient=enabled \ + -Dkeyfile_default=/usr/share/dns/root.key \ + -Droot_hints=/usr/share/dns/root.hints \ + -Dinstall_kresd_conf=enabled \ + -Dunit_tests=enabled \ + -Dc_args="${CFLAGS}" \ + -Dc_link_args="${LDFLAGS}"; diff --git a/doc/.packaging/ubuntu/18.04/builddeps b/doc/.packaging/ubuntu/18.04/builddeps new file mode 100644 index 0000000..81b7a5b --- /dev/null +++ b/doc/.packaging/ubuntu/18.04/builddeps @@ -0,0 +1,4 @@ +doxygen +python3-sphinx +python3-breathe +python3-sphinx-rtd-theme diff --git a/doc/.packaging/ubuntu/18.04/install.sh b/doc/.packaging/ubuntu/18.04/install.sh new file mode 100755 index 0000000..3422d68 --- /dev/null +++ b/doc/.packaging/ubuntu/18.04/install.sh @@ -0,0 +1,3 @@ +#!/bin/sh +# SPDX-License-Identifier: GPL-3.0-or-later +ninja -C build_packaging doc diff --git a/doc/.packaging/ubuntu/20.04/build.sh b/doc/.packaging/ubuntu/20.04/build.sh new file mode 100755 index 0000000..e6084df --- /dev/null +++ b/doc/.packaging/ubuntu/20.04/build.sh @@ -0,0 +1,19 @@ +#!/bin/sh +# SPDX-License-Identifier: GPL-3.0-or-later +[ -d /root/kresd/build_packaging ] && rm -rf /root/kresd/build_packaging/; +CFLAGS="$CFLAGS -Wall -pedantic -fno-omit-frame-pointer" +LDFLAGS="$LDFLAGS -Wl,--as-needed" +meson build_packaging \ + --buildtype=plain \ + --prefix=/root/kresd/install_packaging \ + --libdir=lib \ + --default-library=static \ + -Ddoc=enabled \ + -Dsystemd_files=enabled \ + -Dclient=enabled \ + -Dkeyfile_default=/usr/share/dns/root.key \ + -Droot_hints=/usr/share/dns/root.hints \ + -Dinstall_kresd_conf=enabled \ + -Dunit_tests=enabled \ + -Dc_args="${CFLAGS}" \ + -Dc_link_args="${LDFLAGS}"; diff --git a/doc/.packaging/ubuntu/20.04/builddeps b/doc/.packaging/ubuntu/20.04/builddeps new file mode 100644 index 0000000..81b7a5b --- /dev/null +++ b/doc/.packaging/ubuntu/20.04/builddeps @@ -0,0 +1,4 @@ +doxygen +python3-sphinx +python3-breathe +python3-sphinx-rtd-theme diff --git a/doc/.packaging/ubuntu/20.04/install.sh b/doc/.packaging/ubuntu/20.04/install.sh new file mode 100755 index 0000000..3422d68 --- /dev/null +++ b/doc/.packaging/ubuntu/20.04/install.sh @@ -0,0 +1,3 @@ +#!/bin/sh +# SPDX-License-Identifier: GPL-3.0-or-later +ninja -C build_packaging doc diff --git a/doc/Doxyfile b/doc/Doxyfile new file mode 100644 index 0000000..d2f4c5b --- /dev/null +++ b/doc/Doxyfile @@ -0,0 +1,23 @@ +# SPDX-License-Identifier: GPL-3.0-or-later +PROJECT_NAME = Knot Resolver library +GENERATE_HTML = NO +GENERATE_XML = YES +GENERATE_LATEX = NO +GENERATE_MAN = NO +GENERATE_RTF = NO +CASE_SENSE_NAMES = NO +INPUT = ../lib ../daemon +FILE_PATTERNS = *.h +QUIET = YES +RECURSIVE = YES +JAVADOC_AUTOBRIEF = YES +AUTOLINK_SUPPORT = YES +XML_OUTPUT = doxyxml +HIDE_UNDOC_MEMBERS = YES +HIDE_UNDOC_CLASSES = YES +OPTIMIZE_OUTPUT_FOR_C = YES +ENABLE_PREPROCESSING = YES +MACRO_EXPANSION = YES +EXPAND_ONLY_PREDEF = YES +PREDEFINED = NDEBUG KR_CONST= KR_EXPORT= KR_PURE= lru_t(type)=see_source_code KR_PRINTF(n)= KR_COLD= array_t(type)=see_source_code __attribute__(x)= +EXCLUDE_SYMBOLS = static_assert uint set_walk_cb module_api_cb kr_prop_cb kr_straddr_split diff --git a/doc/NEWS.rst b/doc/NEWS.rst new file mode 100644 index 0000000..596484a --- /dev/null +++ b/doc/NEWS.rst @@ -0,0 +1,36 @@ +.. SPDX-License-Identifier: GPL-3.0-or-later + +.. _release_notes: + +************* +Release notes +************* + +Version numbering +================= +Version number format is ``major.minor.patch``. +Knot Resolver does not use semantic versioning even though the version number looks similar. + +Leftmost number which was changed signalizes what to expect when upgrading: + +Major version + * Manual upgrade steps might be necessary, please follow instructions in :ref:`Upgrading` section. + * Major releases may contain significant changes including changes to configuration format. + * We might release a new major also when internal implementation details change significantly. + +Minor version + * Configuration stays compatible with the previous version, except for undocumented or very obscure options. + * Upgrade should be seamless for users who use modules shipped as part of Knot Resolver distribution. + * Incompatible changes in internal APIs are allowed in minor versions. Users who develop or use custom modules + (i.e. modules not distributed together with Knot Resolver) need to double check their modules for incompatibilities. + :ref:`Upgrading` section should contain hints for module authors. + +Patch version + * Everything should be compatible with the previous version. + * API for modules should be stable on best effort basis, i.e. API is very unlikely to break in patch releases. + * Custom modules might need to be recompiled, i.e. ABI compatibility is not guaranteed. + +This definition is not applicable to versions older than 5.2.0. + +.. include:: ../NEWS + diff --git a/doc/README.md b/doc/README.md new file mode 100644 index 0000000..6860672 --- /dev/null +++ b/doc/README.md @@ -0,0 +1,27 @@ +## Documentation + +Each directory contains a README.md with the basic information, examples and usage. +It does not however contain API documentation, which is built separately in this directory. + +### Requirements + +The code is documented with [Doxygen][doxygen] JavaDoc style, a prettified documentation +also requires [breathe][breathe] and [Sphinx][sphinx] for building sane documentation pages. +It is not however required. + +[doxygen]:https://www.stack.nl/~dimitri/doxygen/manual/index.html +[breathe]: https://github.com/michaeljones/breathe +[sphinx]: http://sphinx-doc.org/ + +You can get the extra dependencies with pip: + +```sh +pip install -U Sphinx breathe +# Alternatively +pip -r doc/requirements.txt +``` + +### Building documentation + +If you satisfy the requirements, it's as easy as `make doc`, which builds the documentation in this folder. + diff --git a/doc/_static/.gitignore b/doc/_static/.gitignore new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/doc/_static/.gitignore diff --git a/doc/_static/css/custom.css b/doc/_static/css/custom.css new file mode 100644 index 0000000..e9ec794 --- /dev/null +++ b/doc/_static/css/custom.css @@ -0,0 +1,6 @@ +/* SPDX-License-Identifier: GPL-3.0-or-later */ +@import "theme.css"; + +table.docutils blockquote { + margin-left: 0; +} diff --git a/doc/_static/css/logo_colors.css b/doc/_static/css/logo_colors.css new file mode 100644 index 0000000..8774a8f --- /dev/null +++ b/doc/_static/css/logo_colors.css @@ -0,0 +1,36 @@ +.wy-side-nav-search { + background-color: #00a2e2; /* From logo manual */ +} +.wy-side-nav-search input[type=text] { + border-color: #45bfff; +} +.wy-side-nav-search div.version { + color: hsla(0,0%,100%,0.4); +} +.wy-nav-top { + background-color: #00a2e2; +} + +a { + color: #00a2e2; +} +a:hover { + color: #45bfff; +} +a:visited { + color: #00619c; +} +a:visited:hover { + color: #00a2e2; +} + +.wy-menu-vertical p.caption { + color: #00a2e2; +} + +.wy-menu-vertical a, .wy-menu-vertical a:hover, .wy-menu-vertical a:visited, +.wy-menu-vertical a:visited:hover { + /* This is here so that the a-rules above do not override the menu colors, + * which should remain grey */ + color: #d9d9d9; +} diff --git a/doc/_static/css/main.css b/doc/_static/css/main.css new file mode 100644 index 0000000..a6b5f35 --- /dev/null +++ b/doc/_static/css/main.css @@ -0,0 +1,2 @@ +@import "custom.css"; +@import "logo_colors.css"; diff --git a/doc/_static/logo-negativ.svg b/doc/_static/logo-negativ.svg new file mode 100644 index 0000000..ec6c90f --- /dev/null +++ b/doc/_static/logo-negativ.svg @@ -0,0 +1,40 @@ +<?xml version="1.0" encoding="utf-8"?> +<!-- Generator: Adobe Illustrator 23.0.6, SVG Export Plug-In . SVG Version: 6.00 Build 0) --> +<svg version="1.1" id="Vrstva_1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y="0px" + viewBox="0 0 600 161" style="enable-background:new 0 0 600 161;" xml:space="preserve" width="200" height="54"> +<style type="text/css"> + .st0{fill:#FFFFFF;} +</style> +<path class="st0" d="M158.6,80.6c0,24.2-10.7,45.8-27.7,60.4c1-4.9,1.5-9.9,1.5-15.1c0-15.8-4.7-30.5-12.7-42.9 + c-3.2,4.4-6.8,8.5-10.7,12.1c5.1,9.1,8,19.6,8,30.8c0,4.5-0.5,8.9-1.4,13.2c-0.1,0.5-0.2,0.9-0.3,1.4c-0.1,0.4-0.2,0.9-0.3,1.4 + c-0.5-0.1-0.9-0.2-1.4-0.4c-0.4-0.1-0.9-0.3-1.3-0.4c-14.6-4.8-26.9-14.7-34.8-27.6c-0.2-0.4-0.5-0.8-0.7-1.3 + c-0.3-0.4-0.5-0.8-0.7-1.2c-2.5-4.5-4.4-9.4-5.7-14.4c-0.1-0.5-0.2-0.9-0.3-1.4c-0.1-0.4-0.2-0.9-0.3-1.4c-0.9-4.3-1.4-8.7-1.4-13.2 + c0-4.5,0.5-8.9,1.4-13.2c-4.9-1.4-10-2.1-15.3-2.2c-1,5-1.5,10.1-1.5,15.4c0,5.3,0.5,10.4,1.5,15.4c0.1,0.5,0.2,0.9,0.3,1.4 + c0.1,0.5,0.2,1,0.3,1.4c1.2,5.3,3,10.3,5.3,15.2c0.2,0.4,0.4,0.9,0.6,1.3c0.2,0.5,0.4,0.9,0.7,1.4c9.3,18.1,25.4,32.1,44.9,38.8 + c-8.6,3.2-17.9,4.9-27.6,4.9c-39.6,0-72.5-28.8-78.7-66.7c0.3,0.3,0.7,0.6,1.1,0.9c13.9,12.2,32.2,19.7,52.1,19.7 + c1.3,0,2.6,0,3.9-0.1c-2.2-4.9-4-10-5.2-15.4c-15.8-0.3-30.3-6.4-41.2-16.3c-0.4-0.3-0.7-0.6-1-1c-0.3-0.3-0.7-0.7-1-1 + c0.3-0.3,0.7-0.7,1-1c0.3-0.3,0.7-0.7,1-1c11-9.9,25.4-16,41.2-16.3c0.4,0,0.8,0,1.2,0h0.2c0.5,0,1,0,1.5,0 + c5.3,0.1,10.4,0.9,15.4,2.3c0.4,0.1,0.9,0.3,1.3,0.4c0.5,0.1,0.9,0.3,1.3,0.4c8.5,2.8,16.3,7.3,22.8,13.2c3.7-3.6,6.9-7.7,9.6-12.1 + c-7.7-6.8-16.7-12.1-26.7-15.4c-0.4-0.2-0.9-0.3-1.3-0.4c-0.5-0.2-0.9-0.3-1.4-0.4c-5.1-1.5-10.3-2.6-15.8-3c-0.5-0.1-1-0.1-1.5-0.1 + c-0.5,0-1-0.1-1.5-0.1c-1.3-0.1-2.6-0.1-3.9-0.1c-19.9,0-38.2,7.4-52.1,19.6c-0.4,0.3-0.7,0.6-1.1,0.9C6.4,29.6,39.2,0.8,78.8,0.8 + c9.7,0,19,1.7,27.6,4.9c0,0,0,0,0,0C87,12.3,70.9,26.4,61.5,44.5c5.5,0.6,10.8,1.6,15.9,3.2c7.8-12.9,20.2-22.9,34.8-27.6 + c0.4-0.1,0.9-0.3,1.3-0.4c0.5-0.1,0.9-0.3,1.4-0.4c0.1,0.4,0.2,0.9,0.3,1.4c0.1,0.5,0.2,0.9,0.3,1.4c0.9,4.3,1.4,8.7,1.4,13.2 + c0,11.1-2.9,21.6-7.9,30.7c-0.2,0.4-0.5,0.8-0.7,1.2c-0.2,0.4-0.5,0.8-0.7,1.2c-2.7,4.4-6,8.5-9.7,12.1c-0.3,0.3-0.7,0.7-1,1 + c-0.3,0.3-0.7,0.7-1,1C89.3,88.4,81.5,92.9,73,95.7c1.3,5.1,3.3,9.9,5.8,14.4c9.9-3.4,18.9-8.7,26.7-15.5c0.4-0.3,0.7-0.6,1.1-1 + c0.4-0.3,0.7-0.6,1-1C111.4,89,115,85,118,80.6c0.3-0.4,0.6-0.8,0.9-1.2c0.3-0.4,0.6-0.8,0.8-1.3c8-12.4,12.7-27.1,12.7-42.9 + c0-5.2-0.5-10.2-1.5-15.1C147.9,34.8,158.6,56.4,158.6,80.6 M244.6,76.6L218,45.2l25.1-26.8h-17.6L204.6,42h-0.2V18.3h-13.8v58.3 + h13.8V49.8h0.2l21.7,26.8H244.6z M304.6,76.6V18.3h-13.7l0.3,38H291l-23.4-38h-16.1v58.3h13.7l-0.3-38.1h0.2l23.5,38.1H304.6z + M376.4,47.2c0-18.7-13.5-30.5-31.8-30.5c-18.2,0-31.7,11.8-31.7,30.5c0,18.4,13.5,31,31.7,31C362.9,78.2,376.4,65.7,376.4,47.2z + M361.3,47.2c0,10.5-6.9,18.1-16.7,18.1c-9.8,0-16.6-7.6-16.6-18.1c0-10.2,6.8-17.8,16.6-17.8C354.5,29.4,361.3,37,361.3,47.2z + M425.3,30.3v-12h-47v12h16.5v46.3h14.1V30.3H425.3z M238.2,142.8l-15.2-25c7.5-2.3,12.1-7.9,12.1-15.7c0-13.3-11.1-17.6-22.3-17.6 + h-22.2v58.3h13.8v-23.1h4.8l12.6,23.1H238.2z M221.2,102.4c0,5.9-5.7,7.1-10.2,7.1h-6.7V95.9h7.5C216,95.9,221.2,97,221.2,102.4z + M284.8,142.8v-12h-27.1v-12.1h24.2v-11.3h-24.2v-11h25.6V84.5h-39.2v58.3H284.8z M333.7,90.2c-5.1-4.7-12.5-7.2-19.1-7.2 + c-10.9,0-22.6,5.4-22.6,18.3c0,10.5,7.5,14.3,14.9,16.7c7.7,2.5,12.1,3.9,12.1,8.3c0,4.7-3.8,6.3-8.1,6.3c-4.6,0-9.8-2.6-12.6-6.2 + l-9.2,9.4c5.1,5.4,13.5,8.4,21.8,8.4c11.5,0,22.3-6,22.3-19.4c0-11.6-10.2-15-18.1-17.5c-5.5-1.7-9-3-9-6.8c0-4.6,4.5-5.8,8.2-5.8 + c3.6,0,8,2,10.4,5L333.7,90.2z M401.5,113.4c0-18.7-13.5-30.5-31.8-30.5c-18.2,0-31.7,11.8-31.7,30.5c0,18.4,13.5,31,31.7,31 + C388,144.4,401.5,131.9,401.5,113.4z M386.5,113.4c0,10.5-6.9,18.1-16.7,18.1c-9.8,0-16.6-7.6-16.6-18.1c0-10.2,6.8-17.8,16.6-17.8 + S386.5,103.2,386.5,113.4z M446.6,142.8v-12.3H424v-46h-14.2v58.3H446.6z M498.2,84.5h-15.6l-13.4,41.3h-0.3l-13.5-41.3h-15.8 + l22.1,58.3h14.1L498.2,84.5z M543.3,142.8v-12h-27.1v-12.1h24.2v-11.3h-24.2v-11h25.6V84.5h-39.2v58.3H543.3z M600,142.8l-15.2-25 + c7.5-2.3,12.1-7.9,12.1-15.7c0-13.3-11.1-17.6-22.3-17.6h-22.2v58.3h13.8v-23.1h4.8l12.6,23.1H600z M583,102.4 + c0,5.9-5.7,7.1-10.2,7.1h-6.7V95.9h7.5C577.8,95.9,583,97,583,102.4z"/> +</svg> diff --git a/doc/build.rst b/doc/build.rst new file mode 100644 index 0000000..09b314d --- /dev/null +++ b/doc/build.rst @@ -0,0 +1,291 @@ +.. SPDX-License-Identifier: GPL-3.0-or-later + +.. _build: + +Building from sources +===================== + +.. note:: Latest up-to-date packages for various distribution can be obtained + from web `<https://knot-resolver.cz/download/>`_. + +Knot Resolver is written for UNIX-like systems using modern C standards. +Beware that some 64-bit systems with LuaJIT 2.1 may be affected by +`a problem <https://github.com/LuaJIT/LuaJIT/blob/v2.1.0-beta3/doc/status.html#L100>`_ +-- Linux on x86_64 is unaffected but `Linux on aarch64 is +<https://gitlab.nic.cz/knot/knot-resolver/issues/216>`_. + +.. code-block:: bash + + $ git clone --recursive https://gitlab.nic.cz/knot/knot-resolver.git + +Dependencies +------------ + +.. note:: This section lists basic requirements. Individual modules + might have additional build or runtime dependencies. + +The following dependencies are needed to build and run Knot Resolver: + +.. csv-table:: + :header: "Requirement", "Notes" + + "ninja", "*build only*" + "meson >= 0.49", "*build only* [#]_" + "C and C++ compiler", "*build only* [#]_" + "`pkg-config`_", "*build only* [#]_" + "libknot_ 3.0.2+", "Knot DNS libraries" + "LuaJIT_ 2.0+", "Embedded scripting language" + "libuv_ 1.7+", "Multiplatform I/O and services" + "lmdb", "Memory-mapped database for cache" + "GnuTLS", "TLS" + +There are also *optional* packages that enable specific functionality in Knot +Resolver: + +.. TODO cqueues is really used on multiple places, sometimes indirectly + +.. csv-table:: + :header: "Optional", "Needed for", "Notes" + + "jemalloc_", "``daemon``", "Improve long-term memory consumption." + "nghttp2_", "``daemon``", "DNS over HTTPS support." + "libsystemd_", "``daemon``", "Systemd watchdog support." + "`libcap-ng`_", "``daemon``", "Linux capabilities: support dropping them." + "`lua-basexx`_", "``config tests``", "Number base encoding/decoding for Lua." + "`lua-http`_", "``modules/http``", "HTTP/2 client/server for Lua." + "`lua-cqueues`_", "some lua modules", "" + "cmocka_", "``unit tests``", "Unit testing framework." + "dnsdist_", "``proxyv2 test``", "DNS proxy server" + "Doxygen_", "``documentation``", "Generating API documentation." + "Sphinx_ and sphinx_rtd_theme_", "``documentation``", "Building this + documentation." + "Texinfo_", "``documentation``", "Generating this documentation in Info + format." + "breathe_", "``documentation``", "Exposing Doxygen API doc to Sphinx." + "libprotobuf_ 3.0+", "``modules/dnstap``", "Protocol Buffers support for + dnstap_." + "`libprotobuf-c`_ 1.0+", "``modules/dnstap``", "C bindings for Protobuf." + "libfstrm_ 0.2+", "``modules/dnstap``", "Frame Streams data transport + protocol." + "luacheck_", "``lint-lua``", "Syntax and static analysis checker for Lua." + "`clang-tidy`_", "``lint-c``", "Syntax and static analysis checker for C." + "luacov_", "``check-config``", "Code coverage analysis for Lua modules." + +.. [#] If ``meson >= 0.49`` isn't available for your distro, check backports + repository or use python pip to install it. +.. [#] Requires ``__attribute__((cleanup))`` and ``-MMD -MP`` for + dependency file generation. We test GCC and Clang, and ICC is likely to work as well. +.. [#] You can use variables ``<dependency>_CFLAGS`` and ``<dependency>_LIBS`` + to configure dependencies manually (i.e. ``libknot_CFLAGS`` and + ``libknot_LIBS``). + +Packaged dependencies +~~~~~~~~~~~~~~~~~~~~~ + +.. note:: Some build dependencies can be found in + `home:CZ-NIC:knot-resolver-build + <https://build.opensuse.org/project/show/home:CZ-NIC:knot-resolver-build>`_. + +On reasonably new systems most of the dependencies can be resolved from packages, +here's an overview for several platforms. + +* **Debian/Ubuntu** - Current stable doesn't have new enough Meson + and libknot. Use repository above or build them yourself. Fresh list of dependencies can be found in `Debian control file in our repo <https://gitlab.nic.cz/knot/knot-resolver/blob/master/distro/deb/control>`_, search for "Build-Depends". + +* **CentOS/Fedora/RHEL/openSUSE** - Fresh list of dependencies can be found in `RPM spec file in our repo <https://gitlab.nic.cz/knot/knot-resolver/blob/master/distro/rpm/knot-resolver.spec>`_, search for "BuildRequires". + +* **FreeBSD** - when installing from ports, all dependencies will install + automatically, corresponding to the selected options. +* **Mac OS X** - the dependencies can be obtained from `Homebrew formula <https://formulae.brew.sh/formula/knot-resolver>`_. + +Compilation +----------- + +.. note:: + + Knot Resolver uses `Meson Build system <https://mesonbuild.com/>`_. + Shell snippets below should be sufficient for basic usage + but users unfamiliar with Meson Build might want to read introductory + article `Using Meson <https://mesonbuild.com/Quick-guide.html>`_. + +Following example script will: + + - create new build directory named ``build_dir`` + - configure installation path ``/tmp/kr`` + - enable static build (to allow installation to non-standard path) + - build Knot Resolver + - install it into the previously configured path + +.. code-block:: bash + + $ meson setup build_dir --prefix=/tmp/kr --default-library=static + $ ninja -C build_dir + $ ninja install -C build_dir + +At this point you can execute the newly installed binary using path ``/tmp/kr/sbin/kresd``. + +.. note:: When compiling on OS X, creating a shared library is currently not + possible when using luajit package from Homebrew due to `#37169 + <https://github.com/Homebrew/homebrew-core/issues/37169>`_. + +Build options +~~~~~~~~~~~~~ + +It's possible to change the compilation with build options. These are useful to +packagers or developers who wish to customize the daemon behaviour, run +extended test suites etc. By default, these are all set to sensible values. + +For complete list of build options create a build directory and run: + +.. code-block:: bash + + $ meson setup build_dir + $ meson configure build_dir + +To customize project build options, use ``-Doption=value`` when creating +a build directory: + +.. code-block:: bash + + $ meson setup build_dir -Ddoc=enabled + +... or change options in an already existing build directory: + +.. code-block:: bash + + $ meson configure build_dir -Ddoc=enabled + + +.. _build-custom-flags: + +Customizing compiler flags +~~~~~~~~~~~~~~~~~~~~~~~~~~ + +If you'd like to use customize the build, see meson's `built-in options +<https://mesonbuild.com/Builtin-options.html>`_. For hardening, see ``b_pie``. + +For complete control over the build flags, use ``--buildtype=plain`` and set +``CFLAGS``, ``LDFLAGS`` when creating the build directory with ``meson`` +command. + +.. include:: ../tests/README.rst + +.. _build-html-doc: + +Documentation +------------- + +To check for documentation dependencies and allow its installation, use +``-Ddoc=enabled``. The documentation doesn't build automatically. Instead, +target ``doc`` must be called explicitly. + +.. code-block:: bash + + $ meson configure build_dir -Ddoc=enabled + $ ninja -C build_dir doc + +Tarball +------- + +Released tarballs are available from `<https://knot-resolver.cz/download/>`_ + +To make a release tarball from git, use the following command. The + +.. code-block:: bash + + $ ninja -C build_dir dist + +It's also possible to make a development snapshot tarball: + +.. code-block:: bash + + $ ./scripts/make-archive.sh + +.. _packaging: + +Packaging +--------- + +Recommended build options for packagers: + +* ``--buildtype=release`` for default flags (optimization, asserts, ...). For complete control over flags, use ``plain`` and see :ref:`build-custom-flags`. +* ``--prefix=/usr`` to customize + prefix, other directories can be set in a similar fashion, see ``meson setup + --help`` +* ``-Dsystemd_files=enabled`` for systemd unit files +* ``-Ddoc=enabled`` for offline documentation (see :ref:`build-html-doc`) +* ``-Dinstall_kresd_conf=enabled`` to install default config file +* ``-Dclient=enabled`` to force build of kresc +* ``-Dunit_tests=enabled`` to force build of unit tests + +Systemd +~~~~~~~ + +It's recommended to use the upstream system unit files. If any customizations +are required, drop-in files should be used, instead of patching/changing the +unit files themselves. + +To install systemd unit files, use the ``-Dsystemd_files=enabled`` build option. + +To support enabling services after boot, you must also link ``kresd.target`` to +``multi-user.target.wants``: + +.. code-block:: bash + + ln -s ../kresd.target /usr/lib/systemd/system/multi-user.target.wants/kresd.target + +Trust anchors +~~~~~~~~~~~~~ + +If the target distro has externally managed (read-only) DNSSEC trust anchors +or root hints use this: + +* ``-Dkeyfile_default=/usr/share/dns/root.key`` +* ``-Droot_hints=/usr/share/dns/root.hints`` +* ``-Dmanaged_ta=disabled`` + +In case you want to have automatically managed DNSSEC trust anchors instead, +set ``-Dmanaged_ta=enabled`` and make sure both ``keyfile_default`` file and +its parent directories are writable by kresd process (after package installation!). + +Docker image +------------ + +Visit `hub.docker.com/r/cznic/knot-resolver +<https://hub.docker.com/r/cznic/knot-resolver/>`_ for instructions how to run +the container. + +For development, it's possible to build the container directly from your git tree: + +.. code-block:: bash + + $ docker build -t knot-resolver . + + +.. _jemalloc: https://jemalloc.net +.. _libuv: https://github.com/libuv/libuv +.. _LuaJIT: http://luajit.org/luajit.html +.. _Doxygen: https://www.doxygen.nl/manual/index.html +.. _breathe: https://github.com/michaeljones/breathe +.. _Sphinx: http://sphinx-doc.org/ +.. _sphinx_rtd_theme: https://pypi.python.org/pypi/sphinx_rtd_theme +.. _Texinfo: https://www.gnu.org/software/texinfo/ +.. _pkg-config: https://www.freedesktop.org/wiki/Software/pkg-config/ +.. _libknot: https://gitlab.nic.cz/knot/knot-dns +.. _cmocka: https://cmocka.org/ +.. _dnsdist: https://dnsdist.org/ +.. _lua-basexx: https://github.com/aiq/basexx +.. _lua-http: https://luarocks.org/modules/daurnimator/http +.. _lua-cqueues: https://25thandclement.com/~william/projects/cqueues.html +.. _deckard: https://gitlab.nic.cz/knot/deckard +.. _nghttp2: https://nghttp2.org/ +.. _libsystemd: https://www.freedesktop.org/wiki/Software/systemd/ +.. _`libcap-ng`: https://people.redhat.com/sgrubb/libcap-ng/ +.. _dnstap: http://dnstap.info/ +.. _libprotobuf: https://developers.google.com/protocol-buffers/ +.. _libprotobuf-c: https://github.com/protobuf-c/protobuf-c/wiki +.. _libfstrm: https://github.com/farsightsec/fstrm +.. _luacheck: http://luacheck.readthedocs.io +.. _clang-tidy: http://clang.llvm.org/extra/clang-tidy/index.html +.. _luacov: https://lunarmodules.github.io/luacov/ +.. _lcov: http://ltp.sourceforge.net/coverage/lcov.php diff --git a/doc/conf.py b/doc/conf.py new file mode 100644 index 0000000..9dc0f67 --- /dev/null +++ b/doc/conf.py @@ -0,0 +1,99 @@ +# SPDX-License-Identifier: GPL-3.0-or-later +# -*- coding: utf-8 -*- + +import os +import re +import subprocess + +import sphinx_rtd_theme + +# -- General configuration ----------------------------------------------------- + +if os.environ.get('READTHEDOCS', None) == 'True': + subprocess.call('doxygen') + +# Add any Sphinx extension module names here, as strings. +extensions = ['sphinx.ext.todo', 'sphinx.ext.viewcode', 'breathe'] + +theme_major = sphinx_rtd_theme.__version__.partition('.')[0] +if theme_major == '2': + extensions.append('sphinxcontrib.jquery') + +# Breathe configuration +breathe_projects = {"libkres": "doxyxml"} +breathe_default_project = "libkres" +breathe_domain_by_extension = {"h": "c"} + +# The suffix of source filenames. +source_suffix = '.rst' +master_doc = 'index' + +# General information about the project. +project = u'Knot Resolver' +copyright = u'CZ.NIC labs' +with open('../meson.build') as f: + for line in f: + match = re.match(r"\s*version\s*:\s*'([^']+)'.