From c1f743ab2e4a7046d5500875a47d1f62c8624603 Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Mon, 8 Apr 2024 22:37:50 +0200 Subject: Adding upstream version 5.7.1. Signed-off-by: Daniel Baumann --- doc/config-policy.rst | 41 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 41 insertions(+) create mode 100644 doc/config-policy.rst (limited to 'doc/config-policy.rst') diff --git a/doc/config-policy.rst b/doc/config-policy.rst new file mode 100644 index 0000000..2b34a54 --- /dev/null +++ b/doc/config-policy.rst @@ -0,0 +1,41 @@ +.. SPDX-License-Identifier: GPL-3.0-or-later + +.. _policies: + +***************************************** +Policy, access control, data manipulation +***************************************** + +Features in this section allow to configure what clients can get access to what +DNS data, i.e. DNS data filtering and manipulation. + +:ref:`mod-policy` specify global policies applicable to all requests, +e.g. for blocking access to particular domain. :ref:`mod-view` allow +to specify per-client policies, e.g. block or unblock access +to a domain only for subset of clients. + +It is also possible to modify data returned to clients, either by providing +:ref:`mod-hints` (answers with statically configured IP addresses), +:ref:`mod-dns64` translation, or :ref:`mod-renumber`. + +Additional modules offer protection against various DNS-based attacks, +see :ref:`mod-rebinding` and :ref:`mod-refuse_nord`. + +At the very end, module :ref:`mod-daf` provides HTTP API for run-time policy +modification, and generally just offers different interface for previously +mentioned features. + + +.. toctree:: + :maxdepth: 1 + + modules-policy + modules-view + modules-hints + modules-dns64 + modules-renumber + config-answer-reordering + modules-rebinding + modules-refuse_nord + modules-daf + -- cgit v1.2.3