def get_config(self):
s = dnstest.config.KnotConf()
for file in self.includes:
s.include(file)
s.begin("server")
self._on_str_hex(s, "identity", self.ident)
self._on_str_hex(s, "version", self.version)
self._on_str_hex(s, "nsid", self.nsid)
s.item_str("rundir", self.dir)
s.item_str("listen", "%s@%s" % (self.addr, self.port))
self._str(s, "tcp-reply-timeout", self.tcp_reply_timeout)
self._str(s, "max-udp-payload", self.max_udp_payload)
self._str(s, "max-ipv4-udp-payload", self.max_udp4_payload)
self._str(s, "max-ipv6-udp-payload", self.max_udp6_payload)
s.end()
s.begin("control")
s.item_str("listen", "knot.sock")
s.item_str("timeout", "15")
s.end()
if self.tsig:
s.begin("key")
self._key(s, self.tsig)
self._key(s, self.tsig_test)
keys = set() # Duplicy check.
for zone in sorted(self.zones):
z = self.zones[zone]
for master in z.masters:
if master.tsig.name not in keys:
t = master.tsig
self._key(s, t)
keys.add(t.name)
for slave in z.slaves:
if slave.tsig.name not in keys:
t = slave.tsig
self._key(s, t)
keys.add(t.name)
s.end()
have_remote = False
servers = set() # Duplicity check.
for zone in sorted(self.zones):
z = self.zones[zone]
for master in z.masters:
if master.name not in servers:
if not have_remote:
s.begin("remote")
have_remote = True
s.id_item("id", master.name)
s.item_str("address", "%s@%s" % (master.addr, master.port))
if master.tsig:
s.item_str("key", master.tsig.name)
servers.add(master.name)
for slave in z.slaves:
if slave.name not in servers:
if not have_remote:
s.begin("remote")
have_remote = True
s.id_item("id", slave.name)
s.item_str("address", "%s@%s" % (slave.addr, slave.port))
if slave.tsig:
s.item_str("key", slave.tsig.name)
servers.add(slave.name)
for parent in z.dnssec.ksk_sbm_check:
if parent.name not in servers:
if not have_remote:
s.begin("remote")
have_remote = True
s.id_item("id", parent.name)
s.item_str("address", "%s@%s" % (parent.addr, parent.port))
servers.add(parent.name)
if have_remote:
s.end()
s.begin("acl")
s.id_item("id", "acl_local")
s.item_str("address", params.test.addr)
if self.tsig:
s.item_str("key", self.tsig.name)
s.item("action", "[transfer, notify, update]")
s.id_item("id", "acl_test")
s.item_str("address", params.test.addr)
if self.tsig_test:
s.item_str("key", self.tsig_test.name)
s.item("action", "[transfer, notify, update]")
servers = set() # Duplicity check.
for zone in sorted(self.zones):
z = self.zones[zone]
for master in z.masters:
if master.name not in servers:
s.id_item("id", "acl_%s" % master.name)
s.item_str("address", master.addr)
if master.tsig:
s.item_str("key", master.tsig.name)
s.item("action", "notify")
servers.add(master.name)
for slave in z.slaves:
if slave.name in servers:
continue
s.id_item("id", "acl_%s" % slave.name)
s.item_str("address", slave.addr)
if slave.tsig:
s.item_str("key", slave.tsig.name)
s.item("action", "transfer")
servers.add(slave.name)
s.end()
if len(self.modules) > 0:
for module in self.modules:
module.get_conf(s)
for zone in sorted(self.zones):
z = self.zones[zone]
if len(z.modules) > 0:
for module in z.modules:
module.get_conf(s)
have_sbm = False
for zone in sorted(self.zones):
z = self.zones[zone]
if not z.dnssec.enable:
continue
if len(z.dnssec.ksk_sbm_check) < 1:
continue
if not have_sbm:
s.begin("submission")
have_sbm = True
s.id_item("id", z.name)
parents = ""
