Beispiel #1
0
    def get_config(self):
        s = dnstest.config.KnotConf()
        s.begin("server")
        self._on_str_hex(s, "identity", self.ident)
        self._on_str_hex(s, "version", self.version)
        self._on_str_hex(s, "nsid", self.nsid)
        s.item_str("rundir", self.dir)
        s.item_str("listen", "%s@%s" % (self.addr, self.port))
        if (self.tcp_idle_timeout):
            s.item_str("tcp-idle-timeout", self.tcp_idle_timeout)
        if (self.ratelimit):
            s.item_str("rate-limit", self.ratelimit)
        s.end()

        s.begin("control")
        s.item_str("listen", "knot.sock")
        s.end()

        if self.tsig:
            s.begin("key")
            self._key(s, self.tsig)
            self._key(s, self.tsig_test)

            keys = set() # Duplicy check.
            for zone in sorted(self.zones):
                z = self.zones[zone]
                if z.master and z.master.tsig.name not in keys:
                    t = z.master.tsig
                    self._key(s, t)
                    keys.add(t.name)
                for slave in z.slaves:
                    if slave.tsig and slave.tsig.name not in keys:
                        t = slave.tsig
                        self._key(s, t)
                        keys.add(t.name)
            s.end()

        have_remote = False
        servers = set() # Duplicity check.
        for zone in sorted(self.zones):
            z = self.zones[zone]
            if z.master and z.master.name not in servers:
                if not have_remote:
                    s.begin("remote")
                    have_remote = True
                s.id_item("id", z.master.name)
                s.item_str("address", "%s@%s" % (z.master.addr, z.master.port))
                if z.master.tsig:
                    s.item_str("key", z.master.tsig.name)
                servers.add(z.master.name)
            for slave in z.slaves:
                if slave.name not in servers:
                    if not have_remote:
                        s.begin("remote")
                        have_remote = True
                    s.id_item("id", slave.name)
                    s.item_str("address", "%s@%s" % (slave.addr, slave.port))
                    if slave.tsig:
                        s.item_str("key", slave.tsig.name)
                    servers.add(slave.name)
        if have_remote:
            s.end()

        s.begin("acl")
        s.id_item("id", "acl_local")
        s.item_str("address", self.addr)
        if self.tsig:
            s.item_str("key", self.tsig.name)
        s.item("action", "[transfer, notify, update]")

        s.id_item("id", "acl_test")
        s.item_str("address", self.addr)
        if self.tsig_test:
            s.item_str("key", self.tsig_test.name)
        s.item("action", "[transfer, notify, update]")

        servers = set() # Duplicity check.
        for zone in sorted(self.zones):
            z = self.zones[zone]
            if z.master and z.master.name not in servers:
                s.id_item("id", "acl_%s" % z.master.name)
                s.item_str("address", z.master.addr)
                if z.master.tsig:
                    s.item_str("key", z.master.tsig.name)
                s.item("action", "notify")
                servers.add(z.master.name)
            for slave in z.slaves:
                if slave.name in servers:
                    continue
                s.id_item("id", "acl_%s" % slave.name)
                s.item_str("address", slave.addr)
                if slave.tsig:
                    s.item_str("key", slave.tsig.name)
                s.item("action", "transfer")
                servers.add(slave.name)
        s.end()

        if len(self.modules) > 0:
            for module in self.modules:
                module.get_conf(s)

        for zone in sorted(self.zones):
            z = self.zones[zone]
            if len(z.modules) > 0:
                for module in z.modules:
                    module.get_conf(s)

        s.begin("template")
        s.id_item("id", "default")
        s.item_str("storage", self.dir)
        if self.zonefile_sync:
            s.item_str("zonefile-sync", self.zonefile_sync)
        else:
            s.item_str("zonefile-sync", "1d")
        if self.journal_size:
            s.item_str("max-journal-size", self.journal_size)
        s.item_str("semantic-checks", "on")
        if self.disable_any:
            s.item_str("disable-any", "on")
        if self.dnssec_enable:
            s.item_str("kasp-db", self.keydir)
            s.item_str("dnssec-signing", "on")
        if len(self.modules) > 0:
            modules = ""
            for module in self.modules:
                if modules:
                    modules += ", "
                modules += module.get_conf_ref()
            s.item("module", "[%s]" % modules)
        s.end()

        s.begin("zone")
        for zone in sorted(self.zones):
            z = self.zones[zone]
            s.id_item("domain", z.name)
            s.item_str("file", z.zfile.path)

            acl = ""
            if z.master:
                s.item("master", z.master.name)
                if not z.master.disable_notify:
                    acl = "acl_%s" % z.master.name

            if z.slaves:
                slaves = ""
                for slave in z.slaves:
                    if slave.disable_notify:
                        continue
                    if slaves:
                        slaves += ", "
                    slaves += slave.name
                if slaves:
                    s.item("notify", "[%s]" % slaves)

            if acl:
                acl += ", "
            acl += "acl_local, acl_test"
            s.item("acl", "[%s]" % acl)

            if z.ixfr and not z.master:
                s.item_str("ixfr-from-differences", "on")

            if len(z.modules) > 0:
                modules = ""
                for module in z.modules:
                    if modules:
                        modules += ", "
                    modules += module.get_conf_ref()
                s.item("module", "[%s]" % modules)
        s.end()

        s.begin("log")
        s.id_item("target", "stdout")
        s.item_str("any", "debug")
        s.end()

        self.start_params = ["-c", self.confile]
        self.ctl_params = ["-c", self.confile]

