doc/kresd.systemd: bind to all interfaces with kresd.socket

f0115060 · Tomas Krizek · Vladimír Čunát · 61a12c24 · f0115060 · f0115060
Verified Commit f0115060 authored 6 years ago by Tomas Krizek Committed by Vladimír Čunát 6 years ago
--- a/daemon/README.rst
+++ b/daemon/README.rst
@@ -413,7 +413,23 @@ To configure kresd to listen on public interface, create a drop-in file:

 .. _kresd-socket-override-port:

-The default port can also be overriden by using an empty ``ListenDatagram=`` or ``ListenStream=`` directive. This can be useful if you want to use the Knot DNS with the `dnsproxy module`_ to have both resolver and authoritative server running on the same machine.
+The default locahost interface/port can also be removed/overriden by using an
+empty ``ListenDatagram=`` or ``ListenStream=`` directive. This can be used when
+you want to configure kresd to listen on all IPv4/IPv6 network interfaces (if
+you've disabled IPv6 support in kernel, use ``0.0.0.0`` instead of ``[::]`` ).
+
+.. code-block:: none
+
+   # /etc/systemd/system/kresd.socket.d/override.conf
+   [Socket]
+   ListenDatagram=
+   ListenStream=
+   ListenDatagram=[::]:53
+   ListenStream=[::]:53
+
+It can also be useful if you want to use the Knot DNS with the `dnsproxy
+module`_ to have both resolver and authoritative server running on the same
+machine.

 .. code-block:: none

@@ -426,7 +442,8 @@ The default port can also be overriden by using an empty ``ListenDatagram=`` or
   ListenDatagram=[::1]:53000
   ListenStream=[::1]:53000

-The ``kresd-tls.socket`` can also be configured to listen for TLS connections.
+The ``kresd-tls.socket`` can also be configured in the same way to listen for
+TLS connections.

 .. code-block:: bash


--- a/distro/common/systemd/kresd.systemd.7
+++ b/distro/common/systemd/kresd.systemd.7
-.TH "kresd.systemd" "7" "2018-06-04" "CZ.NIC" "Knot Resolver Systemd Units"
+.TH "kresd.systemd" "7" "2019-01-28" "CZ.NIC" "Knot Resolver Systemd Units"
 .\"
 .\" kresd.systemd.7 -- man page for systemd units for kresd
 .\"
@@ -83,6 +83,27 @@ ListenStream=192.0.2.115:853
 .RE
 .fi

+To configure \fBkresd\fR to listen on all IPv4 and IPv6 interfaces, you can
+remove the default localhost address by using an empty \fIListenDatagram=\fR,
+\fIListenStream=\fR directive and then bind to the [::] address. If you've
+disabled IPv6 support in kernel, use the 0.0.0.0 address instead.
+
+.nf
+.RS 4n
+# /etc/systemd/system/kresd.socket.d/override.conf
+[Socket]
+ListenDatagram=
+ListenStream=
+ListenDatagram=[::]:53
+ListenStream=[::]:53
+
+# /etc/systemd/system/kresd-tls.socket.d/override.conf
+[Socket]
+ListenStream=
+ListenStream=[::]:853
+.RE
+.fi
+
 For more detailed socket configuration, see \fBsystemd.socket\fR(5).

 .B Concurrent daemons