1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
|
-- SPDX-License-Identifier: GPL-3.0-or-later
modules = {
'hints > policy',
'policy > iterate',
}
{% if kresd.verbose %}
log_level('debug')
{% endif %}
{% if kresd.ip %}
net.listen('{{ kresd.ip }}', {{ kresd.port }})
net.listen('{{ kresd.ip }}', {{ kresd.tls_port }}, {tls = true})
{% endif %}
{% if kresd.ip6 %}
net.listen('{{ kresd.ip6 }}', {{ kresd.port }})
net.listen('{{ kresd.ip6 }}', {{ kresd.tls_port }}, {tls = true})
{% endif %}
net.ipv4=true
net.ipv6=true
{% if kresd.tls_key_path and kresd.tls_cert_path %}
net.tls("{{ kresd.tls_cert_path }}", "{{ kresd.tls_key_path }}")
net.tls_sticket_secret('0123456789ABCDEF0123456789ABCDEF')
{% endif %}
hints['localhost.'] = '127.0.0.1'
{% for name, ip in kresd.hints.items() %}
hints['{{ name }}'] = '{{ ip }}'
{% endfor %}
policy.add(policy.all(policy.QTRACE))
{% if kresd.forward %}
policy.add(policy.all(
{% if kresd.forward.proto == 'tls' %}
policy.TLS_FORWARD({
{"{{ kresd.forward.ip }}@{{ kresd.forward.port }}", hostname='{{ kresd.forward.hostname}}', ca_file='{{ kresd.forward.ca_file }}'}})
{% endif %}
))
{% endif %}
{% if kresd.policy_test_pass %}
policy.add(policy.suffix(policy.PASS, {todname('test.')}))
{% endif %}
-- EDNS EDE tests
policy.add(policy.suffix(policy.DENY, {todname('deny.test.')}))
policy.add(policy.suffix(policy.REFUSE, {todname('refuse.test.')}))
policy.add(policy.suffix(policy.ANSWER({ [kres.type.A] = { rdata=kres.str2ip('192.0.2.7'), ttl=300 } }), {todname('forge.test.')}))
-- make sure DNSSEC is turned off for tests
trust_anchors.remove('.')
modules.unload("ta_update")
modules.unload("ta_signal_query")
modules.unload("priming")
modules.unload("detect_time_skew")
-- choose a small cache, since it is preallocated
cache.size = 1 * MB
|