        return s.conf
Beispiel #2
0
    def get_config(self):
        s = KnotConf()
        s.begin("system")
        self._on_str_hex(s, "identity", self.ident)
        self._on_str_hex(s, "version", self.version)
        self._on_str_hex(s, "nsid", self.nsid)
        self._on_str_hex(s, "rate-limit", self.ratelimit)
        s.item_str("rundir", self.dir)
        if (self.max_conn_idle):
            s.item("max-conn-idle", self.max_conn_idle)
        s.end()

        s.begin("control")
        s.item_str("listen-on", "knot.sock")
        s.end()

        s.begin("interfaces")
        if self.ip == 4:
            s.begin("ipv4")
        else:
            s.begin("ipv6")
        s.item("address", self.addr)
        s.item("port", self.port)
        s.end()
        s.end()

        if self.tsig:
            s.begin("keys")
            t = self.tsig
            s.item_str("\"%s\" %s" % (t.name, t.alg), t.key)
            t = self.tsig_test
            s.item_str("\"%s\" %s" % (t.name, t.alg), t.key)

            keys = set()  # Duplicy check.
            for zone in sorted(self.zones):
                z = self.zones[zone]
                if z.master and z.master.tsig.name not in keys:
                    t = z.master.tsig
                    s.item_str("\"%s\" %s" % (t.name, t.alg), t.key)
                    keys.add(t.name)
                for slave in z.slaves:
                    if slave.tsig and slave.tsig.name not in keys:
                        t = slave.tsig
                        s.item_str("\"%s\" %s" % (t.name, t.alg), t.key)
                        keys.add(t.name)
            s.end()

        s.begin("remotes")
        s.begin("local")
        s.item("address", self.addr)
        if self.tsig:
            s.item_str("key", self.tsig.name)
        s.end()
        s.begin("test")
        s.item("address", self.addr)
        if self.tsig_test:
            s.item_str("key", self.tsig_test.name)
        s.end()

        servers = set()  # Duplicity check.
        for zone in sorted(self.zones):
            z = self.zones[zone]
            if z.master and z.master.name not in servers:
                s.begin(z.master.name)
                s.item("address", z.master.addr)
                s.item("port", z.master.port)
                if z.master.tsig:
                    s.item_str("key", z.master.tsig.name)
                s.end()
                servers.add(z.master.name)
            for slave in z.slaves:
                if slave.name not in servers:
                    s.begin(slave.name)
                    s.item("address", slave.addr)
                    s.item("port", slave.port)
                    if slave.tsig:
                        s.item_str("key", self.tsig.name)
                    s.end()
                    servers.add(slave.name)
        s.end()

        s.begin("zones")
        s.item_str("storage", self.dir)
        if self.zonefile_sync:
            s.item("zonefile-sync", self.zonefile_sync)
        else:
            s.item("zonefile-sync", "1d")
        if self.ixfr_fslimit:
            s.item("ixfr-fslimit", self.ixfr_fslimit)
        s.item("notify-timeout", "5")
        s.item("notify-retries", "5")
        s.item("semantic-checks", "on")
        if self.disable_any:
            s.item("disable-any", "on")
        if self.dnssec_enable:
            s.item_str("dnssec-keydir", self.keydir)
            s.item("dnssec-enable", "on")
        for zone in sorted(self.zones):
            z = self.zones[zone]
            s.begin(z.name)
            s.item_str("file", z.zfile.path)

            if z.master:
                if not self.disable_notify:
                    s.item("notify-in", z.master.name)
                s.item("xfr-in", z.master.name)

            slaves = ""
            if z.slaves:
                for slave in z.slaves:
                    if slaves:
                        slaves += ", "
                    slaves += slave.name
                s.item("notify-out", slaves)

            s.item("xfr-out", "local, test")

            if z.ddns:
                s.item("update-in", "test")

            if z.ixfr and not z.master:
                s.item("ixfr-from-differences", "on")

            if len(z.query_modules) > 0:
                s.begin("query_module")
                for query_module in z.query_modules:
                    s.item(query_module[0], '"' + query_module[1] + '"')
                s.end()
            s.end()
        s.end()

        s.begin("log")
        s.begin("stdout")
        s.item("any", "debug")
        s.end()
        s.begin("stderr")
        s.end()
        s.begin("syslog")
        s.end()
        s.end()

        self.start_params = ["-c", self.confile]
        self.reload_params = ["-c", self.confile, "reload"]
        self.flush_params = ["-c", self.confile, "flush"]

        return s.conf
Beispiel #3
0
    def get_config(self):
        s = dnstest.config.BindConf()
        s.begin("options")
        self._str(s, "server-id", self.ident)
        self._str(s, "version", self.version)
        s.item_str("directory", self.dir)
        s.item_str("key-directory", self.dir)
        s.item_str("managed-keys-directory", self.dir)
        s.item_str("session-keyfile", self.dir + "/session.key")
        s.item_str("pid-file", "bind.pid")
        if self.ip == 4:
            s.item("listen-on port", "%i { %s; }" % (self.port, self.addr))
            s.item("listen-on-v6", "{ }")
        else:
            s.item("listen-on", "{ }")
            s.item("listen-on-v6 port", "%i { %s; }" % (self.port, self.addr))
        s.item("auth-nxdomain", "no")
        s.item("recursion", "no")
        s.item("masterfile-format", "text")
        s.item("max-refresh-time", "2")
        s.item("max-retry-time", "2")
        s.item("transfers-in", "30")
        s.item("transfers-out", "30")
        s.end()

        s.begin("key", self.ctlkey.name)
        s.item("algorithm", self.ctlkey.alg)
        s.item_str("secret", self.ctlkey.key)
        s.end()

