def get_config(self): s = dnstest.config.KnotConf() for file in self.includes: s.include(file) s.begin("server") self._on_str_hex(s, "identity", self.ident) self._on_str_hex(s, "version", self.version) self._on_str_hex(s, "nsid", self.nsid) s.item_str("rundir", self.dir) s.item_str("listen", "%s@%s" % (self.addr, self.port)) self._str(s, "tcp-reply-timeout", self.tcp_reply_timeout) self._str(s, "max-udp-payload", self.max_udp_payload) self._str(s, "max-ipv4-udp-payload", self.max_udp4_payload) self._str(s, "max-ipv6-udp-payload", self.max_udp6_payload) s.end() s.begin("control") s.item_str("listen", "knot.sock") s.item_str("timeout", "15") s.end() if self.tsig: s.begin("key") self._key(s, self.tsig) self._key(s, self.tsig_test) keys = set() # Duplicy check. for zone in sorted(self.zones): z = self.zones[zone] for master in z.masters: if master.tsig.name not in keys: t = master.tsig self._key(s, t) keys.add(t.name) for slave in z.slaves: if slave.tsig.name not in keys: t = slave.tsig self._key(s, t) keys.add(t.name) s.end() have_remote = False servers = set() # Duplicity check. for zone in sorted(self.zones): z = self.zones[zone] for master in z.masters: if master.name not in servers: if not have_remote: s.begin("remote") have_remote = True s.id_item("id", master.name) s.item_str("address", "%s@%s" % (master.addr, master.port)) if master.tsig: s.item_str("key", master.tsig.name) servers.add(master.name) for slave in z.slaves: if slave.name not in servers: if not have_remote: s.begin("remote") have_remote = True s.id_item("id", slave.name) s.item_str("address", "%s@%s" % (slave.addr, slave.port)) if slave.tsig: s.item_str("key", slave.tsig.name) servers.add(slave.name) for parent in z.dnssec.ksk_sbm_check: if parent.name not in servers: if not have_remote: s.begin("remote") have_remote = True s.id_item("id", parent.name) s.item_str("address", "%s@%s" % (parent.addr, parent.port)) servers.add(parent.name) if have_remote: s.end() s.begin("acl") s.id_item("id", "acl_local") s.item_str("address", params.test.addr) if self.tsig: s.item_str("key", self.tsig.name) s.item("action", "[transfer, notify, update]") s.id_item("id", "acl_test") s.item_str("address", params.test.addr) if self.tsig_test: s.item_str("key", self.tsig_test.name) s.item("action", "[transfer, notify, update]") servers = set() # Duplicity check. for zone in sorted(self.zones): z = self.zones[zone] for master in z.masters: if master.name not in servers: s.id_item("id", "acl_%s" % master.name) s.item_str("address", master.addr) if master.tsig: s.item_str("key", master.tsig.name) s.item("action", "notify") servers.add(master.name) for slave in z.slaves: if slave.name in servers: continue s.id_item("id", "acl_%s" % slave.name) s.item_str("address", slave.addr) if slave.tsig: s.item_str("key", slave.tsig.name) s.item("action", "transfer") servers.add(slave.name) s.end() if len(self.modules) > 0: for module in self.modules: module.get_conf(s) for zone in sorted(self.zones): z = self.zones[zone] if len(z.modules) > 0: for module in z.modules: module.get_conf(s) have_sbm = False for zone in sorted(self.zones): z = self.zones[zone] if not z.dnssec.enable: continue if len(z.dnssec.ksk_sbm_check) < 1: continue if not have_sbm: s.begin("submission") have_sbm = True s.id_item("id", z.name) parents = "" for parent in z.dnssec.ksk_sbm_check: if parents: parents += ", " parents += parent.name s.item("parent", "[%s]" % parents) self._str(s, "check-interval", z.dnssec.ksk_sbm_check_interval) if have_sbm: s.end() have_policy = False for zone in sorted(self.zones): z = self.zones[zone] if not z.dnssec.enable: continue if not have_policy: s.begin("policy") have_policy = True