In order to be consistent throughout the datamodel, it will only be possible to enable individual resolver features using the 'enable' option.
- /webmgmt
- Renamed/moved options in the declarative configuration model (YAML). (!1672)
- /cache/garbage-collector -> /cache/garbage-collector/enable
+ - /cache/prefetch/prediction -> /cache/prefetch/prediction/enable
- /dns64: true|false -> /dns64/enable: true|false
- /dns64/rev-ttl -> /dns64/reverse-ttl
- /dnssec: true|false -> /dnssec/enable: true|false
- /dnssec/keep-removed -> /dnssec/trust-anchors-keep-removed
- /dnssec/trust-anchor-sentinel -> /dnssec/sentinel
- /dnssec/trust-anchor-signal-query -> /dnssec/signal-query
+ - /logging/dnstap -> /logging/dnstap/enable
- /logging/dnssec-bogus -> /dnssec/log-bogus
- /monitoring/enabled -> /monitoring/metrics
- /monitoring/graphite -> /monitoring/graphite/enable
+ - /network/proxy_protocol -> /network/proxy_protocol/enable
- /network/tls/files-watchdog -> /network/tls/watchdog
- /rate-limiting -> /rate-limiting/enable
}
},
"proxy-protocol": {
- "anyOf": [
- {
- "type": "string",
- "enum": [
- false
- ]
+ "description": "PROXYv2 protocol configuration.",
+ "type": "object",
+ "properties": {
+ "enable": {
+ "type": "boolean",
+ "description": "Enable/disable PROXYv2 protocol.",
+ "default": false
},
- {
- "description": "PROXYv2 protocol configuration.",
- "type": "object",
- "properties": {
- "allow": {
- "type": "array",
- "items": {
- "anyOf": [
- {
- "type": "string"
- },
- {
- "type": "string"
- },
- {
- "type": "string"
- }
- ]
+ "allow": {
+ "type": [
+ "array",
+ "null"
+ ],
+ "items": {
+ "anyOf": [
+ {
+ "type": "string"
},
- "description": "Allow usage of the PROXYv2 protocol headers by clients on the specified addresses."
- }
- }
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ]
+ },
+ "description": "Allow usage of the PROXYv2 protocol headers by clients on the specified addresses.",
+ "default": null
}
- ],
- "description": "PROXYv2 protocol configuration.",
- "default": false
+ },
+ "default": {
+ "enable": false,
+ "allow": null
+ }
},
"listen": {
"type": "array",
"sticket_secret_file": null,
"padding": true
},
- "proxy_protocol": false,
+ "proxy_protocol": {
+ "enable": false,
+ "allow": null
+ },
"listen": [
{
"interface": [
},
"prediction": {
"description": "Prefetch record by predicting based on usage patterns and repetitive queries.",
- "type": [
- "object",
- "null"
- ],
+ "type": "object",
"properties": {
+ "enable": {
+ "type": "boolean",
+ "description": "Enable/disable prediction.",
+ "default": false
+ },
"window": {
"type": "string",
"pattern": "^(\\d+)(us|ms|s|m|h|d)$",
"default": 24
}
},
- "default": null
+ "default": {
+ "enable": false,
+ "window": "15m",
+ "period": 24
+ }
}
},
"default": {
"expiring": false,
- "prediction": null
+ "prediction": {
+ "enable": false,
+ "window": "15m",
+ "period": 24
+ }
}
}
},
"prefill": null,
"prefetch": {
"expiring": false,
- "prediction": null
+ "prediction": {
+ "enable": false,
+ "window": "15m",
+ "period": 24
+ }
}
}
},
"default": null
},
"dnstap": {
- "anyOf": [
- {
- "type": "string",
- "enum": [
- false
- ]
+ "description": "Logging DNS requests and responses to a unix socket.",
+ "type": "object",
+ "properties": {
+ "enable": {
+ "type": "boolean",
+ "description": "Enable/disable DNS queries logging.",
+ "default": false
},
- {
- "description": "Logging DNS queries and responses to a unix socket.",
- "type": "object",
- "properties": {
- "unix-socket": {
- "type": "string",
- "description": "Path to unix domain socket where dnstap messages will be sent."