        s.begin("controls")
        s.item("inet %s port %i allow { %s; } keys { %s; }"
               % (self.addr, self.ctlport, self.addr, self.ctlkey.name))
        s.end()

        if self.tsig:
            t = self.tsig
            s.begin("key", t.name)
            s.item("# Local key")
            s.item("algorithm", t.alg)
            s.item_str("secret", t.key)
            s.end()
            t = self.tsig_test
            s.begin("key", t.name)
            s.item("# Test key")
            s.item("algorithm", t.alg)
            s.item_str("secret", t.key)
            s.end()

            keys = set() # Duplicy check.
            for zone in sorted(self.zones):
                z = self.zones[zone]
                if z.master and z.master.tsig.name not in keys:
                    t = z.master.tsig
                    s.begin("key", t.name)
                    s.item("algorithm", t.alg)
                    s.item_str("secret", t.key)
                    s.end()
                    keys.add(t.name)
                for slave in z.slaves:
                    if slave.tsig and slave.tsig.name not in keys:
                        t = slave.tsig
                        s.begin("key", t.name)
                        s.item("algorithm", t.alg)
                        s.item_str("secret", t.key)
                        s.end()
                        keys.add(t.name)

        for zone in sorted(self.zones):
            z = self.zones[zone]
            s.begin("zone", z.name)
            s.item_str("file", z.zfile.path)
            s.item("check-names", "warn")
            if z.master:
                s.item("type", "slave")

                if self.tsig:
                    if not z.master.disable_notify:
                        s.item("allow-notify", "{ key %s; }" % z.master.tsig.name)
                    s.item("masters", "{ %s port %i key %s; }" \
                           % (z.master.addr, z.master.port, z.master.tsig.name))
                else:
                    if not z.master.disable_notify:
                        s.item("allow-notify", "{ %s; }" % z.master.addr)
                    s.item("masters", "{ %s port %i; }" \
                           % (z.master.addr, z.master.port))
            else:
                s.item("type", "master")
                s.item("notify", "explicit")

            if z.ixfr and not z.master:
                s.item("ixfr-from-differences", "yes")

            if z.slaves:
                slaves = ""
                for slave in z.slaves:
                    if slave.disable_notify:
                        continue
                    if self.tsig:
                        slaves += "%s port %i key %s; " \
                                  % (slave.addr, slave.port, self.tsig.name)
                    else:
                        slaves += "%s port %i; " % (slave.addr, slave.port)
                if slaves:
                    s.item("also-notify", "{ %s}" % slaves)

            if z.ddns:
                if self.tsig:
                    upd = "key %s; " % self.tsig_test.name
                else:
                    upd = "%s; " % self.addr

                if z.master:
                    s.item("allow-update-forwarding", "{ %s}" % upd)
                else:
                    s.item("allow-update", "{ %s}" % upd)

            if self.tsig:
                s.item("allow-transfer", "{ key %s; key %s; }" %
                       (self.tsig.name, self.tsig_test.name))
            else:
                s.item("allow-transfer", "{ %s; }" % self.addr)
            s.end()

        self.start_params = ["-c", self.confile, "-g"]
        self.ctl_params = ["-s", self.addr, "-p", str(self.ctlport), \
                           "-k", self.ctlkeyfile]

        return s.conf
Beispiel #4
0
    def get_config(self):
        s = BindConf()
        s.begin("options")
        self._str(s, "server-id", self.ident)
        self._str(s, "version", self.version)
        s.item_str("directory", self.dir)
        s.item_str("key-directory", self.dir)
        s.item_str("managed-keys-directory", self.dir)
        s.item_str("session-keyfile", self.dir + "/session.key")
        s.item_str("pid-file", "bind.pid")
        if self.ip == 4:
            s.item("listen-on port", "%i { %s; }" % (self.port, self.addr))
            s.item("listen-on-v6", "{ }")
        else:
            s.item("listen-on", "{ }")
            s.item("listen-on-v6 port", "%i { %s; }" % (self.port, self.addr))
        s.item("auth-nxdomain", "no")
        s.item("recursion", "no")
        s.item("masterfile-format", "text")
        s.item("max-refresh-time", "2")
        s.item("max-retry-time", "2")
        s.item("transfers-in", "30")
        s.item("transfers-out", "30")
        s.end()

        s.begin("key", self.ctlkey.name)
        s.item("algorithm", self.ctlkey.alg)
        s.item_str("secret", self.ctlkey.key)
        s.end()

        s.begin("controls")
        s.item("inet %s port %i allow { %s; } keys { %s; }" %
               (self.addr, self.ctlport, self.addr, self.ctlkey.name))
        s.end()

        if self.tsig:
            t = self.tsig
            s.begin("key", t.name)
            s.item("# Local key")
            s.item("algorithm", t.alg)
            s.item_str("secret", t.key)
            s.end()
            t = self.tsig_test
            s.begin("key", t.name)
            s.item("# Test key")
            s.item("algorithm", t.alg)
            s.item_str("secret", t.key)
            s.end()

            keys = set()  # Duplicy check.
            for zone in sorted(self.zones):
                z = self.zones[zone]
                if z.master and z.master.tsig.name not in keys:
                    t = z.master.tsig
                    s.begin("key", t.name)
                    s.item("algorithm", t.alg)
                    s.item_str("secret", t.key)
                    s.end()
                    keys.add(t.name)
                for slave in z.slaves:
                    if slave.tsig and slave.tsig.name not in keys:
                        t = slave.tsig
                        s.begin("key", t.name)
                        s.item("algorithm", t.alg)
                        s.item_str("secret", t.key)
                        s.end()
                        keys.add(t.name)

