def get_config(self):
s = dnstest.config.KnotConf()
s.begin("server")
self._on_str_hex(s, "identity", self.ident)
self._on_str_hex(s, "version", self.version)
self._on_str_hex(s, "nsid", self.nsid)
s.item_str("rundir", self.dir)
s.item_str("listen", "%s@%s" % (self.addr, self.port))
if (self.tcp_idle_timeout):
s.item_str("tcp-idle-timeout", self.tcp_idle_timeout)
if (self.ratelimit):
s.item_str("rate-limit", self.ratelimit)
s.end()
s.begin("control")
s.item_str("listen", "knot.sock")
s.end()
if self.tsig:
s.begin("key")
self._key(s, self.tsig)
self._key(s, self.tsig_test)
keys = set() # Duplicy check.
for zone in sorted(self.zones):
z = self.zones[zone]
if z.master and z.master.tsig.name not in keys:
t = z.master.tsig
self._key(s, t)
keys.add(t.name)
for slave in z.slaves:
if slave.tsig and slave.tsig.name not in keys:
t = slave.tsig
self._key(s, t)
keys.add(t.name)
s.end()
have_remote = False
servers = set() # Duplicity check.
for zone in sorted(self.zones):
z = self.zones[zone]
if z.master and z.master.name not in servers:
if not have_remote:
s.begin("remote")
have_remote = True
s.id_item("id", z.master.name)
s.item_str("address", "%s@%s" % (z.master.addr, z.master.port))
if z.master.tsig:
s.item_str("key", z.master.tsig.name)
servers.add(z.master.name)
for slave in z.slaves:
if slave.name not in servers:
if not have_remote:
s.begin("remote")
have_remote = True
s.id_item("id", slave.name)
s.item_str("address", "%s@%s" % (slave.addr, slave.port))
if slave.tsig:
s.item_str("key", slave.tsig.name)
servers.add(slave.name)
if have_remote:
s.end()
s.begin("acl")
s.id_item("id", "acl_local")
s.item_str("address", self.addr)
if self.tsig:
s.item_str("key", self.tsig.name)
s.item("action", "[transfer, notify, update]")
s.id_item("id", "acl_test")
s.item_str("address", self.addr)
if self.tsig_test:
s.item_str("key", self.tsig_test.name)
s.item("action", "[transfer, notify, update]")
servers = set() # Duplicity check.
for zone in sorted(self.zones):
z = self.zones[zone]
if z.master and z.master.name not in servers:
s.id_item("id", "acl_%s" % z.master.name)
s.item_str("address", z.master.addr)
if z.master.tsig:
s.item_str("key", z.master.tsig.name)
s.item("action", "notify")
servers.add(z.master.name)
for slave in z.slaves:
if slave.name in servers:
continue
s.id_item("id", "acl_%s" % slave.name)
s.item_str("address", slave.addr)
if slave.tsig:
s.item_str("key", slave.tsig.name)
s.item("action", "transfer")
servers.add(slave.name)
s.end()
if len(self.modules) > 0:
for module in self.modules:
module.get_conf(s)
for zone in sorted(self.zones):
z = self.zones[zone]
if len(z.modules) > 0:
for module in z.modules:
module.get_conf(s)
s.begin("template")
s.id_item("id", "default")
s.item_str("storage", self.dir)
if self.zonefile_sync:
s.item_str("zonefile-sync", self.zonefile_sync)
else:
s.item_str("zonefile-sync", "1d")
if self.journal_size:
s.item_str("max-journal-size", self.journal_size)
s.item_str("semantic-checks", "on")
if self.disable_any:
s.item_str("disable-any", "on")
if self.dnssec_enable:
s.item_str("kasp-db", self.keydir)
s.item_str("dnssec-signing", "on")
if len(self.modules) > 0:
modules = ""
for module in self.modules:
if modules:
modules += ", "
modules += module.get_conf_ref()
s.item("module", "[%s]" % modules)
s.end()
s.begin("zone")
for zone in sorted(self.zones):
z = self.zones[zone]
s.id_item("domain", z.name)
s.item_str("file", z.zfile.path)
acl = ""
if z.master:
s.item("master", z.master.name)
if not z.master.disable_notify:
acl = "acl_%s" % z.master.name
if z.slaves:
slaves = ""
for slave in z.slaves:
if slave.disable_notify:
continue
if slaves:
slaves += ", "
slaves += slave.name
if slaves:
s.item("notify", "[%s]" % slaves)
if acl:
acl += ", "
acl += "acl_local, acl_test"
s.item("acl", "[%s]" % acl)
if z.ixfr and not z.master:
s.item_str("ixfr-from-differences", "on")
if len(z.modules) > 0:
modules = ""
for module in z.modules:
if modules:
modules += ", "
modules += module.get_conf_ref()
s.item("module", "[%s]" % modules)
s.end()
s.begin("log")
s.id_item("target", "stdout")
s.item_str("any", "debug")
s.end()
self.start_params = ["-c", self.confile]
self.ctl_params = ["-c", self.confile]
return s.conf
def get_config(self):
s = KnotConf()
s.begin("system")
self._on_str_hex(s, "identity", self.ident)
self._on_str_hex(s, "version", self.version)
self._on_str_hex(s, "nsid", self.nsid)
self._on_str_hex(s, "rate-limit", self.ratelimit)
s.item_str("rundir", self.dir)
if (self.max_conn_idle):
s.item("max-conn-idle", self.max_conn_idle)
s.end()
s.begin("control")
s.item_str("listen-on", "knot.sock")
s.end()
s.begin("interfaces")
if self.ip == 4:
s.begin("ipv4")
else:
s.begin("ipv6")
s.item("address", self.addr)
s.item("port", self.port)
s.end()
s.end()
if self.tsig:
s.begin("keys")
t = self.tsig
s.item_str("\"%s\" %s" % (t.name, t.alg), t.key)
t = self.tsig_test
s.item_str("\"%s\" %s" % (t.name, t.alg), t.key)
keys = set() # Duplicy check.
