doc: make links to policies more consistent

bd1ede4c · Tomas Krizek · cd576304 · bd1ede4c · bd1ede4c · bd1ede4c
Verified Commit bd1ede4c authored 4 years ago by Tomas Krizek
--- a/doc/config-network-forwarding.rst
+++ b/doc/config-network-forwarding.rst
@@ -14,7 +14,7 @@ Main use-cases are:
 Forwarding implementation in Knot Resolver has following properties:

  - Answers from *upstream* servers are cached.
-  - Answers from *upstream* servers are locally DNSSEC-validated, unless ``policy.STUB`` is used.
+  - Answers from *upstream* servers are locally DNSSEC-validated, unless :func:`policy.STUB` is used.
  - Resolver automatically selects which IP address from given set of IP addresses will be used (based on performance characteristics).
  - Forwarding can use either unencrypted DNS protocol, or :ref:`tls-forwarding`.


--- a/modules/dns64/README.rst
+++ b/modules/dns64/README.rst
@@ -8,7 +8,7 @@ DNS64
 The module for :rfc:`6147` DNS64 AAAA-from-A record synthesis, it is used to enable client-server communication between an IPv6-only client and an IPv4-only server. See the well written `introduction`_ in the PowerDNS documentation.
 If no address is passed (i.e. ``nil``), the well-known prefix ``64:ff9b::`` is used.

-.. warning:: The module currently won't work well with :ref:`policy.STUB <mod-policy>`.
+.. warning:: The module currently won't work well with :func:`policy.STUB`.
   Also, the IPv6 passed in configuration is assumed to be ``/96``, and
   PTR synthesis and "exclusion prefixes" aren't implemented.


--- a/modules/policy/README.rst
+++ b/modules/policy/README.rst
@@ -338,7 +338,7 @@ Forwarding over TLS protocol (DNS-over-TLS)
 -------------------------------------------
 .. function:: TLS_FORWARD( { {ip_address, authentication}, [...] } )

-   Same as :func:`FORWARD` but send query over DNS-over-TLS protocol (encrypted).
+   Same as :func:`policy.FORWARD` but send query over DNS-over-TLS protocol (encrypted).
   Each target IP address needs explicit configuration how to validate
   TLS certificate so each IP address is configured by pair:
   ``{ip_address, authentication}``. See sections below for more details.
@@ -346,7 +346,7 @@ Forwarding over TLS protocol (DNS-over-TLS)

 Policy :func:`policy.TLS_FORWARD` allows you to forward queries using `Transport Layer Security`_ protocol, which hides the content of your queries from an attacker observing the network traffic. Further details about this protocol can be found in :rfc:`7858` and `IETF draft dprive-dtls-and-tls-profiles`_.

-Queries affected by `TLS_FORWARD` policy will always be resolved over TLS connection. Knot Resolver does not implement fallback to non-TLS connection, so if TLS connection cannot be established or authenticated according to the configuration, the resolution will fail.
+Queries affected by :func:`policy.TLS_FORWARD` will always be resolved over TLS connection. Knot Resolver does not implement fallback to non-TLS connection, so if TLS connection cannot be established or authenticated according to the configuration, the resolution will fail.

 To test this feature you need to either :ref:`configure Knot Resolver as DNS-over-TLS server <tls-server-config>`, or pick some public DNS-over-TLS server. Please see `DNS Privacy Project`_ homepage for list of public servers.

@@ -532,7 +532,7 @@ The easiest work-around is to disable reading from cache for grafted domains.
        'internal.example.com.',
        '2.0.192.in-addr.arpa.'  -- this applies to reverse DNS tree as well
        })
-   -- Beware: the rule order is important, as STUB is not a chain action.
+   -- Beware: the rule order is important, as policy.STUB is not a chain action.
   policy.add(policy.suffix(policy.FLAGS({'NO_CACHE'}),   extraTrees))
   policy.add(policy.suffix(policy.STUB({'2001:db8::1'}), extraTrees))