for parent in z.dnssec.ksk_sbm_check:
if parents:
parents += ", "
parents += parent.name
s.item("parent", "[%s]" % parents)
self._str(s, "check-interval", z.dnssec.ksk_sbm_check_interval)
if have_sbm:
s.end()
have_policy = False
for zone in sorted(self.zones):
z = self.zones[zone]
if not z.dnssec.enable:
continue
if not have_policy:
s.begin("policy")
have_policy = True
s.id_item("id", z.name)
self._bool(s, "manual", z.dnssec.manual)
self._bool(s, "single-type-signing", z.dnssec.single_type_signing)
self._str(s, "algorithm", z.dnssec.alg)
self._str(s, "ksk_size", z.dnssec.ksk_size)
self._str(s, "zsk_size", z.dnssec.zsk_size)
self._str(s, "dnskey-ttl", z.dnssec.dnskey_ttl)
self._str(s, "zone-max-ttl", z.dnssec.zone_max_ttl)
self._str(s, "ksk-lifetime", z.dnssec.ksk_lifetime)
self._str(s, "zsk-lifetime", z.dnssec.zsk_lifetime)
self._str(s, "propagation-delay", z.dnssec.propagation_delay)
self._str(s, "rrsig-lifetime", z.dnssec.rrsig_lifetime)
self._str(s, "rrsig-refresh", z.dnssec.rrsig_refresh)
self._bool(s, "nsec3", z.dnssec.nsec3)
self._str(s, "nsec3-iterations", z.dnssec.nsec3_iters)
self._bool(s, "nsec3-opt-out", z.dnssec.nsec3_opt_out)
self._str(s, "nsec3-salt-lifetime", z.dnssec.nsec3_salt_lifetime)
self._str(s, "nsec3-salt-length", z.dnssec.nsec3_salt_len)
if len(z.dnssec.ksk_sbm_check) > 0:
s.item("ksk-submission", z.name)
self._bool(s, "ksk-shared", z.dnssec.ksk_shared)
self._str(s, "cds-cdnskey-publish", z.dnssec.cds_publish)
self._str(s, "offline-ksk", z.dnssec.offline_ksk)
if have_policy:
s.end()
s.begin("template")
s.id_item("id", "default")
s.item_str("storage", self.dir)
s.item_str("zonefile-sync", self.zonefile_sync)
s.item_str("kasp-db", self.keydir)
s.item_str("max-kasp-db-size", self.kasp_db_size)
s.item_str("max-journal-db-size", self.journal_db_size)
s.item_str("max-journal-usage", self.max_journal_usage)
s.item_str("max-timer-db-size", self.timer_db_size)
s.item_str("semantic-checks", "on")
if self.disable_any:
s.item_str("disable-any", "on")
if len(self.modules) > 0:
modules = ""
for module in self.modules:
if modules:
modules += ", "
modules += module.get_conf_ref()
s.item("global-module", "[%s]" % modules)
if self.zone_size_limit:
s.item("max-zone-size", self.zone_size_limit)
s.end()
s.begin("zone")
for zone in sorted(self.zones):
z = self.zones[zone]
s.id_item("domain", z.name)
s.item_str("file", z.zfile.path)
acl = ""
if z.masters:
masters = ""
for master in z.masters:
if masters:
masters += ", "
masters += master.name
if not master.disable_notify:
if acl:
acl += ", "
acl += "acl_%s" % master.name
s.item("master", "[%s]" % masters)
if z.slaves:
slaves = ""
for slave in z.slaves:
if slave.disable_notify:
continue
if slaves:
slaves += ", "
slaves += slave.name
if slaves:
s.item("notify", "[%s]" % slaves)
if acl:
acl += ", "
acl += "acl_local, acl_test"
s.item("acl", "[%s]" % acl)
s.item_str("journal-content", z.journal_content)
if z.journal_content == "all" and z.masters:
s.item_str("zonefile-load", "none")
elif z.ixfr:
s.item_str("zonefile-load", "difference")
if z.dnssec.enable:
s.item_str("dnssec-signing", "on")
s.item_str("dnssec-policy", z.name)
if len(z.modules) > 0:
modules = ""
for module in z.modules:
if modules:
modules += ", "
modules += module.get_conf_ref()
s.item("module", "[%s]" % modules)
s.end()
s.begin("log")
s.id_item("target", "stdout")
