From 75e5f6725c9505fb871fe8bc73a62142a42db8e0 Mon Sep 17 00:00:00 2001
From: Tom Herbers <mail@tomherbers.de>
Date: Sat, 8 Oct 2022 14:43:52 +0200
Subject: [PATCH] modules/dns64: add recommendation to also disable DNS64 via
 IPv4

It's resonable to assume that people would also want to disable DNS64 for
IPv4 source addresses if they only enable it for some IPv6 sources.

Close https://github.com/CZ-NIC/knot-resolver/pull/83
---
 modules/dns64/README.rst | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/modules/dns64/README.rst b/modules/dns64/README.rst
index 07908c80b..04d2427f6 100644
--- a/modules/dns64/README.rst
+++ b/modules/dns64/README.rst
@@ -52,8 +52,11 @@ you can set ``DNS64_DISABLE`` flag via the :ref:`view module <mod-view>`.
 .. code-block:: lua
 
     modules = { 'dns64', 'view' }
-    -- Disable dns64 for everyone, but re-enable it for two particular subnets.
+    -- disable dns64 for all IPv4 source addresses
+    view:addr('0.0.0.0/0', policy.all(policy.FLAGS('DNS64_DISABLE')))
+    -- disable dns64 for all IPv6 source addresses
     view:addr('::/0', policy.all(policy.FLAGS('DNS64_DISABLE')))
+    -- re-enable dns64 for two IPv6 subnets
     view:addr('2001:db8:11::/48', policy.all(policy.FLAGS(nil, 'DNS64_DISABLE')))
     view:addr('2001:db8:93::/48', policy.all(policy.FLAGS(nil, 'DNS64_DISABLE')))
 
-- 
GitLab