        for zone in sorted(self.zones):
            z = self.zones[zone]
            s.begin("zone", z.name)
            s.item_str("file", z.zfile.path)
            s.item("check-names", "warn")
            if z.master:
                s.item("type", "slave")

                if self.tsig:
                    s.item("allow-notify", "{ key %s; }" % z.master.tsig.name)
                    s.item("masters", "{ %s port %i key %s; }" \
                           % (z.master.addr, z.master.port, z.master.tsig.name))
                else:
                    s.item("allow-notify", "{ %s; }" % z.master.addr)
                    s.item("masters", "{ %s port %i; }" \
                           % (z.master.addr, z.master.port))
            else:
                s.item("type", "master")
                s.item("notify", "explicit")

            if z.ixfr and not z.master:
                s.item("ixfr-from-differences", "yes")

            if z.slaves:
                slaves = ""
                for slave in z.slaves:
                    if self.tsig:
                        slaves += "%s port %i key %s; " \
                                  % (slave.addr, slave.port, self.tsig.name)
                    else:
                        slaves += "%s port %i; " % (slave.addr, slave.port)
                s.item("also-notify", "{ %s}" % slaves)

            if z.ddns:
                if self.tsig:
                    upd = "key %s; " % self.tsig_test.name
                else:
                    upd = "%s; " % self.addr

                if z.master:
                    s.item("allow-update-forwarding", "{ %s}" % upd)
                else:
                    s.item("allow-update", "{ %s}" % upd)

            if self.tsig:
                s.item(
                    "allow-transfer", "{ key %s; key %s; }" %
                    (self.tsig.name, self.tsig_test.name))
            else:
                s.item("allow-transfer", "{ %s; }" % self.addr)
            s.end()

        self.start_params = ["-c", self.confile, "-g"]
        self.reload_params = ["-s", self.addr, "-p", str(self.ctlport), \
                              "-k", self.ctlkeyfile, "reload"]
        self.flush_params = ["-s", self.addr, "-p", str(self.ctlport), \
                             "-k", self.ctlkeyfile, "flush"]

        return s.conf
Beispiel #5
0
    def get_config(self):
        s = dnstest.config.BindConf()
        s.begin("options")
        self._str(s, "server-id", self.ident)
        self._str(s, "version", self.version)
        s.item_str("directory", self.dir)
        s.item_str("key-directory", self.dir)
        s.item_str("managed-keys-directory", self.dir)
        s.item_str("session-keyfile", self.dir + "/session.key")
        s.item_str("pid-file", "bind.pid")
        if ipaddress.ip_address(self.addr).version == 4:
            s.item("listen-on port", "%i { %s; }" % (self.port, self.addr))
            s.item("listen-on-v6", "{ }")
        else:
            s.item("listen-on", "{ }")
            s.item("listen-on-v6 port", "%i { %s; }" % (self.port, self.addr))
        s.item("auth-nxdomain", "no")
        s.item("recursion", "no")
        s.item("masterfile-format", "text")
        s.item("max-refresh-time", "2")
        s.item("max-retry-time", "2")
        s.item("transfers-in", "30")
        s.item("transfers-out", "30")
        s.item("minimal-responses", "true")
        s.item("additional-from-auth", "false")
        s.item("additional-from-cache", "false")
        s.item("notify-delay", "0")
        s.item("notify-rate", "1000")
        s.item("startup-notify-rate", "1000")
        s.item("serial-query-rate", "1000")
        s.end()

        s.begin("key", self.ctlkey.name)
        s.item("algorithm", self.ctlkey.alg)
        s.item_str("secret", self.ctlkey.key)
        s.end()

        s.begin("controls")
        s.item("inet %s port %i allow { %s; } keys { %s; }"
               % (self.addr, self.ctlport, params.test.addr, self.ctlkey.name))
        s.end()

        if self.tsig:
            t = self.tsig
            s.begin("key", t.name)
            s.item("# Local key")
            s.item("algorithm", t.alg)
            s.item_str("secret", t.key)
            s.end()
            t = self.tsig_test
            s.begin("key", t.name)
            s.item("# Test key")
            s.item("algorithm", t.alg)
            s.item_str("secret", t.key)
            s.end()

            keys = set() # Duplicy check.
            for zone in sorted(self.zones):
                z = self.zones[zone]
                for master in z.masters:
                    if master.tsig.name not in keys:
                        t = master.tsig
                        s.begin("key", t.name)
                        s.item("algorithm", t.alg)
                        s.item_str("secret", t.key)
                        s.end()
                        keys.add(t.name)
                for slave in z.slaves:
                    if slave.tsig and slave.tsig.name not in keys:
                        t = slave.tsig
                        s.begin("key", t.name)
                        s.item("algorithm", t.alg)
                        s.item_str("secret", t.key)
                        s.end()
                        keys.add(t.name)

        for zone in sorted(self.zones):
            z = self.zones[zone]
            s.begin("zone", z.name)
            s.item_str("file", z.zfile.path)
            s.item("check-names", "warn")

            if z.masters:
                s.item("type", "slave")

                masters = ""
                masters_notify = ""
                for master in z.masters:
                    if self.tsig:
                        masters += "%s port %i key %s; " \
                                   % (master.addr, master.port, master.tsig.name)
                        if not master.disable_notify:
                            masters_notify += "key %s; " % master.tsig.name
                    else:
                        masters += "%s port %i; " \
                                   % (master.addr, master.port)
                        if not master.disable_notify:
                            masters_notify += "%s; " % master.addr
                s.item("masters", "{ %s}" % masters)
                if masters_notify:
                    s.item("allow-notify", "{ %s}" % masters_notify)
            else:
                s.item("type", "master")
                s.item("notify", "explicit")

