diff options
Diffstat (limited to 'doc/dnsfunnel-daemon.html')
| -rw-r--r-- | doc/dnsfunnel-daemon.html | 112 |
1 files changed, 112 insertions, 0 deletions
diff --git a/doc/dnsfunnel-daemon.html b/doc/dnsfunnel-daemon.html new file mode 100644 index 0000000..d93d463 --- /dev/null +++ b/doc/dnsfunnel-daemon.html @@ -0,0 +1,112 @@ +<html> + <head> + <meta name="viewport" content="width=device-width, initial-scale=1.0" /> + <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> + <meta http-equiv="Content-Language" content="en" /> + <title>dnsfunnel: the dnsfunnel-daemon program</title> + <meta name="Description" content="dnsfunnel: the dnsfunnel-daemon program" /> + <meta name="Keywords" content="dnsfunnel daemon /etc/resolv.conf local cache resolver 127.0.0.1" /> + <!-- <link rel="stylesheet" type="text/css" href="//skarnet.org/default.css" /> --> + </head> +<body> + +<p> +<a href="index.html">dnsfunnel</a><br /> +<a href="//skarnet.org/software/">Software</a><br /> +<a href="//skarnet.org/">skarnet.org</a> +</p> + +<h1> The <tt>dnsfunnel-daemon</tt> program </h1> + +<p> +<tt>dnsfunnel-daemon</tt> binds to a local UDP socket, drops its +privileges, then executes into <a href="dnsfunneld.html">dnsfunneld</a>. +</p> + +<h2> Interface </h2> + +<pre> + dnsfunnel-daemon [ -v verbosity ] [ -d notif ] [ -U | -u uid -g gid ] [ -i ip:port ] [ -R root ] [ -b bufsize ] [ -f cachelist ] [ -T | -t ] [ -N | -n ] +</pre> + +<ul> + <li> dnsfunnel-daemon creates a UDP inet domain socket and binds it +to IPv4 address <em>ip</em> (normally 127.0.0.1) and port <em>port</em> +(normally 53). </li> + <li> Depending on the options it has been given, it may chroot and lose +privileges on its gid and uid. </li> + <li> It execs into <a href="dnsfunneld.html">dnsfunneld</a> with the +UDP socket as its standard input. </li> +</ul> + +<p> + The point of <tt>dnsfunnel-daemon</tt> is to separate the administrative +operations of starting a daemon from the actual serving part, which is +handled by <a href="dnsfunneld.html">dnsfunneld</a>. +</p> + +<h2> Exit codes </h2> + +<ul> + <li> 100: wrong usage </li> + <li> 111: system call failed </li> + <li> 126: failed to exec <a href="dnsfunneld.html">dnsfunneld</a> </li> + <li> 127: could not find the <a href="dnsfunneld.html">dnsfunneld</a> executable </li> +</ul> + +<h2> Options </h2> + +<ul> + <li> <tt>-v <em>verbosity</em></tt> : verbosity of the +<a href="dnsfunneld.html">dnsfunneld</a> program. This option is passed as is +to <a href="dnsfunneld.html">dnsfunneld</a>. Default is 1. 0 suppresses warning +messages. Higher values may give more informational messages. </li> + <li> <tt>-d <em>notif</em></tt> : readiness notification. This option +is passed as is to <a href="dnsfunneld.html">dnsfunneld</a>, which will print a +newline to descriptor <em>notif</em> when it is ready. Default is no readiness +notification. </li> + <li> <tt>-U</tt> : read an uid in the UID environment variable and a gid +in the GID environment variable, and drop privileges to that uid/gid. </li> + <li> <tt>-u <em>uid</em></tt> : drop privileges to numerical uid +<em>uid</em>. </li> + <li> <tt>-g <em>gid</em></tt> : drop privileges to numerical gid +<em>gid</em>. </li> + <li> <tt>-i <em>ip</em>:<em>port</em></tt> : bind the socket to +IPv4 <em>ip</em> and port <em>port</em>. Default for <em>ip</em> is +<tt>127.0.0.1</tt>; default for <em>port</em> is 53. </li> + <li> <tt>-R <em>root</em></tt> : chroot to <em>root</em>. Note that +this option only increases security if you also drop privileges. </li> + <li> <tt>-b <em>bufsize</em></tt> : try and reserve a kernel buffer +size of <em>bufsize</em> bytes for the socket. Default is 131072. If the given +<em>bufsize</em> is 0, then <tt>dnsfunnel-daemon</tt> will use whatever the +default is for your kernel. </li> + <li> <tt>-f <em>cachelist</em></tt> : Use <em>cachelist</em> as the +file that <a href="dnsfunneld.html">dnsfunneld</a> reads its cache addresses +from. Default is <tt>/run/dnsfunnel-caches</tt>, or <em>file</em> +if the <tt>--with-cachelist=<em>file</em></tt> option has been given to the +configure script at build time. </li> +</ul> + +<p> + The other options control the activation or deactivation of various +<a href="dnsfunneld.html">dnsfunneld</a> features: +</p> + <li> <tt>-T</tt> : Do not activate truncation of responses. This is +the default. </li> + <li> <tt>-t</tt> : If a DNS response is bigger than 510 bytes, +truncate its last resource records until it fits into 510 bytes and can +be sent in a UDP packet. </li> + <li> <tt>-N</tt> : Do not activate nxdomain workaround. This is the +default. </li> + <li> <tt>-n</tt> : Activate nxdomain workaround. When receiving an A +(resp. AAAA) query to forward, also make an AAAA (resp. A) query, and adjust +the response accordingly. Some DNS servers incorrectly answer NXDOMAIN when +they should just answer NODATA, and querying for another, existing, record +type for the same domain allows dnsfunneld to tell the difference between a +real NXDOMAIN (in which case that response is forwarded to the client) and +an incorrect one (in which case NODATA is answered to the client instead). </li> + <li> Other options may be added in the future. </li> +</ul> + +</body> +</html> |