- },
- "log-queries": {
- "type": "boolean",
- "description": "Log queries from downstream in wire format.",
- "default": true
- },
- "log-responses": {
- "type": "boolean",
- "description": "Log responses to downstream in wire format.",
- "default": true
- },
- "log-tcp-rtt": {
- "type": "boolean",
- "description": "Log TCP RTT (Round-trip time).",
- "default": true
- }
- }
+ "unix-socket": {
+ "type": [
+ "string",
+ "null"
+ ],
+ "description": "Path to unix domain socket where dnstap messages will be sent.",
+ "default": null
+ },
+ "log-queries": {
+ "type": "boolean",
+ "description": "Log queries from downstream in wire format.",
+ "default": true
+ },
+ "log-responses": {
+ "type": "boolean",
+ "description": "Log responses to downstream in wire format.",
+ "default": true
+ },
+ "log-tcp-rtt": {
+ "type": "boolean",
+ "description": "Log TCP RTT (Round-trip time).",
+ "default": true
}
- ],
- "description": "Logging DNS requests and responses to a unix socket.",
- "default": false
+ },
+ "default": {
+ "enable": false,
+ "unix_socket": null,
+ "log_queries": true,
+ "log_responses": true,
+ "log_tcp_rtt": true
+ }
}
},
"default": {
"level": "notice",
"target": "stdout",
"groups": null,
- "dnstap": false
+ "dnstap": {
+ "enable": false,
+ "unix_socket": null,
+ "log_queries": true,
+ "log_responses": true,
+ "log_tcp_rtt": true
+ }
}
},
"monitoring": {
prefetch:
# this mode is NOT RECOMMENDED for use in production
prediction:
- window: 15m # 15 minutes sampling window
- period: 24 # track last 6 hours
+ enable: true
+ # optionally, you can edit prediction configuration
+ window: 15m # default, 15 minutes sampling window
+ period: 24 # default, track last 6 hours
Window length is in minutes, period is a number of windows that can be kept in memory.
logging:
dnstap:
+ enable: true
unix-socket: /tmp/dnstap.sock
# by default log is enabled for all
log-queries: true
network:
proxy-protocol:
+ enable: true
allow:
- 172.22.0.1 # allows '172.22.0.1' specifically
- 172.18.1.0/24 # allows everyone at '172.18.1.*'
cache:
garbage-collector:
interval: 2s
+ prefetch:
+ prediction:
+ window: 15m
+ period: 24
dns64:
rev-ttl: 1d
- rfa.zone
logging:
+ dnstap:
+ unix-socket: dnstap.sock
dnssec-bogus: true
debugging:
assertion-abort: false
host: 127.0.0.1
network:
+ proxy-protocol:
+ allow: [172.22.0.1]
tls:
auto-discovery: true
files-watchdog: true
cache:
garbage-collector: false
+ prefetch:
+ prediction: null
dns64: true
dnssec: false
+logging:
+ dnstap: null
+
monitoring:
graphite: false
+
+network:
+ proxy-protocol: null
_add(new, "/cache/garbage-collector/enable", False)
else:
_add(new, "/cache/garbage-collector/enable", True)
+ prefetch_key = "prefetch"
+ if prefetch_key in new[cache_key]:
+ prediction_key = "prediction"
+ if prediction_key in new[cache_key][prefetch_key]:
+ prediction = new[cache_key][prefetch_key][prediction_key]
+ if prediction is None:
+ _add(new, "/cache/prefetch/prediction/enable", False)
+ else:
+ _add(new, "/cache/prefetch/prediction/enable", True)
dns64_key = "dns64"
if dns64_key in new:
if new[dns64_key] is False:
_rename(new, "/dnssec/keep-removed", "/dnssec/trust-anchors-keep-removed")
_rename(new, "/dnssec/trust-anchor-sentinel", "/dnssec/sentinel")
_rename(new, "/dnssec/trust-anchor-signal-query", "/dnssec/signal-query")
+ logging_key = "logging"
+ if logging_key in new:
+ dnstap_key = "dnstap"
+ if dnstap_key in new[logging_key]:
+ dnstap = new[logging_key][dnstap_key]
+ if dnstap is None:
+ _add(new, "/logging/dnstap/enable", False)
+ else:
+ _add(new, "/logging/dnstap/enable", True)
+
_rename(new, "/logging/dnssec-bogus", "/dnssec/log-bogus")
_rename(new, "/monitoring/enabled", "/monitoring/metrics")
monitoring_key = "monitoring"
_add(new, "/monitoring/graphite/enable", False)
else:
_add(new, "/monitoring/graphite/enable", True)
+ network_key = "network"
+ if network_key in new:
+ proxy_protocol_key = "proxy-protocol"
+ if proxy_protocol_key in new[network_key]:
+ proxy_protocol = new[network_key][proxy_protocol_key]
+ if proxy_protocol is None:
+ _add(new, "/network/proxy-protocol/enable", False)
+ else:
+ _add(new, "/network/proxy-protocol/enable", True)
_rename(new, "/network/tls/files-watchdog", "/network/tls/watchdog")
rate_limiting_key = "rate-limiting"
if rate_limiting_key in new:
Helps keep the cache hot by prefetching expiring records and learning usage patterns and repetitive queries.
