From fe77446e04d7ccc23c2b269e87ff13a3d600bbf6 Mon Sep 17 00:00:00 2001 From: Remi Gacogne Date: Fri, 17 May 2019 12:22:48 +0200 Subject: [PATCH] dnsdist: Add missing completion options and fix some typos --- pdns/dnsdist-console.cc | 50 +++++++++++++++++++++++-- pdns/dnsdistdist/docs/rules-actions.rst | 31 ++++++++------- 2 files changed, 63 insertions(+), 18 deletions(-) diff --git a/pdns/dnsdist-console.cc b/pdns/dnsdist-console.cc index 98bd43c9c..dc626f048 100644 --- a/pdns/dnsdist-console.cc +++ b/pdns/dnsdist-console.cc @@ -343,10 +343,12 @@ const std::vector g_consoleKeywords{ /* keyword, function, parameters, description */ { "addACL", true, "netmask", "add to the ACL set who can use this server" }, { "addAction", true, "DNS rule, DNS action [, {uuid=\"UUID\"}]", "add a rule" }, + { "addBPFFilterDynBlocks", true, "addresses, dynbpf[[, seconds=10], msg]", "This is the eBPF equivalent of addDynBlocks(), blocking a set of addresses for (optionally) a number of seconds, using an eBPF dynamic filter" }, { "addConsoleACL", true, "netmask", "add a netmask to the console ACL" }, { "addDNSCryptBind", true, "\"127.0.0.1:8443\", \"provider name\", \"/path/to/resolver.cert\", \"/path/to/resolver.key\", {reusePort=false, tcpFastOpenSize=0, interface=\"\", cpus={}}", "listen to incoming DNSCrypt queries on 127.0.0.1 port 8443, with a provider name of `provider name`, using a resolver certificate and associated key stored respectively in the `resolver.cert` and `resolver.key` files. The fifth optional parameter is a table of parameters" }, { "addDOHLocal", true, "addr, certFile, keyFile [, urls [, vars]]", "listen to incoming DNS over HTTPS queries on the specified address using the specified certificate and key. The last two parameters are tables" }, { "addDynBlocks", true, "addresses, message[, seconds[, action]]", "block the set of addresses with message `msg`, for `seconds` seconds (10 by default), applying `action` (default to the one set with `setDynBlocksAction()`)" }, + { "addDynBlockSMT", true, "names, msessage[, seconds [, action]]", "block the set of names with message `msg`, for `seconds` seconds (10 by default), applying `action` (default to the one set with `setDynBlocksAction()`)" }, { "addLocal", true, "addr [, {doTCP=true, reusePort=false, tcpFastOpenSize=0, interface=\"\", cpus={}}]", "add `addr` to the list of addresses we listen on" }, { "addCacheHitResponseAction", true, "DNS rule, DNS response action [, {uuid=\"UUID\"}]", "add a cache hit response rule" }, { "addResponseAction", true, "DNS rule, DNS response action [, {uuid=\"UUID\"}]", "add a response rule" }, @@ -365,7 +367,9 @@ const std::vector g_consoleKeywords{ { "DelayAction", true, "milliseconds", "delay the response by the specified amount of milliseconds (UDP-only)" }, { "DelayResponseAction", true, "milliseconds", "delay the response by the specified amount of milliseconds (UDP-only)" }, { "delta", true, "", "shows all commands entered that changed the configuration" }, + { "DisableECSAction", true, "", "Disable the sending of ECS to the backend. Subsequent rules are processed after this action." }, { "DisableValidationAction", true, "", "set the CD bit in the question, let it go through" }, + { "DNSSECRule", true, "", "matches queries with the DO bit set" }, { "DnstapLogAction", true, "identity, FrameStreamLogger [, alterFunction]", "send the contents of this query to a FrameStreamLogger or RemoteLogger as dnstap. `alterFunction` is a callback, receiving a DNSQuestion and a DnstapMessage, that can be used to modify the dnstap message" }, { "DnstapLogResponseAction", true, "identity, FrameStreamLogger [, alterFunction]", "send the contents of this response to a remote or FrameStreamLogger or RemoteLogger as dnstap. `alterFunction` is a callback, receiving a DNSResponse and a DnstapMessage, that can be used to modify the dnstap message" }, { "DropAction", true, "", "drop these packets" }, @@ -373,6 +377,8 @@ const std::vector g_consoleKeywords{ { "DSTPortRule", true, "port", "matches questions received to the