for zone in sorted(self.zones):
z = self.zones[zone]
if z.master and z.master.tsig.name not in keys:
t = z.master.tsig
s.item_str("\"%s\" %s" % (t.name, t.alg), t.key)
keys.add(t.name)
for slave in z.slaves:
if slave.tsig and slave.tsig.name not in keys:
t = slave.tsig
s.item_str("\"%s\" %s" % (t.name, t.alg), t.key)
keys.add(t.name)
s.end()
s.begin("remotes")
s.begin("local")
s.item("address", self.addr)
if self.tsig:
s.item_str("key", self.tsig.name)
s.end()
s.begin("test")
s.item("address", self.addr)
if self.tsig_test:
s.item_str("key", self.tsig_test.name)
s.end()
servers = set() # Duplicity check.
for zone in sorted(self.zones):
z = self.zones[zone]
if z.master and z.master.name not in servers:
s.begin(z.master.name)
s.item("address", z.master.addr)
s.item("port", z.master.port)
if z.master.tsig:
s.item_str("key", z.master.tsig.name)
s.end()
servers.add(z.master.name)
for slave in z.slaves:
if slave.name not in servers:
s.begin(slave.name)
s.item("address", slave.addr)
s.item("port", slave.port)
if slave.tsig:
s.item_str("key", self.tsig.name)
s.end()
servers.add(slave.name)
s.end()
s.begin("zones")
s.item_str("storage", self.dir)
if self.zonefile_sync:
s.item("zonefile-sync", self.zonefile_sync)
else:
s.item("zonefile-sync", "1d")
if self.ixfr_fslimit:
s.item("ixfr-fslimit", self.ixfr_fslimit)
s.item("notify-timeout", "5")
s.item("notify-retries", "5")
s.item("semantic-checks", "on")
if self.disable_any:
s.item("disable-any", "on")
if self.dnssec_enable:
s.item_str("dnssec-keydir", self.keydir)
s.item("dnssec-enable", "on")
for zone in sorted(self.zones):
z = self.zones[zone]
s.begin(z.name)
s.item_str("file", z.zfile.path)
if z.master:
if not self.disable_notify:
s.item("notify-in", z.master.name)
s.item("xfr-in", z.master.name)
slaves = ""
if z.slaves:
for slave in z.slaves:
if slaves:
slaves += ", "
slaves += slave.name
s.item("notify-out", slaves)
s.item("xfr-out", "local, test")
if z.ddns:
s.item("update-in", "test")
if z.ixfr and not z.master:
s.item("ixfr-from-differences", "on")
if len(z.query_modules) > 0:
s.begin("query_module")
for query_module in z.query_modules:
s.item(query_module[0], '"' + query_module[1] + '"')
s.end()
s.end()
s.end()
s.begin("log")
s.begin("stdout")
s.item("any", "debug")
s.end()
s.begin("stderr")
s.end()
s.begin("syslog")
s.end()
s.end()
self.start_params = ["-c", self.confile]
self.reload_params = ["-c", self.confile, "reload"]
self.flush_params = ["-c", self.confile, "flush"]
return s.conf
def get_config(self):
s = dnstest.config.BindConf()
s.begin("options")
self._str(s, "server-id", self.ident)
self._str(s, "version", self.version)
s.item_str("directory", self.dir)
s.item_str("key-directory", self.dir)
s.item_str("managed-keys-directory", self.dir)
s.item_str("session-keyfile", self.dir + "/session.key")
s.item_str("pid-file", "bind.pid")
if self.ip == 4:
s.item("listen-on port", "%i { %s; }" % (self.port, self.addr))
s.item("listen-on-v6", "{ }")
else:
s.item("listen-on", "{ }")
s.item("listen-on-v6 port", "%i { %s; }" % (self.port, self.addr))
s.item("auth-nxdomain", "no")
s.item("recursion", "no")
s.item("masterfile-format", "text")
s.item("max-refresh-time", "2")
s.item("max-retry-time", "2")
s.item("transfers-in", "30")
s.item("transfers-out", "30")
s.end()
s.begin("key", self.ctlkey.name)
s.item("algorithm", self.ctlkey.alg)
s.item_str("secret", self.ctlkey.key)
s.end()
s.begin("controls")
s.item("inet %s port %i allow { %s; } keys { %s; }"
% (self.addr, self.ctlport, self.addr, self.ctlkey.name))
s.end()
if self.tsig:
t = self.tsig
s.begin("key", t.name)
s.item("# Local key")
s.item("algorithm", t.alg)
s.item_str("secret", t.key)
s.end()
t = self.tsig_test
s.begin("key", t.name)
s.item("# Test key")
s.item("algorithm", t.alg)
s.item_str("secret", t.key)
s.end()
keys = set() # Duplicy check.
