diff options
author | Christian Grothoff <christian@grothoff.org> | 2012-01-18 20:43:25 +0000 |
---|---|---|
committer | Christian Grothoff <christian@grothoff.org> | 2012-01-18 20:43:25 +0000 |
commit | c37fba0bd9febb11297ebca62a58935276130244 (patch) | |
tree | 45cf17c2f0f4ffd0daa2b77181f8cc63a3445ffa /src/dns/dns.conf.in | |
parent | 6b2fb63de633b086a91e7733ca0dd5591198c20c (diff) | |
download | gnunet-c37fba0bd9febb11297ebca62a58935276130244.tar.gz gnunet-c37fba0bd9febb11297ebca62a58935276130244.zip |
-adding DNS exit-from-mesh functionality to gnunet-service-dns
Diffstat (limited to 'src/dns/dns.conf.in')
-rw-r--r-- | src/dns/dns.conf.in | 25 |
1 files changed, 24 insertions, 1 deletions
diff --git a/src/dns/dns.conf.in b/src/dns/dns.conf.in index a99f7fec3..d2c67958a 100644 --- a/src/dns/dns.conf.in +++ b/src/dns/dns.conf.in | |||
@@ -1,17 +1,34 @@ | |||
1 | [dns] | 1 | [dns] |
2 | AUTOSTART = YES | 2 | AUTOSTART = YES |
3 | @UNIXONLY@ PORT = 0 | ||
4 | HOSTNAME = localhost | 3 | HOSTNAME = localhost |
5 | HOME = $SERVICEHOME | 4 | HOME = $SERVICEHOME |
6 | CONFIG = $DEFAULTCONFIG | 5 | CONFIG = $DEFAULTCONFIG |
7 | BINARY = gnunet-service-dns | 6 | BINARY = gnunet-service-dns |
8 | UNIXPATH = /tmp/gnunet-service-dns.sock | 7 | UNIXPATH = /tmp/gnunet-service-dns.sock |
8 | |||
9 | # Access to this service can compromise all DNS queries in this | ||
10 | # system. Thus access should be restricted to the same UID. | ||
11 | # (see https://gnunet.org/gnunet-access-control-model) | ||
9 | UNIX_MATCH_UID = YES | 12 | UNIX_MATCH_UID = YES |
10 | UNIX_MATCH_GID = YES | 13 | UNIX_MATCH_GID = YES |
14 | |||
15 | # As there is no sufficiently restrictive access control for TCP, | ||
16 | # we never use it, even if @UNIXONLY@ is not set (just to be safe) | ||
17 | @UNIXONLY@ PORT = 0 | ||
18 | |||
19 | # This option should be set to YES to allow the DNS service to | ||
20 | # perform lookups against the locally configured DNS resolver. | ||
21 | # (set to "NO" if no normal ISP is locally available and thus | ||
22 | # requests for normal ".com"/".org"/etc. must be routed via | ||
23 | # the GNUnet VPN (the GNUNET PT daemon then needs to be configured | ||
24 | # to intercept and route DNS queries via mesh). | ||
11 | PROVIDE_EXIT = YES | 25 | PROVIDE_EXIT = YES |
26 | |||
27 | # Name of the virtual interface we use to intercept DNS traffic. | ||
12 | IFNAME = gnunet-dns | 28 | IFNAME = gnunet-dns |
13 | 29 | ||
14 | # Use RFC 3849-style documentation IPv6 address (RFC 4773 might provide an alternative in the future) | 30 | # Use RFC 3849-style documentation IPv6 address (RFC 4773 might provide an alternative in the future) |
31 | # FIXME: or just default to a site-local address scope as we do for VPN!? | ||
15 | IPV6ADDR = 2001:DB8::1 | 32 | IPV6ADDR = 2001:DB8::1 |
16 | IPV6PREFIX = 126 | 33 | IPV6PREFIX = 126 |
17 | 34 | ||
@@ -19,3 +36,9 @@ IPV6PREFIX = 126 | |||
19 | IPV4ADDR = 169.254.1.1 | 36 | IPV4ADDR = 169.254.1.1 |
20 | IPV4MASK = 255.255.0.0 | 37 | IPV4MASK = 255.255.0.0 |
21 | 38 | ||
39 | # Enable GNUnet-wide DNS-EXIT service by setting this value to the IP address (IPv4 or IPv6) | ||
40 | # of a DNS resolver to use. Only works if "PROVIDE_EXIT" is also set to YES. Must absolutely | ||
41 | # NOT be an address of any of GNUnet's virtual tunnel interfaces. Use a well-known | ||
42 | # public DNS resolver or your ISP's resolver from /etc/resolv.conf. | ||
43 | # DNS_EXIT = 8.8.8.8 | ||
44 | |||