            if z.ixfr and not z.masters:
                s.item("ixfr-from-differences", "yes")

            if z.slaves:
                slaves = ""
                for slave in z.slaves:
                    if slave.disable_notify:
                        continue
                    if self.tsig:
                        slaves += "%s port %i key %s; " \
                                  % (slave.addr, slave.port, self.tsig.name)
                    else:
                        slaves += "%s port %i; " % (slave.addr, slave.port)
                if slaves:
                    s.item("also-notify", "{ %s}" % slaves)

            if z.ddns:
                if self.tsig_test:
                    upd = "key %s; " % self.tsig_test.name
                else:
                    upd = "%s; " % params.test.addr

                if z.masters:
                    s.item("allow-update-forwarding", "{ %s}" % upd)
                else:
                    s.item("allow-update", "{ %s}" % upd)

            if self.tsig or self.tsig_test:
                s.item("allow-transfer", "{%s%s }" %
                       ((" key %s;" % self.tsig.name) if self.tsig else "",
                        (" key %s;" % self.tsig_test.name) if self.tsig_test else ""))
            else:
                s.item("allow-transfer", "{ any; }")
            s.end()

        self.start_params = ["-c", self.confile, "-g"]
        self.ctl_params = ["-s", self.addr, "-p", str(self.ctlport), \
                           "-k", self.ctlkeyfile]

        return s.conf
Beispiel #6
0
    def get_config(self):
        s = dnstest.config.KnotConf()

        for file in self.includes:
            s.include(file)

        s.begin("server")
        self._on_str_hex(s, "identity", self.ident)
        self._on_str_hex(s, "version", self.version)
        self._on_str_hex(s, "nsid", self.nsid)
        s.item_str("rundir", self.dir)
        s.item_str("listen", "%s@%s" % (self.addr, self.port))
        self._str(s, "tcp-reply-timeout", self.tcp_reply_timeout)
        self._str(s, "max-udp-payload", self.max_udp_payload)
        self._str(s, "max-ipv4-udp-payload", self.max_udp4_payload)
        self._str(s, "max-ipv6-udp-payload", self.max_udp6_payload)
        s.end()

        s.begin("control")
        s.item_str("listen", "knot.sock")
        s.item_str("timeout", "15")
        s.end()

        if self.tsig:
            s.begin("key")
            self._key(s, self.tsig)
            self._key(s, self.tsig_test)

            keys = set() # Duplicy check.
            for zone in sorted(self.zones):
                z = self.zones[zone]
                for master in z.masters:
                    if master.tsig.name not in keys:
                        t = master.tsig
                        self._key(s, t)
                        keys.add(t.name)
                for slave in z.slaves:
                    if slave.tsig.name not in keys:
                        t = slave.tsig
                        self._key(s, t)
                        keys.add(t.name)
            s.end()

        have_remote = False
        servers = set() # Duplicity check.
        for zone in sorted(self.zones):
            z = self.zones[zone]
            for master in z.masters:
                if master.name not in servers:
                    if not have_remote:
                        s.begin("remote")
                        have_remote = True
                    s.id_item("id", master.name)
                    s.item_str("address", "%s@%s" % (master.addr, master.port))
                    if master.tsig:
                        s.item_str("key", master.tsig.name)
                    servers.add(master.name)
            for slave in z.slaves:
                if slave.name not in servers:
                    if not have_remote:
                        s.begin("remote")
                        have_remote = True
                    s.id_item("id", slave.name)
                    s.item_str("address", "%s@%s" % (slave.addr, slave.port))
                    if slave.tsig:
                        s.item_str("key", slave.tsig.name)
                    servers.add(slave.name)
            for parent in z.dnssec.ksk_sbm_check:
                if parent.name not in servers:
                    if not have_remote:
                        s.begin("remote")
                        have_remote = True
                    s.id_item("id", parent.name)
                    s.item_str("address", "%s@%s" % (parent.addr, parent.port))
                    servers.add(parent.name)
                    
        if have_remote:
            s.end()

        s.begin("acl")
        s.id_item("id", "acl_local")
        s.item_str("address", params.test.addr)
        if self.tsig:
            s.item_str("key", self.tsig.name)
        s.item("action", "[transfer, notify, update]")

        s.id_item("id", "acl_test")
        s.item_str("address", params.test.addr)
        if self.tsig_test:
            s.item_str("key", self.tsig_test.name)
        s.item("action", "[transfer, notify, update]")

        servers = set() # Duplicity check.
        for zone in sorted(self.zones):
            z = self.zones[zone]
            for master in z.masters:
                if master.name not in servers:
                    s.id_item("id", "acl_%s" % master.name)
                    s.item_str("address", master.addr)
                    if master.tsig:
                        s.item_str("key", master.tsig.name)
                    s.item("action", "notify")
                    servers.add(master.name)
            for slave in z.slaves:
                if slave.name in servers:
                    continue
                s.id_item("id", "acl_%s" % slave.name)
                s.item_str("address", slave.addr)
                if slave.tsig:
                    s.item_str("key", slave.tsig.name)
                s.item("action", "transfer")
                servers.add(slave.name)
        s.end()

        if len(self.modules) > 0:
            for module in self.modules:
                module.get_conf(s)

        for zone in sorted(self.zones):
            z = self.zones[zone]
            if len(z.modules) > 0:
                for module in z.modules:
                    module.get_conf(s)