for zone in sorted(self.zones):
z = self.zones[zone]
if z.master and z.master.tsig.name not in keys:
t = z.master.tsig
s.begin("key", t.name)
s.item("algorithm", t.alg)
s.item_str("secret", t.key)
s.end()
keys.add(t.name)
for slave in z.slaves:
if slave.tsig and slave.tsig.name not in keys:
t = slave.tsig
s.begin("key", t.name)
s.item("algorithm", t.alg)
s.item_str("secret", t.key)
s.end()
keys.add(t.name)
for zone in sorted(self.zones):
z = self.zones[zone]
s.begin("zone", z.name)
s.item_str("file", z.zfile.path)
s.item("check-names", "warn")
if z.master:
s.item("type", "slave")
if self.tsig:
if not z.master.disable_notify:
s.item("allow-notify", "{ key %s; }" % z.master.tsig.name)
s.item("masters", "{ %s port %i key %s; }" \
% (z.master.addr, z.master.port, z.master.tsig.name))
else:
if not z.master.disable_notify:
s.item("allow-notify", "{ %s; }" % z.master.addr)
s.item("masters", "{ %s port %i; }" \
% (z.master.addr, z.master.port))
else:
s.item("type", "master")
s.item("notify", "explicit")
if z.ixfr and not z.master:
s.item("ixfr-from-differences", "yes")
if z.slaves:
slaves = ""
for slave in z.slaves:
if slave.disable_notify:
continue
if self.tsig:
slaves += "%s port %i key %s; " \
% (slave.addr, slave.port, self.tsig.name)
else:
slaves += "%s port %i; " % (slave.addr, slave.port)
if slaves:
s.item("also-notify", "{ %s}" % slaves)
if z.ddns:
if self.tsig:
upd = "key %s; " % self.tsig_test.name
else:
upd = "%s; " % self.addr
if z.master:
s.item("allow-update-forwarding", "{ %s}" % upd)
else:
s.item("allow-update", "{ %s}" % upd)
if self.tsig:
s.item("allow-transfer", "{ key %s; key %s; }" %
(self.tsig.name, self.tsig_test.name))
else:
s.item("allow-transfer", "{ %s; }" % self.addr)
s.end()
self.start_params = ["-c", self.confile, "-g"]
self.ctl_params = ["-s", self.addr, "-p", str(self.ctlport), \
"-k", self.ctlkeyfile]
return s.conf
def get_config(self):
s = BindConf()
s.begin("options")
self._str(s, "server-id", self.ident)
self._str(s, "version", self.version)
s.item_str("directory", self.dir)
s.item_str("key-directory", self.dir)
s.item_str("managed-keys-directory", self.dir)
s.item_str("session-keyfile", self.dir + "/session.key")
s.item_str("pid-file", "bind.pid")
if self.ip == 4:
s.item("listen-on port", "%i { %s; }" % (self.port, self.addr))
s.item("listen-on-v6", "{ }")
else:
s.item("listen-on", "{ }")
s.item("listen-on-v6 port", "%i { %s; }" % (self.port, self.addr))
s.item("auth-nxdomain", "no")
s.item("recursion", "no")
s.item("masterfile-format", "text")
s.item("max-refresh-time", "2")
s.item("max-retry-time", "2")
s.item("transfers-in", "30")
s.item("transfers-out", "30")
s.end()
s.begin("key", self.ctlkey.name)
s.item("algorithm", self.ctlkey.alg)
s.item_str("secret", self.ctlkey.key)
s.end()
s.begin("controls")
s.item("inet %s port %i allow { %s; } keys { %s; }" %
(self.addr, self.ctlport, self.addr, self.ctlkey.name))
s.end()
if self.tsig:
t = self.tsig
s.begin("key", t.name)
s.item("# Local key")
s.item("algorithm", t.alg)
s.item_str("secret", t.key)
s.end()
t = self.tsig_test
s.begin("key", t.name)
s.item("# Test key")
s.item("algorithm", t.alg)
s.item_str("secret", t.key)
s.end()
keys = set() # Duplicy check.