destination port specified" }, { "dumpStats", true, "", "print all statistics we gather" }, { "dynBlockRulesGroup", true, "", "return a new DynBlockRulesGroup object" }, + { "ECSOverrideAction", true, "override", "Whether an existing EDNS Client Subnet value should be overridden (true) or not (false). Subsequent rules are processed after this action" }, + { "ECSPrefixLengthAction", true, "v4, v6", "Set the ECS prefix length. Subsequent rules are processed after this action" }, { "EDNSVersionRule", true, "version", "matches queries with the specified EDNS version" }, { "EDNSOptionRule", true, "optcode", "matches queries with the specified EDNS0 option present" }, { "ERCodeAction", true, "ercode", "Reply immediately by turning the query into a response with the specified EDNS extended rcode" }, @@ -386,6 +392,7 @@ const std::vector g_consoleKeywords{ { "fixupCase", true, "bool", "if set (default to no), rewrite the first qname of the question part of the answer to match the one from the query. It is only useful when you have a downstream server that messes up the case of the question qname in the answer" }, { "generateDNSCryptCertificate", true, "\"/path/to/providerPrivate.key\", \"/path/to/resolver.cert\", \"/path/to/resolver.key\", serial, validFrom, validUntil", "generate a new resolver private key and related certificate, valid from the `validFrom` timestamp until the `validUntil` one, signed with the provider private key" }, { "generateDNSCryptProviderKeys", true, "\"/path/to/providerPublic.key\", \"/path/to/providerPrivate.key\"", "generate a new provider keypair" }, + { "getAction", true, "n", "Returns the Action associated with rule n" }, { "getBind", true, "n", "returns the listener at index n" }, { "getDNSCryptBind", true, "n", "return the `DNSCryptContext` object corresponding to the bind `n`" }, { "getDOHFrontend", true, "n", "returns the DOH frontend with index n" }, @@ -393,24 +400,38 @@ const std::vector g_consoleKeywords{ { "getPoolServers", true, "pool", "return servers part of this pool" }, { "getQueryCounters", true, "[max=10]", "show current buffer of query counters, limited by 'max' if provided" }, { "getResponseRing", true, "", "return the current content of the response ring" }, + { "getRespRing", true, "", "return the qname/rcode content of the response ring" }, { "getServer", true, "n", "returns server with index n" }, { "getServers", true, "", "returns a table with all defined servers" }, + { "getStatisticsCounters", true, "", "returns a map of statistic counters" }, { "getTLSContext", true, "n", "returns the TLS context with index n" }, { "getTLSFrontend", true, "n", "returns the TLS frontend with index n" }, { "inClientStartup", true, "", "returns true during console client parsing of configuration" }, + { "includeDirectory", true, "path", "nclude configuration files from `path`" }, { "grepq", true, "Netmask|DNS Name|100ms|{\"::1\", \"powerdns.com\", \"100ms\"} [, n]", "shows the last n queries and responses matching the specified client address or range (Netmask), or the specified DNS Name, or slower than 100ms" }, { "leastOutstanding", false, "", "Send traffic to downstream server with least outstanding queries, with the lowest 'order', and within that the lowest recent latency"}, { "LogAction", true, "[filename], [binary], [append], [buffered]", "Log a line for each query, to the specified file if any, to the console (require verbose) otherwise. When logging to a file, the `binary` optional parameter specifies whether we log in binary form (default) or in textual form, the `append` optional parameter specifies whether we open the file for appending or truncate each time (default), and the `buffered` optional parameter specifies whether writes to the file are buffered (default) or not." }, + { "LuaAction", true, "function", "Invoke a Lua function that accepts a DNSQuestion" }, + { "LuaResponseAction", true, "function", "Invoke a Lua function that accepts a DNSResponse" }, + { "MacAddrAction", true, "option", "Add the source MAC address to the query as EDNS0 