From 712632ef46b245ab40b7b666e2342754be7b71f8 Mon Sep 17 00:00:00 2001 From: Tomas Krizek Date: Tue, 14 Jan 2020 14:08:11 +0100 Subject: [PATCH] etc/config: use net.listen() syntax for configs - meson templating no longer needed - commented out DoH/webmgmt configuration removed - added explicit port 53 and kind=dns --- .../{config.cluster.in => config.cluster} | 13 +++--- .../{config.docker.in => config.docker} | 2 +- .../{config.internal.in => config.internal} | 9 +++- etc/config/{config.isp.in => config.isp} | 7 ++- .../{config.personal.in => config.personal} | 13 +++--- .../{config.privacy.in => config.privacy} | 9 +++- .../{config.splitview.in => config.splitview} | 13 +++--- etc/config/meson.build | 44 ++++--------------- 8 files changed, 44 insertions(+), 66 deletions(-) rename etc/config/{config.cluster.in => config.cluster} (84%) rename etc/config/{config.docker.in => config.docker} (96%) rename etc/config/{config.internal.in => config.internal} (64%) rename etc/config/{config.isp.in => config.isp} (90%) rename etc/config/{config.personal.in => config.personal} (66%) rename etc/config/{config.privacy.in => config.privacy} (82%) rename etc/config/{config.splitview.in => config.splitview} (81%) diff --git a/etc/config/config.cluster.in b/etc/config/config.cluster similarity index 84% rename from etc/config/config.cluster.in rename to etc/config/config.cluster index f5869d6ee..33e0fe3cf 100644 --- a/etc/config/config.cluster.in +++ b/etc/config/config.cluster @@ -4,15 +4,12 @@ -- as the resolver is busy most of the time. -- Alternative is using `etcd` as a configuration backend. -- Refer to manual: https://knot-resolver.readthedocs.io/en/stable/ -@config_defaults@ --- For DNS-over-HTTPS and web management when using http module --- modules.load('http') --- http.config({ --- cert = '/etc/knot-resolver/mycert.crt', --- key = '/etc/knot-resolver/mykey.key', --- tls = true, --- }) +-- Network interface configuration +net.listen('127.0.0.1', 53, { kind = 'dns' }) +net.listen('::1', 53, { kind = 'dns'}) +net.listen('127.0.0.1', 853, { kind = 'tls' }) +net.listen('::1', 853, { kind = 'tls' }) -- To disable DNSSEC validation, uncomment the following line (not recommended) -- trust_anchors.remove('.') diff --git a/etc/config/config.docker.in b/etc/config/config.docker similarity index 96% rename from etc/config/config.docker.in rename to etc/config/config.docker index d543a0977..9199880fc 100644 --- a/etc/config/config.docker.in +++ b/etc/config/config.docker @@ -2,7 +2,7 @@ -- Refer to manual: https://knot-resolver.readthedocs.io/en/stable/ -- Listen on all interfaces (localhost would not work in Docker) -net.listen('0.0.0.0') +net.listen('0.0.0.0', 53, { kind = 'dns' }) net.listen('0.0.0.0', 853, { kind = 'tls' }) net.listen('0.0.0.0', 443, { kind = 'doh' }) net.listen('0.0.0.0', 8453, { kind = 'webmgmt' }) diff --git a/etc/config/config.internal.in b/etc/config/config.internal similarity index 64% rename from etc/config/config.internal.in rename to etc/config/config.internal index 640733978..ed8b2f1e1 100644 --- a/etc/config/config.internal.in +++ b/etc/config/config.internal @@ -1,10 +1,15 @@ -- vim:syntax=lua:set ts=4 sw=4: -- Config file example usable for multi-user ISP resolver -- Refer to manual: https://knot-resolver.readthedocs.io/en/stable/ -@config_defaults@ + +-- Network interface configuration +net.listen('127.0.0.1', 53, { kind = 'dns' }) +net.listen('::1', 53, { kind = 'dns'}) +net.listen('127.0.0.1', 853, { kind = 'tls' }) +net.listen('::1', 853, { kind = 'tls' }) -- define list of internal-only domains internalDomains = policy.todnames({'company.example', 'internal.example'}) -- forward all queries below 'internalDomains' to '192.168.1.2' -policy.add(policy.suffix(policy.FORWARD({'192.168.1.2'}), internalDomains)) \ No newline at end of file +policy.add(policy.suffix(policy.FORWARD({'192.168.1.2'}), internalDomains)) diff --git a/etc/config/config.isp.in b/etc/config/config.isp similarity index 90% rename from etc/config/config.isp.in rename to etc/config/config.isp index 44272f969..bf9d65c84 100644 --- a/etc/config/config.isp.in +++ b/etc/config/config.isp @@ -1,7 +1,12 @@ -- vim:syntax=lua:set ts=4 sw=4: -- Config file example usable for ISP resolver -- Refer to manual: https://knot-resolver.readthedocs.io/en/stable/ -@config_defaults@ + +-- Network interface configuration +net.listen('127.0.0.1', 53, { kind = 'dns' }) +net.listen('::1', 53, { kind = 'dns'}) +net.listen('127.0.0.1', 853, { kind = 'tls' }) +net.listen('::1', 853, { kind = 'tls' }) -- Large cache size, so we don't need to flush often -- This