---
+ enable: Enable/disable prediction.
window: Sampling window length.
period: Number of windows that can be kept in memory.
"""
+ enable: bool = False
window: TimeUnit = TimeUnit("15m")
period: IntPositive = IntPositive(24)
"""
expiring: bool = False
- prediction: Optional[PredictionSchema] = None
+ prediction: PredictionSchema = PredictionSchema()
class CacheSchema(ConfigSchema):
Logging DNS queries and responses to a unix socket.
---
+ enable: Enable/disable DNS queries logging.
unix_socket: Path to unix domain socket where dnstap messages will be sent.
log_queries: Log queries from downstream in wire format.
log_responses: Log responses to downstream in wire format.
log_tcp_rtt: Log TCP RTT (Round-trip time).
"""
- unix_socket: WritableFilePath
+ enable: bool = False
+ unix_socket: Optional[WritableFilePath] = None
log_queries: bool = True
log_responses: bool = True
log_tcp_rtt: bool = True
+ def _validate(self) -> None:
+ if self.enable and self.unix_socket is None:
+ raise ValueError("DNS queries logging enabled, but 'unix-socket' not specified")
+
class LoggingSchema(ConfigSchema):
class Raw(ConfigSchema):
level: LogLevelEnum = "notice"
target: Union[LogTargetEnum, Literal["from-env"]] = "from-env"
groups: Optional[List[LogGroupsEnum]] = None
- dnstap: Union[Literal[False], DnstapSchema] = False
+ dnstap: DnstapSchema = DnstapSchema()
_LAYER = Raw
level: LogLevelEnum
target: LogTargetEnum
groups: Optional[List[LogGroupsEnum]]
- dnstap: Union[Literal[False], DnstapSchema]
+ dnstap: DnstapSchema
def _target(self, raw: Raw) -> LogTargetEnum:
if raw.target == "from-env":
PROXYv2 protocol configuration.
---
+ enable: Enable/disable PROXYv2 protocol.
allow: Allow usage of the PROXYv2 protocol headers by clients on the specified addresses.
"""
- allow: List[Union[IPAddress, IPNetwork]]
+ enable: bool = False
+ allow: Optional[List[Union[IPAddress, IPNetwork]]] = None
class NetworkSchema(ConfigSchema):
edns_buffer_size: EdnsBufferSizeSchema = EdnsBufferSizeSchema()
address_renumbering: Optional[List[AddressRenumberingSchema]] = None
tls: TLSSchema = TLSSchema()
- proxy_protocol: Union[Literal[False], ProxyProtocolSchema] = False
+ proxy_protocol: ProxyProtocolSchema = ProxyProtocolSchema()
listen: List[ListenSchema] = [
ListenSchema({"interface": "127.0.0.1"}),
ListenSchema({"interface": "::1", "freebind": True}),
modules.load('prefetch')
{% endif %}
-{% if cfg.cache.prefetch.prediction %}
+{% if cfg.cache.prefetch.prediction.enable %}
-- cache.prefetch.prediction
modules.load('predict')
predict.config({
})
{% endif %}
-{% if cfg.logging.dnstap -%}
+{% if cfg.logging.dnstap.enable -%}
-- logging.dnstap
modules.load('dnstap')
dnstap.config({
{{ http_config(cfg.network.tls,"doh_legacy") }}
{% endif %}
-{% if cfg.network.proxy_protocol %}
+{% if cfg.network.proxy_protocol.enable %}
-- network.proxy-protocol
net.proxy_allowed({
{% for item in cfg.network.proxy_protocol.allow %}
subnets: List[IPNetwork]
dst_subnet: Optional[IPNetwork] = None # could be a list as well, iterated in template
protocols: Optional[List[Literal["udp53", "tcp53", "dot", "doh", "doq"]]] = None
-
tags: Optional[List[IDPattern]] = None
answer: Optional[Literal["allow", "refused", "noanswer"]] = None
options: ViewOptionsSchema = ViewOptionsSchema()
projects / thirdparty / knot-resolver.git / commitdiff
