Skip to content
Snippets Groups Projects
Select Git revision
  • 2b19266a7dce39d29f9916777349155113b51e51
  • experimental default protected
  • v2023.2.5-ffs
  • nrb/ex400-remove-wps
  • nrb/airmax-test
  • v2023.2.4-ffs
  • nrb/ar9344-reset-sequence
  • autinerd/experimental-openwrt-24.10
  • v2023.2.3-ffs
  • v2023.2.2-ffs
  • v2023.2-ffs
  • v2023.1-ffs
  • v2022.1.4-ffs
  • feature/addMikrotikwAP
  • v2022.1.3-ffs
  • v2021.1.2-ffs
  • v2022.1.1-ffs
  • master protected
  • v2021.1.1-ffs
  • nrb/gluon-master-cpe510
  • v2021.1-ffs
  • v2023.2.5-ffs0.1
  • experimental-2025-06-08
  • experimental-2025-06-08-base
  • experimental-2025-06-06
  • experimental-2025-06-06-base
  • experimental-2025-05-27
  • experimental-2025-05-27-base
  • experimental-2025-05-18
  • experimental-2025-05-18-base
  • experimental-2025-05-15
  • experimental-2025-05-15-base
  • experimental-2025-05-13
  • experimental-2025-05-13-base
  • experimental-2025-05-08
  • experimental-2025-05-08-base
  • experimental-2025-05-05
  • experimental-2025-05-05-base
  • experimental-2025-05-02
  • experimental-2025-05-02-base
  • experimental-2025-05-01
41 results

dns-forwarder.rst

Blame
    • Matthias Schiffer's avatar
      543eb178
      gluon-core: remove DNS cache feature · 543eb178
      Matthias Schiffer authored 
      dnsmasq's caching is severly broken and does not handle all answer records
equally. In particular, its cached answers are missing DNSKEY and DS
records, breaking DNSSEC validation on clients.

Remove the cache for now. It may return if dnsmasq is fixed or we switch to
a different resolver.
      Unverified
      543eb178
      History
      gluon-core: remove DNS cache feature
      Matthias Schiffer authored 
      dnsmasq's caching is severly broken and does not handle all answer records
equally. In particular, its cached answers are missing DNSKEY and DS
records, breaking DNSSEC validation on clients.

Remove the cache for now. It may return if dnsmasq is fixed or we switch to
a different resolver.
    dns-forwarder.rst 810 B

    DNS forwarder

    A Gluon node can be configured to act as a DNS forwarder. Requests for the next-node hostname(s) can be answered locally, without querying the upstream resolver.

    Note: While this reduces answer time and allows to use the next-node hostname without upstream connectivity, this feature should not be used for next-node hostnames that are FQDN when the zone uses DNSSEC.

    One or more upstream resolvers can be configured in the dns.servers setting. When next_node.name is set, A and/or AAAA records for the next-node IP addresses are placed in the dnsmasq configuration.

    dns = {
  servers = { '2001:db8::1', },
},

next_node = {
  name = { 'nextnode.location.community.example.org', 'nextnode', 'nn' },
  ip6 = '2001:db8:8::1',
  ip4 = '198.51.100.1',
}

    Impressum - Datenschutz