can be larger than available RAM, least frequently accessed diff --git a/etc/config/config.personal.in b/etc/config/config.personal similarity index 66% rename from etc/config/config.personal.in rename to etc/config/config.personal index 619691330..31d58d246 100644 --- a/etc/config/config.personal.in +++ b/etc/config/config.personal @@ -1,14 +1,11 @@ -- vim:syntax=lua:set ts=4 sw=4: -- Refer to manual: https://knot-resolver.readthedocs.org/en/stable/ -@config_defaults@ --- For DNS-over-HTTPS and web management when using http module --- modules.load('http') --- http.config({ --- cert = '/etc/knot-resolver/mycert.crt', --- key = '/etc/knot-resolver/mykey.key', --- tls = true, --- }) +-- Network interface configuration +net.listen('127.0.0.1', 53, { kind = 'dns' }) +net.listen('::1', 53, { kind = 'dns'}) +net.listen('127.0.0.1', 853, { kind = 'tls' }) +net.listen('::1', 853, { kind = 'tls' }) -- To disable DNSSEC validation, uncomment the following line (not recommended) -- trust_anchors.remove('.') diff --git a/etc/config/config.privacy.in b/etc/config/config.privacy similarity index 82% rename from etc/config/config.privacy.in rename to etc/config/config.privacy index 824aa23ce..29ee4169a 100644 --- a/etc/config/config.privacy.in +++ b/etc/config/config.privacy @@ -1,7 +1,12 @@ -- vim:syntax=lua:set ts=4 sw=4: -- Config file example usable for privacy-preserving resolver -- Refer to manual: https://knot-resolver.readthedocs.io/en/stable/ -@config_defaults@ + +-- Network interface configuration +net.listen('127.0.0.1', 53, { kind = 'dns' }) +net.listen('::1', 53, { kind = 'dns'}) +net.listen('127.0.0.1', 853, { kind = 'tls' }) +net.listen('::1', 853, { kind = 'tls' }) -- TLS server configuration -- use this to configure your TLS certificates @@ -26,4 +31,4 @@ policy.add(policy.slice( {'193.17.47.1', hostname='odvr.nic.cz'}, {'185.43.135.1', hostname='odvr.nic.cz'}, }) -)) \ No newline at end of file +)) diff --git a/etc/config/config.splitview.in b/etc/config/config.splitview similarity index 81% rename from etc/config/config.splitview.in rename to etc/config/config.splitview index 7051efa84..2fd2415b4 100644 --- a/etc/config/config.splitview.in +++ b/etc/config/config.splitview @@ -1,15 +1,12 @@ -- vim:syntax=lua:set ts=4 sw=4: -- Config file with split-view for internal zone -- Refer to manual: https://knot-resolver.readthedocs.io/en/stable/ -@config_defaults@ --- For DNS-over-HTTPS and web management when using http module --- modules.load('http') --- http.config({ --- cert = '/etc/knot-resolver/mycert.crt', --- key = '/etc/knot-resolver/mykey.key', --- tls = true, --- }) +-- Network interface configuration +net.listen('127.0.0.1', 53, { kind = 'dns' }) +net.listen('::1', 53, { kind = 'dns'}) +net.listen('127.0.0.1', 853, { kind = 'tls' }) +net.listen('::1', 853, { kind = 'tls' }) -- To disable DNSSEC validation, uncomment the following line (not recommended) -- trust_anchors.remove('.') diff --git a/etc/config/meson.build b/etc/config/meson.build index 85f7a379c..e1623b4b6 100644 --- a/etc/config/meson.build +++ b/etc/config/meson.build @@ -1,26 +1,6 @@ # etc: config examples -# Config snippets (build-dependant) -if systemd_files == 'enabled' - config_defaults = ''' --- Network interface configuration: see kresd.systemd(7)''' -else - config_defaults = ''' --- Listen on localhost -net.listen('127.0.0.1') -net.listen('::1') -net.listen('127.0.0.1', 853, { kind = 'tls' }) -net.listen('::1', 853, { kind = 'tls' }) - --- Extra interfaces for http module --- net.listen('127.0.0.1', 44353, { kind = 'doh' }) --- net.listen('::1', 44353, { kind = 'doh' }) --- net.listen('127.0.0.1', 8453, { kind = 'webmgmt' }) --- net.listen('::1', 8453, { kind = 'webmgmt' })''' -endif - - -# Configure and install config examples +# Install config examples example_configs = [ 'config.cluster', 'config.docker', @@ -31,17 +11,10 @@ example_configs = [ 'config.splitview', ] -conf_config = configuration_data() -conf_config.set('config_defaults', config_defaults) - -foreach config_filename : example_configs - configure_file( - input: config_filename + '.in', - output: config_filename, - configuration: conf_config, - install_dir: examples_dir, - ) -endforeach +install_data( + sources: example_configs, + install_dir: examples_dir, +) # kresd.conf @@ -53,10 +26,9 @@ if get_option('install_kresd_conf') == 'auto' endif if install_kresd_conf - configure_file( - input: 'config.personal.in', - output: 'kresd.conf', - configuration: conf_config, + install_data( + sources: 'config.personal', + rename: 'kresd.conf', install_dir: etc_dir, ) endif -- 2.47.2