From fc96870efc983dde24e3f7e21ab5664c1b2ccd90 Mon Sep 17 00:00:00 2001 From: Eugene Burkov Date: Thu, 12 Oct 2023 18:17:02 +0300 Subject: [PATCH] Pull request 183: doc ds upstream config Merge in GO/adguard-home-wiki from doc-ds-upstream-config to master Updates AdguardTeam/AdGuardHome#6156. Squashed commit of the following: commit cabb4325803ebdb51ff3a749c0b788e62e03b1ee Author: Eugene Burkov Date: Thu Oct 12 18:03:52 2023 +0300 Configuration: screen spec chars commit f3de47b618166d1ca407bd55e7b0945016407393 Author: Eugene Burkov Date: Thu Oct 12 17:59:03 2023 +0300 Configuration: imp txt commit 52c43fa8e4f14db15ad3457a40f6e5c346f9780e Author: Eugene Burkov Date: Thu Oct 12 17:48:19 2023 +0300 Configuration: mention ds --- Configuration.md | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/Configuration.md b/Configuration.md index 5e1b053..30bac2f 100644 --- a/Configuration.md +++ b/Configuration.md @@ -151,6 +151,18 @@ a configuration like this: sends queries for `*.host.com` to `1.2.3.4` except for queries for `*.www.host.com`, which are sent to `6.7.8.9`, which is the default upstream. +Queries for the `DS` query type are following the assumption based on +specification for records' presence given in [RFC 4035, section +2.4](https://datatracker.ietf.org/doc/html/rfc4035#section-2.4): + + > A DS RRset SHOULD be present at a delegation point when the child zone is + > signed. \[…\] All DS RRsets in a zone MUST be signed, and DS RRsets MUST + > NOT appear at a zone's apex. + +For example, the `DS` query for `domain.example.com` will be sent to the +upstream specified for `example.com`, `com`, or the default one, even if there +is a more specific upstream like `*.example.com`. + Since **v0.108.0-b.8** the wildcard `*` has a special meaning of "any subdomain", so `--upstream=[/*.host.com/]1.2.3.4` will send queries for `*.host.com` to `1.2.3.4`, but `host.com` will be forwarded to default