diff --git a/doc/configuration.rst b/doc/configuration.rst index f91586c950b93e1c44f5db23dcde4b0017dc1666..5eb96d68e6f653d01d32a4ce92557201f1c9cbe6 100644 --- a/doc/configuration.rst +++ b/doc/configuration.rst @@ -862,3 +862,96 @@ Limitations: * The NSEC proofs will work well with other dynamic modules only if the modules synthesize only A and AAAA records. If synthesis of other type is required, please, report this information to Knot DNS developers. + +``whoami`` — whoami module +-------------------------- + +The module synthesizes an A or AAAA record containing the query source IP address, +at the apex of the zone being served. It makes sure to allow Knot DNS to generate +cacheable negative responses, and to allow fallback to extra records defined in the +underlying zone file. The TTL of the synthesized record is copied from +the TTL of the SOA record in the zone file. + +Because a DNS query for type A or AAAA has nothing to do with whether +the query occurs over IPv4 or IPv6, this module requires a special +zone configuration to support both address families. For A queries, the +underlying zone must have a set of nameservers that only have IPv4 +addresses, and for AAAA queries, the underlying zone must have a set of +nameservers that only have IPv6 addresses. + +To enable this module, you need to add something like the following to +the Knot DNS configuration file:: + + mod-whoami: + - id: default + + zone: + - domain: whoami.domain.example + file: "/path/to/whoami.domain.example" + module: [mod-whoami/default] + + zone: + - domain: whoami6.domain.example + file: "/path/to/whoami6.domain.example" + module: [mod-whoami/default] + +The whoami.domain.example zone file example: + + .. code-block:: none + + $TTL 1 + + @ SOA ( + whoami.domain.example. ; MNAME + hostmaster.domain.example. ; RNAME + 2016051300 ; SERIAL + 86400 ; REFRESH + 86400 ; RETRY + 86400 ; EXPIRE + 1 ; MINIMUM + ) + + $TTL 86400 + + @ NS ns1.whoami.domain.example. + @ NS ns2.whoami.domain.example. + @ NS ns3.whoami.domain.example. + @ NS ns4.whoami.domain.example. + + ns1 A 198.51.100.53 + ns2 A 192.0.2.53 + ns3 A 203.0.113.53 + ns4 A 198.19.123.53 + +The whoami6.domain.example zone file example: + + .. code-block:: none + + $TTL 1 + + @ SOA ( + whoami6.domain.example. ; MNAME + hostmaster.domain.example. ; RNAME + 2016051300 ; SERIAL + 86400 ; REFRESH + 86400 ; RETRY + 86400 ; EXPIRE + 1 ; MINIMUM + ) + + $TTL 86400 + + @ NS ns1.whoami6.domain.example. + @ NS ns2.whoami6.domain.example. + @ NS ns3.whoami6.domain.example. + @ NS ns4.whoami6.domain.example. + + ns1 AAAA 2001:db8:100::53 + ns2 AAAA 2001:db8:200::53 + ns3 AAAA 2001:db8:300::53 + ns4 AAAA 2001:db8:400::53 + +The parent domain would then delegate whoami.domain.example to +ns[1-4].whoami.domain.example and whoami6.domain.example to +ns[1-4].whoami6.domain.example, and include the corresponding A-only or +AAAA-only glue records. diff --git a/doc/man/knot.conf.5in b/doc/man/knot.conf.5in index 408fefaa8b7bcc03521b54c43c34e64dba8fd5b2..7a1e1dd1f65a5ec44d5cd27d7f401da1952d12db 100644 --- a/doc/man/knot.conf.5in +++ b/doc/man/knot.conf.5in @@ -1188,6 +1188,24 @@ mod\-online\-sign: .SS id .sp A module identifier. +.SH MODULE WHOAMI +.sp +The module synthesizes an A or AAAA record containing the query source IP address, +at the apex of the zone being served. +.INDENT 0.0 +.INDENT 3.5 +.sp +.nf +.ft C +mod\-whoami: + \- id: STR +.ft P +.fi +.UNINDENT +.UNINDENT +.SS id +.sp +A module identifier. .SH AUTHOR CZ.NIC Labs <http://www.knot-dns.cz> .SH COPYRIGHT diff --git a/doc/reference.rst b/doc/reference.rst index 16491fe290305c4efbd98a10831783441f87d2d0..284e809948216e6d66011d7941584da1751fc128 100644 --- a/doc/reference.rst +++ b/doc/reference.rst @@ -1417,3 +1417,23 @@ id -- A module identifier. + +.. _mod-whoami: + +Module whoami +============= + +The module synthesizes an A or AAAA record containing the query source IP address, +at the apex of the zone being served. + +:: + + mod-whoami: + - id: STR + +.. _mod-online-sign_id: + +id +-- + +A module identifier.