s.item_str("any", "debug")
s.end()
self.start_params = ["-c", self.confile]
self.ctl_params = ["-c", self.confile, "-t", "15"]
return s.conf
def get_config(self):
s = dnstest.config.KnotConf()
s.begin("server")
self._on_str_hex(s, "identity", self.ident)
self._on_str_hex(s, "version", self.version)
self._on_str_hex(s, "nsid", self.nsid)
s.item_str("rundir", self.dir)
s.item_str("listen", "%s@%s" % (self.addr, self.port))
if (self.tcp_idle_timeout):
s.item_str("tcp-idle-timeout", self.tcp_idle_timeout)
if (self.ratelimit):
s.item_str("rate-limit", self.ratelimit)
s.end()
s.begin("control")
s.item_str("listen", "knot.sock")
s.end()
if self.tsig:
s.begin("key")
self._key(s, self.tsig)
self._key(s, self.tsig_test)
keys = set() # Duplicy check.
for zone in sorted(self.zones):
z = self.zones[zone]
if z.master and z.master.tsig.name not in keys:
t = z.master.tsig
self._key(s, t)
keys.add(t.name)
for slave in z.slaves:
if slave.tsig and slave.tsig.name not in keys:
t = slave.tsig
self._key(s, t)
keys.add(t.name)
s.end()
have_remote = False
servers = set() # Duplicity check.
for zone in sorted(self.zones):
z = self.zones[zone]
if z.master and z.master.name not in servers:
if not have_remote:
s.begin("remote")
have_remote = True
s.id_item("id", z.master.name)
s.item_str("address", "%s@%s" % (z.master.addr, z.master.port))
if z.master.tsig:
s.item_str("key", z.master.tsig.name)
servers.add(z.master.name)
for slave in z.slaves:
if slave.name not in servers:
if not have_remote:
s.begin("remote")
have_remote = True
s.id_item("id", slave.name)
s.item_str("address", "%s@%s" % (slave.addr, slave.port))
if slave.tsig:
s.item_str("key", slave.tsig.name)
servers.add(slave.name)
if have_remote:
s.end()
s.begin("acl")
s.id_item("id", "acl_local")
s.item_str("address", self.addr)
if self.tsig:
s.item_str("key", self.tsig.name)
s.item("action", "[transfer, notify, update]")
s.id_item("id", "acl_test")
s.item_str("address", self.addr)
if self.tsig_test:
s.item_str("key", self.tsig_test.name)
s.item("action", "[transfer, notify, update]")
servers = set() # Duplicity check.
for zone in sorted(self.zones):
z = self.zones[zone]
if z.master and z.master.name not in servers:
s.id_item("id", "acl_%s" % z.master.name)
s.item_str("address", z.master.addr)
if z.master.tsig:
s.item_str("key", z.master.tsig.name)
s.item("action", "notify")
servers.add(z.master.name)
for slave in z.slaves:
if slave.name in servers:
continue
s.id_item("id", "acl_%s" % slave.name)
s.item_str("address", slave.addr)
if slave.tsig:
s.item_str("key", slave.tsig.name)
s.item("action", "transfer")
servers.add(slave.name)
s.end()
if len(self.modules) > 0:
for module in self.modules:
module.get_conf(s)
for zone in sorted(self.zones):
z = self.zones[zone]
if len(z.modules) > 0:
for module in z.modules:
module.get_conf(s)
s.begin("template")
s.id_item("id", "default")
s.item_str("storage", self.dir)
if self.zonefile_sync:
s.item_str("zonefile-sync", self.zonefile_sync)
else:
s.item_str("zonefile-sync", "1d")
if self.journal_size:
s.item_str("max-journal-size", self.journal_size)
s.item_str("semantic-checks", "on")
if self.disable_any:
s.item_str("disable-any", "on")
if self.dnssec_enable:
s.item_str("kasp-db", self.keydir)
s.item_str("dnssec-signing", "on")
if len(self.modules) > 0:
modules = ""
for module in self.modules:
if modules:
