From 830407e88f9d40d954356c3754f2647f91d5c06a Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Sun, 7 Apr 2024 17:26:00 +0200 Subject: Adding upstream version 5.6.0. Signed-off-by: Daniel Baumann --- tests/pytests/templates/kresd.conf.j2 | 62 +++++++++++++++++++++++++++++++++++ 1 file changed, 62 insertions(+) create mode 100644 tests/pytests/templates/kresd.conf.j2 (limited to 'tests/pytests/templates/kresd.conf.j2') diff --git a/tests/pytests/templates/kresd.conf.j2 b/tests/pytests/templates/kresd.conf.j2 new file mode 100644 index 0000000..b87515c --- /dev/null +++ b/tests/pytests/templates/kresd.conf.j2 @@ -0,0 +1,62 @@ +-- SPDX-License-Identifier: GPL-3.0-or-later +modules = { + 'hints > policy', + 'policy > iterate', +} + +{% if kresd.verbose %} +log_level('debug') +{% endif %} + +{% if kresd.ip %} +net.listen('{{ kresd.ip }}', {{ kresd.port }}) +net.listen('{{ kresd.ip }}', {{ kresd.tls_port }}, {tls = true}) +{% endif %} + +{% if kresd.ip6 %} +net.listen('{{ kresd.ip6 }}', {{ kresd.port }}) +net.listen('{{ kresd.ip6 }}', {{ kresd.tls_port }}, {tls = true}) +{% endif %} + +net.ipv4=true +net.ipv6=true + +{% if kresd.tls_key_path and kresd.tls_cert_path %} +net.tls("{{ kresd.tls_cert_path }}", "{{ kresd.tls_key_path }}") +net.tls_sticket_secret('0123456789ABCDEF0123456789ABCDEF') +{% endif %} + +hints['localhost.'] = '127.0.0.1' +{% for name, ip in kresd.hints.items() %} +hints['{{ name }}'] = '{{ ip }}' +{% endfor %} + +policy.add(policy.all(policy.QTRACE)) + +{% if kresd.forward %} +policy.add(policy.all( + {% if kresd.forward.proto == 'tls' %} + policy.TLS_FORWARD({ + {"{{ kresd.forward.ip }}@{{ kresd.forward.port }}", hostname='{{ kresd.forward.hostname}}', ca_file='{{ kresd.forward.ca_file }}'}}) + {% endif %} +)) +{% endif %} + +{% if kresd.policy_test_pass %} +policy.add(policy.suffix(policy.PASS, {todname('test.')})) +{% endif %} + +-- EDNS EDE tests +policy.add(policy.suffix(policy.DENY, {todname('deny.test.')})) +policy.add(policy.suffix(policy.REFUSE, {todname('refuse.test.')})) +policy.add(policy.suffix(policy.ANSWER({ [kres.type.A] = { rdata=kres.str2ip('192.0.2.7'), ttl=300 } }), {todname('forge.test.')})) + +-- make sure DNSSEC is turned off for tests +trust_anchors.remove('.') +modules.unload("ta_update") +modules.unload("ta_signal_query") +modules.unload("priming") +modules.unload("detect_time_skew") + +-- choose a small cache, since it is preallocated +cache.size = 1 * MB -- cgit v1.2.3