*", line) + if match is not None: + version = match.groups()[0] +release = version + +# List of patterns, relative to source directory, that match files and +# directories to ignore when looking for source files. +exclude_patterns = ['_build'] + +# The name of the Pygments (syntax highlighting) style to use. +pygments_style = 'sphinx' +highlight_language = 'c' +primary_domain = 'py' + +# -- Options for HTML output --------------------------------------------------- + +# Add any paths that contain custom static files (such as style sheets) here, +# relative to this directory. They are copied after the builtin static files, +# so a file named "default.css" will overwrite the builtin "default.css". +html_static_path = ['_static'] + +# Output file base name for HTML help builder. +htmlhelp_basename = 'apidoc' + +# Theme +html_theme = 'sphinx_rtd_theme' +html_theme_path = [sphinx_rtd_theme.get_html_theme_path()] + +html_theme_options = { + 'logo_only': True, # if we have a html_logo below, this shows only the logo with no title text + # ToC options + 'collapse_navigation': False, + 'sticky_navigation': True, +} +html_logo = '_static/logo-negativ.svg' +html_style = 'css/main.css' + +# -- Options for LaTeX output -------------------------------------------------- + +# Grouping the document tree into LaTeX files. List of tuples +# (source start file, target name, title, author, documentclass [howto/manual]). +latex_documents = [ + ('index', 'format.tex', u'Knot Resolver', + u'CZ.NIC Labs', 'manual'), +] + +# -- Options for manual page output -------------------------------------------- + +# One entry per manual page. List of tuples +# (source start file, name, description, authors, manual section). +man_pages = [ + ('index', 'libkres', u'libkres documentation', + [u'CZ.NIC Labs'], 1) +] + +# -- Options for Texinfo output ------------------------------------------------ + +# Grouping the document tree into Texinfo files. List of tuples +# (source start file, target name, title, author, +# dir menu entry, description, category) +texinfo_documents = [ + ('index', 'knot-resolver', u'Knot Resolver', u'CZ.NIC Labs', + 'Knot Resolver', 'Caching DNS resolver.', 'Network services'), +] diff --git a/doc/config-answer-reordering.rst b/doc/config-answer-reordering.rst new file mode 100644 index 0000000..624e7d4 --- /dev/null +++ b/doc/config-answer-reordering.rst @@ -0,0 +1,17 @@ +.. SPDX-License-Identifier: GPL-3.0-or-later + +Answer reordering +================= +Certain clients are "dumb" and always connect to first IP address or name found +in a DNS answer received from resolver instead of picking randomly. +As a workaround for such broken clients it is possible to randomize +order of records in DNS answers sent by resolver: + +.. function:: reorder_RR([true | false]) + + :param boolean new_value: ``true`` to enable or ``false`` to disable randomization *(optional)* + :return: The (new) value of the option + + If set, resolver will vary the order of resource records within RR sets. + It is enabled by default since 5.3.0. + diff --git a/doc/config-debugging.rst b/doc/config-debugging.rst new file mode 100644 index 0000000..520c2db --- /dev/null +++ b/doc/config-debugging.rst @@ -0,0 +1,35 @@ +.. SPDX-License-Identifier: GPL-3.0-or-later + +Debugging options +================= + +In case the resolver crashes, it is often helpful to collect a coredump from +the crashed process. Configuring the system to collect coredump from crashed +process is out of the scope of this documentation, but some tips can be found +`here <https://lists.nic.cz/hyperkitty/list/knot-resolver-users@lists.nic.cz/message/GUHW4JSDXZ6SZUAYYQ3U2WWOZEIVVF2S/>`_. + +Kresd uses its own mechanism for assertions. They are checks that should always +pass and indicate some weird or unexpected state if they don't. In such cases, +they show up in the log as errors. By default, the process recovers from those +states if possible, but the behaviour can be changed with the following options +to aid further debugging. + +.. envvar:: debugging.assertion_abort = false|true + + :return: boolean (default: false in meson's release mode, true otherwise) + + Allow the process to be aborted in case it encounters a failed assertion. + (Some critical conditions always lead to abortion, regardless of settings.) + +.. envvar:: debugging.assertion_fork = milliseconds + + :return: int (default: 5 minutes in meson's release mode, 0 otherwise) + + If a process should be aborted, it can be done in two ways. When this is + set to nonzero (default), a child is forked and aborted to obtain a coredump, + while the parent process recovers and keeps running. This can be useful to + debug a rare issue that occurs in production, since it doesn't affect the + main process. + + As the dumping can be costly, the value is a lower bound on delay between + consecutive coredumps of each process. It is randomized by +-25% each time. diff --git a/doc/config-dnssec.rst b/doc/config-dnssec.rst new file mode 100644 index 0000000..f20e2b3 --- /dev/null +++ b/doc/config-dnssec.rst @@ -0,0 +1,17 @@ +.. SPDX-License-Identifier: GPL-3.0-or-later + +.. _dnssec-config: + +************************* +DNSSEC, data verification +************************* + +Good news! Knot Resolver uses secure configuration by default, and this configuration +should not be changed unless absolutely necessary, so feel free to skip over this section. + +.. include:: ../daemon/lua/trust_anchors.rst + +DNSSEC is main technology to protect data, but it is also possible to change how strictly +resolver checks data from insecure DNS zones: + +.. include:: ../lib/layer/mode.rst diff --git a/doc/config-experimental.rst b/doc/config-experimental.rst new file mode 100644 index 0000000..f709c1c --- /dev/null +++ b/doc/config-experimental.rst @@ -0,0 +1,14 @@ +.. SPDX-License-Identifier: GPL-3.0-or-later + +********************* +Experimental features +********************* + +Following functionality and APIs are in continuous development. +Features in this section may changed, replaced or dropped in any release. + +.. toctree:: + :maxdepth: 1 + + daemon-scripting + modules-experimental_dot_auth diff --git a/doc/config-logging-header.rst b/doc/config-logging-header.rst new file mode 100644 index 0000000..551b1be --- /dev/null +++ b/doc/config-logging-header.rst @@ -0,0 +1,9 @@ +.. SPDX-License-Identifier: GPL-3.0-or-later + +Logging API +=========== + +.. _config_log_groups: + +.. doxygenfile:: lib/log.h + :project: libkres diff --git a/doc/config-logging-monitoring.rst b/doc/config-logging-monitoring.rst new file mode 100644 index 0000000..8a2a25b --- /dev/null +++ b/doc/config-logging-monitoring.rst @@ -0,0 +1,101 @@ +.. SPDX-License-Identifier: GPL-3.0-or-later + +******************************** +Logging, monitoring, diagnostics +******************************** + +To read service logs use commands usual for your distribution. +E.g. on distributions using systemd-journald use command ``journalctl -u kresd@* -f``. + +Knot Resolver supports 6 logging levels - ``crit``, ``err``, ``warning``, +``notice``, ``info``, ``debug``. All levels with the same meaning as is defined +in ``syslog.h``. It is possible change logging level using +:func:`log_level` function. + +.. code-block:: lua + + log_level('debug') -- too verbose for normal usage + +Logging level ``notice`` is set after start by default, +so logs from Knot Resolver should contain only couple lines a day. +For debugging purposes it is possible to use the very verbose ``debug`` level, +but that is generally not usable unless restricted in some way (see below). + +In addition to levels, logging is also divided into the +:ref:`groups <config_log_groups>`. All groups +are logged by default, but you can enable ``debug`` level for selected groups using +:func:`log_groups` function. Other groups are logged to the log level +set by :func:`log_level`. + +It is also possible to enable ``debug`` logging level for particular requests, +with :ref:`policies <mod-policy-logging>` or as :ref:`an HTTP service <mod-http-trace>`. + +Less verbose logging for DNSSEC validation errors can be enabled by using :ref:`mod-bogus_log` module. + +.. py:function:: log_level([level]) + + :param: string ``'crit'``, ``'err'``, ``'warning'``, ``'notice'``, + ``'info'`` or ``'debug'`` + :return: string Current logging level. + + Pass a string to set the global logging level. + + .. py:function:: verbose([true | false]) + + .. deprecated:: 5.4.0 + Use :func:`log_level` instead. + + :param: ``true`` enable ``debug`` level, ``false`` switch to default level (``notice``). + :return: boolean ``true`` when ``debug`` level is enabled. + + Toggle between ``debug`` and ``notice`` log level. Use only for debugging purposes. + On busy systems verbose logging can produce several MB of logs per + second and will slow down operation. + +.. py:function:: log_target(target) + + :param: string ``'syslog'``, ``'stderr'``, ``'stdout'`` + :return: string Current logging target. + + Knot Resolver logs to standard error stream by default, + but typical systemd units change that to ``'syslog'``. + That setting logs directly through systemd's facilities + (if available) to preserve more meta-data. + +.. py:function:: log_groups([table]) + + :param: table of string(s) representing :ref:`log groups <config_log_groups>` + :return: table of string with currently set log groups + + Use to turn-on debug logging for the selected groups regardless of the global + log level. Calling with no argument lists the currently active log groups. To + remove all log groups, call the function with an empty table. + + .. code-block:: lua + + log_groups({'io', 'tls'} -- turn on debug logging for io and tls groups + log_groups() -- list active log groups + log_groups({}) -- remove all log groups + +Various statistics for monitoring purposes are available in :ref:`mod-stats` module, including export to central systems like Graphite, Metronome, InfluxDB, or Prometheus format. + +Resolver :ref:`mod-watchdog` is tool to detect and recover from potential bugs that cause the resolver to stop responding properly to queries. + +Additional monitoring and debugging methods are described below. If none of these options fits your deployment or if you have special needs you can configure your own checks and exports using :ref:`async-events`. + +.. toctree:: + :maxdepth: 1 + + modules-bogus_log + modules-stats + daemon-bindings-worker + modules-nsid + modules-http-trace + modules-watchdog + modules-dnstap + modules-ta_sentinel + modules-ta_signal_query + modules-detect_time_skew + modules-detect_time_jump + config-debugging + config-logging-header diff --git a/doc/config-network-forwarding.rst b/doc/config-network-forwarding.rst new file mode 100644 index 0000000..1da0997 --- /dev/null +++ b/doc/config-network-forwarding.rst @@ -0,0 +1,38 @@ +.. SPDX-License-Identifier: GPL-3.0-or-later + +Forwarding +---------- + +*Forwarding* configuration instructs resolver to forward cache-miss queries from clients to manually specified DNS resolvers *(upstream servers)*. In other words the *forwarding* mode does exact opposite of the default *recursive* mode because resolver in *recursive* mode automatically selects which servers to ask. + +Main use-cases are: + + - Building a tree structure of DNS resolvers to improve performance (by improving cache hit rate). + - Accessing domains which are not available using recursion (e.g. if internal company servers return different answers than public ones). + - Forwarding through a central DNS traffic filter. + +Forwarding implementation in Knot Resolver has following properties: + + - Answers from *upstream* servers are cached. + - Answers from *upstream* servers are locally DNSSEC-validated, unless :func:`policy.STUB` is used. + - Resolver automatically selects which IP address from given set of IP addresses will be used (based on performance characteristics). + - Forwarding can use either unencrypted DNS protocol, or :ref:`tls-forwarding`. + +.. warning:: + + We strongly discourage use of "fake top-level domains" like ``corp.`` because these made-up domains are indistinguishable from an attack, so DNSSEC validation will prevent such domains from working. If you *really* need a variant of forwarding which does not DNSSEC-validate received data please see chapter :ref:`dns-graft`. In long-term it is better to migrate data into a legitimate, properly delegated domains which do not suffer from these security problems. + + +Simple examples for **unencrypted** forwarding: + +.. code-block:: lua + + -- forward all traffic to specified IP addresses (selected automatically) + policy.add(policy.all(policy.FORWARD({'2001:db8::1', '192.0.2.1'}))) + + -- forward only queries for names under domain example.com to a single IP address + policy.add(policy.suffix(policy.FORWARD('192.0.2.1'), {todname('example.com.')})) + +To configure encrypted version please see chapter :ref:`tls-forwarding`. + +Forwarding is documented in depth together with rest of :ref:`mod-policy`. diff --git a/doc/config-network.rst b/doc/config-network.rst new file mode 100644 index 0000000..2faac0e --- /dev/null +++ b/doc/config-network.rst @@ -0,0 +1,64 @@ +.. SPDX-License-Identifier: GPL-3.0-or-later + +.. _network-configuration: + +************************ +Networking and protocols +************************ + +This section describes configuration of network interfaces +and protocols. Please keep in mind that DNS resolvers act +as *DNS server* and *DNS client* at the same time, +and that these roles require different configuration. + +This picture illustrates different actors involved DNS resolution process, +supported protocols, and clarifies what we call *server configuration* +and *client configuration*. + +.. image:: server_terminology.svg + +*Attribution: Icons by Bernar Novalyi from the Noun Project* + +For *resolver's clients* the resolver itself acts as a DNS server. + +After receiving a query the resolver will attempt to find +answer in its cache. If the data requested by resolver's +client is not available in resolver's cache (so-called *cache-miss*) +the resolver will attempt to obtain the data from servers *upstream* +(closer to the source of information), so at this point the resolver +itself acts like a DNS client and will send DNS query to other servers. + +By default the Knot Resolver works in recursive mode, i.e. +the resolver will contact authoritative servers on the Internet. +Optionally it can be configured in forwarding mode, +where cache-miss queries are *forwarded to another DNS resolver* +for processing. + +Server (communication with clients) +=================================== + +.. toctree:: + :maxdepth: 2 + + daemon-bindings-net_server + daemon-bindings-net_tlssrv + modules-http + +Client (retrieving answers from servers) +======================================== + +Following chapters describe basic configuration of how resolver retrieves data from other *(upstream)* servers. Data processing is also affected by configured policies, see chapter :ref:`policies` for more advanced usage. + +.. toctree:: + :maxdepth: 2 + + daemon-bindings-net_client + config-network-forwarding + +DNS protocol tweaks +=================== + +.. toctree:: + :maxdepth: 2 + + daemon-bindings-net_dns_tweaks diff --git a/doc/config-no-systemd-privileges.rst b/doc/config-no-systemd-privileges.rst new file mode 100644 index 0000000..e2c2ab9 --- /dev/null +++ b/doc/config-no-systemd-privileges.rst @@ -0,0 +1,65 @@ +.. SPDX-License-Identifier: GPL-3.0-or-later + +Privileges and capabilities +=========================== + +The kresd daemon requires privileges when it is configured to bind to +well-known ports. There are multiple ways to achieve this. + +Using capabilities +^^^^^^^^^^^^^^^^^^ + +The most secure and recommended way is to use capabilities and execute kresd as +an unprivileged user. + +* ``CAP_NET_BIND_SERVICE`` is required to bind to well-known ports. +* ``CAP_SETPCAP`` when this capability is available, kresd drops any extra + capabilities after the daemon successfully starts when running as + a non-root user. + +Running as non-privileged user +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +Another possibility is to start the process as privileged user and then switch +to a non-privileged user after binding to network interfaces. + +.. function:: user(name, [group]) + + :param string name: user name + :param string group: group name (optional) + :return: boolean + + Drop privileges and start running as given user (and group, if provided). + + .. tip:: Note that you should bind to required network addresses before + changing user. At the same time, you should open the cache **AFTER** you + change the user (so it remains accessible). A good practice is to divide + configuration in two parts: + + .. code-block:: lua + + -- privileged + net.listen('127.0.0.1') + net.listen('::1') + user('knot-resolver', 'netgrp') + -- unprivileged + cache.size = 100*MB + + Example output: + + .. code-block:: lua + + > user('baduser') + invalid user name + > user('knot-resolver', 'netgrp') + true + > user('root') + Operation not permitted + +Running as root +^^^^^^^^^^^^^^^ + +.. warning:: Executing processes as root is generally insecure, as these + processes have unconstrained access to the complete system at runtime. + +While not recommended, it is also possible to run kresd directly as root. diff --git a/doc/config-no-systemd-processes.rst b/doc/config-no-systemd-processes.rst new file mode 100644 index 0000000..59aed1b --- /dev/null +++ b/doc/config-no-systemd-processes.rst @@ -0,0 +1,25 @@ +.. SPDX-License-Identifier: GPL-3.0-or-later + +Process management +================== + +There following should be taken into consideration when running without systemd: + +* To utilize multiple CPUs, kresd has to be executed as several independent + processes. +* Maintenance daemon(s) have to be executed separately. +* If a process crashes, it might be useful to restart it. +* Using some mechanism similar to :ref:`mod-watchdog` might be desirable to + recover in case a process becomes unresponsive. + +Please note, systemd isn't the only process manager and other solutions exist, +such as supervisord_. Configuring these is out of the scope of this +document. Please refer to their respective documentations. + +It is also possible to use kresd without any process management at all, which +may be suitable for some purposes (such as low-traffic local / home network resolver, +testing, development or debugging). + +.. include:: ../utils/cache_gc/README.rst + +.. _`supervisord`: http://supervisord.org/ diff --git a/doc/config-no-systemd.rst b/doc/config-no-systemd.rst new file mode 100644 index 0000000..a8cbb09 --- /dev/null +++ b/doc/config-no-systemd.rst @@ -0,0 +1,37 @@ +.. SPDX-License-Identifier: GPL-3.0-or-later + +.. _usage-without-systemd: + +********************* +Usage without systemd +********************* + +.. tip:: Our upstream packages use systemd integration, which is the recommended + way to run kresd. This section is only relevant if you choose to use kresd + without systemd integration. + +Knot Resolver is designed to be a single process without the use of threads. +While the cache is shared, the individual processes are independent. This +approach has several benefits, but it also comes with a few downsides, in +particular: + +* Without the use of threads or forking (deprecated, see `#529`_), multiple + processes aren't managed in any way by kresd. +* There is no maintenance thread and these tasks have to be handled by separate + daemon(s) (such as :ref:`garbage-collector`). + +To offset these these disadvantages without implementing process management in +kresd (and reinventing the wheel), Knot Resolver provides integration with +systemd, which is widely used across GNU/Linux distributions. + +If your use-case doesn't support systemd (e.g. using macOS, FreeBSD, Docker, +OpenWrt, Turris), this section describes the differences and things to keep in +mind when configuring and running kresd without systemd integration. + +.. toctree:: + :maxdepth: 2 + + config-no-systemd-processes + config-no-systemd-privileges + +.. _`#529`: https://gitlab.nic.cz/knot/knot-resolver/issues/529 diff --git a/doc/config-overview.rst b/doc/config-overview.rst new file mode 100644 index 0000000..0aec51c --- /dev/null +++ b/doc/config-overview.rst @@ -0,0 +1,98 @@ +.. SPDX-License-Identifier: GPL-3.0-or-later + +********************** +Configuration Overview +********************** + +Configuration file is named ``/etc/knot-resolver/kresd.conf`` and is read when +you execute Knot Resolver using systemd commands described in section +:ref:`quickstart-startup`. [#]_ + +.. _config-syntax: + +Syntax +====== + +The configuration file syntax allows you to specify different kinds of data: + + - ``group.option = 123456`` + - ``group.option = "string value"`` + - ``group.command(123456, "string value")`` + - ``group.command({ key1 = "value1", key2 = 222, key3 = "third value" })`` + - ``globalcommand(a_parameter_1, a_parameter_2, a_parameter_3, etc)`` + - ``-- any text after -- sign is ignored till end of line`` + +Following **configuration file snippet** starts listening for unencrypted and also encrypted DNS queries on IP address 192.0.2.1, and sets cache size. + +.. code-block:: lua + + -- this is a comment: listen for unencrypted queries + net.listen('192.0.2.1') + -- another comment: listen for queries encrypted using TLS on port 853 + net.listen('192.0.2.1', 853, { kind = 'tls' }) + -- 10 MB cache is suitable for a very small deployment + cache.size = 10 * MB + +.. tip:: + When copy&pasting examples from this manual please pay close + attention to brackets and also line ordering - order of lines matters. + + The configuration language is in fact Lua script, so you can use full power + of this programming language. See article + `Learn Lua in 15 minutes`_ for a syntax overview. + +When you modify configuration file on disk restart resolver process to get +changes into effect. See chapter :ref:`systemd-zero-downtime-restarts` if even short +outages are not acceptable for your deployment. + +.. [#] If you decide to run binary ``/usr/sbin/kresd`` manually (instead of + using systemd) do not forget to specify ``-c`` option with path to + configuration file, otherwise ``kresd`` will read file named ``config`` from + its current working directory. + +Documentation Conventions +========================= + +Besides text configuration file, Knot Resolver also supports interactive and dynamic configuration using scripts or external systems, which is described in chapter :ref:`runtime-cfg`. Through this manual we present examples for both usage types - static configuration in a text file (see above) and also the interactive mode. + +The **interactive prompt** is denoted by ``>``, so all examples starting with ``>`` character are transcripts of user (or script) interaction with Knot Resolver and resolver's responses. For example: + +.. code-block:: lua + + > -- this is a comment entered into interactive prompt + > -- comments have no effect here + > -- the next line shows a command entered interactively and its output + > log_level() + 'notice' + > -- the previous line without > character is output from log_level() command + +Following example demonstrates how to interactively list all currently loaded modules, and includes multi-line output: + +.. code-block:: lua + + > modules.list() + { + 'iterate', + 'validate', + 'cache', + 'ta_update', + 'ta_signal_query', + 'policy', + 'priming', + 'detect_time_skew', + 'detect_time_jump', + 'ta_sentinel', + 'edns_keepalive', + 'refuse_nord', + 'watchdog', + } + + +Before we dive into configuring features, let us explain modularization basics. + +.. include:: ../daemon/bindings/modules.rst + +Now you know what configuration file to modify, how to read examples and what modules are so you are ready for a real configuration work! + +.. _`Learn Lua in 15 minutes`: http://tylerneylon.com/a/learn-lua/ + diff --git a/doc/config-performance.rst b/doc/config-performance.rst new file mode 100644 index 0000000..9df0f93 --- /dev/null +++ b/doc/config-performance.rst @@ -0,0 +1,36 @@ +.. SPDX-License-Identifier: GPL-3.0-or-later + +.. _performance: + +************************** +Performance and resiliency +************************** + +For DNS resolvers, the most important parameter from performance perspective +is cache hit rate, i.e. percentage of queries answered from resolver's cache. +Generally the higher cache hit rate the better. + +Performance tunning should start with cache :ref:`cache_sizing` +and :ref:`cache_persistence`. + +It is also recommended to run :ref:`systemd-multiple-instances` (even on a +single machine!) because it allows to utilize multiple CPU threads and +increases overall resiliency. + +Other features described in this section can be used for fine-tunning +performance and resiliency of the resolver but generally have much smaller +impact than cache settings and number of instances. + +.. toctree:: + :maxdepth: 1 + + daemon-bindings-cache + systemd-multiinst + modules-predict + modules-prefill + modules-serve_stale + modules-rfc7706 + modules-priming + modules-edns_keepalive + daemon-bindings-net_xdpsrv + diff --git a/doc/config-policy.rst b/doc/config-policy.rst new file mode 100644 index 0000000..2b34a54 --- /dev/null +++ b/doc/config-policy.rst @@ -0,0 +1,41 @@ +.. SPDX-License-Identifier: GPL-3.0-or-later + +.. _policies: + +***************************************** +Policy, access control, data manipulation +***************************************** + +Features in this section allow to configure what clients can get access to what +DNS data, i.e. DNS data filtering and manipulation. + +:ref:`mod-policy` specify global policies applicable to all requests, +e.g. for blocking access to particular domain. :ref:`mod-view` allow +to specify per-client policies, e.g. block or unblock access +to a domain only for subset of clients. + +It is also possible to modify data returned to clients, either by providing +:ref:`mod-hints` (answers with statically configured IP addresses), +:ref:`mod-dns64` translation, or :ref:`mod-renumber`. + +Additional modules offer protection against various DNS-based attacks, +see :ref:`mod-rebinding` and :ref:`mod-refuse_nord`. + +At the very end, module :ref:`mod-daf` provides HTTP API for run-time policy +modification, and generally just offers different interface for previously +mentioned features. + + +.. toctree:: + :maxdepth: 1 + + modules-policy + modules-view + modules-hints + modules-dns64 + modules-renumber + config-answer-reordering + modules-rebinding + modules-refuse_nord + modules-daf + diff --git a/doc/daemon-bindings-cache.rst b/doc/daemon-bindings-cache.rst new file mode 120000 index 0000000..d5d3ee7 --- /dev/null +++ b/doc/daemon-bindings-cache.rst @@ -0,0 +1 @@ +../daemon/bindings/cache.rst
