{% if not cfg.lua.script_only %}
--- MODULES
-modules = {
- {{ "'rebinding < iterate'," if cfg.options.rebinding_protection }}
- {{ "'workarounds < iterate'," if cfg.options.violators_workarounds }}
- {{ "'serve_stale < cache'," if cfg.options.serve_stale }}
- {{ "dns64 = '"+cfg.dns64.prefix+"'," if cfg.dns64 }}
- 'hints > iterate',
-{% if cfg.network.address_renumbering %}
--- network.address-renumbering
- renumber = {
-{% for item in cfg.network.address_renumbering %}
- {'{{ item.source }}', '{{ item.destination }}'},
-{% endfor %}
- }
-{% endif %}
-}
+-- LOGGING section
+{% include "logging.lua.j2" %}
-- SERVER section
{% include "server.lua.j2" %}
--- NETWORK section
-{% include "network.lua.j2" %}
-
-- OPTIONS section
{% include "options.lua.j2" %}
+-- NETWORK section
+{% include "network.lua.j2" %}
+
-- STATIC-HINTS section
{% include "static_hints.lua.j2" %}
-- DNSSEC section
{% include "dnssec.lua.j2" %}
--- LOGGING section
-{% include "logging.lua.j2" %}
+-- DNS64 section
+{% include "dns64.lua.j2" %}
{% endif %}
-- LUA section
+-- Custom Lua code cannot be validated
+
{% if cfg.lua.script_file %}
{% import cfg.lua.script_file as script_file %}
--- lua.script-file
{{ script_file }}
{% endif %}
{% if cfg.lua.script %}
--- lua.script
{{ cfg.lua.script }}
{% endif %}
--- /dev/null
+{% if cfg.dns64 %}
+-- load dns64 module
+modules.load('dns64')
+
+-- dns64.prefix
+dns64.config('{{ cfg.dns64.prefix.to_std().network_address }}')
+{% endif %}
\ No newline at end of file
trust_anchors.remove('.')
{% endif %}
-{{ "modules.unload('ta_sentinel')" if not cfg.dnssec.trust_anchor_sentinel }}
-{{ "modules.unload('ta_signal_query')" if not cfg.dnssec.trust_anchor_signal_query }}
-{{ "modules.unload('detect_time_skew')" if not cfg.dnssec.time_skew_detection }}
+-- options.trust-anchor-sentinel
+{% if cfg.dnssec.trust_anchor_sentinel %}
+modules.load('ta_sentinel')
+{% else %}
+modules.unload('ta_sentinel')
+{% endif %}
+
+-- options.trust-anchor-signal-query
+{% if cfg.dnssec.trust_anchor_signal_query %}
+modules.load('ta_signal_query')
+{% else %}
+modules.unload('ta_signal_query')
+{% endif %}
+-- options.time-skew-detection
+{% if cfg.dnssec.time_skew_detection %}
+modules.load('detect_time_skew')
+{% else %}
+modules.unload('detect_time_skew')
+{% endif %}
+
+-- dnssec.keep-removed
trust_anchors.keep_removed = {{ cfg.dnssec.keep_removed }}
-{{ "trust_anchors.refresh_time = "+cfg.dnssec.refresh_time.seconds()|string if cfg.dnssec.refresh_time }}
+
+{% if cfg.dnssec.refresh_time %}
+-- dnssec.refresh-time
+trust_anchors.refresh_time = {{ cfg.dnssec.refresh_time.seconds()|string }}
+{% endif %}
{% if cfg.dnssec.trust_anchors %}
-- dnssec.trust-anchors
-- network.out-interface-v4
net.outgoing_v4('{{ cfg.network.out_interface_v4 }}')
{% endif %}
+
{% if cfg.network.out_interface_v6 %}
-- network.out-interface-v6
net.outgoing_v6('{{ cfg.network.out_interface_v6 }}')
{% endif %}
-- network.edns-buffer-size
-net.bufsize({{ cfg.network.edns_buffer_size.upstream.bytes() }}, {{ cfg.network.edns_buffer_size.downstream.bytes() }})
+net.bufsize(
+ {{ cfg.network.edns_buffer_size.upstream.bytes() }},
