diff options
Diffstat (limited to 'doc/dnsfunnel-daemon.html')
| -rw-r--r-- | doc/dnsfunnel-daemon.html | 115 |
1 files changed, 0 insertions, 115 deletions
diff --git a/doc/dnsfunnel-daemon.html b/doc/dnsfunnel-daemon.html deleted file mode 100644 index b779635..0000000 --- a/doc/dnsfunnel-daemon.html +++ /dev/null @@ -1,115 +0,0 @@ -<html> - <head> - <meta name="viewport" content="width=device-width, initial-scale=1.0" /> - <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> - <meta http-equiv="Content-Language" content="en" /> - <title>dnsfunnel: the dnsfunnel-daemon program</title> - <meta name="Description" content="dnsfunnel: the dnsfunnel-daemon program" /> - <meta name="Keywords" content="dnsfunnel daemon /etc/resolv.conf local cache resolver 127.0.0.1" /> - <!-- <link rel="stylesheet" type="text/css" href="//skarnet.org/default.css" /> --> - </head> -<body> - -<p> -<a href="index.html">dnsfunnel</a><br /> -<a href="//skarnet.org/software/">Software</a><br /> -<a href="//skarnet.org/">skarnet.org</a> -</p> - -<h1> The <tt>dnsfunnel-daemon</tt> program </h1> - -<p> -<tt>dnsfunnel-daemon</tt> binds to a local UDP socket, drops its -privileges, then executes into <a href="dnsfunneld.html">dnsfunneld</a>. -It is the high-level entry point to invoke in scripts that want to launch -<a href="dnsfunneld.html">dnsfunneld</a>. - -</p> - -<h2> Interface </h2> - -<pre> - dnsfunnel-daemon [ -v verbosity ] [ -d notif ] [ -U | -u uid -g gid ] [ -i ip:port ] [ -R root ] [ -b bufsize ] [ -f cachelist ] [ -T | -t ] [ -N | -n ] -</pre> - -<ul> - <li> dnsfunnel-daemon creates a UDP inet domain socket and binds it -to IPv4 address <em>ip</em> (normally 127.0.0.1) and port <em>port</em> -(normally 53). </li> - <li> Depending on the options it has been given, it may chroot and lose -privileges on its gid and uid. </li> - <li> It execs into <a href="dnsfunneld.html">dnsfunneld</a> with the -UDP socket as its standard input. </li> -</ul> - -<p> - The point of <tt>dnsfunnel-daemon</tt> is to separate the administrative -operations of starting a daemon from the actual serving part, which is -handled by <a href="dnsfunneld.html">dnsfunneld</a>. -</p> - -<h2> Exit codes </h2> - -<ul> - <li> 100: wrong usage </li> - <li> 111: system call failed </li> - <li> 126: failed to exec <a href="dnsfunneld.html">dnsfunneld</a> </li> - <li> 127: could not find the <a href="dnsfunneld.html">dnsfunneld</a> executable </li> -</ul> - -<h2> Options </h2> - -<ul> - <li> <tt>-v <em>verbosity</em></tt> : verbosity of the -<a href="dnsfunneld.html">dnsfunneld</a> program. This option is passed as is -to <a href="dnsfunneld.html">dnsfunneld</a>. Default is 1. 0 suppresses warning -messages. Higher values may give more informational messages. </li> - <li> <tt>-d <em>notif</em></tt> : readiness notification. This option -is passed as is to <a href="dnsfunneld.html">dnsfunneld</a>, which will print a -newline to descriptor <em>notif</em> when it is ready. Default is no readiness -notification. </li> - <li> <tt>-U</tt> : read an uid in the UID environment variable and a gid -in the GID environment variable, and drop privileges to that uid/gid. </li> - <li> <tt>-u <em>uid</em></tt> : drop privileges to numerical uid -<em>uid</em>. </li> - <li> <tt>-g <em>gid</em></tt> : drop privileges to numerical gid -<em>gid</em>. </li> - <li> <tt>-i <em>ip</em>:<em>port</em></tt> : bind the socket to -IPv4 <em>ip</em> and port <em>port</em>. Default for <em>ip</em> is -<tt>127.0.0.1</tt>; default for <em>port</em> is 53. </li> - <li> <tt>-R <em>root</em></tt> : chroot to <em>root</em>. Note that -this option only increases security if you also drop privileges. </li> - <li> <tt>-b <em>bufsize</em></tt> : try and reserve a kernel buffer -size of <em>bufsize</em> bytes for the socket. Default is 131072. If the given -<em>bufsize</em> is 0, then <tt>dnsfunnel-daemon</tt> will use whatever the -default is for your kernel. </li> - <li> <tt>-f <em>cachelist</em></tt> : Use <em>cachelist</em> as the -file that <a href="dnsfunneld.html">dnsfunneld</a> reads its cache addresses -from. Default is <tt>/run/dnsfunnel-caches</tt>, or <em>file</em> -if the <tt>--with-cachelist=<em>file</em></tt> option has been given to the -configure script at build time. </li> -</ul> - -<p> - The other options control the activation or deactivation of various -<a href="dnsfunneld.html">dnsfunneld</a> features: -</p> - <li> <tt>-T</tt> : Do not activate truncation of responses. This is -the default. </li> - <li> <tt>-t</tt> : If a DNS response is bigger than 510 bytes, -truncate its last resource records until it fits into 510 bytes and can -be sent in a UDP packet. </li> - <li> <tt>-N</tt> : Do not activate nxdomain workaround. This is the -default. </li> - <li> <tt>-n</tt> : Activate nxdomain workaround. When receiving an A -(resp. AAAA) query to forward, also make an AAAA (resp. A) query, and adjust -the response accordingly. Some DNS servers incorrectly answer NXDOMAIN when -they should just answer NODATA, and querying for another, existing, record -type for the same domain allows dnsfunneld to tell the difference between a -real NXDOMAIN (in which case that response is forwarded to the client) and -an incorrect one (in which case NODATA is answered to the client instead). </li> - <li> Other options may be added in the future. </li> -</ul> - -</body> -</html> |