\ No newline at end of file diff --git a/doc/daemon-bindings-net_client.rst b/doc/daemon-bindings-net_client.rst new file mode 120000 index 0000000..c96fc76 --- /dev/null +++ b/doc/daemon-bindings-net_client.rst @@ -0,0 +1 @@ +../daemon/bindings/net_client.rst
\ No newline at end of file diff --git a/doc/daemon-bindings-net_dns_tweaks.rst b/doc/daemon-bindings-net_dns_tweaks.rst new file mode 120000 index 0000000..ee7e98a --- /dev/null +++ b/doc/daemon-bindings-net_dns_tweaks.rst @@ -0,0 +1 @@ +../daemon/bindings/net_dns_tweaks.rst
\ No newline at end of file diff --git a/doc/daemon-bindings-net_server.rst b/doc/daemon-bindings-net_server.rst new file mode 120000 index 0000000..b6cf46c --- /dev/null +++ b/doc/daemon-bindings-net_server.rst @@ -0,0 +1 @@ +../daemon/bindings/net_server.rst
\ No newline at end of file diff --git a/doc/daemon-bindings-net_tlssrv.rst b/doc/daemon-bindings-net_tlssrv.rst new file mode 120000 index 0000000..2e38daa --- /dev/null +++ b/doc/daemon-bindings-net_tlssrv.rst @@ -0,0 +1 @@ +../daemon/bindings/net_tlssrv.rst
\ No newline at end of file diff --git a/doc/daemon-bindings-net_xdpsrv.rst b/doc/daemon-bindings-net_xdpsrv.rst new file mode 120000 index 0000000..da7870b --- /dev/null +++ b/doc/daemon-bindings-net_xdpsrv.rst @@ -0,0 +1 @@ +../daemon/bindings/net_xdpsrv.rst
\ No newline at end of file diff --git a/doc/daemon-bindings-worker.rst b/doc/daemon-bindings-worker.rst new file mode 120000 index 0000000..3ea3e61 --- /dev/null +++ b/doc/daemon-bindings-worker.rst @@ -0,0 +1 @@ +../daemon/bindings/worker.rst
\ No newline at end of file diff --git a/doc/daemon-scripting.rst b/doc/daemon-scripting.rst new file mode 120000 index 0000000..482b759 --- /dev/null +++ b/doc/daemon-scripting.rst @@ -0,0 +1 @@ +../daemon/scripting.rst
\ No newline at end of file diff --git a/doc/flowcharts/io_and_worker.dia b/doc/flowcharts/io_and_worker.dia Binary files differnew file mode 100644 index 0000000..8c5a755 --- /dev/null +++ b/doc/flowcharts/io_and_worker.dia diff --git a/doc/flowcharts/task_ERD.dia b/doc/flowcharts/task_ERD.dia Binary files differnew file mode 100644 index 0000000..2bc065b --- /dev/null +++ b/doc/flowcharts/task_ERD.dia diff --git a/doc/flowcharts/tcp_task.dia b/doc/flowcharts/tcp_task.dia Binary files differnew file mode 100644 index 0000000..6ad58f3 --- /dev/null +++ b/doc/flowcharts/tcp_task.dia diff --git a/doc/flowcharts/udp_task.dia b/doc/flowcharts/udp_task.dia Binary files differnew file mode 100644 index 0000000..6fb8628 --- /dev/null +++ b/doc/flowcharts/udp_task.dia diff --git a/doc/index.rst b/doc/index.rst new file mode 100644 index 0000000..f5d9d42 --- /dev/null +++ b/doc/index.rst @@ -0,0 +1,63 @@ +.. SPDX-License-Identifier: GPL-3.0-or-later + +############# +Knot Resolver +############# + +Knot Resolver is a minimalistic implementation of a caching validating DNS resolver. +Modular architecture keeps the core tiny and efficient, +and it provides a state-machine like API for extensions. + +.. toctree:: + :caption: Quick Start + :name: quickstart + :maxdepth: 1 + + quickstart-install + quickstart-startup + quickstart-config + +.. _configuration-chapter: + +.. toctree:: + :caption: Configuration + :name: users + :maxdepth: 3 + + config-overview + config-network + config-performance + config-policy + config-logging-monitoring + config-dnssec + config-experimental + config-no-systemd + +.. _operation-chapter: + +.. toctree:: + :caption: Operation + :maxdepth: 1 + + upgrading + NEWS + +.. toctree:: + :caption: Developers + :name: developers + :maxdepth: 2 + + build + modules-http-custom-services + lib + modules_api + worker_api + + +Indices and tables +================== + +* :ref:`genindex` +* :ref:`modindex` +* :ref:`search` + diff --git a/doc/kresd.8.in b/doc/kresd.8.in new file mode 100644 index 0000000..b052a5a --- /dev/null +++ b/doc/kresd.8.in @@ -0,0 +1,122 @@ +.TH "kresd" "8" "@date@" "CZ.NIC" "Knot Resolver @version@" +.\" +.\" kresd.8 -- kresd daemon manpage +.\" +.\" Copyright (c) CZ.NIC. All rights reserved. +.\" +.\" SPDX-License-Identifier: GPL-3.0-or-later +.\" +.\" +.SH "NAME" +.B kresd +\- full caching DNSSEC-enabled Knot Resolver @version@. +.SH "SYNOPSIS" +.B kresd +.RB [ \-a | \-\-addr +.IR addr[@port] ] +.RB [ \-t | \-\-tls +.IR addr[@port] ] +.RB [ \-S | \-\-fd +.IR fd ] +.RB [ \-T | \-\-tlsfd +.IR fd ] +.RB [ \-c | \-\-config +.IR config ] +.RB [ \-n | \-\-noninteractive ] +.RB [ \-q | \-\-quiet ] +.RB [ \-v | \-\-verbose ] +.RB [ \-V | \-\-version ] +.RB [ \-h | \-\-help ] +.IR [rundir] +.SH "DESCRIPTION" +.B Knot Resolver is a DNSSEC-enabled full caching resolver. +.P +Default mode of operation: when it receives a DNS query it iteratively +asks authoritative nameservers starting from root zone (.) and ending +with a nameservers authoritative for queried name. Automatic DNSSEC means +verification of integrity of authoritative responses by following +keys and signatures starting from root. Root trust anchor is automatically +bootstrapped from IANA, or you can provide a file with root trust anchors +(same format as Unbound or BIND9 root keys file). + +The daemon also caches intermediate answers into cache, which by default +uses LMDB memory-mapped database. This has a significant advantage over +in-memory caches as the process may be stopped and restarted without +loss of cache entries. In multi-user scenario a shared cache +is potential privacy/security issue, with kresd each user can have resolver cache +in their private directory and use it in similar fashion to keychain. + +.P +To use a locally running +.B kresd +for resolving put +.sp +.RS 6n +nameserver 127.0.0.1 +.RE +.sp +into +.IR resolv.conf (5) +and start +.B kresd + +.P +The daemon may be configured also as a plain forwarder using query policies. +This requires using a config file. Please refer to documentation for +configuration file options. It is available at +\fIhttps://knot-resolver.readthedocs.io\fR or in package documentation +(available as knot-resolver-doc package in most distributions). + +The available CLI options are: +.TP +.B \-a\fI addr[@port]\fR, \fB\-\-addr=\fI<addr[@port]> +Listen on given address (and port) pair. If no port is given, \fI53\fR is used as a default. +Option may be passed multiple times to listen on more addresses. +.TP +.B \-t\fI addr[@port]\fR, \fB\-\-tls=\fI<addr[@port]> +Listen using TLS on given address (and port) pair. If no port is +given, \fI853\fR is used as a default. Option may be passed multiple +times to listen on more addresses. +.TP +.B \-S\fI fd\fR, \fB\-\-fd=\fI<fd> +Listen on given file descriptor(s), passed by supervisor. +Option may be passed multiple times to listen on more file descriptors. +.TP +.B \-T\fI fd\fR, \-\-tlsfd=\fI<fd> +Listen using TLS on given file descriptor(s), passed by supervisor. +Option may be passed multiple times to listen on more file descriptors. +.TP +.B \-c\fI config\fR, \fB\-\-config=\fI<config> +Set the config file with settings for kresd to read instead of reading the +file at the default location (\fIconfig\fR). +.TP +.B \-f\fI N\fR, \fB\-\-forks=\fI<N> +This option is deprecated since 5.0.0! + +With this option, the daemon is started in non-interactive mode and instead creates a +UNIX socket in \fIrundir\fR that the operator can connect to for interactive session. +A number greater than 1 forks the daemon N times, all forks will bind to same addresses +and the kernel will load-balance between them on Linux with \fISO_REUSEPORT\fR support. + +If you want multiple concurrent processes supervised in this way, +they should be supervised independently (see \fBkresd.systemd(7)\fR). +.TP +.B \-n\fR, \fB\-\-noninteractive +Daemon will refrain from entering into read-eval-print loop for stdin+stdout. +.TP +.B \-q\fR, \fB\-\-quiet +Daemon will refrain from printing the command prompt. +.TP +.B \-v\fR, \fB\-\-verbose +Increase logging to debug level. +.TP +.B \-h +Show short command-line option help. +.TP +.B \-V +Show the version. +.SH "SEE ALSO" +@man_seealso_systemd@\fIhttps://knot-resolver.readthedocs.io/en/v@version@/\fR +.SH "AUTHORS" +.B kresd +developers are mentioned in the AUTHORS file in the distribution. diff --git a/doc/lib.rst b/doc/lib.rst new file mode 100644 index 0000000..33e2ff3 --- /dev/null +++ b/doc/lib.rst @@ -0,0 +1,70 @@ +.. SPDX-License-Identifier: GPL-3.0-or-later + +.. _lib_index: + +.. include:: ../lib/README.rst + +API reference +============= + +.. warning:: This section is generated with doxygen and breathe. Due to their + limitations, some symbols may be incorrectly described or missing entirely. + For exhaustive and accurate reference, refer to the header files instead. + +.. contents:: + :depth: 1 + :local: + +.. _lib_api_rplan: + +Name resolution +--------------- + +.. doxygenfile:: resolve.h + :project: libkres +.. doxygenfile:: rplan.h + :project: libkres + +.. _lib_api_cache: + +Cache +----- + +.. doxygenfile:: cache/api.h + :project: libkres + +.. doxygenfile:: cache/impl.h + :project: libkres + +.. _lib_api_nameservers: + +Nameservers +----------- + +.. doxygenfile:: selection.h + :project: libkres +.. doxygenfile:: zonecut.h + :project: libkres + +.. _lib_api_modules: + +Modules +------- + +.. doxygenfile:: module.h + :project: libkres + +.. doxygenfile:: layer.h + :project: libkres + +Utilities +--------- + +.. doxygenfile:: utils.h + :project: libkres +.. doxygenfile:: defines.h + :project: libkres + +.. _lib_generics: + +.. include:: ../lib/generic/README.rst diff --git a/doc/meson.build b/doc/meson.build new file mode 100644 index 0000000..72a8a7b --- /dev/null +++ b/doc/meson.build @@ -0,0 +1,79 @@ +# documentation +# SPDX-License-Identifier: GPL-3.0-or-later + +# man page +man_config = configuration_data() +man_config.set('version', meson.project_version()) +man_config.set('date', run_command('../scripts/get-date.sh', check: true).stdout()) + +man_config.set('man_seealso_systemd', '') +if systemd_files == 'enabled' + man_config.set('man_seealso_systemd', '\\fIkresd.systemd(7)\\fR, ') +endif + +man_kresd = configure_file( + input: 'kresd.8.in', + output: 'kresd.8', + configuration: man_config, +) +install_man(man_kresd) + + +# html and info documentation +if get_option('doc') == 'enabled' + message('--- doc dependencies ---') + doxygen = find_program('doxygen') + sphinx_build = find_program('sphinx-build-3', required: false) + if not sphinx_build.found() + sphinx_build = find_program('sphinx-build') + endif + makeinfo = find_program('makeinfo', required: false) + + # python dependencies: breathe, sphinx_rtd_theme + python_breathe = run_command('python3', '-c', 'import breathe', check: false) + if python_breathe.returncode() != 0 + # some distros might use python2 sphinx + python_breathe = run_command('python2', '-c', 'import breathe', check: false) + if python_breathe.returncode() != 0 + error('missing doc dependency: python breathe') + else + python_sphinx_rtd_theme = run_command('python2', '-c', 'import sphinx_rtd_theme', check: false) + if python_sphinx_rtd_theme.returncode() != 0 + error('missing doc dependency: python sphinx_rtd_theme') + endif + endif + else + python_sphinx_rtd_theme = run_command('python3', '-c', 'import sphinx_rtd_theme', check: false) + if python_sphinx_rtd_theme.returncode() != 0 + error('missing doc dependency: python sphinx_rtd_theme') + endif + endif + message('------------------------') + + # install html docs + install_subdir( + meson.current_source_dir() / 'html', + install_dir: doc_dir, + ) + + if makeinfo.found() + # install info docs + install_subdir( + meson.current_source_dir() / 'texinfo' / '.install', + strip_directory: true, + install_dir: info_dir, + ) + endif +endif + +make_doc = find_program('../scripts/make-doc.sh') +run_target( + 'doc', + command: make_doc, +) + + +run_target( + 'doc-strict', + command: [make_doc, '-W'], +) diff --git a/doc/modules-bogus_log.rst b/doc/modules-bogus_log.rst new file mode 120000 index 0000000..61ead50 --- /dev/null +++ b/doc/modules-bogus_log.rst @@ -0,0 +1 @@ +../modules/bogus_log/README.rst
\ No newline at end of file diff --git a/doc/modules-daf.rst b/doc/modules-daf.rst new file mode 120000 index 0000000..7715ed6 --- /dev/null +++ b/doc/modules-daf.rst @@ -0,0 +1 @@ +../modules/daf/README.rst
\ No newline at end of file diff --git a/doc/modules-detect_time_jump.rst b/doc/modules-detect_time_jump.rst new file mode 120000 index 0000000..2821482 --- /dev/null +++ b/doc/modules-detect_time_jump.rst @@ -0,0 +1 @@ +../modules/detect_time_jump/README.rst
\ No newline at end of file diff --git a/doc/modules-detect_time_skew.rst b/doc/modules-detect_time_skew.rst new file mode 120000 index 0000000..f0c0d14 --- /dev/null +++ b/doc/modules-detect_time_skew.rst @@ -0,0 +1 @@ +../modules/detect_time_skew/README.rst
\ No newline at end of file diff --git a/doc/modules-dns64.rst b/doc/modules-dns64.rst new file mode 120000 index 0000000..792753a --- /dev/null +++ b/doc/modules-dns64.rst @@ -0,0 +1 @@ +../modules/dns64/README.rst
\ No newline at end of file diff --git a/doc/modules-dnstap.rst b/doc/modules-dnstap.rst new file mode 120000 index 0000000..f77d78e --- /dev/null +++ b/doc/modules-dnstap.rst @@ -0,0 +1 @@ +../modules/dnstap/README.rst
\ No newline at end of file diff --git a/doc/modules-edns_keepalive.rst b/doc/modules-edns_keepalive.rst new file mode 120000 index 0000000..ec7a358 --- /dev/null +++ b/doc/modules-edns_keepalive.rst @@ -0,0 +1 @@ +../modules/edns_keepalive/README.rst
\ No newline at end of file diff --git a/doc/modules-experimental_dot_auth.rst b/doc/modules-experimental_dot_auth.rst new file mode 120000 index 0000000..c5bbfdc --- /dev/null +++ b/doc/modules-experimental_dot_auth.rst @@ -0,0 +1 @@ +../modules/experimental_dot_auth/README.rst
\ No newline at end of file diff --git a/doc/modules-hints.rst b/doc/modules-hints.rst new file mode 120000 index 0000000..1606310 --- /dev/null +++ b/doc/modules-hints.rst @@ -0,0 +1 @@ +../modules/hints/README.rst
\ No newline at end of file diff --git a/doc/modules-http-custom-services.rst b/doc/modules-http-custom-services.rst new file mode 120000 index 0000000..5cbc7ec --- /dev/null +++ b/doc/modules-http-custom-services.rst @@ -0,0 +1 @@ +../modules/http/custom_services.rst
\ No newline at end of file diff --git a/doc/modules-http-trace.rst b/doc/modules-http-trace.rst new file mode 120000 index 0000000..c11fca0 --- /dev/null +++ b/doc/modules-http-trace.rst @@ -0,0 +1 @@ +../modules/http/trace.rst
\ No newline at end of file diff --git a/doc/modules-http.rst b/doc/modules-http.rst new file mode 120000 index 0000000..3fc5fec --- /dev/null +++ b/doc/modules-http.rst @@ -0,0 +1 @@ +../modules/http/README.rst
\ No newline at end of file diff --git a/doc/modules-nsid.rst b/doc/modules-nsid.rst new file mode 120000 index 0000000..7ea4cc7 --- /dev/null +++ b/doc/modules-nsid.rst @@ -0,0 +1 @@ +../modules/nsid/README.rst
\ No newline at end of file diff --git a/doc/modules-policy.rst b/doc/modules-policy.rst new file mode 120000 index 0000000..690a2b5 --- /dev/null +++ b/doc/modules-policy.rst @@ -0,0 +1 @@ +../modules/policy/README.rst
\ No newline at end of file diff --git a/doc/modules-predict.rst b/doc/modules-predict.rst new file mode 120000 index 0000000..a4a8424 --- /dev/null +++ b/doc/modules-predict.rst @@ -0,0 +1 @@ +../modules/predict/README.rst
\ No newline at end of file diff --git a/doc/modules-prefill.rst b/doc/modules-prefill.rst new file mode 120000 index 0000000..cfa8384 --- /dev/null +++ b/doc/modules-prefill.rst @@ -0,0 +1 @@ +../modules/prefill/README.rst
\ No newline at end of file diff --git a/doc/modules-priming.rst b/doc/modules-priming.rst new file mode 120000 index 0000000..a36c3bf --- /dev/null +++ b/doc/modules-priming.rst @@ -0,0 +1 @@ +../modules/priming/README.rst
\ No newline at end of file diff --git a/doc/modules-rebinding.rst b/doc/modules-rebinding.rst new file mode 120000 index 0000000..a8e9d01 --- /dev/null +++ b/doc/modules-rebinding.rst @@ -0,0 +1 @@ +../modules/rebinding/README.rst
\ No newline at end of file diff --git a/doc/modules-refuse_nord.rst b/doc/modules-refuse_nord.rst new file mode 120000 index 0000000..22e585c --- /dev/null +++ b/doc/modules-refuse_nord.rst @@ -0,0 +1 @@ +../modules/refuse_nord/README.rst
\ No newline at end of file diff --git a/doc/modules-renumber.rst b/doc/modules-renumber.rst new file mode 120000 index 0000000..1764c78 --- /dev/null +++ b/doc/modules-renumber.rst @@ -0,0 +1 @@ +../modules/renumber/README.rst
\ No newline at end of file diff --git a/doc/modules-rfc7706.rst b/doc/modules-rfc7706.rst new file mode 120000 index 0000000..11b5c3d --- /dev/null +++ b/doc/modules-rfc7706.rst @@ -0,0 +1 @@ +../modules/rfc7706.rst
\ No newline at end of file diff --git a/doc/modules-serve_stale.rst b/doc/modules-serve_stale.rst new file mode 120000 index 0000000..98fa531 --- /dev/null +++ b/doc/modules-serve_stale.rst @@ -0,0 +1 @@ +../modules/serve_stale/README.rst
\ No newline at end of file diff --git a/doc/modules-stats.rst b/doc/modules-stats.rst new file mode 120000 index 0000000..c8c5583 --- /dev/null +++ b/doc/modules-stats.rst @@ -0,0 +1 @@ +../modules/stats/README.rst
\ No newline at end of file diff --git a/doc/modules-ta_sentinel.rst b/doc/modules-ta_sentinel.rst new file mode 120000 index 0000000..669e5a4 --- /dev/null +++ b/doc/modules-ta_sentinel.rst @@ -0,0 +1 @@ +../modules/ta_sentinel/README.rst
\ No newline at end of file diff --git a/doc/modules-ta_signal_query.rst b/doc/modules-ta_signal_query.rst new file mode 120000 index 0000000..15e5d67 --- /dev/null +++ b/doc/modules-ta_signal_query.rst @@ -0,0 +1 @@ +../modules/ta_signal_query/README.rst
\ No newline at end of file diff --git a/doc/modules-view.rst b/doc/modules-view.rst new file mode 120000 index 0000000..da22833 --- /dev/null +++ b/doc/modules-view.rst @@ -0,0 +1 @@ +../modules/view/README.rst
\ No newline at end of file diff --git a/doc/modules-watchdog.rst b/doc/modules-watchdog.rst new file mode 120000 index 0000000..ac7d547 --- /dev/null +++ b/doc/modules-watchdog.rst @@ -0,0 +1 @@ +../modules/watchdog/README.rst
\ No newline at end of file diff --git a/doc/modules_api.rst b/doc/modules_api.rst new file mode 100644 index 0000000..05f7407 --- /dev/null +++ b/doc/modules_api.rst @@ -0,0 +1,6 @@ +.. SPDX-License-Identifier: GPL-3.0-or-later + +.. _modules: + +.. include:: ../modules/README.rst + diff --git a/doc/quickstart-config.rst b/doc/quickstart-config.rst new file mode 100644 index 0000000..df0fed4 --- /dev/null +++ b/doc/quickstart-config.rst @@ -0,0 +1,209 @@ +.. SPDX-License-Identifier: GPL-3.0-or-later + +.. _quickstart-config: + +************* +Configuration +************* + +.. contents:: + :depth: 1 + :local: + +.. note:: + + When copy&pasting examples from this manual please pay close + attention to brackets and also line ordering - order of lines matters. + + The configuration language is in fact Lua script, so you can use full power + of this programming language. See article + `Learn Lua in 15 minutes`_ for a syntax overview. + +Easiest way to configure Knot Resolver is to paste your configuration into +configuration file ``/etc/knot-resolver/kresd.conf``. +Complete configurations files for examples in this chapter +can be found `here <https://gitlab.nic.cz/knot/knot-resolver/tree/master/etc/config>`_. +The example configuration files are also installed as documentation files, typically in directory ``/usr/share/doc/knot-resolver/examples/`` (their location may be different based on your Linux distribution). +Detailed configuration of daemon and implemented modules can be found in configuration reference: + + +Listening on network interfaces +=============================== + +Network interfaces to listen on and supported protocols are configured using :func:`net.listen()` function. + +The following configuration instructs Knot Resolver to receive standard unencrypted DNS queries on IP addresses `192.0.2.1` and `2001:db8::1`. Encrypted DNS queries are accepted using DNS-over-TLS protocol on all IP addresses configured on network interface `eth0`, TCP port 853. + +.. code-block:: lua + + -- unencrypted DNS on port 53 is default + net.listen('192.0.2.1') + net.listen('2001:db8::1') + net.listen(net.eth0, 853, { kind = 'tls' }) + +.. warning:: + + On machines with multiple IP addresses on the same interface avoid listening on wildcards ``0.0.0.0`` or ``::``. + Knot Resolver could answer from different IP addresses if the network address ranges + overlap, and clients would refuse such a response. + + +Scenario: Internal Resolver +=========================== + +This is an example of typical configuration for company-internal resolver which is not accessible from outside of company network. + +Internal-only domains +^^^^^^^^^^^^^^^^^^^^^ + +An internal-only domain is a domain not accessible from the public Internet. +In order to resolve internal-only domains a query policy has to be added to forward queries to a correct internal server. +This configuration will forward two listed domains to a DNS server with IP address ``192.0.2.44``. + +.. code-block:: lua + + -- define list of internal-only domains + internalDomains = policy.todnames({'company.example', 'internal.example'}) + + -- forward all queries belonging to domains in the list above to IP address '192.0.2.44' + policy.add(policy.suffix(policy.FLAGS({'NO_CACHE'}), internalDomains)) + policy.add(policy.suffix(policy.STUB({'192.0.2.44'}), internalDomains)) + +See chapter :ref:`dns-graft` for more details. + + +.. _ispresolver: + +Scenario: ISP Resolver +====================== + +The following configuration is typical for Internet Service Providers who offer DNS resolver +service to their own clients in their own network. Please note that running a *public DNS resolver* +is more complicated and not covered by this quick start guide. + +Limiting client access +^^^^^^^^^^^^^^^^^^^^^^ +With exception of public resolvers, a DNS resolver should resolve only queries sent by clients in its own network. This restriction limits attack surface on the resolver itself and also for the rest of the Internet. + +In a situation where access to DNS resolver is not limited using IP firewall, you can implement access restrictions using the :ref:`view module <mod-view>` which combines query source information with :ref:`policy rules <mod-policy>`. +Following configuration allows only queries from clients in subnet 192.0.2.0/24 and refuses all the rest. + +.. code-block:: lua + + modules.load('view') + + -- whitelist queries identified by subnet + view:addr('192.0.2.0/24', policy.all(policy.PASS)) + + -- drop everything that hasn't matched + view:addr('0.0.0.0/0', policy.all(policy.DROP)) + +TLS server configuration +^^^^^^^^^^^^^^^^^^^^^^^^ +Today clients are demanding secure transport for DNS queries between client machine and DNS resolver. The recommended way to achieve this is to start DNS-over-TLS server and accept also encrypted queries. + +First step is to enable TLS on listening interfaces: + +.. code-block:: lua + + net.listen('192.0.2.1', 853, { kind = 'tls' }) + net.listen('2001::db8:1', 853, { kind = 'tls' }) + +By default a self-signed certificate is generated. +Second step is then obtaining and configuring your own TLS certificates +signed by a trusted CA. Once the certificate was obtained a path to certificate files can be specified using function :func:`net.tls()`: + +.. code-block:: lua + + net.tls("/etc/knot-resolver/server-cert.pem", "/etc/knot-resolver/server-key.pem") + + +Mandatory domain blocking +^^^^^^^^^^^^^^^^^^^^^^^^^ + +Some jurisdictions mandate blocking access to certain domains. This can be achieved using following :ref:`policy rule <mod-policy>`: + +.. code-block:: lua + + policy.add( + policy.suffix(policy.DENY, + policy.todnames({'example.com.', 'blocked.example.net.'}))) + + + +.. _personalresolver: + +Scenario: Personal Resolver +=========================== + +DNS queries can be used to gather data about user behavior. +Knot Resolver can be configured to forward DNS queries elsewhere, +and to protect them from eavesdropping by TLS encryption. + +.. warning:: + + Latest research has proven that encrypting DNS traffic is not sufficient to protect privacy of users. + For this reason we recommend all users to use full VPN instead of encrypting *just* DNS queries. + Following configuration is provided **only for users who cannot encrypt all their traffic**. + For more information please see following articles: + + - Simran Patil and Nikita Borisov. 