@@ -9,12 +9,12 @@ Configuration
99
1010VyOS provides DNS infrastructure for small networks. It is designed to be
1111lightweight and have a small footprint, suitable for resource constrained
12- routers and firewalls, for this we utilize PowerDNS recursor.
12+ routers and firewalls. For this we utilize PowerDNS recursor.
1313
1414The VyOS DNS forwarder does not require an upstream DNS server. It can serve as
1515a full recursive DNS server - but it can also forward queries to configurable
1616upstream DNS servers. By not configuring any upstream DNS servers you also
17- avoid to be tracked by the provider of your upstream DNS server.
17+ avoid being tracked by the provider of your upstream DNS server.
1818
1919.. cfgcmd :: set service dns forwarding system
2020
@@ -29,38 +29,38 @@ avoid to be tracked by the provider of your upstream DNS server.
2929.. cfgcmd :: set service dns forwarding domain <domain-name> server <address>
3030
3131 Forward received queries for a particular domain
32- (specified via `domain-name `) to a given name-server . Multiple nameservers
32+ (specified via `domain-name `) to a given nameserver . Multiple nameservers
3333 can be specified. You can use this feature for a DNS split-horizon
3434 configuration.
3535
3636 .. note :: This also works for reverse-lookup zones (``18.172.in-addr.arpa``).
3737
3838.. cfgcmd :: set service dns forwarding allow-from <network>
3939
40- Given the fact that open DNS recursors could be used on DDOS amplification
41- attacts , you must configure the networks which are allowed to use this
40+ Given the fact that open DNS recursors could be used on DDoS amplification
41+ attacks , you must configure the networks which are allowed to use this
4242 recursor. A network of ``0.0.0.0/0 `` or ``::/0 `` would allow all IPv4 and
43- IPv6 networks to query this server. This is on general a bad idea.
43+ IPv6 networks to query this server. This is generally a bad idea.
4444
4545.. cfgcmd :: set service dns forwarding dnssec
4646 <off | process-no-validate | process | log-fail | validate>
4747
48- The PowerDNS Recursor has 5 different levels of DNSSEC processing, which can
48+ The PowerDNS recursor has 5 different levels of DNSSEC processing, which can
4949 be set with the dnssec setting. In order from least to most processing, these
5050 are:
5151
5252 * **off ** In this mode, no DNSSEC processing takes place. The recursor will
5353 not set the DNSSEC OK (DO) bit in the outgoing queries and will ignore the
5454 DO and AD bits in queries.
5555
56- * **process-no-validate ** In this mode the Recursor acts as a "security
56+ * **process-no-validate ** In this mode the recursor acts as a "security
5757 aware, non-validating" nameserver, meaning it will set the DO-bit on
5858 outgoing queries and will provide DNSSEC related RRsets (NSEC, RRSIG) to
5959 clients that ask for them (by means of a DO-bit in the query), except for
6060 zones provided through the auth-zones setting. It will not do any
6161 validation in this mode, not even when requested by the client.
6262
63- * **process ** When dnssec is set to process the behaviour is similar to
63+ * **process ** When dnssec is set to process the behavior is similar to
6464 process-no-validate. However, the recursor will try to validate the data
6565 if at least one of the DO or AD bits is set in the query; in that case,
6666 it will set the AD-bit in the response when the data is validated
@@ -77,17 +77,17 @@ avoid to be tracked by the provider of your upstream DNS server.
7777 queries will be validated and will be answered with a SERVFAIL in case of
7878 bogus data, regardless of the client's request.
7979
80- .. note :: The famous UNIX /Linux ``dig`` tool sets the AD-bit in the query.
80+ .. note :: The popular Unix /Linux ``dig`` tool sets the AD-bit in the query.
8181 This might lead to unexpected query results when testing. Set ``+noad ``
82- on the ``dig `` commandline when this is the case.
82+ on the ``dig `` command line when this is the case.
8383
8484 .. note :: The ``CD``-bit is honored correctly for process and validate. For
8585 log-fail, failures will be logged too.
8686
8787.. cfgcmd :: set service dns forwarding ignore-hosts-file
8888
89- Do not use local ``/etc/hosts `` file in name resolution. VyOS DHCP server
90- will use this file to add resolvers to assigned addresses.
89+ Do not use the local ``/etc/hosts `` file in name resolution. VyOS DHCP
90+ server will use this file to add resolvers to assigned addresses.
9191
9292.. cfgcmd :: set service dns forwarding max-cache-entries
9393
@@ -206,7 +206,7 @@ Configuration
206206.. cfgcmd :: set service dns dynamic interface <interface> rfc2136 <service-name>
207207 ttl <ttl>
208208
209- Configure optional TTL value on the given resource record. This defualts to
209+ Configure optional TTL value on the given resource record. This defaults to
210210 600 seconds.
211211
212212Example
@@ -304,7 +304,7 @@ Use DynDNS as your preferred provider:
304304 set service dns dynamic interface eth0 service dyndns host-name my-dyndns-hostname
305305
306306note :: Multiple services can be used per interface. Just specify as many
307- serives per interface as you like!
307+ services per interface as you like!
308308
309309Running Behind NAT
310310------------------
0 commit comments