for zone in sorted(self.zones):
z = self.zones[zone]
if z.master and z.master.tsig.name not in keys:
t = z.master.tsig
s.begin("key", t.name)
s.item("algorithm", t.alg)
s.item_str("secret", t.key)
s.end()
keys.add(t.name)
for slave in z.slaves:
if slave.tsig and slave.tsig.name not in keys:
t = slave.tsig
s.begin("key", t.name)
s.item("algorithm", t.alg)
s.item_str("secret", t.key)
s.end()
keys.add(t.name)
for zone in sorted(self.zones):
z = self.zones[zone]
s.begin("zone", z.name)
s.item_str("file", z.zfile.path)
s.item("check-names", "warn")
if z.master:
s.item("type", "slave")
if self.tsig:
s.item("allow-notify", "{ key %s; }" % z.master.tsig.name)
s.item("masters", "{ %s port %i key %s; }" \
% (z.master.addr, z.master.port, z.master.tsig.name))
else:
s.item("allow-notify", "{ %s; }" % z.master.addr)
s.item("masters", "{ %s port %i; }" \
% (z.master.addr, z.master.port))
else:
s.item("type", "master")
s.item("notify", "explicit")
if z.ixfr and not z.master:
s.item("ixfr-from-differences", "yes")
if z.slaves:
slaves = ""
for slave in z.slaves:
if self.tsig:
slaves += "%s port %i key %s; " \
% (slave.addr, slave.port, self.tsig.name)
else:
slaves += "%s port %i; " % (slave.addr, slave.port)
s.item("also-notify", "{ %s}" % slaves)
if z.ddns:
if self.tsig:
upd = "key %s; " % self.tsig_test.name
else:
upd = "%s; " % self.addr
if z.master:
s.item("allow-update-forwarding", "{ %s}" % upd)
else:
s.item("allow-update", "{ %s}" % upd)
if self.tsig:
s.item(
"allow-transfer", "{ key %s; key %s; }" %
(self.tsig.name, self.tsig_test.name))
else:
s.item("allow-transfer", "{ %s; }" % self.addr)
s.end()
self.start_params = ["-c", self.confile, "-g"]
self.reload_params = ["-s", self.addr, "-p", str(self.ctlport), \
"-k", self.ctlkeyfile, "reload"]
self.flush_params = ["-s", self.addr, "-p", str(self.ctlport), \
"-k", self.ctlkeyfile, "flush"]
return s.conf
def get_config(self):
s = dnstest.config.BindConf()
s.begin("options")
self._str(s, "server-id", self.ident)
self._str(s, "version", self.version)
s.item_str("directory", self.dir)
s.item_str("key-directory", self.dir)
s.item_str("managed-keys-directory", self.dir)
s.item_str("session-keyfile", self.dir + "/session.key")
s.item_str("pid-file", "bind.pid")
if ipaddress.ip_address(self.addr).version == 4:
s.item("listen-on port", "%i { %s; }" % (self.port, self.addr))
s.item("listen-on-v6", "{ }")
else:
s.item("listen-on", "{ }")
s.item("listen-on-v6 port", "%i { %s; }" % (self.port, self.addr))
s.item("auth-nxdomain", "no")
s.item("recursion", "no")
s.item("masterfile-format", "text")
s.item("max-refresh-time", "2")
s.item("max-retry-time", "2")
s.item("transfers-in", "30")
s.item("transfers-out", "30")
s.item("minimal-responses", "true")
s.item("additional-from-auth", "false")
s.item("additional-from-cache", "false")
s.item("notify-delay", "0")
s.item("notify-rate", "1000")
s.item("startup-notify-rate", "1000")
s.item("serial-query-rate", "1000")
s.end()
s.begin("key", self.ctlkey.name)
s.item("algorithm", self.ctlkey.alg)
s.item_str("secret", self.ctlkey.key)
s.end()
s.begin("controls")
s.item("inet %s port %i allow { %s; } keys { %s; }"
% (self.addr, self.ctlport, params.test.addr, self.ctlkey.name))
s.end()
if self.tsig:
t = self.tsig
s.begin("key", t.name)
s.item("# Local key")
s.item("algorithm", t.alg)
s.item_str("secret", t.key)
s.end()
t = self.tsig_test
s.begin("key", t.name)
s.item("# Test key")
s.item("algorithm", t.alg)
s.item_str("secret", t.key)
s.end()
keys = set() # Duplicy check.