option option. This action is currently only supported on Linux. Subsequent rules are processed after this action" }, + { "makeIPCipherKey", true, "password", "generates a 16-byte key that can be used to pseudonymize IP addresses with IP cipher" }, { "makeKey", true, "", "generate a new server access key, emit configuration line ready for pasting" }, + { "makeRule", true, "rule", "Make a NetmaskGroupRule() or a SuffixMatchNodeRule(), depending on how it is called" } , { "MaxQPSIPRule", true, "qps, [v4Mask=32 [, v6Mask=64 [, burst=qps [, expiration=300 [, cleanupDelay=60]]]]]", "matches traffic exceeding the qps limit per subnet" }, { "MaxQPSRule", true, "qps", "matches traffic **not** exceeding this qps limit" }, { "mvCacheHitResponseRule", true, "from, to", "move cache hit response rule 'from' to a position where it is in front of 'to'. 'to' can be one larger than the largest rule" }, { "mvResponseRule", true, "from, to", "move response rule 'from' to a position where it is in front of 'to'. 'to' can be one larger than the largest rule" }, { "mvRule", true, "from, to", "move rule 'from' to a position where it is in front of 'to'. 'to' can be one larger than the largest rule, in which case the rule will be moved to the last position" }, { "mvSelfAnsweredResponseRule", true, "from, to", "move self-answered response rule 'from' to a position where it is in front of 'to'. 'to' can be one larger than the largest rule" }, + { "NetmaskGroupRule", true, "nmg[, src]", "Matches traffic from/to the network range specified in nmg. Set the src parameter to false to match nmg against destination address instead of source address. This can be used to differentiate between clients" }, + { "newBPFFilter", true, "maxV4, maxV6, maxQNames", "Return a new eBPF socket filter with a maximum of maxV4 IPv4, maxV6 IPv6 and maxQNames qname entries in the block table" }, + { "newCA", true, "address", "Returns a ComboAddress based on `address`" }, { "newDNSName", true, "name", "make a DNSName based on this .-terminated name" }, + { "newDNSNameSet", true, "", "returns a new DNSNameSet" }, + { "newDynBPFFilter", true, "bpf", "Return a new dynamic eBPF filter associated to a given BPF Filter" }, { "newFrameStreamTcpLogger", true, "addr", "create a FrameStream logger object writing to a TCP address (addr should be ip:port), to use with `DnstapLogAction()` and `DnstapLogResponseAction()`" }, { "newFrameStreamUnixLogger", true, "socket", "create a FrameStream logger object writing to a local unix socket, to use with `DnstapLogAction()` and `DnstapLogResponseAction()`" }, + { "newNMG", true, "", "Returns a NetmaskGroup" }, { "newPacketCache", true, "maxEntries[, maxTTL=86400, minTTL=0, temporaryFailureTTL=60, staleTTL=60, dontAge=false, numberOfShards=1, deferrableInsertLock=true, options={}]", "return a new Packet Cache" }, { "newQPSLimiter", true, "rate, burst", "configure a QPS limiter with that rate and that burst capacity" }, { "newRemoteLogger", true, "address:port [, timeout=2, maxQueuedEntries=100, reconnectWaitTime=1]", "create a Remote Logger object, to use with `RemoteLogAction()` and `RemoteLogResponseAction()`" }, @@ -418,16 +439,28 @@ const std::vector g_consoleKeywords{ { "newServer", true, "{address=\"ip:port\", qps=1000, order=1, weight=10, pool=\"abuse\", retries=5, tcpConnectTimeout=5, tcpSendTimeout=30, tcpRecvTimeout=30, checkName=\"a.root-servers.net.\", checkType=\"A\", maxCheckFailures=1, mustResolve=false, useClientSubnet=true, source=\"address|interface name|address@interface\", sockets=1}", "instantiate a server" }, { "newServerPolicy", true, "name, function", "create a policy object from a Lua function" }, { "newSuffixMatchNode", true, "", "returns a new SuffixMatchNode" }, - { "newDNSNameSet", true, "", "returns a new DNSNameSet" }, + { "NoneAction", true, "", "Does nothing. Subsequent rules are processed after this action" }, { "NoRecurseAction", true, "", "strip RD bit from the question, let it go through" }, + { "NotRule", true, "selector", "Matches the traffic if the selector rule does