<sect1 id="configlines">
<title>Specific blocks and directives</title>
<para>
- Not all configuration blocks and directives are listed here, only the most common ones. More blocks and directives will
- be documented in later revisions of this manual.
+ Not all configuration blocks and directives are listed here, only the most common ones. More blocks and directives will
+ be documented in later revisions of this manual.
</para>
<sect2>
<title>loadmodule directive</title>
<varlistentry>
<term>spoof</term>
<listitem>
- <para>An optional fake hostname (or user@host) to apply to users authenticated to this auth{} block.</para>
+ <para>An optional fake hostname (or user@host) to apply to users authenticated to this auth{} block. In STATS i and TESTLINE, an equals sign (=) appears before the user@host and the spoof is shown.</para>
</listitem>
</varlistentry>
<varlistentry>
<term>flags</term>
<listitem>
- <para>A list of flags to apply to this auth{} block. They are listed below.</para>
+ <para>A list of flags to apply to this auth{} block. They are listed below. Some of the flags appear as a special character, parenthesized in the list, before the user@host in STATS i and TESTLINE.</para>
</listitem>
</varlistentry>
<varlistentry>
</listitem>
</varlistentry>
<varlistentry>
- <term>exceed_limit</term>
+ <term>exceed_limit (>)</term>
<listitem>
<para>Users in this auth{} block can exceed class-wide limitations.</para>
</listitem>
</varlistentry>
<varlistentry>
- <term>dnsbl_exempt</term>
+ <term>dnsbl_exempt ($)</term>
<listitem>
<para>Users in this auth{} block are exempted from DNS blacklist checks. However, they will still be warned if they are listed.</para>
</listitem>
</varlistentry>
<varlistentry>
- <term>kline_exempt</term>
+ <term>kline_exempt (^)</term>
<listitem>
- <para>Users in this auth{} block are exempted from DNS blacklists, k:lines, g:lines and x:lines, and will not be disconnected because of d:lines.</para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>gline_exempt</term>
- <listitem>
- <para>Users in this auth{} block are exempted from g:lines.</para>
+ <para>Users in this auth{} block are exempted from DNS blacklists, k:lines and x:lines.</para>
</listitem>
</varlistentry>
<varlistentry>
</listitem>
</varlistentry>
<varlistentry>
- <term>flood_exempt</term>
+ <term>flood_exempt (|)</term>
<listitem>
<para>
Users in this auth{} block may send arbitrary amounts of
</listitem>
</varlistentry>
<varlistentry>
- <term>no_tilde</term>
+ <term>no_tilde (-)</term>
<listitem>
<para>Users in this auth{} block will not have a tilde added to their username if they do not run identd.</para>
</listitem>
</varlistentry>
<varlistentry>
- <term>need_ident</term>
+ <term>need_ident (+)</term>
<listitem>
<para>Users in this auth{} block must have identd, otherwise they will be rejected.</para>
</listitem>
<listitem>
<para>
A listing of privileges granted to operators using this block.
- By default, the operwall, remoteban and resv privileges are granted;
- use ~operwall, ~remoteban and ~resv to disable them if necessary.
+ By default, the mass_notice, operwall, remoteban and resv privileges are granted;
+ use ~mass_notice, ~operwall, ~remoteban and ~resv to disable them if necessary.
</para>
<para>
In addition, a flag designating if the password is encrypted is here.
<listitem>
<para>The hostname or IP to connect to.</para>
<note><para>
- Charybdis uses solely DNS for all hostname/address lookups
- (no <filename>/etc/hosts</filename> or anything else).
Furthermore, if a hostname is used, it must have an A or AAAA
record (no CNAME) and it must be the primary
hostname for inbound connections to work.
<term>topicburst</term>
<listitem>
<para>Topics should be bursted to this server.</para>
+ <para>This is enabled by default.</para>
</listitem>
</varlistentry>
</variablelist>
<varlistentry>
<term>all</term>
<listitem>
- <para>All of the above; this does not include locops or rehash</para>
+ <para>All of the above; this does not include locops, rehash, dline, tdline or undline.</para>
</listitem>
</varlistentry>
<varlistentry>
<para>REHASH commands; all options can be used</para>
</listitem>
</varlistentry>
+ <varlistentry>
+ <term>dline (D)</term>
+ <listitem>
+ <para>Permanent and temporary D:lines</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>tdline (d)</term>
+ <listitem>
+ <para>Temporary D:lines</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>undline (E)</term>
+ <listitem>
+ <para>D:line removals</para>
+ </listitem>
+ </varlistentry>
<varlistentry>
<term>none</term>
<listitem>
</variablelist>
</sect2>
</sect1>
+ <sect1>
+ <title>Hostname resolution (DNS)</title>
+ <para>
+ Charybdis uses solely DNS for all hostname/address lookups
+ (no <filename>/etc/hosts</filename> or anything else).
+ The DNS servers are taken from <filename>/etc/resolv.conf</filename>.
+ If this file does not exist or no valid IP addresses are listed in it,
+ the local host (127.0.0.1) is used. (Note that the latter part
+ did not work in older versions of Charybdis.)
+ </para>
+ <para>
+ IPv4 as well as IPv6 DNS servers are supported, but it is not
+ possible to use both IPv4 and IPv6 in
+ <filename>/etc/resolv.conf</filename>.
+ </para>
+ <para>
+ For both security and performance reasons, it is recommended
+ that a caching nameserver such as BIND be run on the same machine
+ as Charybdis and that <filename>/etc/resolv.conf</filename> only
+ list 127.0.0.1.
+ </para>
+ </sect1>
</chapter>
<!-- Keep this comment at the end of the file
Local variables:
projects / irc / rqf / shadowircd.git / blobdiff