for zone in sorted(self.zones):
z = self.zones[zone]
for master in z.masters:
if master.tsig.name not in keys:
t = master.tsig
s.begin("key", t.name)
s.item("algorithm", t.alg)
s.item_str("secret", t.key)
s.end()
keys.add(t.name)
for slave in z.slaves:
if slave.tsig and slave.tsig.name not in keys:
t = slave.tsig
s.begin("key", t.name)
s.item("algorithm", t.alg)
s.item_str("secret", t.key)
s.end()
keys.add(t.name)
for zone in sorted(self.zones):
z = self.zones[zone]
s.begin("zone", z.name)
s.item_str("file", z.zfile.path)
s.item("check-names", "warn")
if z.masters:
s.item("type", "slave")
masters = ""
masters_notify = ""
for master in z.masters:
if self.tsig:
masters += "%s port %i key %s; " \
% (master.addr, master.port, master.tsig.name)
if not master.disable_notify:
masters_notify += "key %s; " % master.tsig.name
else:
masters += "%s port %i; " \
% (master.addr, master.port)
if not master.disable_notify:
masters_notify += "%s; " % master.addr
s.item("masters", "{ %s}" % masters)
if masters_notify:
s.item("allow-notify", "{ %s}" % masters_notify)
else:
s.item("type", "master")
s.item("notify", "explicit")
if z.ixfr and not z.masters:
s.item("ixfr-from-differences", "yes")
if z.slaves:
slaves = ""
for slave in z.slaves:
if slave.disable_notify:
continue
if self.tsig:
slaves += "%s port %i key %s; " \
% (slave.addr, slave.port, self.tsig.name)
else:
slaves += "%s port %i; " % (slave.addr, slave.port)
if slaves:
s.item("also-notify", "{ %s}" % slaves)
if z.ddns:
if self.tsig_test:
upd = "key %s; " % self.tsig_test.name
else:
upd = "%s; " % params.test.addr
if z.masters:
s.item("allow-update-forwarding", "{ %s}" % upd)
else:
s.item("allow-update", "{ %s}" % upd)
if self.tsig or self.tsig_test:
s.item("allow-transfer", "{%s%s }" %
((" key %s;" % self.tsig.name) if self.tsig else "",
(" key %s;" % self.tsig_test.name) if self.tsig_test else ""))
else:
s.item("allow-transfer", "{ any; }")
s.end()
self.start_params = ["-c", self.confile, "-g"]
self.ctl_params = ["-s", self.addr, "-p", str(self.ctlport), \
"-k", self.ctlkeyfile]
return s.conf
def get_config(self):
s = dnstest.config.KnotConf()
for file in self.includes:
s.include(file)
s.begin("server")
self._on_str_hex(s, "identity", self.ident)
self._on_str_hex(s, "version", self.version)
self._on_str_hex(s, "nsid", self.nsid)
s.item_str("rundir", self.dir)
s.item_str("listen", "%s@%s" % (self.addr, self.port))
self._str(s, "tcp-reply-timeout", self.tcp_reply_timeout)
self._str(s, "max-udp-payload", self.max_udp_payload)
self._str(s, "max-ipv4-udp-payload", self.max_udp4_payload)
self._str(s, "max-ipv6-udp-payload", self.max_udp6_payload)
s.end()
s.begin("control")
s.item_str("listen", "knot.sock")
s.item_str("timeout", "15")
s.end()
if self.tsig:
s.begin("key")
self._key(s, self.tsig)
self._key(s, self.tsig_test)
keys = set() # Duplicy check.
for zone in sorted(self.zones):
z = self.zones[zone]
for master in z.masters:
if master.tsig.name not in keys:
t = master.tsig
self._key(s, t)
keys.add(t.name)
for slave in z.slaves:
if slave.tsig.name not in keys:
t = slave.tsig
self._key(s, t)
keys.add(t.name)
s.end()
have_remote = False
servers = set() # Duplicity check.
for zone in sorted(self.zones):
z = self.zones[zone]
for master in z.masters:
if master.name not in servers:
if not have_remote:
s.begin("remote")
have_remote = True
s.id_item("id", master.name)
s.item_str("address", "%s@%s" % (master.addr, master.port))
if master.tsig:
s.item_str("key", master.tsig.name)
servers.add(master.name)
for slave in z.slaves:
if slave.name not in servers:
if not have_remote:
s.begin("remote")
have_remote = True
s.id_item("id", slave.name)
s.item_str("address", "%s@%s" % (slave.addr, slave.port))
if slave.tsig:
s.item_str("key", slave.tsig.name)
servers.add(slave.name)
for parent in z.dnssec.ksk_sbm_check:
if parent.name not in servers:
if not have_remote:
s.begin("remote")
have_remote = True
s.id_item("id", parent.name)
s.item_str("address", "%s@%s" % (parent.addr, parent.port))
servers.add(parent.name)
if have_remote:
s.end()
s.begin("acl")
s.id_item("id", "acl_local")
s.item_str("address", params.test.addr)
if self.tsig:
s.item_str("key", self.tsig.name)
s.item("action", "[transfer, notify, update]")
s.id_item("id", "acl_test")
s.item_str("address", params.test.addr)
if self.tsig_test:
s.item_str("key", self.tsig_test.name)
s.item("action", "[transfer, notify, update]")
servers = set() # Duplicity check.