        have_sbm = False
        for zone in sorted(self.zones):
            z = self.zones[zone]
            if not z.dnssec.enable:
                continue
            if len(z.dnssec.ksk_sbm_check) < 1:
                continue
            if not have_sbm:
                s.begin("submission")
                have_sbm = True
            s.id_item("id", z.name)
            parents = ""
            for parent in z.dnssec.ksk_sbm_check:
                if parents:
                    parents += ", "
                parents += parent.name
            s.item("parent", "[%s]" % parents)
            self._str(s, "check-interval", z.dnssec.ksk_sbm_check_interval)
        if have_sbm:
            s.end()

        have_policy = False
        for zone in sorted(self.zones):
            z = self.zones[zone]
            if not z.dnssec.enable:
                continue

            if not have_policy:
                s.begin("policy")
                have_policy = True
            s.id_item("id", z.name)
            self._bool(s, "manual", z.dnssec.manual)
            self._bool(s, "single-type-signing", z.dnssec.single_type_signing)
            self._str(s, "algorithm", z.dnssec.alg)
            self._str(s, "ksk_size", z.dnssec.ksk_size)
            self._str(s, "zsk_size", z.dnssec.zsk_size)
            self._str(s, "dnskey-ttl", z.dnssec.dnskey_ttl)
            self._str(s, "zone-max-ttl", z.dnssec.zone_max_ttl)
            self._str(s, "ksk-lifetime", z.dnssec.ksk_lifetime)
            self._str(s, "zsk-lifetime", z.dnssec.zsk_lifetime)
            self._str(s, "propagation-delay", z.dnssec.propagation_delay)
            self._str(s, "rrsig-lifetime", z.dnssec.rrsig_lifetime)
            self._str(s, "rrsig-refresh", z.dnssec.rrsig_refresh)
            self._bool(s, "nsec3", z.dnssec.nsec3)
            self._str(s, "nsec3-iterations", z.dnssec.nsec3_iters)
            self._bool(s, "nsec3-opt-out", z.dnssec.nsec3_opt_out)
            self._str(s, "nsec3-salt-lifetime", z.dnssec.nsec3_salt_lifetime)
            self._str(s, "nsec3-salt-length", z.dnssec.nsec3_salt_len)
            if len(z.dnssec.ksk_sbm_check) > 0:
                s.item("ksk-submission", z.name)
            self._bool(s, "ksk-shared", z.dnssec.ksk_shared)
            self._str(s, "cds-cdnskey-publish", z.dnssec.cds_publish)
            self._str(s, "offline-ksk", z.dnssec.offline_ksk)
        if have_policy:
            s.end()

        s.begin("template")
        s.id_item("id", "default")
        s.item_str("storage", self.dir)
        s.item_str("zonefile-sync", self.zonefile_sync)
        s.item_str("kasp-db", self.keydir)
        s.item_str("max-kasp-db-size", self.kasp_db_size)
        s.item_str("max-journal-db-size", self.journal_db_size)
        s.item_str("max-journal-usage", self.max_journal_usage)
        s.item_str("max-timer-db-size", self.timer_db_size)
        s.item_str("semantic-checks", "on")
        if self.disable_any:
            s.item_str("disable-any", "on")
        if len(self.modules) > 0:
            modules = ""
            for module in self.modules:
                if modules:
                    modules += ", "
                modules += module.get_conf_ref()
            s.item("global-module", "[%s]" % modules)
        if self.zone_size_limit:
            s.item("max-zone-size", self.zone_size_limit)
        s.end()

        s.begin("zone")
        for zone in sorted(self.zones):
            z = self.zones[zone]
            s.id_item("domain", z.name)
            s.item_str("file", z.zfile.path)

            acl = ""
            if z.masters:
                masters = ""
                for master in z.masters:
                    if masters:
                        masters += ", "
                    masters += master.name
                    if not master.disable_notify:
                        if acl:
                            acl += ", "
                        acl += "acl_%s" % master.name
                s.item("master", "[%s]" % masters)
            if z.slaves:
                slaves = ""
                for slave in z.slaves:
                    if slave.disable_notify:
                        continue
                    if slaves:
                        slaves += ", "
                    slaves += slave.name
                if slaves:
                    s.item("notify", "[%s]" % slaves)
            if acl:
                acl += ", "
            acl += "acl_local, acl_test"
            s.item("acl", "[%s]" % acl)

            s.item_str("journal-content", z.journal_content)

            if z.journal_content == "all" and z.masters:
                s.item_str("zonefile-load", "none")
            elif z.ixfr:
                s.item_str("zonefile-load", "difference")

            if z.dnssec.enable:
                s.item_str("dnssec-signing", "on")
                s.item_str("dnssec-policy", z.name)

            if len(z.modules) > 0:
                modules = ""
                for module in z.modules:
                    if modules:
                        modules += ", "
                    modules += module.get_conf_ref()
                s.item("module", "[%s]" % modules)
        s.end()

        s.begin("log")
        s.id_item("target", "stdout")
        s.item_str("any", "debug")
        s.end()

        self.start_params = ["-c", self.confile]
        self.ctl_params = ["-c", self.confile, "-t", "15"]