2019. What can you learn from an IP? (`slides <https://irtf.org/anrw/2019/slides-anrw19-final44.pdf>`_, `the article itself <https://dl.acm.org/authorize?N687437>`_) + - `Bert Hubert. 2019. Centralised DoH is bad for Privacy, in 2019 and beyond <https://labs.ripe.net/Members/bert_hubert/centralised-doh-is-bad-for-privacy-in-2019-and-beyond>`_ + + +Forwarding over TLS protocol (DNS-over-TLS) +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +Forwarding over TLS protocol protects DNS queries sent out by resolver. +It can be configured using :ref:`policy.TLS_FORWARD <tls-forwarding>` function which provides methods for authentication. +See list of `DNS Privacy Test Servers`_ supporting DNS-over-TLS to test your configuration. + +Read more on :ref:`tls-forwarding`. + + +Forwarding to multiple targets +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +With the use of :any:`policy.slice` function, it is possible to split the +entire DNS namespace into distinct "slices". When used in conjunction with +:ref:`policy.TLS_FORWARD <tls-forwarding>`, it's possible to forward different queries to different +remote resolvers. As a result no single remote resolver will get complete list +of all queries performed by this client. + +.. warning:: + + Beware that this method has not been scientifically tested and there might be + types of attacks which will allow remote resolvers to infer more information about the client. + Again: If possible encrypt **all** your traffic and not just DNS queries! + +.. code-block:: lua + + policy.add(policy.slice( + policy.slice_randomize_psl(), + policy.TLS_FORWARD({{'192.0.2.1', hostname='res.example.com'}}), + policy.TLS_FORWARD({ + -- multiple servers can be specified for a single slice + -- the one with lowest round-trip time will be used + {'193.17.47.1', hostname='odvr.nic.cz'}, + {'185.43.135.1', hostname='odvr.nic.cz'}, + }) + )) + +Non-persistent cache +^^^^^^^^^^^^^^^^^^^^ +Knot Resolver's cache contains data clients queried for. +If you are concerned about attackers who are able to get access to your +computer system in power-off state and your storage device is not secured by +encryption you can move the cache to tmpfs_. +See chapter :ref:`cache_persistence`. + + +.. raw:: html + + <h2>Next steps</h2> + +Congratulations! Your resolver is now up and running and ready for queries. For +serious deployments do not forget to read :ref:`configuration-chapter` and +:ref:`operation-chapter` chapters. + +.. _`Learn Lua in 15 minutes`: http://tylerneylon.com/a/learn-lua/ +.. _`DNS Privacy Test Servers`: https://dnsprivacy.org/wiki/display/DP/DNS+Privacy+Test+Servers +.. _tmpfs: https://en.wikipedia.org/wiki/Tmpfs diff --git a/doc/quickstart-install.rst b/doc/quickstart-install.rst new file mode 100644 index 0000000..329fb63 --- /dev/null +++ b/doc/quickstart-install.rst @@ -0,0 +1,73 @@ +.. SPDX-License-Identifier: GPL-3.0-or-later + +.. _quickstart-intro: + +Welcome to Knot Resolver Quick Start Guide! This chapter will guide you through first installation and basic setup recommended for your use-case. + +Before we start let us explain basic conventions used in this text: + +This is Linux/Unix shell command to be executed and an output from this command: + +.. code-block:: bash + + $ echo "This is output!" + This is output! + $ echo "We use sudo to execute commands as root:" + We use sudo to execute commands as root: + $ sudo id + uid=0(root) gid=0(root) groups=0(root) + +Snippets from Knot Resolver's configuration file **do not start with $ sign** and look like this: + +.. code-block:: lua + + -- this is a comment + -- following line will start listening on IP address 192.0.2.1 port 53 + net.listen('192.0.2.1') + + +.. _quickstart-install: + +************ +Installation +************ + +As a first step, configure your system to use upstream repositories which have +the **latest version** of Knot Resolver. Follow the instructions below for your +distribution. + +**Debian/Ubuntu** + +.. note:: Please note that the packages available in distribution repositories + of Debian and Ubuntu are outdated. Make sure to follow these steps to use + our upstream repositories. + +.. code-block:: bash + + $ wget https://secure.nic.cz/files/knot-resolver/knot-resolver-release.deb + $ sudo dpkg -i knot-resolver-release.deb + $ sudo apt update + $ sudo apt install -y knot-resolver + +**CentOS 7+** + +.. code-block:: bash + + $ sudo yum install -y epel-release + $ sudo yum install -y knot-resolver + +**Fedora** + +.. code-block:: bash + + $ sudo dnf install -y knot-resolver + +**Arch Linux** + +.. code-block:: bash + + $ sudo pacman -S knot-resolver + + +**openSUSE Leap / Tumbleweed** +Add the `OBS <https://en.opensuse.org/Portal:Build_Service>`_ package repository `home:CZ-NIC:knot-resolver-latest <https://software.opensuse.org/download.html?project=home%3ACZ-NIC%3Aknot-resolver-latest&package=knot-resolver>`_ to your system. diff --git a/doc/quickstart-startup.rst b/doc/quickstart-startup.rst new file mode 100644 index 0000000..5a381a3 --- /dev/null +++ b/doc/quickstart-startup.rst @@ -0,0 +1,47 @@ +.. SPDX-License-Identifier: GPL-3.0-or-later + +.. _quickstart-startup: + +******* +Startup +******* + +The simplest way to run single instance of +Knot Resolver is to use provided Knot Resolver's Systemd integration: + +.. code-block:: bash + + $ sudo systemctl start kresd@1.service + +See logs and status of running instance with ``systemctl status kresd@1.service`` command. For more information about Systemd integration see ``man kresd.systemd``. + +.. warning:: + + ``kresd@*.service`` is not enabled by default, thus Knot Resolver won't start automatically after reboot. + To start and enable service in one command use ``systemctl enable --now kresd@1.service`` + +First DNS query +=============== +After installation and first startup, Knot Resolver's default configuration accepts queries on loopback interface. This allows you to test that the installation and service startup were successful before continuing with configuration. + +For instance, you can use DNS lookup utility ``kdig`` to send DNS queries. The ``kdig`` command is provided by following packages: + +============ ================= +Distribution package with kdig +============ ================= +Arch knot +CentOS knot-utils +Debian knot-dnsutils +Fedora knot-utils +OpenSUSE knot-utils +Ubuntu knot-dnsutils +============ ================= + +The following query should return list of Root Name Servers: + +.. code-block:: bash + + $ kdig +short @localhost . NS + a.root-servers.net. + ... + m.root-servers.net. diff --git a/doc/requirements.txt b/doc/requirements.txt new file mode 100644 index 0000000..2990a45 --- /dev/null +++ b/doc/requirements.txt @@ -0,0 +1,3 @@ +Sphinx>=3.0.0 +breathe +sphinx_rtd_theme diff --git a/doc/resolution.png b/doc/resolution.png Binary files differnew file mode 100644 index 0000000..65d5027 --- /dev/null +++ b/doc/resolution.png diff --git a/doc/server_terminology.fodg b/doc/server_terminology.fodg new file mode 100644 index 0000000..8fecf02 --- /dev/null +++ b/doc/server_terminology.fodg @@ -0,0 +1,869 @@ +<?xml version="1.0" encoding="UTF-8"?> + +<office:document xmlns:officeooo="http://openoffice.org/2009/office" xmlns:anim="urn:oasis:names:tc:opendocument:xmlns:animation:1.0" xmlns:smil="urn:oasis:names:tc:opendocument:xmlns:smil-compatible:1.0" xmlns:presentation="urn:oasis:names:tc:opendocument:xmlns:presentation:1.0" xmlns:grddl="http://www.w3.org/2003/g/data-view#" xmlns:xhtml="http://www.w3.org/1999/xhtml" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xforms="http://www.w3.org/2002/xforms" xmlns:dom="http://www.w3.org/2001/xml-events" xmlns:script="urn:oasis:names:tc:opendocument:xmlns:script:1.0" xmlns:form="urn:oasis:names:tc:opendocument:xmlns:form:1.0" xmlns:math="http://www.w3.org/1998/Math/MathML" xmlns:draw="urn:oasis:names:tc:opendocument:xmlns:drawing:1.0" xmlns:dr3d="urn:oasis:names:tc:opendocument:xmlns:dr3d:1.0" xmlns:text="urn:oasis:names:tc:opendocument:xmlns:text:1.0" xmlns:style="urn:oasis:names:tc:opendocument:xmlns:style:1.0" xmlns:formx="urn:openoffice:names:experimental:ooxml-odf-interop:xmlns:form:1.0" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:ooo="http://openoffice.org/2004/office" xmlns:loext="urn:org:documentfoundation:names:experimental:office:xmlns:loext:1.0" xmlns:office="urn:oasis:names:tc:opendocument:xmlns:office:1.0" xmlns:fo="urn:oasis:names:tc:opendocument:xmlns:xsl-fo-compatible:1.0" xmlns:field="urn:openoffice:names:experimental:ooo-ms-interop:xmlns:field:1.0" xmlns:xlink="http://www.w3.org/1999/xlink" xmlns:meta="urn:oasis:names:tc:opendocument:xmlns:meta:1.0" xmlns:config="urn:oasis:names:tc:opendocument:xmlns:config:1.0" xmlns:calcext="urn:org:documentfoundation:names:experimental:calc:xmlns:calcext:1.0" xmlns:svg="urn:oasis:names:tc:opendocument:xmlns:svg-compatible:1.0" xmlns:of="urn:oasis:names:tc:opendocument:xmlns:of:1.2" xmlns:chart="urn:oasis:names:tc:opendocument:xmlns:chart:1.0" xmlns:rpt="http://openoffice.org/2005/report" xmlns:table="urn:oasis:names:tc:opendocument:xmlns:table:1.0" xmlns:css3t="http://www.w3.org/TR/css3-text/" xmlns:number="urn:oasis:names:tc:opendocument:xmlns:datastyle:1.0" xmlns:ooow="http://openoffice.org/2004/writer" xmlns:oooc="http://openoffice.org/2004/calc" xmlns:tableooo="http://openoffice.org/2009/table" xmlns:drawooo="http://openoffice.org/2010/draw" office:version="1.2" office:mimetype="application/vnd.oasis.opendocument.graphics"> + <office:meta><meta:initial-creator>Petr Špaček</meta:initial-creator><meta:creation-date>2020-01-09T14:38:06.406215825</meta:creation-date><meta:editing-cycles>18</meta:editing-cycles><meta:editing-duration>PT27M21S</meta:editing-duration><dc:date>2020-02-14T17:28:07.033132897</dc:date><dc:creator>Petr Špaček</dc:creator><meta:generator>LibreOffice/6.4.0.3$Linux_X86_64 LibreOffice_project/40$Build-3</meta:generator><dc:title>Basic DNS terminology</dc:title><dc:description>SPDX-License-Identifier: GPL-3.0-or-later</dc:description><meta:document-statistic meta:object-count="25"/></office:meta> + <office:settings> + <config:config-item-set config:name="ooo:view-settings"> + <config:config-item config:name="VisibleAreaTop" config:type="int">2884</config:config-item> + <config:config-item config:name="VisibleAreaLeft" config:type="int">-318</config:config-item> + <config:config-item config:name="VisibleAreaWidth" config:type="int">23019</config:config-item> + <config:config-item config:name="VisibleAreaHeight" config:type="int">23865</config:config-item> + <config:config-item-map-indexed config:name="Views"> + <config:config-item-map-entry> + <config:config-item config:name="ViewId" config:type="string">view1</config:config-item> + <config:config-item config:name="GridIsVisible" config:type="boolean">false</config:config-item> + <config:config-item config:name="GridIsFront" config:type="boolean">false</config:config-item> + <config:config-item config:name="IsSnapToGrid" config:type="boolean">true</config:config-item> + <config:config-item config:name="IsSnapToPageMargins" config:type="boolean">true</config:config-item> + <config:config-item config:name="IsSnapToSnapLines" config:type="boolean">false</config:config-item> + <config:config-item config:name="IsSnapToObjectFrame" config:type="boolean">false</config:config-item> + <config:config-item config:name="IsSnapToObjectPoints" config:type="boolean">false</config:config-item> + <config:config-item config:name="IsPlusHandlesAlwaysVisible" config:type="boolean">false</config:config-item> + <config:config-item config:name="IsFrameDragSingles" config:type="boolean">true</config:config-item> + <config:config-item config:name="EliminatePolyPointLimitAngle" config:type="int">1500</config:config-item> + <config:config-item config:name="IsEliminatePolyPoints" config:type="boolean">false</config:config-item> + <config:config-item config:name="VisibleLayers" config:type="base64Binary">Hw==</config:config-item> + <config:config-item config:name="PrintableLayers" config:type="base64Binary">Hw==</config:config-item> + <config:config-item config:name="LockedLayers" config:type="base64Binary"/> + <config:config-item config:name="NoAttribs" config:type="boolean">false</config:config-item> + <config:config-item config:name="NoColors" config:type="boolean">true</config:config-item> + <config:config-item config:name="RulerIsVisible" config:type="boolean">true</config:config-item> + <config:config-item config:name="PageKind" config:type="short">0</config:config-item> + <config:config-item config:name="SelectedPage" config:type="short">0</config:config-item> + <config:config-item config:name="IsLayerMode" config:type="boolean">true</config:config-item> + <config:config-item config:name="IsDoubleClickTextEdit" config:type="boolean">true</config:config-item> + <config:config-item config:name="IsClickChangeRotation" config:type="boolean">true</config:config-item> + <config:config-item config:name="SlidesPerRow" config:type="short">4</config:config-item> + <config:config-item config:name="EditMode" config:type="int">0</config:config-item> + <config:config-item config:name="VisibleAreaTop" config:type="int">2884</config:config-item> + <config:config-item config:name="VisibleAreaLeft" config:type="int">-318</config:config-item> + <config:config-item config:name="VisibleAreaWidth" config:type="int">23020</config:config-item> + <config:config-item config:name="VisibleAreaHeight" config:type="int">23866</config:config-item> + <config:config-item config:name="GridCoarseWidth" config:type="int">1000</config:config-item> + <config:config-item config:name="GridCoarseHeight" config:type="int">1000</config:config-item> + <config:config-item config:name="GridFineWidth" config:type="int">100</config:config-item> + <config:config-item config:name="GridFineHeight" config:type="int">100</config:config-item> + <config:config-item config:name="GridSnapWidthXNumerator" config:type="int">100</config:config-item> + <config:config-item config:name="GridSnapWidthXDenominator" config:type="int">1</config:config-item> + <config:config-item config:name="GridSnapWidthYNumerator" config:type="int">100</config:config-item> + <config:config-item config:name="GridSnapWidthYDenominator" config:type="int">1</config:config-item> + <config:config-item config:name="IsAngleSnapEnabled" config:type="boolean">false</config:config-item> + <config:config-item config:name="SnapAngle" config:type="int">1500</config:config-item> + <config:config-item config:name="ZoomOnPage" config:type="boolean">false</config:config-item> + <config:config-item config:name="AnchoredTextOverflowLegacy" config:type="boolean">false</config:config-item> + </config:config-item-map-entry> + </config:config-item-map-indexed> + </config:config-item-set> + <config:config-item-set config:name="ooo:configuration-settings"> + <config:config-item config:name="ApplyUserData" config:type="boolean">true</config:config-item> + <config:config-item config:name="BitmapTableURL" config:type="string">$(brandbaseurl)/share/palette%3B$(user)/config/standard.sob</config:config-item> + <config:config-item config:name="CharacterCompressionType" config:type="short">0</config:config-item> + <config:config-item config:name="ColorTableURL" config:type="string">$(brandbaseurl)/share/palette%3B$(user)/config/standard.soc</config:config-item> + <config:config-item config:name="DashTableURL" config:type="string">$(brandbaseurl)/share/palette%3B$(user)/config/standard.sod</config:config-item> + <config:config-item config:name="DefaultTabStop" config:type="int">1250</config:config-item> + <config:config-item config:name="EmbedAsianScriptFonts" config:type="boolean">true</config:config-item> + <config:config-item config:name="EmbedComplexScriptFonts" config:type="boolean">true</config:config-item> + <config:config-item config:name="EmbedFonts" config:type="boolean">false</config:config-item> + <config:config-item config:name="EmbedLatinScriptFonts" config:type="boolean">true</config:config-item> + <config:config-item config:name="EmbedOnlyUsedFonts" config:type="boolean">false</config:config-item> + <config:config-item-map-indexed config:name="ForbiddenCharacters"> + <config:config-item-map-entry> + <config:config-item config:name="Language" config:type="string">cs</config:config-item> + <config:config-item config:name="Country" config:type="string">CZ</config:config-item> + <config:config-item config:name="Variant" config:type="string"/> + <config:config-item config:name="BeginLine" config:type="string"/> + <config:config-item config:name="EndLine" config:type="string"/> + </config:config-item-map-entry> + </config:config-item-map-indexed> + <config:config-item config:name="GradientTableURL" config:type="string">$(brandbaseurl)/share/palette%3B$(user)/config/standard.sog</config:config-item> + <config:config-item config:name="HatchTableURL" config:type="string">$(brandbaseurl)/share/palette%3B$(user)/config/standard.soh</config:config-item> + <config:config-item config:name="IsKernAsianPunctuation" config:type="boolean">false</config:config-item> + <config:config-item config:name="IsPrintBooklet" config:type="boolean">false</config:config-item> + <config:config-item config:name="IsPrintBookletBack" config:type="boolean">true</config:config-item> + <config:config-item config:name="IsPrintBookletFront" config:type="boolean">true</config:config-item> + <config:config-item config:name="IsPrintDate" config:type="boolean">false</config:config-item> + <config:config-item config:name="IsPrintFitPage" config:type="boolean">false</config:config-item> + <config:config-item config:name="IsPrintHiddenPages" config:type="boolean">true</config:config-item> + <config:config-item config:name="IsPrintPageName" config:type="boolean">false</config:config-item> + <config:config-item config:name="IsPrintTilePage" config:type="boolean">false</config:config-item> + <config:config-item config:name="IsPrintTime" config:type="boolean">false</config:config-item> + <config:config-item config:name="LineEndTableURL" config:type="string">$(brandbaseurl)/share/palette%3B$(user)/config/standard.soe</config:config-item> + <config:config-item config:name="LoadReadonly" config:type="boolean">false</config:config-item> + <config:config-item config:name="MeasureUnit" config:type="short">3</config:config-item> + <config:config-item config:name="PageNumberFormat" config:type="int">4</config:config-item> + <config:config-item config:name="ParagraphSummation" config:type="boolean">false</config:config-item> + <config:config-item config:name="PrintQuality" config:type="int">0</config:config-item> + <config:config-item config:name="PrinterIndependentLayout" config:type="string">low-resolution</config:config-item> + <config:config-item config:name="PrinterName" config:type="string">HP_LaserJet_M2727nf_MFP</config:config-item> + <config:config-item config:name="PrinterPaperFromSetup" config:type="boolean">false</config:config-item> + <config:config-item config:name="PrinterSetup" config:type="base64Binary">1wH+/0hQX0xhc2VySmV0X00yNzI3bmZfTUZQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQ1VQUzpIUF9MYXNlckpldF9NMjcyN25mX01GUAAAAAAWAAMA8wAAAAAAAAAEAAhSAAAEdAAASm9iRGF0YSAxCnByaW50ZXI9SFBfTGFzZXJKZXRfTTI3MjduZl9NRlAKb3JpZW50YXRpb249UG9ydHJhaXQKY29waWVzPTEKY29sbGF0ZT1mYWxzZQptYXJnaW5kYWp1c3RtZW50PTAsMCwwLDAKY29sb3JkZXB0aD0yNApwc2xldmVsPTAKcGRmZGV2aWNlPTEKY29sb3JkZXZpY2U9MApQUERDb250ZXhEYXRhClBhZ2VTaXplOkE0AER1cGxleDpEdXBsZXhOb1R1bWJsZQBIUEVjb25vTW9kZTpGYWxzZQBJbnB1dFNsb3Q6QXV0bwAAEgBDT01QQVRfRFVQTEVYX01PREUUAER1cGxleE1vZGU6OkxvbmdFZGdl</config:config-item> + <config:config-item config:name="SaveThumbnail" config:type="boolean">true</config:config-item> + <config:config-item config:name="SaveVersionOnClose" config:type="boolean">false</config:config-item> + <config:config-item config:name="ScaleDenominator" config:type="int">1</config:config-item> + <config:config-item config:name="ScaleNumerator" config:type="int">1</config:config-item> + <config:config-item config:name="UpdateFromTemplate" config:type="boolean">true</config:config-item> + </config:config-item-set> + </office:settings> + <office:scripts> + <office:script script:language="ooo:Basic"> + <ooo:libraries xmlns:ooo="http://openoffice.org/2004/office" xmlns:xlink="http://www.w3.org/1999/xlink"> + <ooo:library-embedded ooo:name="Standard"/> + </ooo:libraries> + </office:script> + </office:scripts> + <office:font-face-decls> + <style:font-face style:name="Liberation Sans" svg:font-family="'Liberation Sans'" style:font-family-generic="roman" style:font-pitch="variable"/> + <style:font-face style:name="Liberation Serif" svg:font-family="'Liberation Serif'" style:font-family-generic="roman" style:font-pitch="variable"/> + <style:font-face style:name="Noto Sans" svg:font-family="'Noto Sans'" style:font-family-generic="roman" style:font-pitch="variable"/> + <style:font-face style:name="DejaVu Sans" svg:font-family="'DejaVu Sans'" style:font-family-generic="system" style:font-pitch="variable"/> + <style:font-face style:name="Liberation Sans1" svg:font-family="'Liberation Sans'" style:font-family-generic="system" style:font-pitch="variable"/> + </office:font-face-decls> + <office:styles> + <draw:gradient draw:name="Filled" draw:style="linear" draw:start-color="#ffffff" draw:end-color="#cccccc" draw:start-intensity="100%" draw:end-intensity="100%" draw:angle="300" draw:border="0%"/> + <draw:gradient draw:name="Filled_20_Blue" draw:display-name="Filled Blue" draw:style="linear" draw:start-color="#729fcf" draw:end-color="#355269" draw:start-intensity="100%" draw:end-intensity="100%" draw:angle="300" draw:border="0%"/> + <draw:gradient draw:name="Filled_20_Green" draw:display-name="Filled Green" draw:style="linear" draw:start-color="#77bc65" draw:end-color="#127622" draw:start-intensity="100%" draw:end-intensity="100%" draw:angle="300" draw:border="0%"/> + <draw:gradient draw:name="Filled_20_Red" draw:display-name="Filled Red" draw:style="linear" draw:start-color="#ff6d6d" draw:end-color="#c9211e" draw:start-intensity="100%" draw:end-intensity="100%" draw:angle="300" draw:border="0%"/> + <draw:gradient draw:name="Filled_20_Yellow" draw:display-name="Filled Yellow" draw:style="linear" draw:start-color="#ffde59" draw:end-color="#b47804" draw:start-intensity="100%" draw:end-intensity="100%" draw:angle="300" draw:border="0%"/> + <draw:gradient draw:name="Shapes" draw:style="rectangular" draw:cx="50%" draw:cy="50%" draw:start-color="#cccccc" draw:end-color="#ffffff" draw:start-intensity="100%" draw:end-intensity="100%" draw:angle="0" draw:border="0%"/> + <draw:marker draw:name="Arrow" svg:viewBox="0 0 20 30" svg:d="M10 0l-10 30h20z"/> + <draw:stroke-dash draw:name="Dashed_20__28_var_29_" draw:display-name="Dashed (var)" draw:style="rect" draw:dots1="1" draw:dots1-length="197%" draw:distance="127%"/> + <draw:stroke-dash draw:name="Fine_20_Dashed" draw:display-name="Fine Dashed" draw:style="rect" draw:dots1="1" draw:dots1-length="197%" draw:distance="197%"/> + <style:default-style style:family="graphic"> + <style:graphic-properties svg:stroke-color="#3465a4" draw:fill-color="#729fcf" fo:wrap-option="no-wrap"/> + <style:paragraph-properties style:text-autospace="ideograph-alpha" style:punctuation-wrap="simple" style:line-break="strict" style:font-independent-line-spacing="false"> + <style:tab-stops/> + </style:paragraph-properties> + <style:text-properties style:use-window-font-color="true" style:font-name="Liberation Serif" fo:font-size="24pt" fo:language="cs" fo:country="CZ" style:font-name-asian="DejaVu Sans" style:font-size-asian="24pt" style:language-asian="zh" style:country-asian="CN" style:font-name-complex="Liberation Sans1" style:font-size-complex="24pt" style:language-complex="hi" style:country-complex="IN"/> + </style:default-style> + <style:style style:name="standard" style:family="graphic"> + <style:graphic-properties draw:stroke="solid" svg:stroke-width="0cm" svg:stroke-color="#3465a4" draw:marker-start-width="0.2cm" draw:marker-start-center="false" draw:marker-end-width="0.2cm" draw:marker-end-center="false" draw:fill="solid" draw:fill-color="#729fcf" draw:textarea-horizontal-align="justify" fo:padding-top="0.125cm" fo:padding-bottom="0.125cm" fo:padding-left="0.25cm" fo:padding-right="0.25cm" draw:shadow="hidden" draw:shadow-offset-x="0.2cm" draw:shadow-offset-y="0.2cm" draw:shadow-color="#808080"> + <text:list-style style:name="standard"> + <text:list-level-style-bullet text:level="1" text:bullet-char="●"> + <style:list-level-properties text:min-label-width="0.6cm"/> + <style:text-properties