for zone in sorted(self.zones):
z = self.zones[zone]
for master in z.masters:
if master.name not in servers:
s.id_item("id", "acl_%s" % master.name)
s.item_str("address", master.addr)
if master.tsig:
s.item_str("key", master.tsig.name)
s.item("action", "notify")
servers.add(master.name)
for slave in z.slaves:
if slave.name in servers:
continue
s.id_item("id", "acl_%s" % slave.name)
s.item_str("address", slave.addr)
if slave.tsig:
s.item_str("key", slave.tsig.name)
s.item("action", "transfer")
servers.add(slave.name)
s.end()
if len(self.modules) > 0:
for module in self.modules:
module.get_conf(s)
for zone in sorted(self.zones):
z = self.zones[zone]
if len(z.modules) > 0:
for module in z.modules:
module.get_conf(s)
have_sbm = False
for zone in sorted(self.zones):
z = self.zones[zone]
if not z.dnssec.enable:
continue
if len(z.dnssec.ksk_sbm_check) < 1:
continue
if not have_sbm:
s.begin("submission")
have_sbm = True
s.id_item("id", z.name)
parents = ""
for parent in z.dnssec.ksk_sbm_check:
if parents:
parents += ", "
parents += parent.name
s.item("parent", "[%s]" % parents)
self._str(s, "check-interval", z.dnssec.ksk_sbm_check_interval)
if have_sbm:
s.end()
have_policy = False
for zone in sorted(self.zones):
z = self.zones[zone]
if not z.dnssec.enable:
continue
if not have_policy:
s.begin("policy")
have_policy = True
s.id_item("id", z.name)
self._bool(s, "manual", z.dnssec.manual)
self._bool(s, "single-type-signing", z.dnssec.single_type_signing)
self._str(s, "algorithm", z.dnssec.alg)
self._str(s, "ksk_size", z.dnssec.ksk_size)
self._str(s, "zsk_size", z.dnssec.zsk_size)
self._str(s, "dnskey-ttl", z.dnssec.dnskey_ttl)
self._str(s, "zone-max-ttl", z.dnssec.zone_max_ttl)
self._str(s, "ksk-lifetime", z.dnssec.ksk_lifetime)
self._str(s, "zsk-lifetime", z.dnssec.zsk_lifetime)
self._str(s, "propagation-delay", z.dnssec.propagation_delay)
self._str(s, "rrsig-lifetime", z.dnssec.rrsig_lifetime)
self._str(s, "rrsig-refresh", z.dnssec.rrsig_refresh)
self._bool(s, "nsec3", z.dnssec.nsec3)
self._str(s, "nsec3-iterations", z.dnssec.nsec3_iters)
self._bool(s, "nsec3-opt-out", z.dnssec.nsec3_opt_out)
self._str(s, "nsec3-salt-lifetime", z.dnssec.nsec3_salt_lifetime)
self._str(s, "nsec3-salt-length", z.dnssec.nsec3_salt_len)
if len(z.dnssec.ksk_sbm_check) > 0:
s.item("ksk-submission", z.name)
self._bool(s, "ksk-shared", z.dnssec.ksk_shared)
self._str(s, "cds-cdnskey-publish", z.dnssec.cds_publish)
self._str(s, "offline-ksk", z.dnssec.offline_ksk)
if have_policy:
s.end()
s.begin("template")
s.id_item("id", "default")
s.item_str("storage", self.dir)
s.item_str("zonefile-sync", self.zonefile_sync)
s.item_str("kasp-db", self.keydir)
s.item_str("max-kasp-db-size", self.kasp_db_size)
s.item_str("max-journal-db-size", self.journal_db_size)
s.item_str("max-journal-usage", self.max_journal_usage)
s.item_str("max-timer-db-size", self.timer_db_size)
s.item_str("semantic-checks", "on")
if self.disable_any:
s.item_str("disable-any", "on")
if len(self.modules) > 0:
modules = ""
for module in self.modules:
if modules:
modules += ", "
modules += module.get_conf_ref()
s.item("global-module", "[%s]" % modules)
if self.zone_size_limit:
s.item("max-zone-size", self.zone_size_limit)
s.end()
s.begin("zone")
for zone in sorted(self.zones):
z = self.zones[zone]
s.id_item("domain", z.name)
s.item_str("file", z.zfile.path)
acl = ""
if z.masters:
masters = ""
for master in z.masters:
if masters:
masters += ", "
masters += master.name
if not master.disable_notify:
if acl:
acl += ", "
acl += "acl_%s" % master.name
s.item("master", "[%s]" % masters)
if z.slaves:
slaves = ""
for slave in z.slaves:
if slave.disable_notify:
continue
if slaves:
slaves += ", "
slaves += slave.name
if slaves:
s.item("notify", "[%s]" % slaves)
if acl:
acl += ", "
acl += "acl_local, acl_test"
s.item("acl", "[%s]" % acl)
s.item_str("journal-content", z.journal_content)
if z.journal_content == "all" and z.masters:
s.item_str("zonefile-load", "none")
elif z.ixfr:
s.item_str("zonefile-load", "difference")
if z.dnssec.enable:
s.item_str("dnssec-signing", "on")
s.item_str("dnssec-policy", z.name)
if len(z.modules) > 0:
modules = ""
for module in z.modules:
if modules:
modules += ", "
modules += module.get_conf_ref()
s.item("module", "[%s]" % modules)
s.end()
s.begin("log")
s.id_item("target", "stdout")
s.item_str("any", "debug")
s.end()
self.start_params = ["-c", self.confile]
self.ctl_params = ["-c", self.confile, "-t", "15"]
return s.conf
def get_config(self):
s = dnstest.config.KnotConf()
s.begin("server")
self._on_str_hex(s, "identity", self.ident)
self._on_str_hex(s, "version", self.version)
self._on_str_hex(s, "nsid", self.nsid)
s.item_str("rundir", self.dir)
s.item_str("listen", "%s@%s" % (self.addr, self.port))
self._str(s, "tcp-reply-timeout", self.tcp_reply_timeout)
self._str(s, "max-udp-payload", self.max_udp_payload)
self._str(s, "max-ipv4-udp-payload", self.max_udp4_payload)
self._str(s, "max-ipv6-udp-payload", self.max_udp6_payload)
if self.ratelimit is not None:
s.item_str("rate-limit", self.ratelimit)
if self.ratelimit_slip is not None:
s.item_str("rate-limit-slip", self.ratelimit_slip)
if self.ratelimit_whitelist is not None:
s.item_str("rate-limit-whitelist", self.ratelimit_whitelist)
s.end()
s.begin("control")
s.item_str("listen", "knot.sock")
s.item_str("timeout", "15")
s.end()
if self.tsig:
s.begin("key")
self._key(s, self.tsig)
self._key(s, self.tsig_test)
keys = set() # Duplicy check.
