summaryrefslogtreecommitdiffstats
path: root/etc/config/config.docker
diff options
context:
space:
mode:
Diffstat (limited to 'etc/config/config.docker')
-rw-r--r--etc/config/config.docker97
1 files changed, 97 insertions, 0 deletions
diff --git a/etc/config/config.docker b/etc/config/config.docker
new file mode 100644
index 0000000..f631a54
--- /dev/null
+++ b/etc/config/config.docker
@@ -0,0 +1,97 @@
+-- SPDX-License-Identifier: CC0-1.0
+-- vim:syntax=lua:set ts=4 sw=4:
+-- Refer to manual: https://knot-resolver.readthedocs.io/en/stable/
+print('Knot Resolver ' .. package_version())
+
+-- Smaller cache size
+cache.size = 10 * MB
+
+local ffi = require('ffi')
+
+function interactive_mode()
+ -- Listen on all interfaces (localhost would not work in Docker)
+ net.listen('0.0.0.0', 53, { kind = 'dns' })
+ net.listen('0.0.0.0', 853, { kind = 'tls' })
+ net.listen('0.0.0.0', 443, { kind = 'doh2' })
+ net.listen('0.0.0.0', 8453, { kind = 'webmgmt' })
+
+ -- Load Useful modules
+ modules = {
+ 'stats', -- Track internal statistics
+ 'http',
+ }
+
+ function print_help()
+ print('\nUsage\n'
+ .. '=====\n'
+ .. 'Run this container using command:\n'
+ .. '$ docker run -Pti cznic/knot-resolver\n'
+ .. '\n'
+ .. 'Docker will map ports 53, 443, 853, and 8453 to some other numbers, see\n'
+ .. '$ docker ps\n'
+ .. '(column PORTS)\n'
+ .. '53 -> DNS protocol over UDP and TCP\n'
+ .. '443 -> DNS-over-HTTPS protocol\n'
+ .. '853 -> DNS-over-TLS protocol\n'
+ .. '8453 -> web interface\n'
+ .. '\n'
+ .. 'For verbose logging enter following command to prompt below:\n'
+ .. 'log_level("debug")\n')
+ end
+ print_help()
+end
+
+function debug_mode(qname, qtype)
+ event.after(20*sec, function()
+ print('ERROR: timeout which cannot happen actually happened, exiting')
+ os.exit(1)
+ end)
+ env.KRESD_NO_LISTEN = 1
+
+ -- limit noise in verbose logs
+ modules.unload('detect_time_skew')
+ modules.unload('priming')
+ modules.unload('ta_signal_query')
+ modules.unload('ta_update')
+
+ -- always empty cache so this config works reliably outside Docker
+ cache.clear()
+
+ local cqueues = require('cqueues')
+
+ -- execute query right after start up and exit when the query is finished
+ event.after(0, function()
+ log_level('info')
+ policy.add(policy.all(policy.DEBUG_ALWAYS))
+ log_info(ffi.C.LOG_GRP_RESOLVER, 'starting DNS query for %s %s', qname, kres.tostring.type[qtype])
+ local starttime = cqueues.monotime()
+ resolve({
+ name = qname,
+ type = qtype,
+ options = {'DNSSEC_WANT'},
+ finish = function(pkt)
+ -- delay exit after packet is finished
+ -- to prevent us from losing policy.DEBUG finish callback
+ event.after(1, -- millisecond
+ function()
+ local endtime = cqueues.monotime()
+ log_info(ffi.C.LOG_GRP_RESOLVER, 'request finished in %f ms', (endtime - starttime) * 1000)
+ os.exit()
+ end)
+ end
+ })
+ end)
+end
+
+local qname = os.getenv('QNAME')
+local qtype = os.getenv('QTYPE')
+if qname and qtype then
+ qtypenum = kres.type[qtype]
+ if not qtypenum then
+ log_error(ffi.C.LOG_GRP_RESOLVER, 'ERROR: unsupported query type "%s", use TYPE12345 notation', qtype)
+ os.exit()
+ end
+ debug_mode(qname, qtypenum)
+else
+ interactive_mode()
+end
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-12 13:23:44 +0000