not match" }, + { "OpcodeRule", true, "code", "Matches queries with opcode code. code can be directly specified as an integer, or one of the built-in DNSOpcodes" }, + { "OrRule", true, "selectors", "Matches the traffic if one or more of the the selectors rules does match" }, { "PoolAction", true, "poolname", "set the packet into the specified pool" }, + { "PoolAvailableRule", true, "poolname", "Check whether a pool has any servers available to handle queries" }, { "printDNSCryptProviderFingerprint", true, "\"/path/to/providerPublic.key\"", "display the fingerprint of the provided resolver public key" }, + { "ProbaRule", true, "probability", "Matches queries with a given probability. 1.0 means always" }, + { "QClassRule", true, "qclass", "Matches queries with the specified qclass. class can be specified as an integer or as one of the built-in DNSClass" }, { "QNameLabelsCountRule", true, "min, max", "matches if the qname has less than `min` or more than `max` labels" }, { "QNameRule", true, "qname", "matches queries with the specified qname" }, + { "QNameSetRule", true, "set", "Matches if the set contains exact qname" }, { "QNameWireLengthRule", true, "min, max", "matches if the qname's length on the wire is less than `min` or more than `max` bytes" }, + { "QPSAction", true, "maxqps", "Drop a packet if it does exceed the maxqps queries per second limits. Letting the subsequent rules apply otherwise" }, + { "QPSPoolAction", true, "maxqps, poolname", "Send the packet into the specified pool only if it does not exceed the maxqps queries per second limits. Letting the subsequent rules apply otherwise" }, { "QTypeRule", true, "qtype", "matches queries with the specified qtype" }, { "RCodeAction", true, "rcode", "Reply immediately by turning the query into a response with the specified rcode" }, { "RCodeRule", true, "rcode", "matches responses with the specified rcode" }, + { "RDRule", true, "", "Matches queries with the RD flag set" }, + { "RecordsCountRule", true, "section, minCount, maxCount", "Matches if there is at least minCount and at most maxCount records in the section section. section can be specified as an integer or as a DNS Packet Sections" }, + { "RecordsTypeCountRule", true, "section, qtype, minCount, maxCount", "Matches if there is at least minCount and at most maxCount records of type type in the section section" }, { "RegexRule", true, "regex", "matches the query name against the supplied regex" }, { "registerDynBPFFilter", true, "DynBPFFilter", "register this dynamic BPF filter into the web interface so that its counters are displayed" }, { "reloadAllCertificates", true, "", "reload all DNSCrypt and TLS certificates, along with their associated keys" }, @@ -444,11 +477,14 @@ const std::vector g_consoleKeywords{ { "setAddEDNSToSelfGeneratedResponses", true, "add", "set whether to add EDNS to self-generated responses, provided that the initial query had EDNS" }, { "setAllowEmptyResponse", true, "allow", "Set to true (defaults to false) to allow empty responses (qdcount=0) with a NoError or NXDomain rcode (default) from backends" }, { "setAPIWritable", true, "bool, dir", "allow modifications via the API. if `dir` is set, it must be a valid directory where the configuration files will be written by the API" }, + { "setCacheCleaningDelay", true, "num", "Set the interval in seconds between two runs of the cache cleaning algorithm, removing expired entries" }, + { "setCacheCleaningPercentage", true, "num", "Set the percentage of the cache that the cache cleaning algorithm will try to free by removing expired entries. By default (100), all expired entries are remove" }, { "setConsoleACL", true, "{netmask, netmask}", "replace the console ACL set with these netmasks" }, { "setConsoleConnectionsLogging", true, "enabled", "whether to log the opening and closing of console connections" }, { "setConsoleOutputMaxMsgSize", true, "messageSize", "set console message maximum size in bytes, default is 10 MB" }, - { "setDNSSECPool", true, "pool name", "move queries requesting DNSSEC processing