for zone in sorted(self.zones):
z = self.zones[zone]
for master in z.masters:
if master.tsig.name not in keys:
t = master.tsig
self._key(s, t)
keys.add(t.name)
for slave in z.slaves:
if slave.tsig.name not in keys:
t = slave.tsig
self._key(s, t)
keys.add(t.name)
s.end()
have_remote = False
servers = set() # Duplicity check.
for zone in sorted(self.zones):
z = self.zones[zone]
for master in z.masters:
if master.name not in servers:
if not have_remote:
s.begin("remote")
have_remote = True
s.id_item("id", master.name)
s.item_str("address", "%s@%s" % (master.addr, master.port))
if master.tsig:
s.item_str("key", master.tsig.name)
servers.add(master.name)
for slave in z.slaves:
if slave.name not in servers:
if not have_remote:
s.begin("remote")
have_remote = True
s.id_item("id", slave.name)
s.item_str("address", "%s@%s" % (slave.addr, slave.port))
if slave.tsig:
s.item_str("key", slave.tsig.name)
servers.add(slave.name)
if have_remote:
s.end()
s.begin("acl")
s.id_item("id", "acl_local")
s.item_str("address", params.test.addr)
if self.tsig:
s.item_str("key", self.tsig.name)
s.item("action", "[transfer, notify, update]")
s.id_item("id", "acl_test")
s.item_str("address", params.test.addr)
if self.tsig_test:
s.item_str("key", self.tsig_test.name)
s.item("action", "[transfer, notify, update]")
servers = set() # Duplicity check.
for zone in sorted(self.zones):
z = self.zones[zone]
for master in z.masters:
if master.name not in servers:
s.id_item("id", "acl_%s" % master.name)
s.item_str("address", master.addr)
if master.tsig:
s.item_str("key", master.tsig.name)
s.item("action", "notify")
servers.add(master.name)
for slave in z.slaves:
if slave.name in servers:
continue
s.id_item("id", "acl_%s" % slave.name)
s.item_str("address", slave.addr)
if slave.tsig:
s.item_str("key", slave.tsig.name)
s.item("action", "transfer")
servers.add(slave.name)
s.end()
if len(self.modules) > 0:
for module in self.modules:
module.get_conf(s)
for zone in sorted(self.zones):
z = self.zones[zone]
if len(z.modules) > 0:
for module in z.modules:
module.get_conf(s)
s.begin("policy")
for zone in sorted(self.zones):
z = self.zones[zone]
if not z.dnssec.enable:
continue
s.id_item("id", z.name)
self._bool(s, "manual", z.dnssec.manual)
self._str(s, "algorithm", z.dnssec.alg)
self._str(s, "ksk_size", z.dnssec.ksk_size)
self._str(s, "zsk_size", z.dnssec.zsk_size)
self._bool(s, "nsec3", z.dnssec.nsec3)
self._str(s, "nsec3-iterations", z.dnssec.nsec3_iters)
self._str(s, "nsec3-salt-lifetime", z.dnssec.nsec3_salt_lifetime)
self._str(s, "nsec3-salt-length", z.dnssec.nsec3_salt_len)
s.end()
s.begin("template")
s.id_item("id", "default")
s.item_str("storage", self.dir)
s.item_str("kasp-db", self.keydir)
if self.zonefile_sync:
s.item_str("zonefile-sync", self.zonefile_sync)
else:
s.item_str("zonefile-sync", "1d")
if self.journal_size:
s.item_str("max-journal-size", self.journal_size)
s.item_str("semantic-checks", "on")
if self.disable_any:
s.item_str("disable-any", "on")
if len(self.modules) > 0:
modules = ""
for module in self.modules:
if modules:
modules += ", "
modules += module.get_conf_ref()
s.item("global-module", "[%s]" % modules)
if self.zone_size_limit:
s.item("max-zone-size", self.zone_size_limit)
s.end()
s.begin("zone")
for zone in sorted(self.zones):
z = self.zones[zone]
s.id_item("domain", z.name)
s.item_str("file", z.zfile.path)
acl = ""
if z.masters:
masters = ""
for master in z.masters:
if masters:
masters += ", "
masters += master.name
if not master.disable_notify:
if acl:
acl += ", "
acl += "acl_%s" % master.name
s.item("master", "[%s]" % masters)
if z.slaves:
slaves = ""
for slave in z.slaves:
if slave.disable_notify:
continue
if slaves:
slaves += ", "
slaves += slave.name
if slaves:
s.item("notify", "[%s]" % slaves)
if acl:
acl += ", "