s.id_item("id", z.name) self._bool(s, "manual", z.dnssec.manual) self._bool(s, "single-type-signing", z.dnssec.single_type_signing) self._str(s, "algorithm", z.dnssec.alg) self._str(s, "ksk_size", z.dnssec.ksk_size) self._str(s, "zsk_size", z.dnssec.zsk_size) self._str(s, "dnskey-ttl", z.dnssec.dnskey_ttl) self._str(s, "zone-max-ttl", z.dnssec.zone_max_ttl) self._str(s, "ksk-lifetime", z.dnssec.ksk_lifetime) self._str(s, "zsk-lifetime", z.dnssec.zsk_lifetime) self._str(s, "propagation-delay", z.dnssec.propagation_delay) self._str(s, "rrsig-lifetime", z.dnssec.rrsig_lifetime) self._str(s, "rrsig-refresh", z.dnssec.rrsig_refresh) self._bool(s, "nsec3", z.dnssec.nsec3) self._str(s, "nsec3-iterations", z.dnssec.nsec3_iters) self._bool(s, "nsec3-opt-out", z.dnssec.nsec3_opt_out) self._str(s, "nsec3-salt-lifetime", z.dnssec.nsec3_salt_lifetime) self._str(s, "nsec3-salt-length", z.dnssec.nsec3_salt_len) if len(z.dnssec.ksk_sbm_check) > 0: s.item("ksk-submission", z.name) self._bool(s, "ksk-shared", z.dnssec.ksk_shared) self._str(s, "cds-cdnskey-publish", z.dnssec.cds_publish) self._str(s, "offline-ksk", z.dnssec.offline_ksk) if have_policy: s.end() s.begin("template") s.id_item("id", "default") s.item_str("storage", self.dir) s.item_str("zonefile-sync", self.zonefile_sync) s.item_str("kasp-db", self.keydir) s.item_str("max-kasp-db-size", self.kasp_db_size) s.item_str("max-journal-db-size", self.journal_db_size) s.item_str("max-journal-usage", self.max_journal_usage) s.item_str("max-timer-db-size", self.timer_db_size) s.item_str("semantic-checks", "on") if self.disable_any: s.item_str("disable-any", "on") if len(self.modules) > 0: modules = "" for module in self.modules: if modules: modules += ", " modules += module.get_conf_ref() s.item("global-module", "[%s]" % modules) if self.zone_size_limit: s.item("max-zone-size", self.zone_size_limit) s.end() s.begin("zone") for zone in sorted(self.zones): z = self.zones[zone] s.id_item("domain", z.name) s.item_str("file", z.zfile.path) acl = "" if z.masters: masters = "" for master in z.masters: if masters: masters += ", " masters += master.name if not master.disable_notify: if acl: acl += ", " acl += "acl_%s" % master.name s.item("master", "[%s]" % masters) if z.slaves: slaves = "" for slave in z.slaves: if slave.disable_notify: continue if slaves: slaves += ", " slaves += slave.name if slaves: s.item("notify", "[%s]" % slaves) if acl: acl += ", " acl += "acl_local, acl_test" s.item("acl", "[%s]" % acl) s.item_str("journal-content", z.journal_content) if z.journal_content == "all" and z.masters: s.item_str("zonefile-load", "none") elif z.ixfr: s.item_str("zonefile-load", "difference") if z.dnssec.enable: s.item_str("dnssec-signing", "on") s.item_str("dnssec-policy", z.name) if len(z.modules) > 0: modules = "" for module in z.modules: if modules: modules += ", " modules += module.get_conf_ref() s.item("module", "[%s]" % modules) s.end() s.begin("log") s.id_item("target", "stdout") s.item_str("any", "debug") s.end() self.start_params = ["-c", self.confile] self.ctl_params = ["-c", self.confile, "-t", "15"] return s.conf
def get_config(self): s = dnstest.config.KnotConf() s.begin("server") self._on_str_hex(s, "identity", self.ident) self._on_str_hex(s, "version", self.version) self._on_str_hex(s, "nsid", self.nsid) s.item_str("rundir", self.dir) s.item_str("listen", "%s@%s" % (self.addr, self.port)) if (self.tcp_idle_timeout): s.item_str("tcp-idle-timeout", self.tcp_idle_timeout) if (self.ratelimit): s.item_str("rate-limit", self.ratelimit) s.end() s.begin("control") s.item_str("listen", "knot.sock") s.end() if self.tsig: s.begin("key") self._key(s, self.tsig) self._key(s, self.tsig_test) keys = set() # Duplicy check. for zone in sorted(self.zones): z = self.zones[zone] if z.master and z.master.tsig.name not in keys: t = z.master.tsig self._key(s, t) keys.add(t.name) for slave in z.slaves: if slave.tsig and slave.tsig.name not in keys: t = slave.tsig self._key(s, t) keys.add(t.name) s.end() have_remote = False servers = set() # Duplicity check. for zone in sorted(self.zones): z = self.zones[zone] if z.master and z.master.name not in servers: if not have_remote: s.begin("remote") have_remote = True s.id_item("id", z.master.name) s.item_str("address", "%s@%s" % (z.master.addr, z.master.port)) if z.master.tsig: s.item_str("key", z.master.tsig.name) servers.add(z.master.name) for slave in z.slaves: if slave.name not in servers: if not have_remote: s.begin("remote") have_remote = True s.id_item("id", slave.name) s.item_str("address", "%s@%s" % (slave.addr, slave.port)) if slave.tsig: s.item_str("key", slave.tsig.name) servers.add(slave.name) if have_remote: s.end() s.begin("acl") s.id_item("id", "acl_local") s.item_str("address", self.addr) if self.tsig: s.item_str("key", self.tsig.name) s.item("action", "[transfer, notify, update]") s.id_item("id", "acl_test") s.item_str("address", self.addr) if self.tsig_test: s.item_str("key", self.tsig_test.name) s.item("action", "[transfer, notify, update]") servers = set() # Duplicity check. for zone in sorted(self.zones): z = self.zones[zone] if z.master and z.master.name not in servers: s.id_item("id", "acl_%s" % z.master.name) s.item_str("address", z.master.addr) if z.master.tsig: s.item_str("key", z.master.tsig.name) s.item("action", "notify") servers.add(z.master.name) for slave in z.slaves: if slave.name in servers: continue s.id_item("id", "acl_%s" % slave.name) s.item_str("address", slave.addr) if slave.tsig: s.item_str("key", slave.tsig.name) s.item("action", "transfer") servers.add(slave.name) s.end() if len(self.modules) > 0: for module in self.modules: module.get_conf(s) for zone in sorted(self.zones): z = self.zones[zone] if len(z.modules) > 0: for module in z.modules: module.get_conf(s) s.begin("template") s.id_item("id", "default") s.item_str("storage", self.dir) if self.zonefile_sync: s.item_str("zonefile-sync", self.zonefile_sync) else: s.item_str("zonefile-sync", "1d") if self.journal_size: s.item_str("max-journal-size", self.journal_size) s.item_str("semantic-checks", "on") if self.disable_any: s.item_str("disable-any", "on") if self.dnssec_enable: s.item_str("kasp-db", self.keydir) s.item_str("dnssec-signing", "on") if len(self.modules) > 0: modules = "" for module in self.modules: if modules: modules += ", " modules += module.get_conf_ref() s.item("module", "[%s]" % modules) s.end() s.begin("zone") for zone in sorted(self.zones): z = self.zones[zone] s.id_item("domain", z.name) s.item_str("file", z.zfile.path) acl = "" if z.master: s.item("master", z.master.name) if not z.master.disable_notify: acl = "acl_%s" % z.master.name if z.slaves: slaves = "" for slave in z.slaves: if slave.disable_notify: continue if slaves: slaves += ", " slaves += slave.name if slaves: s.item("notify", "[%s]" % slaves) if acl: acl += ", " acl += "acl_local, acl_test" s.item("acl", "[%s]" % acl) if z.ixfr and not z.master: s.item_str("ixfr-from-differences", "on") if len(z.modules) > 0: modules = "" for module in z.modules: if modules: modules += ", " modules += module.get_conf_ref() s.item("module", "[%s]" % modules) s.end() s.begin("log") s.id_item("target", "stdout") s.item_str("any", "debug") s.end() self.start_params = ["-c", self.confile] self.ctl_params = ["-c", self.confile] return s.conf
def get_config(self): s = dnstest.config.KnotConf() s.begin("server") self._on_str_hex(s, "identity", self.ident) self._on_str_hex(s, "version", self.version) self._on_str_hex(s, "nsid", self.nsid) s.item_str("rundir", self.dir) s.item_str("listen", "%s@%s" % (self.addr, self.port)) self._str(s, "tcp-reply-timeout", self.tcp_reply_timeout) self._str(s, "max-udp-payload", self.max_udp_payload) self._str(s, "max-ipv4-udp-payload", self.max_udp4_payload) self._str(s, "max-ipv6-udp-payload", self.max_udp6_payload) if self.ratelimit is not None: s.item_str("rate-limit", self.ratelimit) if self.ratelimit_slip is not None: s.item_str("rate-limit-slip", self.ratelimit_slip) if self.ratelimit_whitelist is not None: s.item_str("rate-limit-whitelist", self.ratelimit_whitelist) s.end() s.begin("control") s.item_str("listen", "knot.sock") s.item_str("timeout", "15") s.end() if self.tsig: s.begin("key") self._key(s, self.tsig) self._key(s, self.tsig_test) keys = set() # Duplicy check. for zone in sorted(self.zones): z = self.zones[zone] for master in z.masters: if master.tsig.name not in keys: t = master.tsig self._key(s, t) keys.add(t.name) for slave in z.slaves: if slave.tsig.name not in keys: t = slave.tsig self._key(s, t) keys.add(t.name) s.end() have_remote = False servers = set() # Duplicity check. for zone in sorted(self.zones): z = self.zones[zone] for master in z.masters: if master.name not in servers: if not have_remote: s.begin("remote") have_remote = True s.id_item("id", master.name) s.item_str("address", "%s@%s" % (master.addr, master.port)) if master.tsig: s.item_str("key", master.tsig.name) servers.add(master.name) for slave in z.slaves: if slave.name not in servers: if not have_remote: s.begin("remote") have_remote = True s.id_item("id", slave.name) s.item_str("address", "%s@%s" % (slave.addr, slave.port)) if slave.tsig: s.item_str("key", slave.tsig.name) servers.add(slave.name) if have_remote: s.end() s.begin("acl") s.id_item("id", "acl_local") s.item_str("address", params.test.addr) if self.tsig: s.item_str("key", self.tsig.name) s.item("action", "[transfer, notify, update]") s.id_item("id", "acl_test") s.item_str("address", params.test.addr) if self.tsig_test: s.item_str("key", self.tsig_test.name) s.item("action", "[transfer, notify, update]") servers = set() # Duplicity check. for zone in sorted(self.zones): z = self.zones[zone] for master in z.masters: if master.name not in servers: s.id_item("id", "acl_%s" % master.name) s.item_str("address", master.addr) if master.tsig: s.item_str("key", master.tsig.name) s.item("action", "notify") servers.add(master.name) for slave in z.slaves: if slave.name in servers: continue s.id_item("id", "acl_%s" % slave.name) s.item_str("address", slave.addr) if slave.tsig: s.item_str("key", slave.tsig.name) s.item("action", "transfer") servers.add(slave.name) s.end() if len(self.modules) > 0: for module in self.modules: module.get_conf(s) for zone in sorted(self.zones): z = self.zones[zone] if len(z.modules) > 0: for module in z.modules: module.get_conf(s) s.begin("policy") for zone in sorted(self.zones): z = self.zones[zone] if not z.dnssec.enable: continue s.id_item("id", z.name) self._bool(s, "manual", z.dnssec.manual) self._str(s, "algorithm", z.dnssec.alg) self._str(s, "ksk_size", z.dnssec.ksk_size) self._str(s, "zsk_size", z.dnssec.zsk_size) self._bool(s, "nsec3", z.dnssec.nsec3) self._str(s, "nsec3-iterations", z.dnssec.nsec3_iters) self._str(s, "nsec3-salt-lifetime", z.dnssec.nsec3_salt_lifetime) self._str(s, "nsec3-salt-length", z.dnssec.nsec3_salt_len) s.end() s.begin("template") s.id_item("id", "default") s.item_str("storage", self.dir) s.item_str("kasp-db", self.keydir) if self.zonefile_sync: s.item_str("zonefile-sync", self.zonefile_sync) else: s.item_str("zonefile-sync", "1d") if self.journal_size: s.item_str("max-journal-size", self.journal_size) s.item_str("semantic-checks", "on") if self.disable_any: s.item_str("disable-any", "on") if len(self.modules) > 0: modules = "" for module in self.modules: if modules: modules += ", " modules += module.get_conf_ref() s.item("global-module", "[%s]" % modules) if self.zone_size_limit: s.item("max-zone-size", self.zone_size_limit) s.end() s.begin("zone") for zone in sorted(self.zones): z = self.zones[zone] s.id_item("domain", z.name) s.item_str("file", z.zfile.path) acl = "" if z.masters: masters = "" for master in z.masters: if masters: masters += ", " masters += master.name if not master.disable_notify: if acl: acl += ", " acl += "acl_%s" % master.name s.item("master", "[%s]" % masters) if z.slaves: slaves = "" for slave in z.slaves: if slave.disable_notify: continue if slaves: slaves += ", " slaves += slave.name if slaves: s.item("notify", "[%s]" % slaves) if acl: acl += ", " acl += "acl_local, acl_test" s.item("acl", "[%s]" % acl) if z.ixfr and not z.masters: s.item_str("ixfr-from-differences", "on") if z.dnssec.enable: s.item_str("dnssec-signing", "on") s.item_str("dnssec-policy", z.name) if len(z.modules) > 0: modules = "" for module in z.modules: if modules: modules += ", " modules += module.get_conf_ref() s.item("module", "[%s]" % modules) s.end() s.begin("log") s.id_item("target", "stdout") s.item_str("any", "debug") s.end() self.start_params = ["-c", self.confile] self.ctl_params = ["-c", self.confile, "-t", "15"] return s.conf