+ {{ cfg.network.edns_buffer_size.downstream.bytes() }}
+)
{% if cfg.network.tls.cert_file and cfg.network.tls.key_file %}
-- network.tls
-- options.glue-checking
mode('{{ cfg.options.glue_checking }}')
--- options
+{% if cfg.options.rebinding_protection %}
+-- options.rebinding-protection
+modules.load('rebinding < iterate')
+{% endif %}
+
+{% if cfg.options.violators_workarounds %}
+-- options.violators-workarounds
+modules.load('workarounds < iterate')
+{% endif %}
+
+{% if cfg.options.serve_stale %}
+-- options.serve-stale
+modules.load('serve_stale < cache')
+{% endif %}
+
+-- options.query-priming
+{% if cfg.options.query_priming %}
+modules.load('priming')
+{% else %}
+modules.unload('priming')
+{% endif %}
+
+-- options.time-jump-detection
+{% if cfg.options.time_jump_detection %}
+modules.load('detect_time_jump')
+{% else %}
+modules.unload('detect_time_jump')
+{% endif %}
+
+-- options.refuse-no-rd
+{% if cfg.options.refuse_no_rd %}
+modules.load('refuse_nord')
+{% else %}
+modules.unload('refuse_nord')
+{% endif %}
+
+-- options.qname-minimisation
option('NO_MINIMIZE', {{ 'false' if cfg.options.qname_minimisation else 'true' }})
+
+-- options.query-loopback
option('ALLOW_LOCAL', {{ 'true' if cfg.options.query_loopback else 'false' }})
+
+-- options.reorder-rrset
option('REORDER_RR', {{ 'true' if cfg.options.reorder_rrset else 'false' }})
-option('NO_0X20', {{ 'false' if cfg.options.query_case_randomization else 'true' }})
-{{ "modules.unload('priming')" if not cfg.options.query_priming }}
-{{ "modules.unload('detect_time_jump')" if not cfg.options.time_jump_detection }}
-{{ "modules.unload('refuse_nord')" if not cfg.options.refuse_no_rd }}
+
+-- options.query-case-randomization
+option('NO_0X20', {{ 'false' if cfg.options.query_case_randomization else 'true' }})
\ No newline at end of file
{% if cfg.server.nsid %}
-- server.nsid
modules.load('nsid')
-nsid.name('{{ cfg.server.nsid }} ' .. worker.id)
+nsid.name('{{ cfg.server.nsid }}_' .. worker.id)
{% endif %}
{% if cfg.server.webmgmt %}
-{{ "hints.ttl("+cfg.static_hints.ttl.seconds()|string+")" if cfg.static_hints.ttl }}
+{% if cfg.static_hints.etc_hosts or cfg.static_hints.root_hints_file or cfg.static_hints.hints_files or cfg.static_hints.root_hints or cfg.static_hints.hints %}
+modules.load('hints > iterate')
+
+{% if cfg.static_hints.ttl %}
+-- static-hints.ttl
+hints.ttl({{ cfg.static_hints.ttl.seconds()|string }})
+{% endif %}
+
+-- static-hints.no-data
hints.use_nodata({{ 'true' if cfg.static_hints.no_data else 'false' }})
-{{ "hints.add_hosts()" if cfg.static_hints.etc_hosts }}
-{{ "hints.root_file('"+cfg.static_hints.root_hints_file+"')" if cfg.static_hints.root_hints_file }}
+
+{% if cfg.static_hints.etc_hosts %}
+-- static-hints.etc-hosts
+hints.add_hosts('/etc/hosts')
+{% endif %}
+
+{% if cfg.static_hints.root_hints_file %}
+-- static-hints.root-hints-file
+hints.root_file('{{ cfg.static_hints.root_hints_file }}')
+{% endif %}
{% if cfg.static_hints.hints_files %}
-- static-hints.hints-files
hints.set('{{ name }} {{ addr }}')
{% endfor %}
{% endfor %}
+{% endif %}
+
{% endif %}
\ No newline at end of file
projects / thirdparty / knot-resolver.git / commitdiff