fo:font-family="StarSymbol" style:use-window-font-color="true" fo:font-size="45%"/> + </text:list-level-style-bullet> + <text:list-level-style-bullet text:level="2" text:bullet-char="●"> + <style:list-level-properties text:space-before="0.6cm" text:min-label-width="0.6cm"/> + <style:text-properties fo:font-family="StarSymbol" style:use-window-font-color="true" fo:font-size="45%"/> + </text:list-level-style-bullet> + <text:list-level-style-bullet text:level="3" text:bullet-char="●"> + <style:list-level-properties text:space-before="1.2cm" text:min-label-width="0.6cm"/> + <style:text-properties fo:font-family="StarSymbol" style:use-window-font-color="true" fo:font-size="45%"/> + </text:list-level-style-bullet> + <text:list-level-style-bullet text:level="4" text:bullet-char="●"> + <style:list-level-properties text:space-before="1.8cm" text:min-label-width="0.6cm"/> + <style:text-properties fo:font-family="StarSymbol" style:use-window-font-color="true" fo:font-size="45%"/> + </text:list-level-style-bullet> + <text:list-level-style-bullet text:level="5" text:bullet-char="●"> + <style:list-level-properties text:space-before="2.4cm" text:min-label-width="0.6cm"/> + <style:text-properties fo:font-family="StarSymbol" style:use-window-font-color="true" fo:font-size="45%"/> + </text:list-level-style-bullet> + <text:list-level-style-bullet text:level="6" text:bullet-char="●"> + <style:list-level-properties text:space-before="3cm" text:min-label-width="0.6cm"/> + <style:text-properties fo:font-family="StarSymbol" style:use-window-font-color="true" fo:font-size="45%"/> + </text:list-level-style-bullet> + <text:list-level-style-bullet text:level="7" text:bullet-char="●"> + <style:list-level-properties text:space-before="3.6cm" text:min-label-width="0.6cm"/> + <style:text-properties fo:font-family="StarSymbol" style:use-window-font-color="true" fo:font-size="45%"/> + </text:list-level-style-bullet> + <text:list-level-style-bullet text:level="8" text:bullet-char="●"> + <style:list-level-properties text:space-before="4.2cm" text:min-label-width="0.6cm"/> + <style:text-properties fo:font-family="StarSymbol" style:use-window-font-color="true" fo:font-size="45%"/> + </text:list-level-style-bullet> + <text:list-level-style-bullet text:level="9" text:bullet-char="●"> + <style:list-level-properties text:space-before="4.8cm" text:min-label-width="0.6cm"/> + <style:text-properties fo:font-family="StarSymbol" style:use-window-font-color="true" fo:font-size="45%"/> + </text:list-level-style-bullet> + <text:list-level-style-bullet text:level="10" text:bullet-char="●"> + <style:list-level-properties text:space-before="5.4cm" text:min-label-width="0.6cm"/> + <style:text-properties fo:font-family="StarSymbol" style:use-window-font-color="true" fo:font-size="45%"/> + </text:list-level-style-bullet> + </text:list-style> + </style:graphic-properties> + <style:paragraph-properties fo:margin-left="0cm" fo:margin-right="0cm" fo:margin-top="0cm" fo:margin-bottom="0cm" fo:line-height="100%" fo:text-indent="0cm"/> + <style:text-properties fo:font-variant="normal" fo:text-transform="none" style:use-window-font-color="true" style:text-outline="false" style:text-line-through-style="none" style:text-line-through-type="none" style:font-name="Liberation Sans" fo:font-family="'Liberation Sans'" style:font-family-generic="roman" style:font-pitch="variable" fo:font-size="18pt" fo:font-style="normal" fo:text-shadow="none" style:text-underline-style="none" fo:font-weight="normal" style:letter-kerning="true" style:font-name-asian="Liberation Sans1" style:font-family-asian="'Liberation Sans'" style:font-family-generic-asian="system" style:font-pitch-asian="variable" style:font-size-asian="18pt" style:font-style-asian="normal" style:font-weight-asian="normal" style:font-name-complex="Liberation Sans1" style:font-family-complex="'Liberation Sans'" style:font-family-generic-complex="system" style:font-pitch-complex="variable" style:font-size-complex="18pt" style:font-style-complex="normal" style:font-weight-complex="normal" style:text-emphasize="none" style:font-relief="none" style:text-overline-style="none" style:text-overline-color="font-color"/> + </style:style> + <style:style style:name="objectwithoutfill" style:family="graphic" style:parent-style-name="standard"/> + <style:style style:name="Object_20_with_20_no_20_fill_20_and_20_no_20_line" style:display-name="Object with no fill and no line" style:family="graphic" style:parent-style-name="standard"> + <style:graphic-properties draw:stroke="none" draw:fill="none"/> + </style:style> + <style:style style:name="Text" style:family="graphic"> + <style:graphic-properties draw:stroke="solid" svg:stroke-color="#cccccc" draw:fill="solid" draw:fill-color="#eeeeee"/> + <style:text-properties style:font-name="Noto Sans" fo:font-family="'Noto Sans'" style:font-family-generic="roman" style:font-pitch="variable"/> + </style:style> + <style:style style:name="A4" style:family="graphic" style:parent-style-name="Text"> + <style:graphic-properties draw:fill="none"/> + <style:text-properties fo:font-size="18pt"/> + </style:style> + <style:style style:name="Title_20_A4" style:display-name="Title A4" style:family="graphic" style:parent-style-name="A4"> + <style:graphic-properties draw:stroke="none"/> + <style:text-properties fo:font-size="44pt"/> + </style:style> + <style:style style:name="Heading_20_A4" style:display-name="Heading A4" style:family="graphic" style:parent-style-name="A4"> + <style:graphic-properties draw:stroke="none"/> + <style:text-properties fo:font-size="24pt"/> + </style:style> + <style:style style:name="Text_20_A4" style:display-name="Text A4" style:family="graphic" style:parent-style-name="A4"> + <style:graphic-properties draw:stroke="none"/> + </style:style> + <style:style style:name="A4" style:family="graphic" style:parent-style-name="Text"> + <style:graphic-properties draw:fill="none"/> + <style:text-properties fo:font-size="18pt"/> + </style:style> + <style:style style:name="Title_20_A0" style:display-name="Title A0" style:family="graphic" style:parent-style-name="A4"> + <style:graphic-properties draw:stroke="none"/> + <style:text-properties fo:font-size="96pt"/> + </style:style> + <style:style style:name="Heading_20_A0" style:display-name="Heading A0" style:family="graphic" style:parent-style-name="A4"> + <style:graphic-properties draw:stroke="none"/> + <style:text-properties fo:font-size="72pt"/> + </style:style> + <style:style style:name="Text_20_A0" style:display-name="Text A0" style:family="graphic" style:parent-style-name="A4"> + <style:graphic-properties draw:stroke="none"/> + </style:style> + <style:style style:name="Graphic" style:family="graphic"> + <style:graphic-properties draw:fill="solid" draw:fill-color="#ffffff"/> + <style:text-properties style:font-name="Liberation Sans" fo:font-family="'Liberation Sans'" style:font-family-generic="roman" style:font-pitch="variable" fo:font-size="18pt"/> + </style:style> + <style:style style:name="Shapes" style:family="graphic" style:parent-style-name="Graphic"> + <style:graphic-properties draw:stroke="none" draw:fill="gradient" draw:fill-gradient-name="Shapes"/> + <style:text-properties fo:font-size="14pt" fo:font-weight="bold"/> + </style:style> + <style:style style:name="Filled" style:family="graphic" style:parent-style-name="Shapes"> + <style:graphic-properties draw:fill="gradient" draw:fill-gradient-name="Filled"/> + </style:style> + <style:style style:name="Filled_20_Blue" style:display-name="Filled Blue" style:family="graphic" style:parent-style-name="Filled"> + <style:graphic-properties draw:fill-gradient-name="Filled_20_Blue"/> + <style:text-properties fo:color="#ffffff"/> + </style:style> + <style:style style:name="Filled_20_Green" style:display-name="Filled Green" style:family="graphic" style:parent-style-name="Filled"> + <style:graphic-properties draw:fill-gradient-name="Filled_20_Green"/> + <style:text-properties fo:color="#ffffff" style:font-name="Liberation Sans" fo:font-family="'Liberation Sans'" style:font-family-generic="roman" style:font-pitch="variable"/> + </style:style> + <style:style style:name="Filled_20_Red" style:display-name="Filled Red" style:family="graphic" style:parent-style-name="Filled"> + <style:graphic-properties draw:fill-gradient-name="Filled_20_Red"/> + <style:text-properties fo:color="#ffffff"/> + </style:style> + <style:style style:name="Filled_20_Yellow" style:display-name="Filled Yellow" style:family="graphic" style:parent-style-name="Filled"> + <style:graphic-properties draw:fill-gradient-name="Filled_20_Yellow"/> + <style:text-properties fo:color="#ffffff"/> + </style:style> + <style:style style:name="Outlined" style:family="graphic" style:parent-style-name="Shapes"> + <style:graphic-properties draw:stroke="solid" svg:stroke-width="0.081cm" svg:stroke-color="#000000" draw:fill="none"/> + </style:style> + <style:style style:name="Outlined_20_Blue" style:display-name="Outlined Blue" style:family="graphic" style:parent-style-name="Outlined"> + <style:graphic-properties svg:stroke-color="#355269"/> + <style:text-properties fo:color="#355269"/> + </style:style> + <style:style style:name="Outlined_20_Green" style:display-name="Outlined Green" style:family="graphic" style:parent-style-name="Outlined"> + <style:graphic-properties svg:stroke-color="#127622"/> + <style:text-properties fo:color="#127622"/> + </style:style> + <style:style style:name="Outlined_20_Red" style:display-name="Outlined Red" style:family="graphic" style:parent-style-name="Outlined"> + <style:graphic-properties svg:stroke-color="#c9211e"/> + <style:text-properties fo:color="#c9211e"/> + </style:style> + <style:style style:name="Outlined_20_Yellow" style:display-name="Outlined Yellow" style:family="graphic" style:parent-style-name="Outlined"> + <style:graphic-properties draw:stroke="solid" svg:stroke-color="#b47804"/> + <style:text-properties fo:color="#b47804"/> + </style:style> + <style:style style:name="Lines" style:family="graphic" style:parent-style-name="Graphic"> + <style:graphic-properties draw:stroke="solid" svg:stroke-color="#000000" draw:fill="none"/> + </style:style> + <style:style style:name="Arrow_20_Line" style:display-name="Arrow Line" style:family="graphic" style:parent-style-name="Lines"> + <style:graphic-properties draw:marker-start="Arrow" draw:marker-start-width="0.2cm" draw:marker-end="Arrow" draw:marker-end-width="0.2cm" draw:show-unit="true"/> + </style:style> + <style:style style:name="Arrow_20_Dashed" style:display-name="Arrow Dashed" style:family="graphic" style:parent-style-name="Lines"> + <style:graphic-properties draw:stroke="dash"/> + </style:style> + </office:styles> + <office:automatic-styles> + <style:page-layout style:name="PM0"> + <style:page-layout-properties fo:margin-top="1cm" fo:margin-bottom="1cm" fo:margin-left="1cm" fo:margin-right="1cm" fo:page-width="21cm" fo:page-height="29.7cm" style:print-orientation="portrait"/> + </style:page-layout> + <style:style style:name="dp1" style:family="drawing-page"> + <style:drawing-page-properties draw:background-size="border" draw:fill="none"/> + </style:style> + <style:style style:name="dp2" style:family="drawing-page"/> + <style:style style:name="gr1" style:family="graphic" style:parent-style-name="Object_20_with_20_no_20_fill_20_and_20_no_20_line"> + <style:graphic-properties draw:stroke="none" draw:fill="none" draw:textarea-horizontal-align="center" draw:textarea-vertical-align="middle" draw:color-mode="standard" draw:luminance="0%" draw:contrast="0%" draw:gamma="100%" draw:red="0%" draw:green="0%" draw:blue="0%" fo:clip="rect(0cm, 0cm, 0cm, 0cm)" draw:image-opacity="100%" style:mirror="none"/> + </style:style> + <style:style style:name="gr2" style:family="graphic" style:parent-style-name="standard"> + <style:graphic-properties draw:stroke="none" svg:stroke-color="#000000" draw:fill="none" draw:fill-color="#ffffff" draw:textarea-horizontal-align="left" draw:auto-grow-height="true" draw:auto-grow-width="true" fo:min-height="1.423cm" fo:min-width="3.452cm"/> + <style:paragraph-properties style:writing-mode="lr-tb"/> + </style:style> + <style:style style:name="gr3" style:family="graphic" style:parent-style-name="standard"> + <style:graphic-properties draw:stroke="none" svg:stroke-color="#000000" draw:fill="none" draw:fill-color="#ffffff" draw:textarea-horizontal-align="left" draw:auto-grow-height="true" draw:auto-grow-width="false" fo:min-height="0.712cm" fo:min-width="3.981cm"/> + <style:paragraph-properties style:writing-mode="lr-tb"/> + </style:style> + <style:style style:name="gr4" style:family="graphic" style:parent-style-name="standard"> + <style:graphic-properties draw:stroke="none" svg:stroke-color="#000000" draw:fill="none" draw:fill-color="#ffffff" draw:textarea-horizontal-align="left" draw:auto-grow-height="true" draw:auto-grow-width="true" fo:min-height="1.423cm" fo:min-width="2.644cm"/> + <style:paragraph-properties style:writing-mode="lr-tb"/> + </style:style> + <style:style style:name="gr5" style:family="graphic" style:parent-style-name="standard"> + <style:graphic-properties draw:stroke="none" svg:stroke-color="#000000" draw:fill="none" draw:fill-color="#ffffff" draw:textarea-horizontal-align="left" draw:auto-grow-height="true" draw:auto-grow-width="true" fo:min-height="0.712cm" fo:min-width="1.479cm"/> + <style:paragraph-properties style:writing-mode="lr-tb"/> + </style:style> + <style:style style:name="gr6" style:family="graphic" style:parent-style-name="objectwithoutfill"> + <style:graphic-properties svg:stroke-width="0.1cm" svg:stroke-color="#000000" draw:marker-start-width="0.35cm" draw:marker-end="Arrow" draw:marker-end-width="0.45cm" draw:fill="solid" draw:textarea-vertical-align="middle" fo:padding-top="0.175cm" fo:padding-bottom="0.175cm" fo:padding-left="0.3cm" fo:padding-right="0.3cm"/> + </style:style> + <style:style style:name="gr7" style:family="graphic" style:parent-style-name="objectwithoutfill"> + <style:graphic-properties draw:stroke="dash" draw:stroke-dash="Dashed_20__28_var_29_" svg:stroke-width="0.1cm" svg:stroke-color="#000000" draw:marker-start-width="0.35cm" draw:marker-end="Arrow" draw:marker-end-width="0.45cm" draw:fill="solid" draw:textarea-vertical-align="middle" fo:padding-top="0.175cm" fo:padding-bottom="0.175cm" fo:padding-left="0.3cm" fo:padding-right="0.3cm"/> + </style:style> + <style:style style:name="gr8" style:family="graphic" style:parent-style-name="standard"> + <style:graphic-properties draw:stroke="none" svg:stroke-color="#000000" draw:fill="none" draw:fill-color="#ffffff" draw:textarea-horizontal-align="left" draw:auto-grow-height="true" draw:auto-grow-width="true" fo:min-height="2.134cm" fo:min-width="5.12cm"/> + <style:paragraph-properties style:writing-mode="lr-tb"/> + </style:style> + <style:style style:name="gr9" style:family="graphic" style:parent-style-name="standard"> + <style:graphic-properties draw:stroke="none" draw:fill="none" fo:min-height="3.556cm"/> + <style:paragraph-properties style:writing-mode="lr-tb"/> + </style:style> + <style:style style:name="gr10" style:family="graphic" style:parent-style-name="standard"> + <style:graphic-properties draw:stroke="none" svg:stroke-color="#000000" draw:fill="none" draw:fill-color="#ffffff" draw:textarea-horizontal-align="left" draw:auto-grow-height="true" draw:auto-grow-width="false" fo:min-height="0.712cm" fo:min-width="2.893cm"/> + <style:paragraph-properties style:writing-mode="lr-tb"/> + </style:style> + <style:style style:name="gr11" style:family="graphic" style:parent-style-name="standard"> + <style:graphic-properties draw:stroke="none" svg:stroke-color="#000000" draw:fill="none" draw:fill-color="#ffffff" draw:textarea-horizontal-align="left" draw:auto-grow-height="true" draw:auto-grow-width="true" fo:min-height="3.556cm" fo:min-width="7.029cm"/> + <style:paragraph-properties style:writing-mode="lr-tb"/> + </style:style> + <style:style style:name="gr12" style:family="graphic" style:parent-style-name="objectwithoutfill"> + <style:graphic-properties draw:stroke="dash" draw:stroke-dash="Fine_20_Dashed" svg:stroke-width="0.1cm" svg:stroke-color="#666666" draw:marker-start-width="0.35cm" draw:marker-end="" draw:marker-end-width="0.45cm" draw:fill="solid" draw:textarea-vertical-align="middle" fo:padding-top="0.175cm" fo:padding-bottom="0.175cm" fo:padding-left="0.3cm" fo:padding-right="0.3cm"/> + </style:style> + <style:style style:name="gr13" style:family="graphic" style:parent-style-name="standard"> + <style:graphic-properties draw:stroke="none" svg:stroke-color="#000000" draw:fill="none" draw:fill-color="#ffffff" draw:textarea-horizontal-align="left" draw:auto-grow-height="true" draw:auto-grow-width="true" fo:min-height="0.712cm" fo:min-width="3.101cm"/> + <style:paragraph-properties style:writing-mode="lr-tb"/> + </style:style> + <style:style style:name="gr14" style:family="graphic" style:parent-style-name="standard"> + <style:graphic-properties draw:stroke="none" svg:stroke-color="#000000" draw:fill="none" draw:fill-color="#ffffff" draw:textarea-horizontal-align="left" draw:auto-grow-height="true" draw:auto-grow-width="true" fo:min-height="0.712cm" fo:min-width="2.817cm"/> + <style:paragraph-properties style:writing-mode="lr-tb"/> + </style:style> + <style:style style:name="P1" style:family="paragraph"> + <loext:graphic-properties draw:fill="none"/> + <style:paragraph-properties fo:text-align="center"/> + </style:style> + <style:style style:name="P2" style:family="paragraph"> + <style:paragraph-properties fo:text-align="center"/> + </style:style> + <style:style style:name="P3" style:family="paragraph"> + <loext:graphic-properties draw:fill="none" draw:fill-color="#ffffff"/> + <style:paragraph-properties fo:text-align="center" style:writing-mode="lr-tb"/> + </style:style> + <style:style style:name="P4" style:family="paragraph"> + <loext:graphic-properties draw:fill="none" draw:fill-color="#ffffff"/> + <style:paragraph-properties style:writing-mode="lr-tb"/> + </style:style> + <style:style style:name="P5" style:family="paragraph"> + <loext:graphic-properties draw:fill="solid"/> + <style:paragraph-properties fo:text-align="center"/> + </style:style> + <style:style style:name="P6" style:family="paragraph"> + <loext:graphic-properties draw:fill="none"/> + <style:paragraph-properties style:writing-mode="lr-tb"/> + </style:style> + <style:style style:name="P7" style:family="paragraph"> + <loext:graphic-properties draw:fill="none" draw:fill-color="#ffffff"/> + <style:paragraph-properties style:writing-mode="lr-tb"/> + <style:text-properties fo:font-style="italic" style:font-style-asian="italic" style:font-style-complex="italic"/> + </style:style> + <style:style style:name="T1" style:family="text"> + <style:text-properties fo:font-weight="bold" style:font-weight-asian="bold" style:font-weight-complex="bold"/> + </style:style> + <style:style style:name="T2" style:family="text"> + <style:text-properties fo:font-style="italic" fo:font-weight="normal" style:font-style-asian="italic" style:font-weight-asian="normal" style:font-style-complex="italic" style:font-weight-complex="normal"/> + </style:style> + <style:style style:name="T3" style:family="text"> + <style:text-properties fo:font-variant="normal" fo:text-transform="none" style:use-window-font-color="true" style:text-outline="false" style:text-line-through-style="none" style:text-line-through-type="none" style:font-name="Liberation Sans" fo:font-size="18pt" fo:font-style="normal" fo:text-shadow="none" style:text-underline-style="none" fo:font-weight="normal" style:letter-kerning="true" style:font-name-asian="Liberation Sans1" style:font-size-asian="18pt" style:font-style-asian="normal" style:font-weight-asian="normal" style:font-name-complex="Liberation Sans1" style:font-size-complex="18pt" style:font-style-complex="normal" style:font-weight-complex="normal" style:text-emphasize="none" style:font-relief="none" style:text-overline-style="none" style:text-overline-color="font-color"/> + </style:style> + <style:style style:name="T4" style:family="text"> + <style:text-properties fo:font-style="italic" style:font-style-asian="italic" style:font-style-complex="italic"/> + </style:style> + <text:list-style style:name="L1"> + <text:list-level-style-bullet text:level="1" text:bullet-char="●"> + <style:list-level-properties text:min-label-width="0.6cm"/> + <style:text-properties fo:font-family="StarSymbol" style:use-window-font-color="true" fo:font-size="45%"/> + </text:list-level-style-bullet> + <text:list-level-style-bullet text:level="2" text:bullet-char="●"> + <style:list-level-properties text:space-before="0.6cm" text:min-label-width="0.6cm"/> + <style:text-properties fo:font-family="StarSymbol" style:use-window-font-color="true" fo:font-size="45%"/> + </text:list-level-style-bullet> + <text:list-level-style-bullet text:level="3" text:bullet-char="●"> + <style:list-level-properties text:space-before="1.2cm" text:min-label-width="0.6cm"/> + <style:text-properties fo:font-family="StarSymbol" style:use-window-font-color="true" fo:font-size="45%"/> + </text:list-level-style-bullet> + <text:list-level-style-bullet text:level="4" text:bullet-char="●"> + <style:list-level-properties text:space-before="1.8cm" text:min-label-width="0.6cm"/> + <style:text-properties fo:font-family="StarSymbol" style:use-window-font-color="true" fo:font-size="45%"/> + </text:list-level-style-bullet> + <text:list-level-style-bullet text:level="5" text:bullet-char="●"> + <style:list-level-properties text:space-before="2.4cm" text:min-label-width="0.6cm"/> + <style:text-properties fo:font-family="StarSymbol" style:use-window-font-color="true" fo:font-size="45%"/> + </text:list-level-style-bullet> + <text:list-level-style-bullet text:level="6" text:bullet-char="●"> + <style:list-level-properties text:space-before="3cm" text:min-label-width="0.6cm"/> + <style:text-properties fo:font-family="StarSymbol" style:use-window-font-color="true" fo:font-size="45%"/> + </text:list-level-style-bullet> + <text:list-level-style-bullet text:level="7" text:bullet-char="●"> + <style:list-level-properties text:space-before="3.6cm" text:min-label-width="0.6cm"/> + <style:text-properties fo:font-family="StarSymbol" style:use-window-font-color="true" fo:font-size="45%"/> + </text:list-level-style-bullet> + <text:list-level-style-bullet text:level="8" text:bullet-char="●"> + <style:list-level-properties text:space-before="4.2cm" text:min-label-width="0.6cm"/> + <style:text-properties fo:font-family="StarSymbol" style:use-window-font-color="true" fo:font-size="45%"/> + </text:list-level-style-bullet> + <text:list-level-style-bullet text:level="9" text:bullet-char="●"> + <style:list-level-properties text:space-before="4.8cm" text:min-label-width="0.6cm"/> + <style:text-properties fo:font-family="StarSymbol" style:use-window-font-color="true" fo:font-size="45%"/> + </text:list-level-style-bullet> + <text:list-level-style-bullet text:level="10" text:bullet-char="●"> + <style:list-level-properties text:space-before="5.4cm" text:min-label-width="0.6cm"/> + <style:text-properties fo:font-family="StarSymbol" style:use-window-font-color="true" fo:font-size="45%"/> + </text:list-level-style-bullet> + </text:list-style> + </office:automatic-styles> + <office:master-styles> + <draw:layer-set> + <draw:layer draw:name="layout"/> + <draw:layer draw:name="background"/> + <draw:layer draw:name="backgroundobjects"/> + <draw:layer draw:name="controls"/> + <draw:layer draw:name="measurelines"/> + </draw:layer-set> + <style:master-page style:name="Default" style:page-layout-name="PM0" draw:style-name="dp1"/> + </office:master-styles> + <office:body> + <office:drawing> + <draw:page draw:name="page1" draw:style-name="dp2" draw:master-page-name="Default"> + <draw:g> + <draw:frame draw:name="noun_Server_1653064.svg" draw:style-name="gr1" draw:text-style-name="P1" draw:layer="layout" svg:width="1.67cm" svg:height="2.35cm" svg:x="14.641cm" svg:y="21.55cm"> + <draw:image loext:mime-type="image/svg+xml"> + <office:binary-data>PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiIHN0YW5kYWxvbmU9Im5vIj8+ + CjxzdmcKICAgeG1sbnM6ZGM9Imh0dHA6Ly9wdXJsLm9yZy9kYy9lbGVtZW50cy8xLjEvIgog + ICB4bWxuczpjYz0iaHR0cDovL2NyZWF0aXZlY29tbW9ucy5vcmcvbnMjIgogICB4bWxuczpy + ZGY9Imh0dHA6Ly93d3cudzMub3JnLzE5OTkvMDIvMjItcmRmLXN5bnRheC1ucyMiCiAgIHht + bG5zOnN2Zz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciCiAgIHhtbG5zPSJodHRwOi8v + d3d3LnczLm9yZy8yMDAwL3N2ZyIKICAgeG1sbnM6c29kaXBvZGk9Imh0dHA6Ly9zb2RpcG9k + aS5zb3VyY2Vmb3JnZS5uZXQvRFREL3NvZGlwb2RpLTAuZHRkIgogICB4bWxuczppbmtzY2Fw + ZT0iaHR0cDovL3d3dy5pbmtzY2FwZS5vcmcvbmFtZXNwYWNlcy9pbmtzY2FwZSIKICAgZGF0 + YS1uYW1lPSJMYXllciAxIgogICB2aWV3Qm94PSIwIDAgNjAgODUiCiAgIHg9IjBweCIKICAg + eT0iMHB4IgogICB2ZXJzaW9uPSIxLjEiCiAgIGlkPSJzdmc0MCIKICAgc29kaXBvZGk6ZG9j + bmFtZT0ibm91bl9TZXJ2ZXJfMTY1MzA2NC5zdmciCiAgIHdpZHRoPSI2MCIKICAgaGVpZ2h0 + PSI4NSIKICAgaW5rc2NhcGU6dmVyc2lvbj0iMC45Mi40IDVkYTY4OWMzMTMsIDIwMTktMDEt + MTQiPgogIDxtZXRhZGF0YQogICAgIGlkPSJtZXRhZGF0YTQ2Ij4KICAgIDxyZGY6UkRGPgog + ICAgICA8Y2M6V29yawogICAgICAgICByZGY6YWJvdXQ9IiI+CiAgICAgICAgPGRjOmZvcm1h + dD5pbWFnZS9zdmcreG1sPC9kYzpmb3JtYXQ+CiAgICAgICAgPGRjOnR5cGUKICAgICAgICAg + ICByZGY6cmVzb3VyY2U9Imh0dHA6Ly9wdXJsLm9yZy9kYy9kY21pdHlwZS9TdGlsbEltYWdl + IiAvPgogICAgICAgIDxkYzp0aXRsZT5kYXRhLCBzZXJ2ZXIsIGRhdGFiYXNlLCByb3V0ZXIs + IGhhcmR3YXJlPC9kYzp0aXRsZT4KICAgICAgPC9jYzpXb3JrPgogICAgPC9yZGY6UkRGPgog + IDwvbWV0YWRhdGE+CiAgPGRlZnMKICAgICBpZD0iZGVmczQ0IiAvPgogIDxzb2RpcG9kaTpu + YW1lZHZpZXcKICAgICBwYWdlY29sb3I9IiNmZmZmZmYiCiAgICAgYm9yZGVyY29sb3I9IiM2 + NjY2NjYiCiAgICAgYm9yZGVyb3BhY2l0eT0iMSIKICAgICBvYmplY3R0b2xlcmFuY2U9IjEw + IgogICAgIGdyaWR0b2xlcmFuY2U9IjEwIgogICAgIGd1aWRldG9sZXJhbmNlPSIxMCIKICAg + ICBpbmtzY2FwZTpwYWdlb3BhY2l0eT0iMCIKICAgICBpbmtzY2FwZTpwYWdlc2hhZG93PSIy + IgogICAgIGlua3NjYXBlOndpbmRvdy13aWR0aD0iOTU2IgogICAgIGlua3NjYXBlOndpbmRv + dy1oZWlnaHQ9IjEwNTQiCiAgICAgaWQ9Im5hbWVkdmlldzQyIgogICAgIHNob3dncmlkPSJm + YWxzZSIKICAgICBmaXQtbWFyZ2luLXRvcD0iMCIKICAgICBmaXQtbWFyZ2luLWxlZnQ9IjAi + CiAgICAgZml0LW1hcmdpbi1yaWdodD0iMCIKICAgICBmaXQtbWFyZ2luLWJvdHRvbT0iMCIK + ICAgICBpbmtzY2FwZTp6b29tPSIxLjg4OCIKICAgICBpbmtzY2FwZTpjeD0iLTE0LjY0NjAx + MyIKICAgICBpbmtzY2FwZTpjeT0iMjkuNSIKICAgICBpbmtzY2FwZTp3aW5kb3cteD0iOTYy + IgogICAgIGlua3NjYXBlOndpbmRvdy15PSIyIgogICAgIGlua3NjYXBlOndpbmRvdy1tYXhp + bWl6ZWQ9IjEiCiAgICAgaW5rc2NhcGU6Y3VycmVudC1sYXllcj0ic3ZnNDAiIC8+CiAgPHRp + dGxlCiAgICAgaWQ9InRpdGxlMiI+ZGF0YSwgc2VydmVyLCBkYXRhYmFzZSwgcm91dGVyLCBo + YXJkd2FyZTwvdGl0bGU+CiAgPHJlY3QKICAgICB4PSIxMCIKICAgICB5PSIzNiIKICAgICB3 + aWR0aD0iNCIKICAgICBoZWlnaHQ9IjYiCiAgICAgaWQ9InJlY3Q0IiAvPgogIDxyZWN0CiAg + ICAgeD0iMTgiCiAgICAgeT0iMzYiCiAgICAgd2lkdGg9IjQiCiAgICAgaGVpZ2h0PSI2Igog + ICAgIGlkPSJyZWN0NiIgLz4KICA8cmVjdAogICAgIHg9IjI2IgogICAgIHk9IjM2IgogICAg + IHdpZHRoPSI0IgogICAgIGhlaWdodD0iNiIKICAgICBpZD0icmVjdDgiIC8+CiAgPHJlY3QK + ICAgICB4PSIzNCIKICAgICB5PSIzNiIKICAgICB3aWR0aD0iNCIKICAgICBoZWlnaHQ9IjYi + CiAgICAgaWQ9InJlY3QxMCIgLz4KICA8Y2lyY2xlCiAgICAgY3g9IjQ4IgogICAgIGN5PSIz + OSIKICAgICByPSIyIgogICAgIGlkPSJjaXJjbGUxMiIgLz4KICA8cGF0aAogICAgIGQ9Im0g + NTUsMjQgYSA1LDUgMCAwIDAgNSwtNSBWIDUgQSA1LDUgMCAwIDAgNTUsMCBIIDUgQSA1LDUg + MCAwIDAgMCw1IHYgMTQgYSA1LDUgMCAwIDAgNSw1IGggMSB2IDMgSCA1IGEgNSw1IDAgMCAw + IC01LDUgdiAxNCBhIDUsNSAwIDAgMCA1LDUgaCAxIHYgMyBIIDUgYSA1LDUgMCAwIDAgLTUs + NSB2IDE0IGEgNSw1IDAgMCAwIDUsNSBoIDEgdiA3IGggNDggdiAtNyBoIDEgYSA1LDUgMCAw + IDAgNSwtNSBWIDU5IGEgNSw1IDAgMCAwIC01LC01IGggLTEgdiAtMyBoIDEgYSA1LDUgMCAw + IDAgNSwtNSBWIDMyIEEgNSw1IDAgMCAwIDU1LDI3IEggNTQgViAyNCBaIE0gNTAsODEgSCAx + MCB2IC0zIGggNDAgeiBtIDUsLTIzIGEgMSwxIDAgMCAxIDEsMSB2IDE0IGEgMSwxIDAgMCAx + IC0xLDEgSCA1IEEgMSwxIDAgMCAxIDQsNzMgViA1OSBBIDEsMSAwIDAgMSA1LDU4IFogTSAx + MCw1NCB2IC0zIGggNDAgdiAzIHogTSA1NSwzMSBhIDEsMSAwIDAgMSAxLDEgdiAxNCBhIDEs + MSAwIDAgMSAtMSwxIEggNSBBIDEsMSAwIDAgMSA0LDQ2IFYgMzIgQSAxLDEgMCAwIDEgNSwz + MSBaIE0gMTAsMjcgdiAtMyBoIDQwIHYgMyB6IE0gNSwyMCBBIDEsMSAwIDAgMSA0LDE5IFYg + NSBBIDEsMSAwIDAgMSA1LDQgaCA1MCBhIDEsMSAwIDAgMSAxLDEgdiAxNCBhIDEsMSAwIDAg + MSAtMSwxIHoiCiAgICAgaWQ9InBhdGgxNCIKICAgICBpbmtzY2FwZTpjb25uZWN0b3ItY3Vy + dmF0dXJlPSIwIiAvPgogIDxyZWN0CiAgICAgeD0iMTAiCiAgICAgeT0iOSIKICAgICB3aWR0 + aD0iNCIKICAgICBoZWlnaHQ9IjYiCiAgICAgaWQ9InJlY3QxNiIgLz4KICA8cmVjdAogICAg + IHg9IjE4IgogICAgIHk9IjkiCiAgICAgd2lkdGg9IjQiCiAgICAgaGVpZ2h0PSI2IgogICAg + IGlkPSJyZWN0MTgiIC8+CiAgPHJlY3QKICAgICB4PSIyNiIKICAgICB5PSI5IgogICAgIHdp + ZHRoPSI0IgogICAgIGhlaWdodD0iNiIKICAgICBpZD0icmVjdDIwIiAvPgogIDxyZWN0CiAg + ICAgeD0iMzQiCiAgICAgeT0iOSIKICAgICB3aWR0aD0iNCIKICAgICBoZWlnaHQ9IjYiCiAg + ICAgaWQ9InJlY3QyMiIgLz4KICA8Y2lyY2xlCiAgICAgY3g9IjQ4IgogICAgIGN5PSIxMiIK + ICAgICByPSIyIgogICAgIGlkPSJjaXJjbGUyNCIgLz4KICA8cmVjdAogICAgIHg9IjEwIgog + ICAgIHk9IjYzIgogICAgIHdpZHRoPSI0IgogICAgIGhlaWdodD0iNiIKICAgICBpZD0icmVj + dDI2IiAvPgogIDxyZWN0CiAgICAgeD0iMTgiCiAgICAgeT0iNjMiCiAgICAgd2lkdGg9IjQi + CiAgICAgaGVpZ2h0PSI2IgogICAgIGlkPSJyZWN0MjgiIC8+CiAgPHJlY3QKICAgICB4PSIy + NiIKICAgICB5PSI2MyIKICAgICB3aWR0aD0iNCIKICAgICBoZWlnaHQ9IjYiCiAgICAgaWQ9 + InJlY3QzMCIgLz4KICA8cmVjdAogICAgIHg9IjM0IgogICAgIHk9IjYzIgogICAgIHdpZHRo + PSI0IgogICAgIGhlaWdodD0iNiIKICAgICBpZD0icmVjdDMyIiAvPgogIDxjaXJjbGUKICAg + ICBjeD0iNDgiCiAgICAgY3k9IjY2IgogICAgIHI9IjIiCiAgICAgaWQ9ImNpcmNsZTM0IiAv + Pgo8L3N2Zz4K + </office:binary-data> + <text:p/> + </draw:image> + <draw:image loext:mime-type="image/png"> + <office:binary-data>iVBORw0KGgoAAAANSUhEUgAAAD0AAABWCAYAAAB8UZ5wAAABO0lEQVR4nO2Z7Q6CMAxFJeH9 + XxmtyUzFgRtf2t5zfikjccduDnvHaZpuaoz+zTAMab+BR3GH8volnVnYML8iPpYLv53SNRTx + sTbol0Jklor5IZ1F2DCXmni10tlBWoVm6fnemO/9s8ePhEpHw6+OnpURWnorSEdj649ds/S3 + Dzh7/EhCV3orSKuAtKHQUKDSKjyllzoM2XhrDPoLhSv/6h1Bz3x1l7cazUdWtD1f5ltb5ulj + nZo8sU52iHU8WYQNYh0H0ioQ66gQWlou1tnzQBVWek/jI6y0QazTQehKbwVpFZA2FBoKVFoF + Yh1/A7FOMpA2iHUSQKxDrDPj34+nVoh1HBxZKiC9BrFOcEJLE+t0EFaaWKcTYh0VkFYBaUOh + oUClVSDW8TcQ6yQD6TUy7XkqrQLSnn8/ovZwB2IfDVe+8hdvAAAAAElFTkSuQmCC + </office:binary-data> + </draw:image> + <svg:title>data, server, database, router, hardware</svg:title> + </draw:frame> + <draw:frame draw:style-name="gr2" draw:text-style-name="P3" draw:layer="layout" svg:width="3.952cm" svg:height="1.673cm" svg:x="13.5cm" svg:y="23.9cm"> + <draw:text-box> + <text:p text:style-name="P2">authoritative<text:line-break/>server</text:p> + </draw:text-box> + </draw:frame> + </draw:g> + <draw:g> + <draw:frame draw:style-name="gr1" draw:text-style-name="P1" draw:layer="layout" svg:width="2.32cm" svg:height="2.35cm" svg:x="8.886cm" svg:y="13.438cm"> + <draw:image loext:mime-type="image/svg+xml"> + <office:binary-data>PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz4KPCEtLSBHZW5lcmF0b3I6 + IEFkb2JlIElsbHVzdHJhdG9yIDIzLjAuNiwgU1ZHIEV4cG9ydCBQbHVnLUluIC4gU1ZHIFZl + cnNpb246IDYuMDAgQnVpbGQgMCkgIC0tPgo8c3ZnIHZlcnNpb249IjEuMSIgaWQ9IlZyc3R2 + YV8xIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHhtbG5zOnhsaW5rPSJo + dHRwOi8vd3d3LnczLm9yZy8xOTk5L3hsaW5rIiB4PSIwcHgiIHk9IjBweCIKCSB2aWV3Qm94 + PSIwIDAgMjA2IDIwOSIgc3R5bGU9ImVuYWJsZS1iYWNrZ3JvdW5kOm5ldyAwIDAgMjA2IDIw + OTsiIHhtbDpzcGFjZT0icHJlc2VydmUiPgo8c3R5bGUgdHlwZT0idGV4dC9jc3MiPgoJLnN0 + MHtmaWxsOiMwMEEyRTI7fQo8L3N0eWxlPgo8cGF0aCBjbGFzcz0ic3QwIiBkPSJNMjA2LDEw + NC42YzAsMzEuNC0xMy45LDU5LjUtMzYsNzguNmMxLjItNi4zLDEuOS0xMi45LDEuOS0xOS42 + YzAtMjAuNS02LjEtMzkuNy0xNi41LTU1LjgKCWMtNC4xLDUuNy04LjgsMTEtMTMuOSwxNS44 + YzYuNiwxMS44LDEwLjMsMjUuNSwxMC4zLDQwYzAsNS45LTAuNiwxMS42LTEuOCwxNy4yYy0w + LjEsMC42LTAuMywxLjItMC40LDEuOGMtMC4xLDAuNi0wLjMsMS4yLTAuNCwxLjgKCWMtMC42 + LTAuMi0xLjItMC4zLTEuOC0wLjVjLTAuNi0wLjItMS4yLTAuMy0xLjctMC42Yy0xOS02LjIt + MzUtMTkuMS00NS4yLTM1LjljLTAuMy0wLjUtMC42LTEuMS0xLTEuNmMtMC4zLTAuNS0wLjYt + MS4xLTAuOS0xLjYKCWMtMy4yLTUuOS01LjctMTIuMi03LjQtMTguOGMtMC4xLTAuNi0wLjMt + MS4yLTAuNC0xLjhjLTAuMi0wLjYtMC4zLTEuMi0wLjQtMS44Yy0xLjItNS41LTEuOC0xMS4z + LTEuOC0xNy4yczAuNi0xMS42LDEuOC0xNy4yCgljLTYuMy0xLjgtMTMtMi44LTE5LjktMi45 + Yy0xLjMsNi41LTIsMTMuMi0yLDIwYzAsNi45LDAuNywxMy42LDIsMjAuMWMwLjEsMC42LDAu + MiwxLjIsMC40LDEuOGMwLjEsMC42LDAuMywxLjIsMC40LDEuOAoJYzEuNiw2LjgsMy45LDEz + LjQsNi45LDE5LjdjMC4zLDAuNiwwLjUsMS4yLDAuOCwxLjdjMC4zLDAuNiwwLjYsMS4yLDAu + OSwxLjhjMTIuMSwyMy41LDMzLDQxLjgsNTguNCw1MC40CgljLTExLjIsNC4xLTIzLjMsNi40 + LTM1LjksNi40Yy01MS41LDAtOTQuMi0zNy41LTEwMi4zLTg2LjdjMC41LDAuNCwwLjksMC44 + LDEuNCwxLjJjMTguMSwxNS45LDQxLjgsMjUuNSw2Ny43LDI1LjUKCWMxLjcsMCwzLjQsMCw1 + LjEtMC4xYy0yLjktNi40LTUuMS0xMy02LjctMjBjLTIwLjYtMC40LTM5LjMtOC4zLTUzLjYt + MjEuMmMtMC41LTAuNC0wLjktMC44LTEuNC0xLjJjLTAuNS0wLjQtMC45LTAuOC0xLjMtMS4z + CgljMC40LTAuNCwwLjgtMC45LDEuMy0xLjNjMC40LTAuNCwwLjktMC44LDEuMy0xLjJjMTQu + My0xMi45LDMzLTIwLjgsNTMuNi0yMS4yYzAuNSwwLDEuMSwwLDEuNiwwaDAuM2MwLjYsMCwx + LjMsMCwxLjksMAoJYzYuOSwwLjIsMTMuNiwxLjIsMjAsM2MwLjYsMC4yLDEuMiwwLjMsMS43 + LDAuNWMwLjYsMC4yLDEuMiwwLjQsMS43LDAuNWMxMS4xLDMuNiwyMS4yLDkuNSwyOS42LDE3 + LjJjNC44LTQuNyw5LTEwLDEyLjUtMTUuOAoJYy0xMC04LjgtMjEuOC0xNS43LTM0LjctMjAu + MWMtMC42LTAuMi0xLjItMC40LTEuNy0wLjZjLTAuNi0wLjItMS4yLTAuNC0xLjgtMC42Yy02 + LjYtMi0xMy40LTMuMy0yMC41LTMuOQoJYy0wLjYtMC4xLTEuMy0wLjEtMS45LTAuMmMtMC43 + LDAtMS4zLTAuMS0yLTAuMWMtMS43LTAuMS0zLjQtMC4xLTUuMS0wLjFjLTI1LjksMC00OS42 + LDkuNi02Ny43LDI1LjVjLTAuNSwwLjQtMC45LDAuOC0xLjQsMS4yCglDOC4xLDM4LjQsNTAu + OCwwLjksMTAyLjMsMC45YzEyLjYsMCwyNC43LDIuMywzNS45LDYuNGMwLDAsMCwwLDAsMEMx + MTIuOCwxNS45LDkyLDM0LjEsNzkuOCw1Ny42YzcuMSwwLjcsMTQsMi4xLDIwLjcsNC4yCglj + MTAuMi0xNi44LDI2LjItMjkuNyw0NS4yLTM1LjljMC42LTAuMiwxLjItMC40LDEuNy0wLjZj + MC42LTAuMiwxLjItMC4zLDEuOC0wLjVjMC4xLDAuNiwwLjMsMS4yLDAuNCwxLjhjMC4xLDAu + NiwwLjMsMS4yLDAuNCwxLjgKCWMxLjIsNS41LDEuOCwxMS4zLDEuOCwxNy4yYzAsMTQuNS0z + LjcsMjguMS0xMC4zLDQwYy0wLjMsMC41LTAuNiwxLjEtMC45LDEuNmMtMC4zLDAuNS0wLjYs + MS4xLTEsMS42Yy0zLjUsNS43LTcuOCwxMS4xLTEyLjYsMTUuOAoJYy0wLjQsMC40LTAuOSww + LjktMS4zLDEuM2MtMC40LDAuNC0wLjksMC44LTEuMywxLjJjLTguNSw3LjYtMTguNiwxMy41 + LTI5LjcsMTcuMmMxLjcsNi42LDQuMiwxMi45LDcuNSwxOC43CgljMTIuOS00LjQsMjQuNi0x + MS4zLDM0LjYtMjAuMWMwLjUtMC40LDAuOS0wLjgsMS40LTEuMmMwLjUtMC40LDAuOS0wLjgs + MS40LTEuM2M1LjEtNC44LDkuNy0xMC4xLDEzLjctMTUuOAoJYzAuNC0wLjUsMC43LTEuMSwx + LjEtMS42YzAuNC0wLjUsMC43LTEuMSwxLjEtMS42YzEwLjQtMTYuMSwxNi41LTM1LjIsMTYu + NS01NS43YzAtNi43LTAuNi0xMy4zLTEuOS0xOS42CglDMTkyLDQ1LDIwNiw3My4yLDIwNiwx + MDQuNiIvPgo8L3N2Zz4K + </office:binary-data> + <text:p/> + </draw:image> + <draw:image loext:mime-type="image/png"> + <office:binary-data>iVBORw0KGgoAAAANSUhEUgAAAM4AAADRCAYAAACEn42KAAAKW0lEQVR4nO2dW3LkNgxFPVXe + RpaW1WVpWYhTmik6sppQUyQeF+A9n1NTbjaAI0BsPT6/vr4+CCHP+IxeAPn4+PXPv0NHr6+/ + //plvRYyBsUxZlQKrb9FuXygOApoyrHK3VoolR4UZxIkWUa5rpkizUNxHpBRljt634cyjUFx + bqgmygjsSmNQnAs7ynLHEQ/K8wrF+aAsEhRGZltxKEsfyjLGduJQmD4U5hnbiENh+lCYOUqL + Q1lkKMwaJcWhMH0oix5lxKEsMhRGn/TiUBgZCmNHanEojQylsSWtOJRGhtLYk1IcStOHwviR + ShwKI0NpfEkjDqWRoTT+pBCH0vShMHFAi0NhZChNLLDiUBoZShMPpDiUpg+FwQFOHErTJ4M0 + LXcZ1roKjDgURga9EK+52+F2awhxKI0McgF65g1NxnBxKI0MUqE0IvOFJE+oOJRGBqVAGii5 + QpEnTByURCCCUBgNxDwhyBMiDmIyUIguiAPE/BxxOa8rWh53cRCTgkK0NNlyEymPqzjZEuNJ + NWm8ijpKHjdxKI1MpDQV8hIhj4s4FZJjBaXRwVsec3EqJUebKGmq5sRTHlNxqiZIA0pjg5c8 + ZuJUT9AKEdLslA8PeUzE2SlJT6E0PljLoy7OjkkahdL4YilP+EWexI5q0lyvHhjBSh5Vcaol + ShPvboOQi+jLYixREwchUajsKA0SFgJzVCsGpfFBRRwmS8az2zAPMtpdZ1kcJkuG0mChKQ9H + tQJQGn+WxGHCZLy6DXPwDK2uMy0OEyZDaf5QdSv6gKNaUtClQUaj60yJw6TJeN31aP0Z5J7H + 4jBpsTD+Oqx2HY5qilh3m92lQXouwiNxdk/cHZVPhMkr7DhJ4EHLhtmuMywOEyfDEe2V6h2Y + HWcRSpOfma5DcRbpFXb1o21FnsozJA6Pes94F6/RBDHuuLDjBHAWQpKI0vjzpOu8Fad6AjXG + qpUY9SSqHvMKlO44Xucavc+ZKX4Kk4dbcTIkEvVEXEumjFjkxCt2o+Nayo6DKss7dpapGinE + ySrKCJQpJ6I4kcmrLMoI3CSIZWRcg+k4u8vS4xwTSoRFVxyvJFGWcbJ0ocwbA08I6TgUZp4s + AmXn3bjmJg5l0YVjXCwv4mgngcLYg9KFdsq1WcfZKYgooAhUhbtxTVUcyoJBpTEOdf0/xJld + JIXBxasL7VYDSx1nt2BlZuZtZkQe16bFoTT5sJLHqhaQRZ8Sh9LkhRsIOnyLMxJIClMHjm7j + 9Ma14Y5DaeqhIc+OY9rBkDiUpi4c3ea4FaeiMKhH2GiQRjeUdZy5jmuf7R+v/zFjgXgE/O4z + MsbszFN5sn/fFV46TrZgIB2dKhyAOLqN8UOcLEnOlFRpreixjhrdsuT2sy0UPZHeAbV+FkCG + uN/Jg7xuD353HNQgoB19LB5diy4Q0qZBNOcNgk/EhGVP1Ey3GnksbgSe522Z8g7zsI6DTIGz + BKULVdjssAJCHArTJ1Ig75xkq4EwcZADhXZU9R7juCHwHndxkIXJQFQXsvy8jDXhJk7G4CBj + JRDPa8YwF4fC2DL71mTpb13/je847WMqTtagZENDHl4lMEaLtZk4GYOSmZXRjZsBzzERh9L8 + xDMeT7tPlDTZa0RdnOwBqcDq6MZO8x41cSgMFiPyRO2gVagVFXEqBKIid+c93HZeY1mcatJU + LJ5r94nMWZV6WRKnShB24F2uKh4wrDhiOS0OpamDlzSVauaxOJW+PKE0szwSp9qX3x1KM88j + cXgbLSF/eDyqUZ78eG4EVK2VpbcVVA1KVbx3zirXx/KLpSoHpxKURpflH0ApDz4Iv9FUmlLU + biuoJI/mjWHRRH2Pay1UiecZtYs8K8lTAVRpqtSJyevaKwQmM6jSVMLkRrYqR5WMZCjWCvVh + dut0heBo4RGLaGF26jYHpg/roDw+RBfpjDTZa8P88VA877ElozTn/5utLr7fVuD9gdkChUq0 + MAe7jWdn3B+BS4HWQClOLWkydp2DsIeuo9zKmwEUWRrMF8hrPtC6EMrVAwhruGLxkI+MXQdC + nAaaQFEgCnPAJ+P8D5Q4jR0FQi9Aa2mydR3ot05XOg+SCgMx7mf4XOk+ny2hKHO9RCWJGsjx + PvCOM3rXOefrx6iGLk+jokRojLwlO0OtWPFyjoM8uvWwksijMBCLL/pAhN51Gr/F6S0WManv + GFlvZFLQiwJ5bWjc7qpllOcdM0/w34GZ712xPkZ5ux2dbXTTZIdxDfFAgdiZrzka/h0nOsFV + QCoKlHVk5FuckYTu0H2QCtsSre9odUBFz8PUlQM7dZ9q4xpyMaLSy83Saz52kUebqKNpNmmQ + u47Ki6UoED6WBbjjQfSHOLOGVxco87iGesTOgpQT1aujqwjk9VQaq8+IGgOz5/0JJrcVVBHI + m9Xiq9hdUM9zXsTRXGglgSyOqFqxRiysCtzl2+VGtowCoR7pGohr22lcc70DNKNA1lwFfVd8 + iMLsSFcc66NtVoEifyWnML68y3PoMwfOxYAoEX+ofA7yuaAmojjei814P74miMVBZCCfctNA + eMTq03MQkp+R/EKLc2X3rkRwuBUnw/hwtz5KRaxI1XGeMiL9zLtcdr0HZZTMGwSj634rTpVk + SqB9t+rxrkLpjmOJ5SYB5cFnSBwm0h/G3J8nB0J2nAW4NV2Hp3mkOItwZNuTYXGYRBnKk5uZ + 3LHjJCCjPNXH2EfiZEygF9ULpSqzOWPHUYQjWy5WcvVYHCYwjt1jj/T9pzoO0hdAw3pkY+x1 + WM0RR7WEUJ54psVh8mQ8NgoY/3k0crPUcZg8GcqDudOotR6OaslBl6cqy+IwcTJeR1zmYAzN + XKh0HCZOhvLUhKNaISiPjPbBS00cJk3G8ySZeXjFIvaqHYdJk6E8teCoVhQEeRC2oq3WoC4O + QsJQ8f5do31WlXw8/R6WsTbpOJRHJuJHwR3zYR1js1Ftx2SNEiVP+2zPz43AI7am5ziURybq + cpTqOfGKqfnmQPVErRApT/t878+2xDOWLrtqlEcm8kLISnnxjqHbdnSlJGkTLU9bQ8TnaxAR + O9ffcSiPTPQl+FlzExUz9x9AsybIAwR52jq0/pYlkbEKuXKA8shEy3OAOL4hvJ3vTNglN5RH + BkGeg/MakHKFEJvQa9UojwyKPA2ULoQSk/CLPCmPDJo8B5ECIcUiXJwDyiODKM+B9xiHFgMI + cQ5QRgFEUOVp7HjggxGnsWMSRsggT/QaPIET54Dy9Gkx2a1IEYEU54DyyKB3nx2AFeeA5z0y + lCcWaHEa7D59OLrFkUKcA8ojw+7jTxpxDji6yVAeX1KJ02D36cPRzY+U4hxQHhl2H3vSinNA + eWQojy2pxTngeY8MRzc70ovTQL13BAEKpE8Zcc6wC/U5x4MSrVFSnAYFkmEXWqO0OA2OcTIU + aI4txDnDLtSHAj1jO3Ea7EJ9eB40xrbinKFEfdiFZCjOBUr0E0rTh+LcsKtElOU9FGeQazFV + E4myPIPiTJK9G1GUNSiOAndFiCQVZdGD4hgzUqwrclGGGCgOACz+fPwHwrxYlCRUiFQAAAAA + SUVORK5CYII= + </office:binary-data> + </draw:image> + </draw:frame> + <draw:frame draw:style-name="gr3" draw:text-style-name="P4" draw:layer="layout" svg:width="4.481cm" svg:height="0.962cm" svg:x="7.806cm" svg:y="15.838cm"> + <draw:text-box> + <text:p>Knot Resolver</text:p> + </draw:text-box> + </draw:frame> + </draw:g> + <draw:g> + <draw:frame draw:name="noun_servers_1653083.svg" draw:style-name="gr1" draw:text-style-name="P1" draw:layer="layout" svg:width="2.43cm" svg:height="2.35cm" svg:x="3.4cm" svg:y="21.55cm"> + <draw:image loext:mime-type="image/svg+xml"> + <office:binary-data>PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiIHN0YW5kYWxvbmU9Im5vIj8+ + CjxzdmcKICAgeG1sbnM6ZGM9Imh0dHA6Ly9wdXJsLm9yZy9kYy9lbGVtZW50cy8xLjEvIgog + ICB4bWxuczpjYz0iaHR0cDovL2NyZWF0aXZlY29tbW9ucy5vcmcvbnMjIgogICB4bWxuczpy + ZGY9Imh0dHA6Ly93d3cudzMub3JnLzE5OTkvMDIvMjItcmRmLXN5bnRheC1ucyMiCiAgIHht + bG5zOnN2Zz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciCiAgIHhtbG5zPSJodHRwOi8v + d3d3LnczLm9yZy8yMDAwL3N2ZyIKICAgeG1sbnM6c29kaXBvZGk9Imh0dHA6Ly9zb2RpcG9k + aS5zb3VyY2Vmb3JnZS5uZXQvRFREL3NvZGlwb2RpLTAuZHRkIgogICB4bWxuczppbmtzY2Fw + ZT0iaHR0cDovL3d3dy5pbmtzY2FwZS5vcmcvbmFtZXNwYWNlcy9pbmtzY2FwZSIKICAgZGF0 + YS1uYW1lPSJMYXllciAxIgogICB2aWV3Qm94PSIwIDAgODggODUuMDAwMDAzIgogICB4PSIw + cHgiCiAgIHk9IjBweCIKICAgdmVyc2lvbj0iMS4xIgogICBpZD0ic3ZnMTIzIgogICBzb2Rp + cG9kaTpkb2NuYW1lPSJub3VuX3NlcnZlcnNfMTY1MzA4My5zdmciCiAgIHdpZHRoPSI4OCIK + ICAgaGVpZ2h0PSI4NSIKICAgaW5rc2NhcGU6dmVyc2lvbj0iMC45Mi40IDVkYTY4OWMzMTMs + IDIwMTktMDEtMTQiPgogIDxtZXRhZGF0YQogICAgIGlkPSJtZXRhZGF0YTEyOSI+CiAgICA8 + cmRmOlJERj4KICAgICAgPGNjOldvcmsKICAgICAgICAgcmRmOmFib3V0PSIiPgogICAgICAg + IDxkYzpmb3JtYXQ+aW1hZ2Uvc3ZnK3htbDwvZGM6Zm9ybWF0PgogICAgICAgIDxkYzp0eXBl + CiAgICAgICAgICAgcmRmOnJlc291cmNlPSJodHRwOi8vcHVybC5vcmcvZGMvZGNtaXR5cGUv + U3RpbGxJbWFnZSIgLz4KICAgICAgICA8ZGM6dGl0bGU+ZGF0YSwgc2VydmVyLCBkYXRhYmFz + ZSxkYiwgaG9zdGluZzwvZGM6dGl0bGU+CiAgICAgIDwvY2M6V29yaz4KICAgIDwvcmRmOlJE + Rj4KICA8L21ldGFkYXRhPgogIDxkZWZzCiAgICAgaWQ9ImRlZnMxMjciIC8+CiAgPHNvZGlw + b2RpOm5hbWVkdmlldwogICAgIHBhZ2Vjb2xvcj0iI2ZmZmZmZiIKICAgICBib3JkZXJjb2xv + cj0iIzY2NjY2NiIKICAgICBib3JkZXJvcGFjaXR5PSIxIgogICAgIG9iamVjdHRvbGVyYW5j + ZT0iMTAiCiAgICAgZ3JpZHRvbGVyYW5jZT0iMTAiCiAgICAgZ3VpZGV0b2xlcmFuY2U9IjEw + IgogICAgIGlua3NjYXBlOnBhZ2VvcGFjaXR5PSIwIgogICAgIGlua3NjYXBlOnBhZ2VzaGFk + b3c9IjIiCiAgICAgaW5rc2NhcGU6d2luZG93LXdpZHRoPSI2MzYiCiAgICAgaW5rc2NhcGU6 + d2luZG93LWhlaWdodD0iMTA1NCIKICAgICBpZD0ibmFtZWR2aWV3MTI1IgogICAgIHNob3dn + cmlkPSJmYWxzZSIKICAgICBmaXQtbWFyZ2luLXRvcD0iMCIKICAgICBmaXQtbWFyZ2luLWxl + ZnQ9IjAiCiAgICAgZml0LW1hcmdpbi1yaWdodD0iMCIKICAgICBmaXQtbWFyZ2luLWJvdHRv + bT0iMCIKICAgICBpbmtzY2FwZTp6b29tPSIxLjg4OCIKICAgICBpbmtzY2FwZTpjeD0iNDQi + CiAgICAgaW5rc2NhcGU6Y3k9IjMwLjUwMDAwNCIKICAgICBpbmtzY2FwZTp3aW5kb3cteD0i + NjQyIgogICAgIGlua3NjYXBlOndpbmRvdy15PSIyIgogICAgIGlua3NjYXBlOndpbmRvdy1t + YXhpbWl6ZWQ9IjEiCiAgICAgaW5rc2NhcGU6Y3VycmVudC1sYXllcj0ic3ZnMTIzIiAvPgog + IDx0aXRsZQogICAgIGlkPSJ0aXRsZTk3Ij5kYXRhLCBzZXJ2ZXIsIGRhdGFiYXNlLGRiLCBo + b3N0aW5nPC90aXRsZT4KICA8cmVjdAogICAgIHg9IjEwIgogICAgIHk9IjkiCiAgICAgd2lk + dGg9IjQiCiAgICAgaGVpZ2h0PSI2IgogICAgIGlkPSJyZWN0OTkiIC8+CiAgPHJlY3QKICAg + ICB4PSIxOCIKICAgICB5PSI5IgogICAgIHdpZHRoPSI0IgogICAgIGhlaWdodD0iNiIKICAg + ICBpZD0icmVjdDEwMSIgLz4KICA8cmVjdAogICAgIHg9IjI2IgogICAgIHk9IjkiCiAgICAg + d2lkdGg9IjQiCiAgICAgaGVpZ2h0PSI2IgogICAgIGlkPSJyZWN0MTAzIiAvPgogIDxyZWN0 + CiAgICAgeD0iMTAiCiAgICAgeT0iMzYiCiAgICAgd2lkdGg9IjQiCiAgICAgaGVpZ2h0PSI2 + IgogICAgIGlkPSJyZWN0MTA1IiAvPgogIDxyZWN0CiAgICAgeD0iMTgiCiAgICAgeT0iMzYi + CiAgICAgd2lkdGg9IjQiCiAgICAgaGVpZ2h0PSI2IgogICAgIGlkPSJyZWN0MTA3IiAvPgog + IDxyZWN0CiAgICAgeD0iMjYiCiAgICAgeT0iMzYiCiAgICAgd2lkdGg9IjQiCiAgICAgaGVp + Z2h0PSI2IgogICAgIGlkPSJyZWN0MTA5IiAvPgogIDxyZWN0CiAgICAgeD0iMTAiCiAgICAg + eT0iNjMiCiAgICAgd2lkdGg9IjQiCiAgICAgaGVpZ2h0PSI2IgogICAgIGlkPSJyZWN0MTEx + IiAvPgogIDxyZWN0CiAgICAgeD0iMTgiCiAgICAgeT0iNjMiCiAgICAgd2lkdGg9IjQiCiAg + ICAgaGVpZ2h0PSI2IgogICAgIGlkPSJyZWN0MTEzIiAvPgogIDxyZWN0CiAgICAgeD0iMjYi + CiAgICAgeT0iNjMiCiAgICAgd2lkdGg9IjQiCiAgICAgaGVpZ2h0PSI2IgogICAgIGlkPSJy + ZWN0MTE1IiAvPgogIDxwYXRoCiAgICAgZD0iTSA2MS41LDcgSCA2MCBWIDUgQSA1LDUgMCAw + IDAgNTUsMCBIIDUgQSA1LDUgMCAwIDAgMCw1IHYgMTQgYSA1LDUgMCAwIDAgNSw1IGggMSB2 + IDMgSCA1IGEgNSw1IDAgMCAwIC01LDUgdiAxNCBhIDUsNSAwIDAgMCA1LDUgaCAxIHYgMyBI + IDUgYSA1LDUgMCAwIDAgLTUsNSB2IDE0IGEgNSw1IDAgMCAwIDUsNSBoIDEgdiA3IGggNDgg + diAtNyBoIDEgYSA1LDUgMCAwIDAgNSwtNSB2IC0xIGggMS41IEMgNzQuMjYsNzIgODgsNjku + MDkgODgsNjIuNzEgdiAtNDYuODEgMCBDIDg3Ljg0LDkuNzkgNzQuMTksNyA2MS41LDcgWiBN + IDUsMjAgQSAxLDEgMCAwIDEgNCwxOSBWIDUgQSAxLDEgMCAwIDEgNSw0IGggNTAgYSAxLDEg + MCAwIDEgMSwxIFYgNy4xOCBDIDQ1LjE1LDcuODcgMzUuMTMsMTAuNjcgMzUsMTUuOSB2IDAg + NC4xIHogbSAzMCw0IHYgMyBIIDEwIFYgMjQgWiBNIDUsNDcgQSAxLDEgMCAwIDEgNCw0NiBW + IDMyIGEgMSwxIDAgMCAxIDEsLTEgaCAzMCB2IDE2IHogbSAzMCw0IHYgMyBIIDEwIFYgNTEg + WiBNIDUwLDgxIEggMTAgdiAtMyBoIDQwIHogbSA2LC04IGEgMSwxIDAgMCAxIC0xLDEgSCA1 + IEEgMSwxIDAgMCAxIDQsNzMgViA1OSBhIDEsMSAwIDAgMSAxLC0xIGggMzAgdiA0LjcxIGMg + MCw1LjQ3IDEwLjA4LDguMzggMjEsOS4xMSB6IE0gODQsNjIuNzEgQyA4NCw2NC4yOSA3Ni4z + NCw2OCA2MS41LDY4IDQ2LjY2LDY4IDM5LDY0LjI5IDM5LDYyLjcxIFYgNTIuOSBDIDQ0LDU1 + LjY5IDUzLDU3IDYxLjUsNTcgNzAsNTcgNzksNTUuNjkgODQsNTIuOSBaIE0gODQsNDcuNjQg + QyA4NCw0OS4yNSA3Ni4zNCw1MyA2MS41LDUzIDQ2LjY2LDUzIDM5LDQ5LjI1IDM5LDQ3LjY0 + IFYgMzcgYyA1LDIuNzEgMTQsNCAyMi41LDQgQyA3MCw0MSA3OSwzOS43MiA4NCwzNyBaIE0g + ODQsMzEuODkgQyA4NCwzMy4zNyA3Ni4xMiwzNyA2MS41LDM3IDQ2Ljg4LDM3IDM5LDMzLjM3 + IDM5LDMxLjg5IFYgMjEuMDYgQyA0NCwyMy43NCA1MywyNSA2MS41LDI1IDcwLDI1IDc5LDIz + Ljc0IDg0LDIxLjA2IFogTSA2MS41LDIxIEMgNDYsMjEgMzksMTcuMTYgMzksMTYgMzksMTQu + ODQgNDYsMTEgNjEuNSwxMSA3NywxMSA4NCwxNC44NCA4NCwxNiBjIDAsMS4xNiAtNyw1IC0y + Mi41LDUgeiIKICAgICBpZD0icGF0aDExNyIKICAgICBpbmtzY2FwZTpjb25uZWN0b3ItY3Vy + dmF0dXJlPSIwIiAvPgo8L3N2Zz4K + </office:binary-data> + <text:p/> + </draw:image> + <draw:image loext:mime-type="image/png"> + <office:binary-data>iVBORw0KGgoAAAANSUhEUgAAAFkAAABWCAYAAACkXTp6AAACgUlEQVR4nO2d0Y6EIAwAz8T/ + /+Xd44GNIYIg2E5r5+2yd2sZK0JtvP3z+fwFz7Iff9i2za3x/2TatI79k+xZcCKNT0v0ngPQ + OLg0WqL32geal9cqKMlzKtmD4EQaB0F0NZODdbxOciuzn7qCXUq+O0X0/N2dEzEkuQyiPODs + 5zOxSHF23KtxmMhkws2rRY6vJhsveYXg3itm9lg12WjJvYNedcO6+p7eeMpND1ZybUCaa/iz + Y9fiPIpGSr5zc9Eix9XK8iHJVwOd/TxhSfCRs91lzmZkJh+xIDhT28bjJWuWKEepTRl4yYmr + dag2V6sOE5IzK3eMK+O44lQyfYeVOcb5tPAZJ6YyuQU5MfCSe9ahBFpx7vkXrAwioxnv6NT0 + y+SeLaPEjWZlveLOiXhijPjpYgbKks+1ZApDSzj6vE3lNW1amrymTUuTV7VpaYFr0/J4wl23 + aVHAL+GinixE1JMFcVVP7v1yzTat8vuiniyA9qrkstRJ5pih2iJLeq8evOQjBOGPt86SiHoy + BMqSD9em5RHXmUwhJAsQkgUIyQKYbtOyQmSyAHjJburJ9DYtN/VkC21ar6gn04h6sjDa091w + PZnUpkUob9a4VU+mDaKEIHyqnkwXXGKunmxNcC+UJV+0aQkQbVoCuFnCkQnJAoRkAUy3aVkB + l8llRdByqRP9epwSN6VOErX6NmW6GX0TIlJyoudBArXUaeq9cCNPbAg7xSVvONRo06I/Gku4 + eFcn6TUMmZGEMSG5pDXAp07AzJxvUnIL4gbInWQi0aYlQGSyACFZABNtWqtQ/bdEtQAId+Ze + yLHGdCFASBZg6slI0EdksgAhWYCQLEBTMmkZZJkvMtHRb/cyBPsAAAAASUVORK5CYII= + </office:binary-data> + </draw:image> + <svg:title>data, server, database,db, hosting</svg:title> + </draw:frame> + <draw:frame draw:style-name="gr4" draw:text-style-name="P3" draw:layer="layout" svg:width="3.144cm" svg:height="1.673cm" svg:x="3.043cm" svg:y="23.9cm"> + <draw:text-box> + <text:p text:style-name="P2">upstream<text:line-break/>resolver</text:p> + </draw:text-box> + </draw:frame> + </draw:g> + <draw:g> + <draw:frame draw:style-name="gr5" draw:text-style-name="P3" draw:layer="layout" svg:width="1.979cm" svg:height="0.962cm" svg:x="9.057cm" svg:y="3.827cm"> + <draw:text-box> + <text:p text:style-name="P2">client</text:p> + </draw:text-box> + </draw:frame> + <draw:frame draw:name="noun_terminal_1653060.svg" draw:style-name="gr1" draw:text-style-name="P1" draw:layer="layout" svg:width="2.49cm" svg:height="2.35cm" svg:x="8.801cm" svg:y="4.9cm"> + <draw:image loext:mime-type="image/svg+xml"> + <office:binary-data>PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiIHN0YW5kYWxvbmU9Im5vIj8+ + CjxzdmcKICAgeG1sbnM6ZGM9Imh0dHA6Ly9wdXJsLm9yZy9kYy9lbGVtZW50cy8xLjEvIgog + ICB4bWxuczpjYz0iaHR0cDovL2NyZWF0aXZlY29tbW9ucy5vcmcvbnMjIgogICB4bWxuczpy + ZGY9Imh0dHA6Ly93d3cudzMub3JnLzE5OTkvMDIvMjItcmRmLXN5bnRheC1ucyMiCiAgIHht + bG5zOnN2Zz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciCiAgIHhtbG5zPSJodHRwOi8v + d3d3LnczLm9yZy8yMDAwL3N2ZyIKICAgeG1sbnM6c29kaXBvZGk9Imh0dHA6Ly9zb2RpcG9k + aS5zb3VyY2Vmb3JnZS5uZXQvRFREL3NvZGlwb2RpLTAuZHRkIgogICB4bWxuczppbmtzY2Fw + ZT0iaHR0cDovL3d3dy5pbmtzY2FwZS5vcmcvbmFtZXNwYWNlcy9pbmtzY2FwZSIKICAgZGF0 + YS1uYW1lPSJMYXllciAxIgogICB2aWV3Qm94PSIwIDAgNzAgNjYiCiAgIHg9IjBweCIKICAg + eT0iMHB4IgogICB2ZXJzaW9uPSIxLjEiCiAgIGlkPSJzdmcxNDEiCiAgIHNvZGlwb2RpOmRv + Y25hbWU9Im5vdW5fdGVybWluYWxfMTY1MzA2MC5zdmciCiAgIHdpZHRoPSI3MCIKICAgaGVp + Z2h0PSI2NiIKICAgaW5rc2NhcGU6dmVyc2lvbj0iMC45Mi40IDVkYTY4OWMzMTMsIDIwMTkt + MDEtMTQiPgogIDxtZXRhZGF0YQogICAgIGlkPSJtZXRhZGF0YTE0NyI+CiAgICA8cmRmOlJE + Rj4KICAgICAgPGNjOldvcmsKICAgICAgICAgcmRmOmFib3V0PSIiPgogICAgICAgIDxkYzpm + b3JtYXQ+aW1hZ2Uvc3ZnK3htbDwvZGM6Zm9ybWF0PgogICAgICAgIDxkYzp0eXBlCiAgICAg + ICAgICAgcmRmOnJlc291cmNlPSJodHRwOi8vcHVybC5vcmcvZGMvZGNtaXR5cGUvU3RpbGxJ + bWFnZSIgLz4KICAgICAgICA8ZGM6dGl0bGU+ZGF0YSwgc2VydmVyLCBkYXRhYmFzZSwgbW9u + aXRvciwgdGVybWluYWw8L2RjOnRpdGxlPgogICAgICA8L2NjOldvcms+CiAgICA8L3JkZjpS + REY+CiAgPC9tZXRhZGF0YT4KICA8ZGVmcwogICAgIGlkPSJkZWZzMTQ1IiAvPgogIDxzb2Rp + cG9kaTpuYW1lZHZpZXcKICAgICBwYWdlY29sb3I9IiNmZmZmZmYiCiAgICAgYm9yZGVyY29s + b3I9IiM2NjY2NjYiCiAgICAgYm9yZGVyb3BhY2l0eT0iMSIKICAgICBvYmplY3R0b2xlcmFu + Y2U9IjEwIgogICAgIGdyaWR0b2xlcmFuY2U9IjEwIgogICAgIGd1aWRldG9sZXJhbmNlPSIx + MCIKICAgICBpbmtzY2FwZTpwYWdlb3BhY2l0eT0iMCIKICAgICBpbmtzY2FwZTpwYWdlc2hh + ZG93PSIyIgogICAgIGlua3NjYXBlOndpbmRvdy13aWR0aD0iOTU2IgogICAgIGlua3NjYXBl + OndpbmRvdy1oZWlnaHQ9IjEwNTQiCiAgICAgaWQ9Im5hbWVkdmlldzE0MyIKICAgICBzaG93 + Z3JpZD0iZmFsc2UiCiAgICAgZml0LW1hcmdpbi10b3A9IjAiCiAgICAgZml0LW1hcmdpbi1s + ZWZ0PSIwIgogICAgIGZpdC1tYXJnaW4tcmlnaHQ9IjAiCiAgICAgZml0LW1hcmdpbi1ib3R0 + b209IjAiCiAgICAgaW5rc2NhcGU6em9vbT0iNy41NTIiCiAgICAgaW5rc2NhcGU6Y3g9IjUy + LjIwNTQ4OCIKICAgICBpbmtzY2FwZTpjeT0iMzMuODcwMTc2IgogICAgIGlua3NjYXBlOndp + bmRvdy14PSI5NjIiCiAgICAgaW5rc2NhcGU6d2luZG93LXk9IjIiCiAgICAgaW5rc2NhcGU6 + d2luZG93LW1heGltaXplZD0iMSIKICAgICBpbmtzY2FwZTpjdXJyZW50LWxheWVyPSJzdmcx + NDEiIC8+CiAgPHRpdGxlCiAgICAgaWQ9InRpdGxlMTMxIj5kYXRhLCBzZXJ2ZXIsIGRhdGFi + YXNlLCBtb25pdG9yLCB0ZXJtaW5hbDwvdGl0bGU+CiAgPHBhdGgKICAgICBkPSJNIDgsMzkg + SCA2MiBWIDggSCA4IFogTSAxMiwxMiBIIDU4IFYgMzUgSCAxMiBaIgogICAgIGlkPSJwYXRo + MTMzIgogICAgIGlua3NjYXBlOmNvbm5lY3Rvci1jdXJ2YXR1cmU9IjAiIC8+CiAgPHBhdGgK + ICAgICBkPSJtIDAsMCB2IDQ3IGggMjggdiA3LjA4IGMgLTMuNDQwOTI3LDAuNDk2NjUzIC01 + Ljk5NTkyNSwzLjQ0MzQxOCAtNiw2LjkyIHYgNSBIIDQ4IFYgNjEgQyA0Ny45OTU5LDU3LjUy + MzQxOCA0NS40NDA5MjcsNTQuNTc2NjUzIDQyLDU0LjA4IFYgNDcgSCA3MCBWIDAgTSA0NCw2 + MSB2IDEgSCAyNiB2IC0xIGMgMCwtMS42NTY4NTQgMS4zNDMxNDYsLTMgMywtMyBoIDEyIGMg + MS42NTY4NTQsMCAzLDEuMzQzMTQ2IDMsMyB6IE0gMzIsNTQgdiAtNyBoIDYgdiA3IHogTSA3 + MCw1LjU5IFYgMCBNIDQsNDMgViA0IGggNjIgdiAzOSB6IgogICAgIGlkPSJwYXRoMTM1Igog + ICAgIGlua3NjYXBlOmNvbm5lY3Rvci1jdXJ2YXR1cmU9IjAiCiAgICAgc29kaXBvZGk6bm9k + ZXR5cGVzPSJjY2NjY2NjY2NjY2NzY2Nzc3NzY2NjY2NjY2NjY2NjIiAvPgo8L3N2Zz4K + </office:binary-data> + <text:p/> + </draw:image> + <draw:image loext:mime-type="image/png"> + <office:binary-data>iVBORw0KGgoAAAANSUhEUgAAAEcAAABDCAYAAADOIRgJAAABJklEQVR4nO3ZyRKCMBAAUVPF + //8yGk8WhGadJGD3wZO4PMcQimEcx5eVG/JDSkmhSZ+hSUPrD9Fz4kAznDxOLT5I60pLi5MD + iQOJA63iPPU0v2VtdXIgcSBxoN04d90HHVk7nRxIHEgcSBxIHEgcSBxIHEgcSBxIHEgcSBxI + HEgcSBxIHEgcSBxIHEgcSBxoN85Tbw+XcnIgcSBxoFWcu97+vSInBxIHEgea4fzTPmYtJwcS + BxIH+uLU3MtM17Sl9976vMicHEgcSBxIHEgcSByoOU7PlytVcc5A5GNr73Wq4Fw1Hb+vUwMq + HCfqb1NjkkJxSjBHv1CLtanqmnPml87HToGipycMJ+LCsQQUWfNTec9Vw+l5P7OUkwOJA4kD + heE84TbyGynKUBIg/xD7AAAAAElFTkSuQmCC + </office:binary-data> + </draw:image> + <svg:title>data, server, database, monitor, terminal</svg:title> + </draw:frame> + </draw:g> + <draw:line draw:style-name="gr6" draw:text-style-name="P5" draw:layer="layout" svg:x1="11.214cm" svg:y1="16.7cm" svg:x2="14.644cm" svg:y2="21.5cm"> + <text:p/> + </draw:line> + <draw:line draw:style-name="gr7" draw:text-style-name="P5" draw:layer="layout" svg:x1="8.89cm" svg:y1="16.7cm" svg:x2="5.46cm" svg:y2="21.5cm"> + <text:p/> + </draw:line> + <draw:line draw:style-name="gr6" draw:text-style-name="P5" draw:layer="layout" svg:x1="10.046cm" svg:y1="7.5cm" svg:x2="10.046cm" svg:y2="13.2cm"> + <text:p/> + </draw:line> + <draw:frame draw:style-name="gr8" draw:text-style-name="P4" draw:layer="layout" svg:width="5.62cm" svg:height="2.384cm" svg:x="12.694cm" svg:y="16.726cm"> + <draw:text-box> + <text:p><text:span text:style-name="T1"><text:line-break/></text:span><text:span text:style-name="T1">recursion</text:span></text:p> + <text:p>unencrypted DNS</text:p> + </draw:text-box> + </draw:frame> + <draw:frame draw:style-name="gr9" draw:text-style-name="P6" draw:layer="layout" svg:width="5.5cm" svg:height="3.806cm" svg:x="1.9cm" svg:y="16.726cm"> + <draw:text-box> + <text:p><text:span text:style-name="T2">(optional)</text:span></text:p> + <text:p><text:span text:style-name="T1">forwarding</text:span></text:p> + <text:p>unencrypted DNS</text:p> + <text:p>DNS-over-TLS</text:p> + </draw:text-box> + </draw:frame> + <draw:g> + <draw:line draw:style-name="gr7" draw:text-style-name="P5" draw:layer="layout" svg:x1="6.246cm" svg:y1="22.9cm" svg:x2="14.246cm" svg:y2="22.9cm"> + <text:p/> + </draw:line> + <draw:frame draw:style-name="gr10" draw:text-style-name="P4" draw:layer="layout" svg:width="3.393cm" svg:height="0.962cm" svg:x="8.55cm" svg:y="22.9cm"> + <draw:text-box> + <text:p><text:span text:style-name="T1">recursion</text:span></text:p> + </draw:text-box> + </draw:frame> + </draw:g> + <draw:frame draw:style-name="gr11" draw:text-style-name="P4" draw:layer="layout" svg:width="7.529cm" svg:height="3.806cm" svg:x="10.188cm" svg:y="8.447cm"> + <draw:text-box> + <text:p><text:span text:style-name="T1">client asking </text:span><text:span text:style-name="T1">questions</text:span></text:p> + <text:p><text:span text:style-name="T3">unencrypted DNS</text:span><text:span text:style-name="T3"><text:line-break/></text:span><text:span text:style-name="T3">DNS-over-TLS</text:span><text:span text:style-name="T3"><text:line-break/></text:span>DNS-over-HTTPS</text:p> + <text:p>HTTP management API</text:p> + </draw:text-box> + </draw:frame> + <draw:line draw:style-name="gr12" draw:text-style-name="P5" draw:layer="layout" svg:x1="11.4cm" svg:y1="14.6cm" svg:x2="18.45cm" svg:y2="14.6cm"> + <text:p/> + </draw:line> + <draw:line draw:style-name="gr12" draw:text-style-name="P5" draw:layer="layout" svg:x1="1.8cm" svg:y1="14.6cm" svg:x2="8.85cm" svg:y2="14.6cm"> + <text:p/> + </draw:line> + <draw:frame draw:style-name="gr13" draw:text-style-name="P7" draw:layer="layout" svg:width="3.821cm" svg:height="0.962cm" svg:x="11.2cm" svg:y="13.6cm"> + <draw:text-box> + <text:p><text:span text:style-name="T4">... as server</text:span></text:p> + </draw:text-box> + </draw:frame> + <draw:frame draw:style-name="gr14" draw:text-style-name="P7" draw:layer="layout" svg:width="3.537cm" svg:height="0.962cm" svg:x="11.2cm" svg:y="14.6cm"> + <draw:text-box> + <text:p><text:span text:style-name="T4">... as client</text:span></text:p> + </draw:text-box> + </draw:frame> + </draw:page> + </office:drawing> + </office:body> +</office:document>