modules += ", "
modules += module.get_conf_ref()
s.item("module", "[%s]" % modules)
s.end()
s.begin("zone")
for zone in sorted(self.zones):
z = self.zones[zone]
s.id_item("domain", z.name)
s.item_str("file", z.zfile.path)
acl = ""
if z.master:
s.item("master", z.master.name)
if not z.master.disable_notify:
acl = "acl_%s" % z.master.name
if z.slaves:
slaves = ""
for slave in z.slaves:
if slave.disable_notify:
continue
if slaves:
slaves += ", "
slaves += slave.name
if slaves:
s.item("notify", "[%s]" % slaves)
if acl:
acl += ", "
acl += "acl_local, acl_test"
s.item("acl", "[%s]" % acl)
if z.ixfr and not z.master:
s.item_str("ixfr-from-differences", "on")
if len(z.modules) > 0:
modules = ""
for module in z.modules:
if modules:
modules += ", "
modules += module.get_conf_ref()
s.item("module", "[%s]" % modules)
s.end()
s.begin("log")
s.id_item("target", "stdout")
s.item_str("any", "debug")
s.end()
self.start_params = ["-c", self.confile]
self.ctl_params = ["-c", self.confile]
return s.conf
def get_config(self):
s = dnstest.config.KnotConf()
s.begin("server")
self._on_str_hex(s, "identity", self.ident)
self._on_str_hex(s, "version", self.version)
self._on_str_hex(s, "nsid", self.nsid)
s.item_str("rundir", self.dir)
s.item_str("listen", "%s@%s" % (self.addr, self.port))
self._str(s, "tcp-reply-timeout", self.tcp_reply_timeout)
self._str(s, "max-udp-payload", self.max_udp_payload)
self._str(s, "max-ipv4-udp-payload", self.max_udp4_payload)
self._str(s, "max-ipv6-udp-payload", self.max_udp6_payload)
if self.ratelimit is not None:
s.item_str("rate-limit", self.ratelimit)
if self.ratelimit_slip is not None:
s.item_str("rate-limit-slip", self.ratelimit_slip)
if self.ratelimit_whitelist is not None:
s.item_str("rate-limit-whitelist", self.ratelimit_whitelist)
s.end()
s.begin("control")
s.item_str("listen", "knot.sock")
s.item_str("timeout", "15")
s.end()
if self.tsig:
s.begin("key")
self._key(s, self.tsig)
self._key(s, self.tsig_test)
keys = set() # Duplicy check.
for zone in sorted(self.zones):
z = self.zones[zone]
for master in z.masters:
if master.tsig.name not in keys:
t = master.tsig
self._key(s, t)
keys.add(t.name)
for slave in z.slaves:
if slave.tsig.name not in keys:
t = slave.tsig
self._key(s, t)
keys.add(t.name)
s.end()
have_remote = False
servers = set() # Duplicity check.
for zone in sorted(self.zones):
z = self.zones[zone]
for master in z.masters:
if master.name not in servers:
if not have_remote:
s.begin("remote")
have_remote = True
s.id_item("id", master.name)
s.item_str("address", "%s@%s" % (master.addr, master.port))
if master.tsig:
s.item_str("key", master.tsig.name)
servers.add(master.name)
for slave in z.slaves:
if slave.name not in servers:
if not have_remote:
s.begin("remote")
have_remote = True
s.id_item("id", slave.name)
s.item_str("address", "%s@%s" % (slave.addr, slave.port))
if slave.tsig:
s.item_str("key", slave.tsig.name)
servers.add(slave.name)
if have_remote:
s.end()
s.begin("acl")
s.id_item("id", "acl_local")
s.item_str("address", params.test.addr)
if self.tsig:
s.item_str("key", self.tsig.name)
s.item("action", "[transfer, notify, update]")
s.id_item("id", "acl_test")
s.item_str("address", params.test.addr)
if self.tsig_test:
s.item_str("key", self.tsig_test.name)
s.item("action", "[transfer, notify, update]")
servers = set() # Duplicity check.
