diff --git a/DnsServerCore/www/index.html b/DnsServerCore/www/index.html index d8e73f1e..95292f81 100644 --- a/DnsServerCore/www/index.html +++ b/DnsServerCore/www/index.html @@ -582,8 +582,8 @@
  • Cloudflare TLS {cloudflare-dns.com (1.0.0.1:853)}
  • Cloudflare TLS {cloudflare-dns.com ([2606:4700:4700::1111]:853)}
  • Cloudflare TLS {cloudflare-dns.com ([2606:4700:4700::1001]:853)}
    • -
  • Cloudflare HTTPS {https://cloudflare-dns.com/dns-query}
    • -
  • Cloudflare HTTPS-JSON {https://cloudflare-dns.com/dns-query}
    • +
  • Cloudflare HTTPS {https://cloudflare-dns.com/dns-query (1.1.1.1)}
    • +
  • Cloudflare HTTPS-JSON {https://cloudflare-dns.com/dns-query (1.1.1.1)}
  • Google {8.8.8.8}
  • Google {8.8.4.4}
  • Google {[2001:4860:4860::8888]}
    • @@ -592,18 +592,18 @@
  • Google TLS {dns.google (8.8.4.4:853)}
  • Google TLS {dns.google ([2001:4860:4860::8888]:853)}
  • Google TLS {dns.google ([2001:4860:4860::8844]:853)}
    • -
  • Google HTTPS {https://dns.google/dns-query}
    • -
  • Google HTTPS-JSON {https://dns.google/resolve}
    • +
  • Google HTTPS {https://dns.google/dns-query (8.8.8.8)}
    • +
  • Google HTTPS-JSON {https://dns.google/resolve (8.8.8.8)}
  • Quad9 Secure {9.9.9.9}
  • Quad9 Secure {[2620:fe::fe]}
  • Quad9 Secure TLS {dns.quad9.net (9.9.9.9:853)}
  • Quad9 Secure TLS {dns.quad9.net ([2620:fe::fe]:853)}
    • -
  • Quad9 Secure HTTPS {https://dns.quad9.net/dns-query}
    • +
  • Quad9 Secure HTTPS {https://dns.quad9.net/dns-query (9.9.9.9)}
  • Quad9 Unsecure {9.9.9.10}
  • Quad9 Unsecure {[2620:fe::10]}
  • Quad9 Unsecure TLS {dns10.quad9.net (9.9.9.10:853)}
  • Quad9 Unsecure TLS {dns10.quad9.net ([2620:fe::10]:853)}
    • -
  • Quad9 Unsecure HTTPS {https://dns10.quad9.net/dns-query}
    • +
  • Quad9 Unsecure HTTPS {https://dns10.quad9.net/dns-query (9.9.9.10)}
  • OpenDNS {208.67.222.222}
  • OpenDNS {208.67.220.220}
  • OpenDNS {[2620:0:ccc::2]}
    • @@ -828,6 +828,27 @@
    Help: How To Host Your Own DNS-over-HTTPS And DNS-over-TLS Services
    +
    +
    + +
    + + + + + + + + + +
    Key NameShared Secret
    +
    +
    The shared secret can be a base64 string or a literal string. Keep the shared secret empty if you want to auto generate a strong key.
    +
    + +
    Note! You will need to select these TSIG keys for zone transfer in the zone options separately. This DNS server supports hmac-md5, hmac-sha1, hmac-sha256 (recommended), hmac-sha256-128, hmac-sha384, hmac-sha384-192, hmac-sha512, and hmac-sha512-256 algorithms.
    +
    +
    @@ -969,12 +990,21 @@
    - +
    - + (set 0 to disable)
    -
    The maximum queries a client can make per minute on average based on the sample size.
    +
    The maximum queries a client subnet can make per minute on average based on the sample size.
    +
    + +
    + +
    + + (set 0 to disable) +
    +
    The maximum queries that generate an error response a client subnet can make per minute on average based on the sample size. Responses with RCODE as FormatError, ServerFailure, or Refused are considered as error responses.
    @@ -987,15 +1017,24 @@
    - +
    - - minutes (valid range 1-60; default 1) + + (valid range 0-32; default 24)
    -
    The interval to sample client query stats.
    +
    The IPv4 prefix length to define the client subnet.
    -
    Note! Queries Per Minute (QPM) feature will limit requests from a client based on its IP address. The QPM limit configured will be compared with the average count from the sample size which means a client may exceed the QPM limit for a given minute but won't exceed for the given sample size in minutes. Additionally, any client hitting QPM limit for Refused responses will be automatically blocked for 12 hours.
    +
    + +
    + + (valid range 0-64; default 56) +
    +
    The IPv6 prefix length to define the client subnet.
    +
    + +
    Note! Queries Per Minute (QPM) feature will limit requests from a client subnet based on its IP address and the specified subnet prefix lengths. The QPM limit configured will be compared with the average count from the sample size which means a client may exceed the QPM limit for a given minute but won't exceed for the given sample size in minutes.
    @@ -1922,8 +1961,8 @@
    @@ -2178,8 +2217,8 @@ ns1.example.com ([2001:db8::]:853)
    @@ -2372,7 +2411,7 @@ ns1.example.com ([2001:db8::]:853)
    - +
    @@ -2497,23 +2536,17 @@ ns1.example.com ([2001:db8::]:853)
    - -
    - - - - - - - - - -
    Key NameShared Secret
    + +
    + + + +
    -
    The shared secret can be a base64 string or a literal string. Keep the shared secret empty if you want to auto generate a strong key.
    -
    Note! TSIG allows authenticating requests when at least one key is configured. A secondary zone must be configured with one of the above keys to be able to perform zone transfer. This server supports hmac-md5, hmac-sha1, hmac-sha256 (recommended), hmac-sha256-128, hmac-sha384, hmac-sha384-192, hmac-sha512, and hmac-sha512-256 algorithms.
    +
    Note! Entering one or more TSIG key names above will cause the DNS server to authenticate all zone transfer requests. A secondary zone must be configured with one of the above keys to be able to perform a zone transfer.
    @@ -2703,7 +2736,7 @@ ns1.example.com ([2001:db8::]:853)
    - +

    Note: The app will reload the config automatically after you save it.