to this pool" }, + { "setDefaultBPFFilter", true, "filter", "When used at configuration time, the corresponding BPFFilter will be attached to every bind" }, { "setDynBlocksAction", true, "action", "set which action is performed when a query is blocked. Only DNSAction.Drop (the default) and DNSAction.Refused are supported" }, + { "SetECSAction", true, "v4[, v6]", "Set the ECS prefix and prefix length sent to backends to an arbitrary value" }, { "setECSOverride", true, "bool", "whether to override an existing EDNS Client Subnet value in the query" }, { "setECSSourcePrefixV4", true, "prefix-length", "the EDNS Client Subnet prefix-length used for IPv4 queries" }, { "setECSSourcePrefixV6", true, "prefix-length", "the EDNS Client Subnet prefix-length used for IPv6 queries" }, @@ -462,12 +498,13 @@ const std::vector g_consoleKeywords{ { "setMaxUDPOutstanding", true, "n", "set the maximum number of outstanding UDP queries to a given backend server. This can only be set at configuration time and defaults to 10240" }, { "setPayloadSizeOnSelfGeneratedAnswers", true, "payloadSize", "set the UDP payload size advertised via EDNS on self-generated responses" }, { "setPoolServerPolicy", true, "policy, pool", "set the server selection policy for this pool to that policy" }, - { "setPoolServerPolicy", true, "name, func, pool", "set the server selection policy for this pool to one named 'name' and provided by 'function'" }, + { "setPoolServerPolicyLua", true, "name, func, pool", "set the server selection policy for this pool to one named 'name' and provided by 'function'" }, { "setPreserveTrailingData", true, "bool", "set whether trailing data should be preserved while adding ECS or XPF records to incoming queries" }, { "setQueryCount", true, "bool", "set whether queries should be counted" }, { "setQueryCountFilter", true, "func", "filter queries that would be counted, where `func` is a function with parameter `dq` which decides whether a query should and how it should be counted" }, { "setRingBuffersLockRetries", true, "n", "set the number of attempts to get a non-blocking lock to a ringbuffer shard before blocking" }, { "setRingBuffersSize", true, "n [, numberOfShards]", "set the capacity of the ringbuffers used for live traffic inspection to `n`, and optionally the number of shards to use to `numberOfShards`" }, + { "setRoundRobinFailOnNoServer", true, "value", "By default the roundrobin load-balancing policy will still try to select a backend even if all backends are currently down. Setting this to true will make the policy fail and return that no server is available instead" }, { "setRules", true, "list of rules", "replace the current rules with the supplied list of pairs of DNS Rules and DNS Actions (see `newRuleAction()`)" }, { "setSecurityPollInterval", true, "n", "set the security polling interval to `n` seconds" }, { "setSecurityPollSuffix", true, "suffix", "set the security polling suffix to the specified value" }, @@ -484,6 +521,7 @@ const std::vector g_consoleKeywords{ { "setUDPTimeout", true, "n", "set the maximum time dnsdist will wait for a response from a backend over UDP, in seconds" }, { "setVerboseHealthChecks", true, "bool", "set whether health check errors will be logged" }, { "setWebserverConfig", true, "[{password=string, apiKey=string, customHeaders}]", "Updates webserver configuration" }, + { "setWHashedPertubation", true, "value", "Set the hash perturbation value to be used in the whashed policy instead of a random one, allowing to have consistent whashed results on different instance" }, { "show", true, "string", "outputs `string`" }, { "showACL", true, "", "show our ACL set" }, { "showBinds", true, "", "show listening addresses (frontends)" }, @@ -505,14 +543,18 @@ const std::vector g_consoleKeywords{ { "showTLSContexts", true, "", "list all the available TLS contexts" }, { "showVersion", true, "", "show the current version" }, { "shutdown", true, "", "shut down `dnsdist`" }, + { "SkipCacheAction", true, "", "Don’t lookup the cache for this query, don’t store the answer" }, { "snmpAgent", true, "enableTraps [, masterSocket]", "enable `SNMP` support. `enableTraps` is a boolean indicating whether traps should be sent and `masterSocket` an optional string specifying how to connect to the master agent"}, { "SNMPTrapAction", true, "[reason]", "send an SNMP trap, adding the optional `reason` string as the query description"}, { "SNMPTrapResponseAction", true, "[reason]", "send an SNMP trap, adding the optional `reason` string as the response description"}, { "SpoofAction", true, "{ip, ...