for zone in sorted(self.zones):
z = self.zones[zone]
for master in z.masters:
if master.name not in servers:
s.id_item("id", "acl_%s" % master.name)
s.item_str("address", master.addr)
if master.tsig:
s.item_str("key", master.tsig.name)
s.item("action", "notify")
servers.add(master.name)
for slave in z.slaves:
if slave.name in servers:
continue
s.id_item("id", "acl_%s" % slave.name)
s.item_str("address", slave.addr)
if slave.tsig:
s.item_str("key", slave.tsig.name)
s.item("action", "transfer")
servers.add(slave.name)
s.end()
if len(self.modules) > 0:
for module in self.modules:
module.get_conf(s)
for zone in sorted(self.zones):
z = self.zones[zone]
if len(z.modules) > 0:
for module in z.modules:
module.get_conf(s)
s.begin("policy")
for zone in sorted(self.zones):
z = self.zones[zone]
if not z.dnssec.enable:
continue
s.id_item("id", z.name)
self._bool(s, "manual", z.dnssec.manual)
self._str(s, "algorithm", z.dnssec.alg)
self._str(s, "ksk_size", z.dnssec.ksk_size)
self._str(s, "zsk_size", z.dnssec.zsk_size)
self._bool(s, "nsec3", z.dnssec.nsec3)
self._str(s, "nsec3-iterations", z.dnssec.nsec3_iters)
self._str(s, "nsec3-salt-lifetime", z.dnssec.nsec3_salt_lifetime)
self._str(s, "nsec3-salt-length", z.dnssec.nsec3_salt_len)
s.end()
s.begin("template")
s.id_item("id", "default")
s.item_str("storage", self.dir)
s.item_str("kasp-db", self.keydir)
if self.zonefile_sync:
s.item_str("zonefile-sync", self.zonefile_sync)
else:
s.item_str("zonefile-sync", "1d")
if self.journal_size:
s.item_str("max-journal-size", self.journal_size)
s.item_str("semantic-checks", "on")
if self.disable_any:
s.item_str("disable-any", "on")
if len(self.modules) > 0:
modules = ""
for module in self.modules:
if modules:
modules += ", "
modules += module.get_conf_ref()
s.item("global-module", "[%s]" % modules)
if self.zone_size_limit:
s.item("max-zone-size", self.zone_size_limit)
s.end()
s.begin("zone")
for zone in sorted(self.zones):
z = self.zones[zone]
s.id_item("domain", z.name)
s.item_str("file", z.zfile.path)
acl = ""
if z.masters:
masters = ""
for master in z.masters:
if masters:
masters += ", "
masters += master.name
if not master.disable_notify:
if acl:
acl += ", "
acl += "acl_%s" % master.name
s.item("master", "[%s]" % masters)
if z.slaves:
slaves = ""
for slave in z.slaves:
if slave.disable_notify:
continue
if slaves:
slaves += ", "
slaves += slave.name
if slaves:
s.item("notify", "[%s]" % slaves)
if acl:
acl += ", "
acl += "acl_local, acl_test"
s.item("acl", "[%s]" % acl)
if z.ixfr and not z.masters:
s.item_str("ixfr-from-differences", "on")
if z.dnssec.enable:
s.item_str("dnssec-signing", "on")
s.item_str("dnssec-policy", z.name)
if len(z.modules) > 0:
modules = ""
for module in z.modules:
if modules:
modules += ", "
modules += module.get_conf_ref()
s.item("module", "[%s]" % modules)
s.end()
s.begin("log")
s.id_item("target", "stdout")
s.item_str("any", "debug")
s.end()
self.start_params = ["-c", self.confile]
self.ctl_params = ["-c", self.confile, "-t", "15"]
return s.conf