\ No newline at end of file diff --git a/doc/server_terminology.svg b/doc/server_terminology.svg new file mode 100644 index 0000000..07502d2 --- /dev/null +++ b/doc/server_terminology.svg @@ -0,0 +1,1106 @@ +<?xml version="1.0" encoding="UTF-8" standalone="no"?> +<svg + xmlns:dc="http://purl.org/dc/elements/1.1/" + xmlns:cc="http://creativecommons.org/ns#" + xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" + xmlns:svg="http://www.w3.org/2000/svg" + xmlns="http://www.w3.org/2000/svg" + style="fill-rule:evenodd;stroke-width:28.22200012;stroke-linejoin:round" + id="svg687" + xml:space="preserve" + preserveAspectRatio="xMidYMid" + viewBox="0 0 16750.999 21747" + height="217.47mm" + width="167.50999mm" + version="1.2"><metadata + id="metadata691"><rdf:RDF><cc:Work + rdf:about=""><dc:format>image/svg+xml</dc:format><dc:type + rdf:resource="http://purl.org/dc/dcmitype/StillImage" /><dc:title></dc:title><cc:license + rdf:resource="SPDX-License-Identifier: GPL-3.0-or-later" /></cc:Work></rdf:RDF></metadata> + <defs + id="defs8" + class="ClipPathGroup"><clipPath + clipPathUnits="userSpaceOnUse" + id="presentation_clip_path"> + <rect + id="rect2" + height="29700" + width="21000" + y="0" + x="0" /> + </clipPath></defs> + <defs + id="defs77" /> + <defs + id="defs116" /> + <defs + id="defs159" /> + <defs + id="defs163" + class="TextShapeIndex" /> + <defs + id="defs195" + class="EmbeddedBulletChars" /> + <g + transform="translate(-1750,-3827)" + id="g200"> + <g + class="Master_Slide" + id="id2"> + <g + class="Background" + id="bg-id2" /> + <g + class="BackgroundObjects" + id="bo-id2" /> + </g> + </g> + <g + transform="translate(-1750,-3827)" + id="g685" + class="SlideGroup"> + <g + id="g683"> + <g + id="container-id1"> + <g + clip-path="url(#presentation_clip_path)" + class="Slide" + id="id1"> + <g + id="g679" + class="Page"> + <g + id="g258" + class="Group"> + <g + id="g239" + class="Graphic"> + <title + id="title202">data, server, database, router, hardware + </title> + <g + id="id3"> + <rect + style="fill:none;stroke:none" + id="rect204" + height="2351" + width="1671" + y="21550" + x="14641" + class="BoundingBox" /> + <path + style="fill:#000000;stroke:none" + id="path206" + d="m 14983,22711 h -55 v -164 h 110 v 164 z" /> + <path + style="fill:#000000;stroke:none" + id="path208" + d="m 15202,22711 h -55 v -164 h 110 v 164 z" /> + <path + style="fill:#000000;stroke:none" + id="path210" + d="m 15421,22711 h -55 v -164 h 110 v 164 z" /> + <path + style="fill:#000000;stroke:none" + id="path212" + d="m 15640,22711 h -54 v -164 h 109 v 164 z" /> + <path + style="fill:#000000;stroke:none" + id="path214" + d="m 16024,22629 c 0,10 -3,19 -8,28 -5,8 -12,15 -20,20 -8,4 -18,7 -27,7 -10,0 -19,-3 -28,-7 -8,-5 -15,-12 -20,-20 -4,-9 -7,-18 -7,-28 0,-9 3,-19 7,-27 5,-8 12,-15 20,-20 9,-5 18,-7 28,-7 9,0 19,2 27,7 8,5 15,12 20,20 5,8 8,18 8,27 z" /> + <path + style="fill:#000000;stroke:none" + id="path216" + d="m 16160,22219 c 24,0 48,-6 69,-18 21,-12 38,-29 50,-50 12,-21 18,-44 18,-68 v -383 c 0,-24 -6,-47 -18,-68 -12,-21 -29,-38 -50,-50 -21,-12 -45,-18 -69,-18 h -1368 c -24,0 -48,6 -69,18 -21,12 -38,29 -50,50 -12,21 -18,44 -18,68 v 383 c 0,24 6,47 18,68 12,21 29,38 50,50 21,12 45,18 69,18 h 27 v 82 h -27 c -24,0 -48,7 -69,19 -21,12 -38,29 -50,50 -12,21 -18,44 -18,68 v 383 c 0,24 6,47 18,68 12,21 29,38 50,50 21,12 45,18 69,18 h 27 v 82 h -27 c -24,0 -48,7 -69,19 -21,12 -38,29 -50,50 -12,20 -18,44 -18,68 v 382 c 0,24 6,48 18,69 12,21 29,38 50,50 21,12 45,18 69,18 h 27 v 191 h 1314 v -191 h 27 c 24,0 48,-6 69,-18 21,-12 38,-29 50,-50 12,-21 18,-45 18,-69 v -382 c 0,-24 -6,-48 -18,-68 -12,-21 -29,-38 -50,-50 -21,-12 -45,-19 -69,-19 h -27 v -82 h 27 c 24,0 48,-6 69,-18 21,-12 38,-29 50,-50 12,-21 18,-44 18,-68 v -383 c 0,-24 -6,-47 -18,-68 -12,-21 -29,-38 -50,-50 -21,-12 -45,-19 -69,-19 h -27 v -82 z m -136,1558 h -1096 v -82 h 1096 z m 136,-628 c 5,0 10,1 14,3 4,3 8,6 10,10 3,4 4,9 4,14 v 382 c 0,5 -1,10 -4,14 -2,4 -6,8 -10,10 -4,2 -9,4 -14,4 h -1368 c -5,0 -10,-2 -14,-4 -4,-2 -8,-6 -10,-10 -3,-4 -4,-9 -4,-14 v -382 c 0,-5 1,-10 4,-14 2,-4 6,-7 10,-10 4,-2 9,-3 14,-3 z m -1232,-110 v -82 h 1096 v 82 z m 1232,-628 c 5,0 10,1 14,3 4,3 8,6 10,10 3,5 4,9 4,14 v 383 c 0,4 -1,9 -4,13 -2,4 -6,8 -10,10 -4,3 -9,4 -14,4 h -1368 c -5,0 -10,-1 -14,-4 -4,-2 -8,-6 -10,-10 -3,-4 -4,-9 -4,-13 v -383 c 0,-5 1,-9 4,-14 2,-4 6,-7 10,-10 4,-2 9,-3 14,-3 z m -1232,-110 v -82 h 1096 v 82 z m -136,-191 c -5,0 -10,-1 -14,-3 -4,-3 -8,-6 -10,-10 -3,-5 -4,-9 -4,-14 v -383 c 0,-5 1,-9 4,-13 2,-5 6,-8 10,-10 4,-3 9,-4 14,-4 h 1368 c 5,0 10,1 14,4 4,2 8,5 10,10 3,4 4,8 4,13 v 383 c 0,5 -1,9 -4,14 -2,4 -6,7 -10,10 -4,2 -9,3 -14,3 z" /> + <path + style="fill:#000000;stroke:none" + id="path218" + d="m 14983,21974 h -55 v -164 h 110 v 164 z" /> + <path + style="fill:#000000;stroke:none" + id="path220" + d="m 15202,21974 h -55 v -164 h 110 v 164 z" /> + <path + style="fill:#000000;stroke:none" + id="path222" + d="m 15421,21974 h -55 v -164 h 110 v 164 z" /> + <path + style="fill:#000000;stroke:none" + id="path224" + d="m 15640,21974 h -54 v -164 h 109 v 164 z" /> + <path + style="fill:#000000;stroke:none" + id="path226" + d="m 16024,21892 c 0,9 -3,19 -8,27 -5,8 -12,15 -20,20 -8,5 -18,7 -27,7 -10,0 -19,-2 -28,-7 -8,-5 -15,-12 -20,-20 -4,-8 -7,-18 -7,-27 0,-10 3,-19 7,-28 5,-8 12,-15 20,-20 9,-5 18,-7 28,-7 9,0 19,2 27,7 8,5 15,12 20,20 5,9 8,18 8,28 z" /> + <path + style="fill:#000000;stroke:none" + id="path228" + d="m 14983,23449 h -55 v -164 h 110 v 164 z" /> + <path + style="fill:#000000;stroke:none" + id="path230" + d="m 15202,23449 h -55 v -164 h 110 v 164 z" /> + <path + style="fill:#000000;stroke:none" + id="path232" + d="m 15421,23449 h -55 v -164 h 110 v 164 z" /> + <path + style="fill:#000000;stroke:none" + id="path234" + d="m 15640,23449 h -54 v -164 h 109 v 164 z" /> + <path + style="fill:#000000;stroke:none" + id="path236" + d="m 16024,23367 c 0,10 -3,19 -8,27 -5,9 -12,16 -20,20 -8,5 -18,8 -27,8 -10,0 -19,-3 -28,-8 -8,-4 -15,-11 -20,-20 -4,-8 -7,-17 -7,-27 0,-9 3,-19 7,-27 5,-8 12,-15 20,-20 9,-5 18,-7 28,-7 9,0 19,2 27,7 8,5 15,12 20,20 5,8 8,18 8,27 z" /> + </g> + </g> + <g + id="g256" + class="com.sun.star.drawing.TextShape"> + <g + id="id4"> + <rect + style="fill:none;stroke:none" + id="rect241" + height="1674" + width="3953" + y="23900" + x="13500" + class="BoundingBox" /> + <text + id="text253" + class="TextShape"><tspan + style="font-weight:400;font-size:635px;font-family:'Liberation Sans', sans-serif" + id="tspan251" + font-weight="400" + font-size="635px" + class="TextParagraph"><tspan + id="tspan245" + y="24601" + x="13750" + class="TextPosition"><tspan + style="fill:#000000;stroke:none" + id="tspan243">authoritative</tspan></tspan><tspan + id="tspan249" + y="25312" + x="14595" + class="TextPosition"><tspan + style="fill:#000000;stroke:none" + id="tspan247">server</tspan></tspan></tspan></text> + + </g> + </g> + </g> + <g + id="g287" + class="Group"> + <g + id="g272" + class="Graphic"> + <g + id="id5"> + <rect + style="fill:none;stroke:none" + id="rect260" + height="2351" + width="2321" + y="13438" + x="8886" + class="BoundingBox" /> + <defs + id="defs265"><clipPath + clipPathUnits="userSpaceOnUse" + id="clip_path_1"> + <path + id="path262" + d="m 8886,13438 h 2320 v 2350 H 8886 Z" /> + </clipPath></defs> + <g + id="g269" + clip-path="url(#clip_path_1)"> + <path + style="fill:#00a2e2;stroke:none" + id="path267" + d="m 11206,14614 c 0,353 -157,669 -405,884 13,-71 21,-145 21,-220 0,-231 -69,-447 -186,-628 -46,64 -99,124 -156,178 74,132 116,286 116,450 0,66 -7,130 -21,193 -1,7 -3,13 -4,20 -1,7 -4,14 -5,20 -6,-2 -13,-3 -20,-5 -7,-2 -13,-4 -19,-7 -214,-70 -394,-215 -509,-404 -4,-5 -7,-12 -11,-18 -4,-5 -7,-12 -11,-18 -36,-66 -64,-137 -83,-211 -1,-7 -3,-13 -4,-20 -3,-7 -4,-14 -5,-20 -13,-62 -20,-128 -20,-194 0,-66 7,-130 20,-193 -71,-21 -146,-32 -224,-33 -15,73 -23,149 -23,225 0,78 8,153 23,226 1,7 2,13 4,20 2,7 4,14 5,20 18,77 44,151 78,222 3,7 5,13 9,19 3,7 6,14 10,20 136,265 371,470 658,567 -127,46 -263,72 -405,72 -580,0 -1061,-422 -1152,-975 6,5 10,9 16,14 204,178 471,286 762,286 19,0 39,0 58,-1 -33,-72 -58,-146 -76,-225 -232,-4 -442,-93 -603,-238 -6,-5 -10,-9 -16,-14 -6,-4 -10,-9 -15,-14 5,-5 9,-10 15,-15 4,-4 10,-9 15,-13 161,-145 371,-234 603,-239 6,0 13,0 18,0 h 4 c 6,0 14,0 21,0 78,3 153,14 225,34 7,2 14,3 19,6 7,2 14,4 20,5 125,41 238,107 333,194 54,-53 101,-113 141,-178 -113,-99 -246,-176 -391,-226 -7,-2 -14,-4 -19,-7 -7,-2 -14,-4 -21,-6 -74,-23 -150,-37 -230,-44 -7,-1 -15,-1 -22,-2 -8,0 -14,-2 -22,-2 -19,-1 -39,-1 -58,-1 -291,0 -558,108 -762,287 -6,4 -10,9 -16,13 91,-548 572,-970 1152,-970 142,0 278,26 404,72 v 0 c -286,97 -520,301 -657,566 80,8 157,23 233,47 115,-189 295,-334 509,-404 7,-2 13,-4 19,-7 7,-2 14,-3 20,-5 1,7 4,13 5,20 1,7 3,14 4,20 14,62 21,127 21,194 0,163 -42,316 -116,449 -4,6 -7,13 -11,18 -3,6 -6,13 -11,18 -39,65 -88,125 -142,178 -4,5 -10,10 -14,15 -5,4 -10,9 -15,13 -96,86 -209,152 -334,194 19,74 47,145 84,210 145,-50 277,-127 390,-226 5,-5 10,-9 15,-14 6,-4 11,-9 16,-14 58,-54 109,-114 154,-178 5,-5 8,-12 13,-18 4,-5 8,-12 12,-18 117,-181 186,-396 186,-626 0,-75 -7,-150 -21,-221 246,213 404,530 404,883 z" /> + </g> + </g> + </g> + <g + id="g285" + class="com.sun.star.drawing.TextShape"> + <g + id="id6"> + <rect + style="fill:none;stroke:none" + id="rect274" + height="963" + width="4482" + y="15838" + x="7806" + class="BoundingBox" /> + <text + id="text282" + class="TextShape"><tspan + style="font-weight:400;font-size:635px;font-family:'Liberation Sans', sans-serif" + id="tspan280" + font-weight="400" + font-size="635px" + class="TextParagraph"><tspan + id="tspan278" + y="16539" + x="8056" + class="TextPosition"><tspan + style="fill:#000000;stroke:none" + id="tspan276">Knot Resolver</tspan></tspan></tspan></text> + + </g> + </g> + </g> + <g + id="g333" + class="Group"> + <g + id="g314" + class="Graphic"> + <title + id="title289">data, server, database,db, hosting + </title> + <g + id="id7"> + <rect + style="fill:none;stroke:none" + id="rect291" + height="2351" + width="2431" + y="21550" + x="3400" + class="BoundingBox" /> + <path + style="fill:#000000;stroke:none" + id="path293" + d="m 3741,21974 h -54 v -164 h 109 v 164 z" /> + <path + style="fill:#000000;stroke:none" + id="path295" + d="m 3960,21974 h -55 v -164 h 109 v 164 z" /> + <path + style="fill:#000000;stroke:none" + id="path297" + d="m 4178,21974 h -54 v -164 h 109 v 164 z" /> + <path + style="fill:#000000;stroke:none" + id="path299" + d="m 3741,22711 h -54 v -164 h 109 v 164 z" /> + <path + style="fill:#000000;stroke:none" + id="path301" + d="m 3960,22711 h -55 v -164 h 109 v 164 z" /> + <path + style="fill:#000000;stroke:none" + id="path303" + d="m 4178,22711 h -54 v -164 h 109 v 164 z" /> + <path + style="fill:#000000;stroke:none" + id="path305" + d="m 3741,23449 h -54 v -164 h 109 v 164 z" /> + <path + style="fill:#000000;stroke:none" + id="path307" + d="m 3960,23449 h -55 v -164 h 109 v 164 z" /> + <path + style="fill:#000000;stroke:none" + id="path309" + d="m 4178,23449 h -54 v -164 h 109 v 164 z" /> + <path + style="fill:#000000;stroke:none" + id="path311" + d="m 5093,21755 h -41 v -55 c 0,-24 -6,-47 -18,-68 -12,-21 -30,-38 -50,-50 -21,-12 -45,-18 -69,-18 H 3550 c -24,0 -47,6 -68,18 -21,12 -38,29 -50,50 -12,21 -18,44 -18,68 v 383 c 0,24 6,47 18,68 12,21 29,38 50,50 21,12 44,18 68,18 h 27 v 82 h -27 c -24,0 -47,7 -68,19 -21,12 -38,29 -50,50 -12,21 -18,44 -18,68 v 383 c 0,24 6,47 18,68 12,21 29,38 50,50 21,12 44,18 68,18 h 27 v 82 h -27 c -24,0 -47,7 -68,19 -21,12 -38,29 -50,50 -12,20 -18,44 -18,68 v 382 c 0,24 6,48 18,69 12,21 29,38 50,50 21,12 44,18 68,18 h 27 v 191 h 1311 v -191 h 27 c 24,0 48,-6 69,-18 20,-12 38,-29 50,-50 12,-21 18,-45 18,-69 v -27 h 41 c 348,0 723,-79 723,-254 v -1279 c -4,-167 -377,-243 -723,-243 z m -1543,355 c -5,0 -9,-1 -13,-3 -5,-3 -8,-6 -10,-10 -3,-5 -4,-9 -4,-14 v -383 c 0,-5 1,-9 4,-13 2,-5 5,-8 10,-10 4,-3 8,-4 13,-4 h 1365 c 5,0 10,1 14,4 4,2 8,5 10,10 2,4 4,8 4,13 v 60 c -297,19 -570,95 -574,238 v 112 z m 819,109 v 82 h -682 v -82 z m -819,629 c -5,0 -9,-1 -13,-4 -5,-2 -8,-6 -10,-10 -3,-4 -4,-9 -4,-13 v -383 c 0,-5 1,-9 4,-14 2,-4 5,-7 10,-10 4,-2 8,-3 13,-3 h 819 v 437 z m 819,109 v 82 h -682 v -82 z m 410,820 H 3687 v -82 h 1092 z m 164,-219 c 0,5 -2,10 -4,14 -2,4 -6,8 -10,10 -4,2 -9,4 -14,4 H 3550 c -5,0 -9,-2 -13,-4 -5,-2 -8,-6 -10,-10 -3,-4 -4,-9 -4,-14 v -382 c 0,-5 1,-10 4,-14 2,-4 5,-7 10,-10 4,-2 8,-3 13,-3 h 819 v 128 c 0,150 275,229 574,249 z m 764,-281 c 0,43 -209,145 -614,145 -405,0 -615,-102 -615,-145 v -268 c 137,76 383,112 615,112 232,0 478,-36 614,-112 z m 0,-412 c 0,44 -209,147 -614,147 -405,0 -615,-103 -615,-147 v -290 c 137,74 383,109 615,109 232,0 478,-35 614,-109 z m 0,-430 c 0,41 -215,140 -614,140 -399,0 -615,-99 -615,-140 v -296 c 137,73 383,108 615,108 232,0 478,-35 614,-108 z m -614,-298 c -423,0 -615,-104 -615,-136 0,-32 192,-137 615,-137 423,0 614,105 614,137 0,32 -191,136 -614,136 z" /> + </g> + </g> + <g + id="g331" + class="com.sun.star.drawing.TextShape"> + <g + id="id8"> + <rect + style="fill:none;stroke:none" + id="rect316" + height="1674" + width="3145" + y="23900" + x="3043" + class="BoundingBox" /> + <text + id="text328" + class="TextShape"><tspan + style="font-weight:400;font-size:635px;font-family:'Liberation Sans', sans-serif" + id="tspan326" + font-weight="400" + font-size="635px" + class="TextParagraph"><tspan + id="tspan320" + y="24601" + x="3293" + class="TextPosition"><tspan + style="fill:#000000;stroke:none" + id="tspan318">upstream</tspan></tspan><tspan + id="tspan324" + y="25312" + x="3329" + class="TextPosition"><tspan + style="fill:#000000;stroke:none" + id="tspan322">resolvers</tspan></tspan></tspan></text> + + </g> + </g> + </g> + <g + id="g359" + class="Group"> + <g + id="g346" + class="com.sun.star.drawing.TextShape"> + <g + id="id9"> + <rect + style="fill:none;stroke:none" + id="rect335" + height="963" + width="2298" + y="3827" + x="8898" + class="BoundingBox" /> + <text + id="text343" + class="TextShape"><tspan + style="font-weight:400;font-size:635px;font-family:'Liberation Sans', sans-serif" + id="tspan341" + font-weight="400" + font-size="635px" + class="TextParagraph"><tspan + id="tspan339" + y="4528" + x="9148" + class="TextPosition"><tspan + style="fill:#000000;stroke:none" + id="tspan337">clients</tspan></tspan></tspan></text> + + </g> + </g> + <g + id="g357" + class="Graphic"> + <title + id="title348">data, server, database, monitor, terminal + </title> + <g + id="id10"> + <rect + style="fill:none;stroke:none" + id="rect350" + height="2351" + width="2491" + y="4900" + x="8801" + class="BoundingBox" /> + <path + style="fill:#000000;stroke:none" + id="path352" + d="m 9099,6285 h 1894 V 5198 H 9099 Z m 140,-947 h 1614 v 807 H 9239 Z" /> + <path + style="fill:#000000;stroke:none" + id="path354" + d="m 8819,4918 v 1648 h 982 v 248 c -121,18 -211,121 -211,243 v 175 h 912 v -175 c 0,-122 -90,-225 -211,-243 v -248 h 982 V 4918 Z m 1543,2139 v 35 h -632 v -35 c 0,-58 47,-105 106,-105 h 420 c 59,0 106,47 106,105 z m -421,-245 v -246 h 210 v 246 z M 8959,6426 V 5058 h 2174 v 1368 z" /> + </g> + </g> + </g> + <g + id="g368" + class="com.sun.star.drawing.LineShape"> + <g + id="id11"> + <rect + style="fill:none;stroke:none" + id="rect361" + height="4851" + width="3481" + y="16650" + x="11164" + class="BoundingBox" /> + <path + style="fill:none;stroke:#000000;stroke-width:100;stroke-linejoin:round" + id="path363" + d="m 11214,16700 3055,4275" /> + <path + style="fill:#000000;stroke:none" + id="path365" + d="m 14644,21500 -209,-680 -367,262 z" /> + </g> + </g> + <g + id="g409" + class="com.sun.star.drawing.LineShape"> + <g + id="id12"> + <rect + style="fill:none;stroke:none" + id="rect370" + height="4851" + width="3481" + y="16650" + x="5460" + class="BoundingBox" /> + <path + style="fill:none;stroke:#000000;stroke-width:100;stroke-linejoin:round" + id="path372" + d="m 8890,16700 -115,160" /> + <path + style="fill:none;stroke:#000000;stroke-width:100;stroke-linejoin:round" + id="path374" + d="m 8702,16964 -115,160" /> + <path + style="fill:none;stroke:#000000;stroke-width:100;stroke-linejoin:round" + id="path376" + d="m 8513,17227 -114,161" /> + <path + style="fill:none;stroke:#000000;stroke-width:100;stroke-linejoin:round" + id="path378" + d="m 8325,17491 -115,160" /> + <path + style="fill:none;stroke:#000000;stroke-width:100;stroke-linejoin:round" + id="path380" + d="m 8137,17754 -115,161" /> + <path + style="fill:none;stroke:#000000;stroke-width:100;stroke-linejoin:round" + id="path382" + d="m 7948,18018 -114,160" /> + <path + style="fill:none;stroke:#000000;stroke-width:100;stroke-linejoin:round" + id="path384" + d="m 7760,18282 -115,160" /> + <path + style="fill:none;stroke:#000000;stroke-width:100;stroke-linejoin:round" + id="path386" + d="m 7571,18545 -114,161" /> + <path + style="fill:none;stroke:#000000;stroke-width:100;stroke-linejoin:round" + id="path388" + d="m 7383,18809 -115,160" /> + <path + style="fill:none;stroke:#000000;stroke-width:100;stroke-linejoin:round" + id="path390" + d="m 7195,19073 -115,160" /> + <path + style="fill:none;stroke:#000000;stroke-width:100;stroke-linejoin:round" + id="path392" + d="m 7006,19336 -114,160" /> + <path + style="fill:none;stroke:#000000;stroke-width:100;stroke-linejoin:round" + id="path394" + d="m 6818,19600 -115,160" /> + <path + style="fill:none;stroke:#000000;stroke-width:100;stroke-linejoin:round" + id="path396" + d="m 6630,19863 -115,161" /> + <path + style="fill:none;stroke:#000000;stroke-width:100;stroke-linejoin:round" + id="path398" + d="m 6441,20127 -114,160" /> + <path + style="fill:none;stroke:#000000;stroke-width:100;stroke-linejoin:round" + id="path400" + d="m 6253,20391 -115,160" /> + <path + style="fill:none;stroke:#000000;stroke-width:100;stroke-linejoin:round" + id="path402" + d="m 6064,20654 -114,160" /> + <path + style="fill:none;stroke:#000000;stroke-width:100;stroke-linejoin:round" + id="path404" + d="m 5876,20918 -41,57" /> + <path + style="fill:#000000;stroke:none" + id="path406" + d="m 5460,21500 576,-418 -367,-262 z" /> + </g> + </g> + <g + id="g418" + class="com.sun.star.drawing.LineShape"> + <g + id="id13"> + <rect + style="fill:none;stroke:none" + id="rect411" + height="5751" + width="451" + y="7450" + x="9821" + class="BoundingBox" /> + <path + style="fill:none;stroke:#000000;stroke-width:100;stroke-linejoin:round" + id="path413" + d="m 10046,7500 v 5055" /> + <path + style="fill:#000000;stroke:none" + id="path415" + d="m 10046,13200 225,-675 h -450 z" /> + </g> + </g> + <g + id="g437" + class="com.sun.star.drawing.TextShape"> + <g + id="id14"> + <rect + style="fill:none;stroke:none" + id="rect420" + height="2385" + width="5621" + y="16726" + x="12694" + class="BoundingBox" /> + <text + id="text434" + class="TextShape"><tspan + style="font-weight:700;font-size:635px;font-family:'Liberation Sans', sans-serif" + id="tspan426" + font-weight="700" + font-size="635px" + class="TextParagraph"><tspan + id="tspan424" + y="18138" + x="12944" + class="TextPosition"><tspan + style="fill:#000000;stroke:none" + id="tspan422">recursion</tspan></tspan></tspan><tspan + style="font-weight:400;font-size:635px;font-family:'Liberation Sans', sans-serif" + id="tspan432" + font-weight="400" + font-size="635px" + class="TextParagraph"><tspan + id="tspan430" + y="18849" + x="12944" + class="TextPosition"><tspan + style="fill:#000000;stroke:none" + id="tspan428">unencrypted DNS</tspan></tspan></tspan></text> + + </g> + </g> + <g + id="g468" + class="com.sun.star.drawing.TextShape"> + <g + id="id15"> + <rect + style="fill:none;stroke:none" + id="rect439" + height="3807" + width="5501" + y="16726" + x="1900" + class="BoundingBox" /> + <text + id="text465" + class="TextShape"><tspan + style="font-style:italic;font-weight:400;font-size:635px;font-family:'Liberation Sans', sans-serif" + id="tspan445" + font-weight="400" + font-style="italic" + font-size="635px" + class="TextParagraph"><tspan + id="tspan443" + y="17427" + x="2150" + class="TextPosition"><tspan + style="fill:#000000;stroke:none" + id="tspan441">(optional)</tspan></tspan></tspan><tspan + style="font-weight:700;font-size:635px;font-family:'Liberation Sans', sans-serif" + id="tspan451" + font-weight="700" + font-size="635px" + class="TextParagraph"><tspan + id="tspan449" + y="18138" + x="2150" + class="TextPosition"><tspan + style="fill:#000000;stroke:none" + id="tspan447">forwarding</tspan></tspan></tspan><tspan + style="font-weight:400;font-size:635px;font-family:'Liberation Sans', sans-serif" + id="tspan457" + font-weight="400" + font-size="635px" + class="TextParagraph"><tspan + id="tspan455" + y="18849" + x="2150" + class="TextPosition"><tspan + style="fill:#000000;stroke:none" + id="tspan453">unencrypted DNS</tspan></tspan></tspan><tspan + style="font-weight:400;font-size:635px;font-family:'Liberation Sans', sans-serif" + id="tspan463" + font-weight="400" + font-size="635px" + class="TextParagraph"><tspan + id="tspan461" + y="19560" + x="2150" + class="TextPosition"><tspan + style="fill:#000000;stroke:none" + id="tspan459">DNS-over-TLS</tspan></tspan></tspan></text> + + </g> + </g> + <g + id="g536" + class="Group"> + <g + id="g521" + class="com.sun.star.drawing.LineShape"> + <g + id="id16"> + <rect + style="fill:none;stroke:none" + id="rect470" + height="451" + width="8051" + y="22675" + x="6196" + class="BoundingBox" /> + <path + style="fill:none;stroke:#000000;stroke-width:100;stroke-linejoin:round" + id="path472" + d="m 6246,22900 h 197" /> + <path + style="fill:none;stroke:#000000;stroke-width:100;stroke-linejoin:round" + id="path474" + d="m 6570,22900 h 197" /> + <path + style="fill:none;stroke:#000000;stroke-width:100;stroke-linejoin:round" + id="path476" + d="m 6894,22900 h 197" /> + <path + style="fill:none;stroke:#000000;stroke-width:100;stroke-linejoin:round" + id="path478" + d="m 7218,22900 h 197" /> + <path + style="fill:none;stroke:#000000;stroke-width:100;stroke-linejoin:round" + id="path480" + d="m 7542,22900 h 197" /> + <path + style="fill:none;stroke:#000000;stroke-width:100;stroke-linejoin:round" + id="path482" + d="m 