} ", "forge a response with the specified IPv4 (for an A query) or IPv6 (for an AAAA). If you specify multiple addresses, all that match the query type (A, AAAA or ANY) will get spoofed in" }, + { "SpoofCNAMEAction", true, "cname", "Forge a response with the specified CNAME value" }, + { "SuffixMatchNodeRule", true, "smn[, quiet]", "Matches based on a group of domain suffixes for rapid testing of membership. Pass true as second parameter to prevent listing of all domains matched" }, { "TagAction", true, "name, value", "set the tag named 'name' to the given value" }, { "TagResponseAction", true, "name, value", "set the tag named 'name' to the given value" }, { "TagRule", true, "name [, value]", "matches if the tag named 'name' is present, with the given 'value' matching if any" }, { "TCAction", true, "", "create answer to query with TC and RD bits set, to move to TCP" }, + { "TCPRule", true, "[tcp]", "Matches question received over TCP if tcp is true, over UDP otherwise" }, { "TeeAction", true, "remote [, addECS]", "send copy of query to remote, optionally adding ECS info" }, { "TempFailureCacheTTLAction", true, "ttl", "set packetcache TTL for temporary failure replies" }, { "testCrypto", true, "", "test of the crypto all works" }, @@ -522,11 +564,11 @@ const std::vector g_consoleKeywords{ { "topClients", true, "n", "show top-`n` clients sending the most queries over length of ringbuffer" }, { "topQueries", true, "n[, labels]", "show top 'n' queries, as grouped when optionally cut down to 'labels' labels" }, { "topResponses", true, "n, kind[, labels]", "show top 'n' responses with RCODE=kind (0=NO Error, 2=ServFail, 3=ServFail), as grouped when optionally cut down to 'labels' labels" }, - { "topCacheHitResponseRule", true, "", "move the last cache hit response rule to the first position" }, { "topResponseRule", true, "", "move the last response rule to the first position" }, { "topRule", true, "", "move the last rule to the first position" }, { "topSelfAnsweredResponseRule", true, "", "move the last self-answered response rule to the first position" }, { "topSlow", true, "[top][, limit][, labels]", "show `top` queries slower than `limit` milliseconds, grouped by last `labels` labels" }, + { "TrailingDataRule", true, "", "Matches if the query has trailing data" }, { "truncateTC", true, "bool", "if set (defaults to no starting with dnsdist 1.2.0) truncate TC=1 answers so they are actually empty. Fixes an issue for PowerDNS Authoritative Server 2.9.22. Note: turning this on breaks compatibility with RFC 6891." }, { "unregisterDynBPFFilter", true, "DynBPFFilter", "unregister this dynamic BPF filter" }, { "webserver", true, "address:port, password [, apiKey [, customHeaders ]])", "launch a webserver with stats on that address with that password" }, diff --git a/pdns/dnsdistdist/docs/rules-actions.rst b/pdns/dnsdistdist/docs/rules-actions.rst index a0d1e38b5..0a19ee28e 100644 --- a/pdns/dnsdistdist/docs/rules-actions.rst +++ b/pdns/dnsdistdist/docs/rules-actions.rst @@ -636,7 +636,7 @@ These ``DNSRule``\ s be one of the following items: .. function:: QClassRule(qclass) Matches queries with the specified ``qclass``. - ``class`` can be specified as an integer or as one of the built-in :ref:`DNSQClass`. + ``class`` can be specified as an integer or as one of the built-in :ref:`DNSClass`. :param int qclass: The Query Class to match on @@ -649,7 +649,10 @@ These ``DNSRule``\ s be one of the following items: :param string qname: Qname to match .. function:: QNameSetRule(set) - Matches