- /network/tls/auto-discovery
- /webmgmt
- Renamed/moved options in the declarative configuration model (YAML).
+ - /dns64: true|false -> /dns64/enabled: true|false
+ - /dns64/rev-ttl -> /dns64/reverse-ttl
- /dnssec: true|false -> /dnssec/enabled: true|false
- /dnssec/keep-removed -> /dnssec/trust-anchors-keep-removed
- /dnssec/trust-anchor-sentinel -> /dnssec/sentinel
}
},
"dns64": {
- "anyOf": [
- {
- "type": "boolean"
+ "description": "DNS64 (RFC 6147) configuration.",
+ "type": "object",
+ "properties": {
+ "enabled": {
+ "type": "boolean",
+ "description": "Enable/disable DNS64.",
+ "default": false
},
- {
- "description": "DNS64 (RFC 6147) configuration.",
- "type": "object",
- "properties": {
- "prefix": {
- "type": "string",
- "description": "IPv6 prefix to be used for synthesizing AAAA records.",
- "default": "64:ff9b::/96"
- },
- "rev-ttl": {
- "type": [
- "string",
- "null"
- ],
- "pattern": "^(\\d+)(us|ms|s|m|h|d)$",
- "description": "TTL in CNAME generated in the reverse 'ip6.arpa.' subtree.",
- "default": null
- },
- "exclude-subnets": {
- "type": [
- "array",
- "null"
- ],
- "items": {
- "type": "string"
- },
- "description": "IPv6 subnets that are disallowed in answer.",
- "default": null
- }
- }
+ "prefix": {
+ "type": "string",
+ "description": "IPv6 prefix to be used for synthesizing AAAA records.",
+ "default": "64:ff9b::/96"
+ },
+ "reverse-ttl": {
+ "type": [
+ "string",
+ "null"
+ ],
+ "pattern": "^(\\d+)(us|ms|s|m|h|d)$",
+ "description": "TTL in CNAME generated in the reverse 'ip6.arpa.' subtree.",
+ "default": null
+ },
+ "exclude-subnets": {
+ "type": [
+ "array",
+ "null"
+ ],
+ "items": {
+ "type": "string"
+ },
+ "description": "IPv6 subnets that are disallowed in answer.",
+ "default": null
}
- ],
- "description": "Disable DNS64 (RFC 6147), enable with defaults or set new configuration.",
- "default": false
+ },
+ "default": {
+ "enabled": false,
+ "prefix": "64:ff9b::/96",
+ "reverse_ttl": null,
+ "exclude_subnets": null
+ }
},
"logging": {
"description": "Logging and debugging configuration.",
.. code-block:: yaml
- dns64: true
+ dns64:
+ enabled: true
It is also possible to configure own prefix.
.. code-block:: yaml
- dns64:
- prefix: 2001:db8::aabb:0:0/96
+ dns64:
+ enabled: true
+ prefix: 2001:db8::aabb:0:0/96
.. warning::
.. code-block:: yaml
- dns64:
- prefix: 2001:db8:77ff::/96
- ttl-reverse: 300s
+ dns64:
+ enable: true
+ prefix: 2001:db8:77ff::/96
+ reverse-ttl: 300s
You can specify a set of IPv6 subnets that are disallowed in answer.
If they appear, they will be replaced by AAAAs generated from As.
.. code-block:: yaml
- dns64:
- prefix: 2001:db8:3::/96
- exclude: [2001:db8:888::/48, '::ffff/96']
+ dns64:
+ enable: true
+ prefix: 2001:db8:3::/96
+ exclude: [2001:db8:888::/48, '::ffff/96']
# You could even pass '::/0' to always force using generated AAAAs.
forward: List of Forward Zones and its configuration.
cache: DNS resolver cache configuration.
dnssec: DNSSEC configuration.
- dns64: Disable DNS64 (RFC 6147), enable with defaults or set new configuration.
+ dns64: DNS64 (RFC 6147) configuration.
logging: Logging and debugging configuration.
monitoring: Metrics exposisition configuration (Prometheus, Graphite)
lua: Custom Lua configuration.
forward: Optional[List[ForwardSchema]] = None
cache: CacheSchema = lazy_default(CacheSchema, {})
dnssec: DnssecSchema = DnssecSchema()
- dns64: Union[bool, Dns64Schema] = False
+ dns64: Dns64Schema = Dns64Schema()
logging: LoggingSchema = LoggingSchema()
monitoring: MonitoringSchema = MonitoringSchema()
rate_limiting: Optional[RateLimitingSchema] = None
forward: Optional[List[ForwardSchema]]
cache: CacheSchema
dnssec: DnssecSchema
- dns64: Union[Literal[False], Dns64Schema]
+ dns64: Dns64Schema
logging: LoggingSchema
monitoring: MonitoringSchema
rate_limiting: Optional[RateLimitingSchema]
)
return obj.workers
- def _dns64(self, obj: Raw) -> Any:
- if obj.dns64 is True:
- return Dns64Schema()
- return obj.dns64
-
def _validate(self) -> None:
# warn about '/management/unix-socket' not located in '/rundir'
if self.management.unix_socket and self.management.unix_socket.to_path().parent != self.rundir.to_path():
DNS64 (RFC 6147) configuration.
---
+ enabled: Enable/disable DNS64.
prefix: IPv6 prefix to be used for synthesizing AAAA records.
- rev_ttl: TTL in CNAME generated in the reverse 'ip6.arpa.' subtree.
+ reverse_ttl: TTL in CNAME generated in the reverse 'ip6.arpa.' subtree.
exclude_subnets: IPv6 subnets that are disallowed in answer.
"""
+ enabled: bool = False
prefix: IPv6Network96 = IPv6Network96("64:ff9b::/96")
- rev_ttl: Optional[TimeUnit] = None
+ reverse_ttl: Optional[TimeUnit] = None
exclude_subnets: Optional[List[IPv6Network]] = None
{% from 'macros/common_macros.lua.j2' import string_table %}
-{% if cfg.dns64 %}
--- load dns64 module
+{% if cfg.dns64.enabled %}
+
+-- Enable DNS64 by loading module
modules.load('dns64')
--- dns64.prefix
+-- Configure DNS64 module
dns64.config({
prefix = '{{ cfg.dns64.prefix.to_std().network_address|string }}',
-{% if cfg.dns64.rev_ttl %}
- rev_ttl = {{ cfg.dns64.rev_ttl.seconds() }},
+{% if cfg.dns64.reverse_ttl %}
+ rev_ttl = {{ cfg.dns64.reverse_ttl.seconds() }},
{% endif %}
{% if cfg.dns64.exclude_subnets %}
exclude_subnets = {{ string_table(cfg.dns64.exclude_subnets) }},
{% endif %}
})
+
+{% else %}
+
+-- Disable DNS64 by unloading module
+-- modules.unload('dns64')
+
{% endif %}
\ No newline at end of file
config = KresConfig()
# DNS64 default
- assert config.dns64 == False
+ assert config.dns64.enabled == False
def test_dnssec_false():
def test_dns64_prefix_default():
- assert str(KresConfig({"dns64": True}).dns64.prefix) == "64:ff9b::/96"
+ config = KresConfig({"dns64": {"enabled": True}})
+
+ assert config.dns64.enabled == True
+ assert str(config.dns64.prefix) == "64:ff9b::/96"
def test_config_json_schema():
projects / thirdparty / knot-resolver.git / commitdiff