7866,22900 h 197" /> + <path + style="fill:none;stroke:#000000;stroke-width:100;stroke-linejoin:round" + id="path484" + d="m 8190,22900 h 197" /> + <path + style="fill:none;stroke:#000000;stroke-width:100;stroke-linejoin:round" + id="path486" + d="m 8514,22900 h 197" /> + <path + style="fill:none;stroke:#000000;stroke-width:100;stroke-linejoin:round" + id="path488" + d="m 8838,22900 h 197" /> + <path + style="fill:none;stroke:#000000;stroke-width:100;stroke-linejoin:round" + id="path490" + d="m 9162,22900 h 197" /> + <path + style="fill:none;stroke:#000000;stroke-width:100;stroke-linejoin:round" + id="path492" + d="m 9486,22900 h 197" /> + <path + style="fill:none;stroke:#000000;stroke-width:100;stroke-linejoin:round" + id="path494" + d="m 9810,22900 h 197" /> + <path + style="fill:none;stroke:#000000;stroke-width:100;stroke-linejoin:round" + id="path496" + d="m 10134,22900 h 197" /> + <path + style="fill:none;stroke:#000000;stroke-width:100;stroke-linejoin:round" + id="path498" + d="m 10458,22900 h 197" /> + <path + style="fill:none;stroke:#000000;stroke-width:100;stroke-linejoin:round" + id="path500" + d="m 10782,22900 h 197" /> + <path + style="fill:none;stroke:#000000;stroke-width:100;stroke-linejoin:round" + id="path502" + d="m 11106,22900 h 197" /> + <path + style="fill:none;stroke:#000000;stroke-width:100;stroke-linejoin:round" + id="path504" + d="m 11430,22900 h 197" /> + <path + style="fill:none;stroke:#000000;stroke-width:100;stroke-linejoin:round" + id="path506" + d="m 11754,22900 h 197" /> + <path + style="fill:none;stroke:#000000;stroke-width:100;stroke-linejoin:round" + id="path508" + d="m 12078,22900 h 197" /> + <path + style="fill:none;stroke:#000000;stroke-width:100;stroke-linejoin:round" + id="path510" + d="m 12402,22900 h 197" /> + <path + style="fill:none;stroke:#000000;stroke-width:100;stroke-linejoin:round" + id="path512" + d="m 12726,22900 h 197" /> + <path + style="fill:none;stroke:#000000;stroke-width:100;stroke-linejoin:round" + id="path514" + d="m 13050,22900 h 197" /> + <path + style="fill:none;stroke:#000000;stroke-width:100;stroke-linejoin:round" + id="path516" + d="m 13374,22900 h 197" /> + <path + style="fill:#000000;stroke:none" + id="path518" + d="m 14246,22900 -675,-225 v 450 z" /> + </g> + </g> + <g + id="g534" + class="com.sun.star.drawing.TextShape"> + <g + id="id17"> + <rect + style="fill:none;stroke:none" + id="rect523" + height="963" + width="3394" + y="22900" + x="8550" + class="BoundingBox" /> + <text + id="text531" + class="TextShape"><tspan + style="font-weight:700;font-size:635px;font-family:'Liberation Sans', sans-serif" + id="tspan529" + font-weight="700" + font-size="635px" + class="TextParagraph"><tspan + id="tspan527" + y="23601" + x="8800" + class="TextPosition"><tspan + style="fill:#000000;stroke:none" + id="tspan525">recursion</tspan></tspan></tspan></text> + + </g> + </g> + </g> + <g + id="g569" + class="com.sun.star.drawing.TextShape"> + <g + id="id18"> + <rect + style="fill:none;stroke:none" + id="rect538" + height="4518" + width="8113" + y="8447" + x="10188" + class="BoundingBox" /> + <text + id="text566" + class="TextShape"><tspan + style="font-weight:700;font-size:635px;font-family:'Liberation Sans', sans-serif" + id="tspan544" + font-weight="700" + font-size="635px" + class="TextParagraph"><tspan + id="tspan542" + y="9148" + x="10438" + class="TextPosition"><tspan + style="fill:#000000;stroke:none" + id="tspan540">clients asking questions</tspan></tspan></tspan><tspan + style="font-weight:400;font-size:635px;font-family:'Liberation Sans', sans-serif" + id="tspan558" + font-weight="400" + font-size="635px" + class="TextParagraph"><tspan + id="tspan548" + y="9859" + x="10438" + class="TextPosition"><tspan + style="fill:#000000;stroke:none" + id="tspan546">unencrypted DNS</tspan></tspan><tspan + id="tspan552" + y="10570" + x="10438" + class="TextPosition"><tspan + style="fill:#000000;stroke:none" + id="tspan550">DNS-over-TLS</tspan></tspan><tspan + id="tspan556" + y="11281" + x="10438" + class="TextPosition"><tspan + style="fill:#000000;stroke:none" + id="tspan554">DNS-over-HTTPS</tspan></tspan></tspan><tspan + style="font-weight:400;font-size:635px;font-family:'Liberation Sans', sans-serif" + id="tspan564" + font-weight="400" + font-size="635px" + class="TextParagraph"><tspan + id="tspan562" + y="11992" + x="10438" + class="TextPosition"><tspan + style="fill:#000000;stroke:none" + id="tspan560">HTTP management API</tspan></tspan></tspan></text> + + </g> + </g> + <g + id="g610" + class="com.sun.star.drawing.LineShape"> + <g + id="id19"> + <rect + style="fill:none;stroke:none" + id="rect571" + height="101" + width="7151" + y="14550" + x="11350" + class="BoundingBox" /> + <path + style="fill:none;stroke:#666666;stroke-width:100;stroke-linejoin:round" + id="path573" + d="m 11400,14600 h 197" /> + <path + style="fill:none;stroke:#666666;stroke-width:100;stroke-linejoin:round" + id="path575" + d="m 11794,14600 h 197" /> + <path + style="fill:none;stroke:#666666;stroke-width:100;stroke-linejoin:round" + id="path577" + d="m 12188,14600 h 197" /> + <path + style="fill:none;stroke:#666666;stroke-width:100;stroke-linejoin:round" + id="path579" + d="m 12582,14600 h 197" /> + <path + style="fill:none;stroke:#666666;stroke-width:100;stroke-linejoin:round" + id="path581" + d="m 12976,14600 h 197" /> + <path + style="fill:none;stroke:#666666;stroke-width:100;stroke-linejoin:round" + id="path583" + d="m 13370,14600 h 197" /> + <path + style="fill:none;stroke:#666666;stroke-width:100;stroke-linejoin:round" + id="path585" + d="m 13764,14600 h 197" /> + <path + style="fill:none;stroke:#666666;stroke-width:100;stroke-linejoin:round" + id="path587" + d="m 14158,14600 h 197" /> + <path + style="fill:none;stroke:#666666;stroke-width:100;stroke-linejoin:round" + id="path589" + d="m 14552,14600 h 197" /> + <path + style="fill:none;stroke:#666666;stroke-width:100;stroke-linejoin:round" + id="path591" + d="m 14946,14600 h 197" /> + <path + style="fill:none;stroke:#666666;stroke-width:100;stroke-linejoin:round" + id="path593" + d="m 15340,14600 h 197" /> + <path + style="fill:none;stroke:#666666;stroke-width:100;stroke-linejoin:round" + id="path595" + d="m 15734,14600 h 197" /> + <path + style="fill:none;stroke:#666666;stroke-width:100;stroke-linejoin:round" + id="path597" + d="m 16128,14600 h 197" /> + <path + style="fill:none;stroke:#666666;stroke-width:100;stroke-linejoin:round" + id="path599" + d="m 16522,14600 h 197" /> + <path + style="fill:none;stroke:#666666;stroke-width:100;stroke-linejoin:round" + id="path601" + d="m 16916,14600 h 197" /> + <path + style="fill:none;stroke:#666666;stroke-width:100;stroke-linejoin:round" + id="path603" + d="m 17310,14600 h 197" /> + <path + style="fill:none;stroke:#666666;stroke-width:100;stroke-linejoin:round" + id="path605" + d="m 17704,14600 h 197" /> + <path + style="fill:none;stroke:#666666;stroke-width:100;stroke-linejoin:round" + id="path607" + d="m 18098,14600 h 197" /> + </g> + </g> + <g + id="g651" + class="com.sun.star.drawing.LineShape"> + <g + id="id20"> + <rect + style="fill:none;stroke:none" + id="rect612" + height="101" + width="7151" + y="14550" + x="1750" + class="BoundingBox" /> + <path + style="fill:none;stroke:#666666;stroke-width:100;stroke-linejoin:round" + id="path614" + d="m 1800,14600 h 197" /> + <path + style="fill:none;stroke:#666666;stroke-width:100;stroke-linejoin:round" + id="path616" + d="m 2194,14600 h 197" /> + <path + style="fill:none;stroke:#666666;stroke-width:100;stroke-linejoin:round" + id="path618" + d="m 2588,14600 h 197" /> + <path + style="fill:none;stroke:#666666;stroke-width:100;stroke-linejoin:round" + id="path620" + d="m 2982,14600 h 197" /> + <path + style="fill:none;stroke:#666666;stroke-width:100;stroke-linejoin:round" + id="path622" + d="m 3376,14600 h 197" /> + <path + style="fill:none;stroke:#666666;stroke-width:100;stroke-linejoin:round" + id="path624" + d="m 3770,14600 h 197" /> + <path + style="fill:none;stroke:#666666;stroke-width:100;stroke-linejoin:round" + id="path626" + d="m 4164,14600 h 197" /> + <path + style="fill:none;stroke:#666666;stroke-width:100;stroke-linejoin:round" + id="path628" + d="m 4558,14600 h 197" /> + <path + style="fill:none;stroke:#666666;stroke-width:100;stroke-linejoin:round" + id="path630" + d="m 4952,14600 h 197" /> + <path + style="fill:none;stroke:#666666;stroke-width:100;stroke-linejoin:round" + id="path632" + d="m 5346,14600 h 197" /> + <path + style="fill:none;stroke:#666666;stroke-width:100;stroke-linejoin:round" + id="path634" + d="m 5740,14600 h 197" /> + <path + style="fill:none;stroke:#666666;stroke-width:100;stroke-linejoin:round" + id="path636" + d="m 6134,14600 h 197" /> + <path + style="fill:none;stroke:#666666;stroke-width:100;stroke-linejoin:round" + id="path638" + d="m 6528,14600 h 197" /> + <path + style="fill:none;stroke:#666666;stroke-width:100;stroke-linejoin:round" + id="path640" + d="m 6922,14600 h 197" /> + <path + style="fill:none;stroke:#666666;stroke-width:100;stroke-linejoin:round" + id="path642" + d="m 7316,14600 h 197" /> + <path + style="fill:none;stroke:#666666;stroke-width:100;stroke-linejoin:round" + id="path644" + d="m 7710,14600 h 197" /> + <path + style="fill:none;stroke:#666666;stroke-width:100;stroke-linejoin:round" + id="path646" + d="m 8104,14600 h 197" /> + <path + style="fill:none;stroke:#666666;stroke-width:100;stroke-linejoin:round" + id="path648" + d="m 8498,14600 h 197" /> + </g> + </g> + <g + id="g664" + class="com.sun.star.drawing.TextShape"> + <g + id="id21"> + <rect + style="fill:none;stroke:none" + id="rect653" + height="963" + width="3822" + y="13600" + x="11200" + class="BoundingBox" /> + <text + id="text661" + class="TextShape"><tspan + style="font-style:italic;font-weight:400;font-size:635px;font-family:'Liberation Sans', sans-serif" + id="tspan659" + font-weight="400" + font-style="italic" + font-size="635px" + class="TextParagraph"><tspan + id="tspan657" + y="14301" + x="11450" + class="TextPosition"><tspan + style="fill:#000000;stroke:none" + id="tspan655">... as server</tspan></tspan></tspan></text> + + </g> + </g> + <g + id="g677" + class="com.sun.star.drawing.TextShape"> + <g + id="id22"> + <rect + style="fill:none;stroke:none" + id="rect666" + height="963" + width="3538" + y="14600" + x="11200" + class="BoundingBox" /> + <text + id="text674" + class="TextShape"><tspan + style="font-style:italic;font-weight:400;font-size:635px;font-family:'Liberation Sans', sans-serif" + id="tspan672" + font-weight="400" + font-style="italic" + font-size="635px" + class="TextParagraph"><tspan + id="tspan670" + y="15301" + x="11450" + class="TextPosition"><tspan + style="fill:#000000;stroke:none" + id="tspan668">... as client</tspan></tspan></tspan></text> + + </g> + </g> + </g> + </g> + </g> + </g> + </g> +</svg>
\ No newline at end of file diff --git a/doc/systemd-multiinst.rst b/doc/systemd-multiinst.rst new file mode 120000 index 0000000..2f53270 --- /dev/null +++ b/doc/systemd-multiinst.rst @@ -0,0 +1 @@ +../systemd/multiinst.rst
\ No newline at end of file diff --git a/doc/upgrading.rst b/doc/upgrading.rst new file mode 100644 index 0000000..56655fa --- /dev/null +++ b/doc/upgrading.rst @@ -0,0 +1,332 @@ +.. SPDX-License-Identifier: GPL-3.0-or-later + +.. _upgrading: + +********* +Upgrading +********* + +This section summarizes steps required when upgrading to newer Knot Resolver versions. +We advise users to also read :ref:`release_notes` for respective versions. +Section *Module changes* is relevant only for users who develop or use third-party modules. + + +Upcoming changes +================ + +Following section provides information about selected changes in not-yet-released versions. +We advise users to prepare for these changes sooner rather than later to make it easier to upgrade to +newer versions when they are released. + +* Command line option ``--forks`` (``-f``) `is deprecated and will be eventually removed + <https://gitlab.nic.cz/knot/knot-resolver/-/issues/631>`_. + Preferred way to manage :ref:`systemd-multiple-instances` is to use a process manager, + e.g. systemd_ or supervisord_. +* Function :func:`verbose` is deprecated and will be eventually removed. + Prefered way to change logging level is use to :func:`log_level`. + +.. _`systemd`: https://systemd.io/ +.. _`supervisord`: http://supervisord.org/ + + +5.4 to 5.5 +========== + +Packagers & Developers +---------------------- + +* Knot DNS >= 3.0.2 is required. + +Module API changes +------------------ +* Function `cache.zone_import` was removed; + you can use `ffi.C.zi_zone_import` instead (different API). +* When using :ref:`proxyv2`, the meaning of ``qsource.flags`` and ``qsource.comm_flags`` + in :c:member:`kr_request` changes so that ``flags`` describes the original client + communicating with the proxy, while ``comm_flags`` describes the proxy communicating + with the resolver. When there is no proxy, ``flags`` and ``comm_flags`` are the same. + + +5.3 to 5.4 +========== + +Configuration file +------------------ + +* ``kind='doh'`` in :func:`net.listen` was renamed to ``kind='doh_legacy'``. It is recommended to switch to the new DoH implementation with ``kind='doh2'``. +* :func:`verbose` has been deprecated. In case you want to change logging level, + there is new function :func:`log_level`. + +Packagers & Developers +---------------------- + +* meson option ``verbose_log`` was removed. + +Module changes +-------------- + +* lua function ``warn()`` was removed, use ``log_warn()`` instead. The new function takes a log group number as the first argument. +* C functions ``kr_log_req()`` and ``kr_log_q()`` were replaced by ``kr_log_req1()`` and ``kr_log_q1()`` respectively. The new function have slightly different API. + + +5.2 to 5.3 +========== + +Configuration file +------------------ + +* Module ``dnstap``: option ``log_responses`` has been moved inside a new ``client`` section. Refer to the configuration example in :ref:`mod-dnstap`. + +Packagers & Developers +---------------------- + +* Knot DNS >= 2.9 is required. + +5.1 to 5.2 +========== + +Users +----- + +* DoH over HTTP/1 and unencrypted transports is still available in + :ref:`legacy http module <mod-http-doh>` (``kind='doh'``). + This module will not receive receive any more bugfixes and will be eventually removed. +* Users of :ref:`control-sockets` API need to terminate each command sent to resolver with newline + character (ASCII ``\n``). Correct usage: ``cache.stats()\n``. + Newline terminated commands are accepted by all resolver versions >= 1.0.0. +* `DNS Flag Day 2020 <https://www.dnsflagday.net/2020/>`_ is now effective and Knot Resolver uses + maximum size of UDP answer to 1232 bytes. Please double-check your firewall, + it has to allow DNS traffic on UDP and **also TCP** port 53. +* Human readable output in interactive mode and from :ref:`control-sockets` was improved and + as consequence slightly changed its format. Users who need machine readable output for scripts + should use Lua function ``tojson()`` to convert Lua values into standard JSON format instead + of attempting to parse the human readable output. + For example API call ``tojson(cache.stats())\n`` will return JSON string with ``cache.stats()`` + results represented as dictionary. + Function ``tojson()`` is available in all resolver versions >= 1.0.0. + +Configuration file +------------------ + +* Statistics exporter :ref:`mod-graphite` now uses default prefix which combines + :func:`hostname()` and :envvar:`worker.id` instead of bare :func:`hostname()`. + This prevents :ref:`systemd-multiple-instances` from sending + conflicting statistics to server. In case you want to continue in previous time series you + can manually set the old values using option ``prefix`` + in :ref:`Graphite configuration <mod-graphite>`. + Beware that non-default values require careful + :ref:`instance-specific-configuration` to avoid conflicting names. +* Lua variable :envvar:`worker.id` is now a string with either Systemd instance name or PID + (instead of number). If your custom configuration uses :envvar:`worker.id` value please + check your scripts. + +Module changes +-------------- +* Reply packet :c:type:`kr_request.answer` + `is not allocated <https://gitlab.nic.cz/knot/knot-resolver/-/merge_requests/985>`_ + immediately when the request comes. + See the new :c:func:`kr_request_ensure_answer` function, + wrapped for lua as ``req:ensure_answer()``. + + +5.0 to 5.1 +========== + +Module changes +-------------- + +* Modules which use :c:type:`kr_request.trace_log` handler need update to modified handler API. Example migration is `modules/watchdog/watchdog.lua <https://gitlab.nic.cz/knot/knot-resolver/-/merge_requests/957/diffs#6831501329bbf9e494048fe269c6b02944fc227c>`_. +* Modules which were using logger :c:func:`kr_log_qverbose_impl` need migration to new logger :c:func:`kr_log_q`. Example migration is `modules/rebinding/rebinding.lua <https://gitlab.nic.cz/knot/knot-resolver/-/merge_requests/957/diffs#6c74dcae147221ca64286a3ed028057adb6813b9>`_. +* Modules which were using :c:func:`kr_ranked_rrarray_add` should note that on success it no longer returns exclusively zero but index into the array (non-negative). Error states are unchanged (negative). + + +4.x to 5.x +========== + +Users +----- + +* Control socket location has changed + + .. csv-table:: + :header: "","4.x location","5.x location" + + "with systemd","``/run/knot-resolver/control@$ID``","``/run/knot-resolver/control/$ID``" + "without systemd","``$PWD/tty/$PID``","``$PWD/control/$PID``" + +* ``-f`` / ``--forks`` command-line option is deprecated. + In case you just want to trigger non-interactive mode, there's new ``-n`` / ``--noninteractive``. + This forking style `was not ergonomic <https://gitlab.nic.cz/knot/knot-resolver/issues/529>`_; + with independent kresd processes you can better utilize a process manager (e.g. systemd). + + +Configuration file +------------------ + +* Network interface are now configured in ``kresd.conf`` with + :func:`net.listen` instead of systemd sockets (`#485 + <https://gitlab.nic.cz/knot/knot-resolver/issues/485>`_). See + the following examples. + + .. tip:: You can find suggested network interface settings based on your + previous systemd socket configuration in + ``/var/lib/knot-resolver/.upgrade-4-to-5/kresd.conf.net`` which is created + during the package update to version 5.x. + + .. csv-table:: + :header: "4.x - systemd socket file", "5.x - kresd.conf" + + "kresd.socket + | [Socket] + | ListenDatagram=127.0.0.1:53 + | ListenStream=127.0.0.1:53","| ``net.listen('127.0.0.1', 53, { kind = 'dns' })``" + "kresd.socket + | [Socket] + | FreeBind=true + | BindIPv6Only=both + | ListenDatagram=[::1]:53 + | ListenStream=[::1]:53 + "," | ``net.listen('127.0.0.1', 53, { kind = 'dns', freebind = true })`` + | ``net.listen('::1', 53, { kind = 'dns', freebind = true })``" + "kresd-tls.socket + | [Socket] + | ListenStream=127.0.0.1:853","| ``net.listen('127.0.0.1', 853, { kind = 'tls' })``" + "kresd-doh.socket + | [Socket] + | ListenStream=127.0.0.1:443","| ``net.listen('127.0.0.1', 443, { kind = 'doh' })``" + "kresd-webmgmt.socket + | [Socket] + | ListenStream=127.0.0.1:8453","| ``net.listen('127.0.0.1', 8453, { kind = 'webmgmt' })``" + +* :func:`net.listen` throws an error if it fails to bind. Use ``freebind=true`` option + to bind to nonlocal addresses. + + +4.2.2 to 4.3+ +============= + +Module changes +-------------- + +* In case you wrote your own module which directly calls function + ``kr_ranked_rrarray_add()``, you need to additionally call function + ``kr_ranked_rrarray_finalize()`` after each batch (before changing + the added memory regions). For a specific example see `changes in dns64 module + <https://gitlab.nic.cz/knot/knot-resolver/commit/edb8ffef7fbe48befeb3f7164d38079dd0be3302#1fe36e8ac0729b279645f7237b7122b1c457a982>`_. + +.. _upgrade-from-3-to-4: + +4.x to 4.2.1+ +============= + +Users +----- + +* If you have previously installed ``knot-resolver-dbgsym`` package on Debian, + please remove it and install ``knot-resolver-dbg`` instead. + +3.x to 4.x +========== + +Users +----- + +* DNSSEC validation is now turned on by default. If you need to disable it, see + :ref:`dnssec-config`. +* ``-k/--keyfile`` and ``-K/--keyfile-ro`` daemon options were removed. If needed, + use ``trust_anchors.add_file()`` in configuration file instead. +* Configuration for :ref:`HTTP module <mod-http>` changed significantly as result of + adding :ref:`mod-http-doh` support. Please see examples below. +* In case you are using your own custom modules, move them to the new module + location. The exact location depends on your distribution. Generally, modules previously + in ``/usr/lib/kdns_modules`` should be moved to ``/usr/lib/knot-resolver/kres_modules``. + +Configuration file +~~~~~~~~~~~~~~~~~~ + +* ``trust_anchors.file``, ``trust_anchors.config()`` and ``trust_anchors.negative`` + aliases were removed to avoid duplicity and confusion. Migration table: + + .. csv-table:: + :header: "3.x configuration", "4.x configuration" + + "``trust_anchors.file = path``", "``trust_anchors.add_file(path)``" + "``trust_anchors.config(path, readonly)``", "``trust_anchors.add_file(path, readonly)``" + "``trust_anchors.negative = nta_set``", "``trust_anchors.set_insecure(nta_set)``" + +* ``trust_anchors.keyfile_default`` is no longer accessible and is can be set + only at compile time. To turn off DNSSEC, use :func:`trust_anchors.remove()`. + + .. csv-table:: + :header: "3.x configuration", "4.x configuration" + + "``trust_anchors.keyfile_default = nil``", "``trust_anchors.remove('.')``" + +* Network for HTTP endpoints is now configured using same mechanism as for normal DNS endpoints, + please refer to chapter :ref:`network-configuration`. Migration table: + + .. csv-table:: + :header: "3.x configuration", "4.x configuration" + + "``modules = { http = { host = '192.0.2.1', port = 443 }}``","see chapter :ref:`network-configuration`" + "``http.config({ host = '192.0.2.1', port = 443 })``","see chapter :ref:`network-configuration`" + "``modules = { http = { endpoints = ... }}``","see chapter :ref:`mod-http-custom-endpoint`" + "``http.config({ endpoints = ... })``","see chapter :ref:`mod-http-custom-endpoint`" + +Packagers & Developers +---------------------- + +* Knot DNS >= 2.8 is required. +* meson >= 0.46 and ninja is required. +* meson build system is now used for compiling the project. For instructions, see + the :ref:`build`. Packagers should pay attention to section :ref:`packaging` + for information about systemd unit files and trust anchors. +* Embedding LMDB is no longer supported, lmdb is now required as an external dependency. +* Trust anchors file from upstream is installed and used as default unless you + override ``keyfile_default`` during build. + +Module changes +~~~~~~~~~~~~~~ + +* Default module location has changed from ``{libdir}/kdns_modules`` to + ``{libdir}/knot-resolver/kres_modules``. Modules are now in the lua namespace + ``kres_modules.*``. +* ``kr_straddr_split()`` API has changed. + +* C modules defining ``*_layer`` or ``*_props`` symbols need to use a different style, but it's typically a trivial change. + Instead of exporting the corresponding symbols, the module should assign pointers to its static structures inside its ``*_init()`` function. Example migration: + `bogus_log module <https://gitlab.nic.cz/knot/knot-resolver/commit/2875a3970#9fa69cdc6ee1903dc22e3262f58996395acab364>`_. + +.. _upgrade-from-2-to-3: + +2.x to 3.x +========== + +Users +----- + +* Module :ref:`mod-hints` has option :func:`hints.use_nodata` enabled by default, + which is what most users expect. Add ``hints.use_nodata(false)`` to your config + to revert to the old behavior. +* Modules ``cookie`` and ``version`` were removed. + Please remove relevant configuration lines with ``modules.load()`` and ``modules =`` + from configuration file. +* Valid configuration must open cache using ``cache.open()`` or ``cache.size =`` + before executing cache operations like ``cache.clear()``. + (Older versions were silently ignoring such cache operations.) + +Packagers & Developers +---------------------- + +* Knot DNS >= 2.7.2 is required. + +Module changes +~~~~~~~~~~~~~~ + +* API for Lua modules was refactored, please see :ref:`significant-lua-changes`. +* New layer was added: ``answer_finalize``. +* ``kr_request`` keeps ``::qsource.packet`` beyond the ``begin`` layer. +* ``kr_request::qsource.tcp`` renamed to ``::qsource.flags.tcp``. +* ``kr_request::has_tls`` renamed to ``::qsource.flags.tls``. +* ``kr_zonecut_add()``, ``kr_zonecut_del()`` and ``kr_nsrep_sort()`` changed + parameters slightly. diff --git a/doc/worker_api.rst b/doc/worker_api.rst new file mode 100644 index 0000000..ea971f4 --- /dev/null +++ b/doc/worker_api.rst @@ -0,0 +1,7 @@ +.. SPDX-License-Identifier: GPL-3.0-or-later + +Worker API reference +==================== + +.. doxygenfile:: daemon/worker.h + |