        return s.conf
Beispiel #7
0
    def get_config(self):
        s = dnstest.config.KnotConf()
        s.begin("server")
        self._on_str_hex(s, "identity", self.ident)
        self._on_str_hex(s, "version", self.version)
        self._on_str_hex(s, "nsid", self.nsid)
        s.item_str("rundir", self.dir)
        s.item_str("listen", "%s@%s" % (self.addr, self.port))
        self._str(s, "tcp-reply-timeout", self.tcp_reply_timeout)
        self._str(s, "max-udp-payload", self.max_udp_payload)
        self._str(s, "max-ipv4-udp-payload", self.max_udp4_payload)
        self._str(s, "max-ipv6-udp-payload", self.max_udp6_payload)
        if self.ratelimit is not None:
            s.item_str("rate-limit", self.ratelimit)
            if self.ratelimit_slip is not None:
                s.item_str("rate-limit-slip", self.ratelimit_slip)
            if self.ratelimit_whitelist is not None:
                s.item_str("rate-limit-whitelist", self.ratelimit_whitelist)
        s.end()

        s.begin("control")
        s.item_str("listen", "knot.sock")
        s.item_str("timeout", "15")
        s.end()

        if self.tsig:
            s.begin("key")
            self._key(s, self.tsig)
            self._key(s, self.tsig_test)

            keys = set()  # Duplicy check.
            for zone in sorted(self.zones):
                z = self.zones[zone]
                for master in z.masters:
                    if master.tsig.name not in keys:
                        t = master.tsig
                        self._key(s, t)
                        keys.add(t.name)
                for slave in z.slaves:
                    if slave.tsig.name not in keys:
                        t = slave.tsig
                        self._key(s, t)
                        keys.add(t.name)
            s.end()

        have_remote = False
        servers = set()  # Duplicity check.
        for zone in sorted(self.zones):
            z = self.zones[zone]
            for master in z.masters:
                if master.name not in servers:
                    if not have_remote:
                        s.begin("remote")
                        have_remote = True
                    s.id_item("id", master.name)
                    s.item_str("address", "%s@%s" % (master.addr, master.port))
                    if master.tsig:
                        s.item_str("key", master.tsig.name)
                    servers.add(master.name)
            for slave in z.slaves:
                if slave.name not in servers:
                    if not have_remote:
                        s.begin("remote")
                        have_remote = True
                    s.id_item("id", slave.name)
                    s.item_str("address", "%s@%s" % (slave.addr, slave.port))
                    if slave.tsig:
                        s.item_str("key", slave.tsig.name)
                    servers.add(slave.name)
        if have_remote:
            s.end()

        s.begin("acl")
        s.id_item("id", "acl_local")
        s.item_str("address", params.test.addr)
        if self.tsig:
            s.item_str("key", self.tsig.name)
        s.item("action", "[transfer, notify, update]")

        s.id_item("id", "acl_test")
        s.item_str("address", params.test.addr)
        if self.tsig_test:
            s.item_str("key", self.tsig_test.name)
        s.item("action", "[transfer, notify, update]")

        servers = set()  # Duplicity check.
        for zone in sorted(self.zones):
            z = self.zones[zone]
            for master in z.masters:
                if master.name not in servers:
                    s.id_item("id", "acl_%s" % master.name)
                    s.item_str("address", master.addr)
                    if master.tsig:
                        s.item_str("key", master.tsig.name)
                    s.item("action", "notify")
                    servers.add(master.name)
            for slave in z.slaves:
                if slave.name in servers:
                    continue
                s.id_item("id", "acl_%s" % slave.name)
                s.item_str("address", slave.addr)
                if slave.tsig:
                    s.item_str("key", slave.tsig.name)
                s.item("action", "transfer")
                servers.add(slave.name)
        s.end()

        if len(self.modules) > 0:
            for module in self.modules:
                module.get_conf(s)

        for zone in sorted(self.zones):
            z = self.zones[zone]
            if len(z.modules) > 0:
                for module in z.modules:
                    module.get_conf(s)

        s.begin("policy")
        for zone in sorted(self.zones):
            z = self.zones[zone]
            if not z.dnssec.enable:
                continue
            s.id_item("id", z.name)
            self._bool(s, "manual", z.dnssec.manual)
            self._str(s, "algorithm", z.dnssec.alg)
            self._str(s, "ksk_size", z.dnssec.ksk_size)
            self._str(s, "zsk_size", z.dnssec.zsk_size)
            self._bool(s, "nsec3", z.dnssec.nsec3)
            self._str(s, "nsec3-iterations", z.dnssec.nsec3_iters)
            self._str(s, "nsec3-salt-lifetime", z.dnssec.nsec3_salt_lifetime)
            self._str(s, "nsec3-salt-length", z.dnssec.nsec3_salt_len)
        s.end()

        s.begin("template")
        s.id_item("id", "default")
        s.item_str("storage", self.dir)
        s.item_str("kasp-db", self.keydir)
        if self.zonefile_sync:
            s.item_str("zonefile-sync", self.zonefile_sync)
        else:
            s.item_str("zonefile-sync", "1d")
        if self.journal_size:
            s.item_str("max-journal-size", self.journal_size)
        s.item_str("semantic-checks", "on")
        if self.disable_any:
            s.item_str("disable-any", "on")
        if len(self.modules) > 0:
            modules = ""
            for module in self.modules:
                if modules:
                    modules += ", "
                modules += module.get_conf_ref()
            s.item("global-module", "[%s]" % modules)
        if self.zone_size_limit:
            s.item("max-zone-size", self.zone_size_limit)
        s.end()

        s.begin("zone")
        for zone in sorted(self.zones):
            z = self.zones[zone]
            s.id_item("domain", z.name)
            s.item_str("file", z.zfile.path)

