543eb17882
dnsmasq's caching is severly broken and does not handle all answer records equally. In particular, its cached answers are missing DNSKEY and DS records, breaking DNSSEC validation on clients. Remove the cache for now. It may return if dnsmasq is fixed or we switch to a different resolver.
27 lines
810 B
ReStructuredText
27 lines
810 B
ReStructuredText
DNS forwarder
|
|
=============
|
|
|
|
A Gluon node can be configured to act as a DNS forwarder. Requests for the
|
|
next-node hostname(s) can be answered locally, without querying the upstream
|
|
resolver.
|
|
|
|
**Note:** While this reduces answer time and allows to use the next-node
|
|
hostname without upstream connectivity, this feature should not be used for
|
|
next-node hostnames that are FQDN when the zone uses DNSSEC.
|
|
|
|
One or more upstream resolvers can be configured in the *dns.servers* setting.
|
|
When *next_node.name* is set, A and/or AAAA records for the next-node IP
|
|
addresses are placed in the dnsmasq configuration.
|
|
|
|
::
|
|
|
|
dns = {
|
|
servers = { '2001:db8::1', },
|
|
},
|
|
|
|
next_node = {
|
|
name = { 'nextnode.location.community.example.org', 'nextnode', 'nn' },
|
|
ip6 = '2001:db8:8::1',
|
|
ip4 = '198.51.100.1',
|
|
}
|