- update/more precise default answers for special names (!1709)
https://www.iana.org/assignments/special-use-domain-names
https://www.iana.org/assignments/locally-served-dns-zones
+- kresctl: strict validation is now disabled by default (!1714)
Knot Resolver 6.0.14 (2025-06-03)
Validate declarative configuration.
- .. option:: --no-strict
+ .. option:: --strict
- Ignore strict rules during validation, e.g. path/file existence.
+ Enable strict rules during validation.
+
+ During strict validation, the existence and access rights of paths are also checked.
+ However, if you are using an additional file system permission control mechanism,
+ such as access control lists (ACLs), this validation will likely fail.
+ This is because the validation runs under a different user/group than the resolver
+ itself and attempts to access the configured paths directly.
.. option:: <input_file>
Convert declarative configuration to a Lua script.
- .. option:: --no-strict
+ .. option:: --strict
+
+ Enable strict rules during validation.
- Ignore strict rules during validation, e.g. path/file existence.
+ During strict validation, the existence and access rights of paths are also checked.
+ However, if you are using an additional file system permission control mechanism,
+ such as access control lists (ACLs), this validation will likely fail.
+ This is because the validation runs under a different user/group than the resolver
+ itself and attempts to access the configured paths directly.
.. option:: --type=<worker|policy-loader>
subparser: "argparse._SubParsersAction[argparse.ArgumentParser]",
) -> Tuple[argparse.ArgumentParser, "Type[Command]"]:
convert = subparser.add_parser("convert", help="Converts JSON or YAML configuration to Lua script.")
- convert.set_defaults(strict=True)
+ convert.set_defaults(strict=False)
convert.add_argument(
- "--no-strict",
- help="Ignore strict rules during validation, e.g. path/file existence.",
- action="store_false",
+ "--strict",
+ help="Enable strict rules during validation, e.g. path/file existence and permissions.",
+ action="store_true",
dest="strict",
)
convert.add_argument(
subparser: "argparse._SubParsersAction[argparse.ArgumentParser]",
) -> Tuple[argparse.ArgumentParser, "Type[Command]"]:
validate = subparser.add_parser("validate", help="Validates configuration in JSON or YAML format.")
- validate.set_defaults(strict=True)
+ validate.set_defaults(strict=False)
validate.add_argument(
- "--no-strict",
- help="Ignore strict rules during validation, e.g. path/file existence.",
- action="store_false",
+ "--strict",
+ help="Enable strict rules during validation, e.g. paths/files existence and permissions.",
+ action="store_true",
dest="strict",
)
validate.add_argument(
except (DataParsingError, DataValidationError) as e:
print(e, file=sys.stderr)
sys.exit(1)
+ if not self.strict:
+ print(
+ "Basic validation was successful."
+ "\nIf you want more strict validation, you can use the '--strict' switch."
+ "\nDuring strict validation, the existence and access rights of paths are also checked."
+ "\n\nHowever, if you are using an additional file system permission control mechanism,"
+ "\nsuch as access control lists (ACLs), this validation will likely fail."
+ "\nThis is because the validation runs under a different user/group than the resolver itself"
+ "\nand attempts to access the configured paths directly."
+ )
# validate all configuration examples
for example in $PWD/etc/config/config.example.*.yaml;
do
- python3 -m knot_resolver.client validate --no-strict $example;
+ python3 -m knot_resolver.client validate $example;
done