            acl = ""
            if z.masters:
                masters = ""
                for master in z.masters:
                    if masters:
                        masters += ", "
                    masters += master.name
                    if not master.disable_notify:
                        if acl:
                            acl += ", "
                        acl += "acl_%s" % master.name
                s.item("master", "[%s]" % masters)
            if z.slaves:
                slaves = ""
                for slave in z.slaves:
                    if slave.disable_notify:
                        continue
                    if slaves:
                        slaves += ", "
                    slaves += slave.name
                if slaves:
                    s.item("notify", "[%s]" % slaves)
            if acl:
                acl += ", "
            acl += "acl_local, acl_test"
            s.item("acl", "[%s]" % acl)

            if z.ixfr and not z.masters:
                s.item_str("ixfr-from-differences", "on")

            if z.dnssec.enable:
                s.item_str("dnssec-signing", "on")
                s.item_str("dnssec-policy", z.name)

            if len(z.modules) > 0:
                modules = ""
                for module in z.modules:
                    if modules:
                        modules += ", "
                    modules += module.get_conf_ref()
                s.item("module", "[%s]" % modules)
        s.end()

        s.begin("log")
        s.id_item("target", "stdout")
        s.item_str("any", "debug")
        s.end()

        self.start_params = ["-c", self.confile]
        self.ctl_params = ["-c", self.confile, "-t", "15"]

        return s.conf
Beispiel #8
0
    def get_config(self):
        s = KnotConf()
        s.begin("system")
        self._on_str_hex(s, "identity", self.ident)
        self._on_str_hex(s, "version", self.version)
        self._on_str_hex(s, "nsid", self.nsid)
        self._on_str_hex(s, "rate-limit", self.ratelimit)
        s.item_str("rundir", self.dir)
        if (self.max_conn_idle):
            s.item("max-conn-idle", self.max_conn_idle)
        s.end()

        s.begin("control")
        s.item_str("listen-on", "knot.sock")
        s.end()

        s.begin("interfaces")
        if self.ip == 4:
            s.begin("ipv4")
        else:
            s.begin("ipv6")
        s.item("address", self.addr)
        s.item("port", self.port)
        s.end()
        s.end()

        if self.tsig:
            s.begin("keys")
            t = self.tsig
            s.item_str("\"%s\" %s" % (t.name, t.alg), t.key)
            t = self.tsig_test
            s.item_str("\"%s\" %s" % (t.name, t.alg), t.key)

            keys = set() # Duplicy check.
            for zone in sorted(self.zones):
                z = self.zones[zone]
                if z.master and z.master.tsig.name not in keys:
                    t = z.master.tsig
                    s.item_str("\"%s\" %s" % (t.name, t.alg), t.key)
                    keys.add(t.name)
                for slave in z.slaves:
                    if slave.tsig and slave.tsig.name not in keys:
                        t = slave.tsig
                        s.item_str("\"%s\" %s" % (t.name, t.alg), t.key)
                        keys.add(t.name)
            s.end()

        s.begin("remotes")
        s.begin("local")
        s.item("address", self.addr)
        if self.tsig:
            s.item_str("key", self.tsig.name)
        s.end()
        s.begin("test")
        s.item("address", self.addr)
        if self.tsig_test:
            s.item_str("key", self.tsig_test.name)
        s.end()

        servers = set() # Duplicity check.
        for zone in sorted(self.zones):
            z = self.zones[zone]
            if z.master and z.master.name not in servers:
                s.begin(z.master.name)
                s.item("address", z.master.addr)
                s.item("port", z.master.port)
                if z.master.tsig:
                    s.item_str("key", z.master.tsig.name)
                s.end()
                servers.add(z.master.name)
            for slave in z.slaves:
                if slave.name not in servers:
                    s.begin(slave.name)
                    s.item("address", slave.addr)
                    s.item("port", slave.port)
                    if slave.tsig:
                        s.item_str("key", self.tsig.name)
                    s.end()
                    servers.add(slave.name)
        s.end()

        s.begin("zones")
        s.item_str("storage", self.dir)
        if self.zonefile_sync:
            s.item("zonefile-sync", self.zonefile_sync)
        else:
            s.item("zonefile-sync", "1d")
        if self.ixfr_fslimit:
            s.item("ixfr-fslimit", self.ixfr_fslimit)
        s.item("notify-timeout", "5")
        s.item("notify-retries", "5")
        s.item("semantic-checks", "on")
        if self.disable_any:
            s.item("disable-any", "on")
        if self.dnssec_enable:
            s.item_str("dnssec-keydir", self.keydir)
            s.item("dnssec-enable", "on")
        for zone in sorted(self.zones):
            z = self.zones[zone]
            s.begin(z.name)
            s.item_str("file", z.zfile.path)

            if z.master:
                if not self.disable_notify:
                    s.item("notify-in", z.master.name)
                s.item("xfr-in", z.master.name)

            slaves = ""
            if z.slaves:
                for slave in z.slaves:
                    if slaves:
                        slaves += ", "
                    slaves += slave.name
                s.item("notify-out", slaves)

            s.item("xfr-out", "local, test")

            if z.ddns:
                s.item("update-in", "test")

            if z.ixfr and not z.master:
                s.item("ixfr-from-differences", "on")

            if len(z.query_modules) > 0:
                s.begin("query_module")
                for query_module in z.query_modules:
                    s.item(query_module[0], '"' + query_module[1] + '"')
                s.end()
            s.end()
        s.end()

        s.begin("log")
        s.begin("stdout")
        s.item("any", "debug")
        s.end()
        s.begin("stderr")
        s.end()
        s.begin("syslog")
        s.end()
        s.end()

        self.start_params = ["-c", self.confile]
        self.reload_params = ["-c", self.confile, "reload"]
        self.flush_params = ["-c", self.confile, "flush"]

        return s.conf