if the set contains exact qname. + + .. versionadded:: 1.4.0 + + Matches if the set contains exact qname. To match subdomain names, see :func:`SuffixMatchNodeRule`. @@ -817,21 +820,21 @@ The following actions exist. .. function:: DelayAction(milliseconds) Delay the response by the specified amount of milliseconds (UDP-only). - Subsequent rules are processed after this rule. + Subsequent rules are processed after this action. :param int milliseconds: The amount of milliseconds to delay the response .. function:: DelayResponseAction(milliseconds) Delay the response by the specified amount of milliseconds (UDP-only). - Subsequent rules are processed after this rule. + Subsequent rules are processed after this action. :param int milliseconds: The amount of milliseconds to delay the response .. function:: DisableECSAction() Disable the sending of ECS to the backend. - Subsequent rules are processed after this rule. + Subsequent rules are processed after this action. .. function:: DisableValidationAction() @@ -870,14 +873,14 @@ The following actions exist. .. function:: ECSOverrideAction(override) Whether an existing EDNS Client Subnet value should be overridden (true) or not (false). - Subsequent rules are processed after this rule. + Subsequent rules are processed after this action. :param bool override: Whether or not to override ECS value .. function:: ECSPrefixLengthAction(v4, v6) Set the ECS prefix length. - Subsequent rules are processed after this rule. + Subsequent rules are processed after this action. :param int v4: The IPv4 netmask length :param int v6: The IPv6 netmask length @@ -898,7 +901,7 @@ The following actions exist. When logging to a file, the ``binary`` optional parameter specifies whether we log in binary form (default) or in textual form. The ``append`` optional parameter specifies whether we open the file for appending or truncate each time (default). The ``buffered`` optional parameter specifies whether writes to the file are buffered (default) or not. - Subsequent rules are processed after this rule. + Subsequent rules are processed after this action. :param string filename: File to log to. Set to an empty string to log to the normal stdout log, this only works when ``-v`` is set on the command line. :param bool binary: Do binary logging. Default true @@ -925,19 +928,19 @@ The following actions exist. Add the source MAC address to the query as EDNS0 option ``option``. This action is currently only supported on Linux. - Subsequent rules are processed after this rule. + Subsequent rules are processed after this action. :param int option: The EDNS0 option number .. function:: NoneAction() Does nothing. - Subsequent rules are processed after this rule. + Subsequent rules are processed after this action. .. function:: NoRecurseAction() Strip RD bit from the question, let it go through. - Subsequent rules are processed after this rule. + Subsequent rules are processed after this action. .. function:: PoolAction(poolname) @@ -1018,7 +1021,7 @@ The following actions exist. If both IPv4 and IPv6 masks are supplied the IPv4 one will be used for IPv4 clients and the IPv6 one for IPv6 clients. Otherwise the first mask is used for both, and can actually be an IPv6 mask. - Subsequent rules are processed after this rule. + Subsequent rules are processed after this action. :param string v4: The IPv4 netmask, for example "192.0.2.1/32" :param string v6: The IPv6 netmask, if any @@ -1030,14 +1033,14 @@ The following actions exist. .. function:: SNMPTrapAction([message]) Send an SNMP trap, adding the optional ``message`` string as the query description. - Subsequent rules are processed after this rule. + Subsequent rules are processed after this action. :param string message: The message to include .. function:: SNMPTrapResponseAction([message]) Send an SNMP trap, adding the optional ``message`` string as the query description. - Subsequent rules are processed after this rule. + Subsequent rules are processed after this action. :param string message: The message to include -- 2.40.0