acl += "acl_local, acl_test"
s.item("acl", "[%s]" % acl)
if z.ixfr and not z.masters:
s.item_str("ixfr-from-differences", "on")
if z.dnssec.enable:
s.item_str("dnssec-signing", "on")
s.item_str("dnssec-policy", z.name)
if len(z.modules) > 0:
modules = ""
for module in z.modules:
if modules:
modules += ", "
modules += module.get_conf_ref()
s.item("module", "[%s]" % modules)
s.end()
s.begin("log")
s.id_item("target", "stdout")
s.item_str("any", "debug")
s.end()
self.start_params = ["-c", self.confile]
self.ctl_params = ["-c", self.confile, "-t", "15"]
return s.conf
def get_config(self):
s = KnotConf()
s.begin("system")
self._on_str_hex(s, "identity", self.ident)
self._on_str_hex(s, "version", self.version)
self._on_str_hex(s, "nsid", self.nsid)
self._on_str_hex(s, "rate-limit", self.ratelimit)
s.item_str("rundir", self.dir)
if (self.max_conn_idle):
s.item("max-conn-idle", self.max_conn_idle)
s.end()
s.begin("control")
s.item_str("listen-on", "knot.sock")
s.end()
s.begin("interfaces")
if self.ip == 4:
s.begin("ipv4")
else:
s.begin("ipv6")
s.item("address", self.addr)
s.item("port", self.port)
s.end()
s.end()
if self.tsig:
s.begin("keys")
t = self.tsig
s.item_str("\"%s\" %s" % (t.name, t.alg), t.key)
t = self.tsig_test
s.item_str("\"%s\" %s" % (t.name, t.alg), t.key)
keys = set() # Duplicy check.
for zone in sorted(self.zones):
z = self.zones[zone]
if z.master and z.master.tsig.name not in keys:
t = z.master.tsig
s.item_str("\"%s\" %s" % (t.name, t.alg), t.key)
keys.add(t.name)
for slave in z.slaves:
if slave.tsig and slave.tsig.name not in keys:
t = slave.tsig
s.item_str("\"%s\" %s" % (t.name, t.alg), t.key)
keys.add(t.name)
s.end()
s.begin("remotes")
s.begin("local")
s.item("address", self.addr)
if self.tsig:
s.item_str("key", self.tsig.name)
s.end()
s.begin("test")
s.item("address", self.addr)
if self.tsig_test:
s.item_str("key", self.tsig_test.name)
s.end()
servers = set() # Duplicity check.
for zone in sorted(self.zones):
z = self.zones[zone]
if z.master and z.master.name not in servers:
s.begin(z.master.name)
s.item("address", z.master.addr)
s.item("port", z.master.port)
if z.master.tsig:
s.item_str("key", z.master.tsig.name)
s.end()
servers.add(z.master.name)
for slave in z.slaves:
if slave.name not in servers:
s.begin(slave.name)
s.item("address", slave.addr)
s.item("port", slave.port)
if slave.tsig:
s.item_str("key", self.tsig.name)
s.end()
servers.add(slave.name)
s.end()
s.begin("zones")
s.item_str("storage", self.dir)
if self.zonefile_sync:
s.item("zonefile-sync", self.zonefile_sync)
else:
s.item("zonefile-sync", "1d")
if self.ixfr_fslimit:
s.item("ixfr-fslimit", self.ixfr_fslimit)
s.item("notify-timeout", "5")
s.item("notify-retries", "5")
s.item("semantic-checks", "on")
if self.disable_any:
s.item("disable-any", "on")
if self.dnssec_enable:
s.item_str("dnssec-keydir", self.keydir)
s.item("dnssec-enable", "on")
for zone in sorted(self.zones):
z = self.zones[zone]
s.begin(z.name)
s.item_str("file", z.zfile.path)
if z.master:
if not self.disable_notify:
s.item("notify-in", z.master.name)
s.item("xfr-in", z.master.name)
slaves = ""
if z.slaves:
for slave in z.slaves:
if slaves:
slaves += ", "
slaves += slave.name
s.item("notify-out", slaves)
s.item("xfr-out", "local, test")
if z.ddns:
s.item("update-in", "test")
if z.ixfr and not z.master:
s.item("ixfr-from-differences", "on")
if len(z.query_modules) > 0:
s.begin("query_module")
for query_module in z.query_modules:
s.item(query_module[0], '"' + query_module[1] + '"')
s.end()
s.end()
s.end()
s.begin("log")
s.begin("stdout")
s.item("any", "debug")
s.end()
s.begin("stderr")
s.end()
s.begin("syslog")
s.end()
s.end()
self.start_params = ["-c", self.confile]
self.reload_params = ["-c", self.confile, "reload"]
self.flush_params = ["-c", self.confile, "flush"]
return s.conf