1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
|
net = { '{{SELF_ADDR}}' }
{% if ':' in SELF_ADDR %}
net.outgoing_v6('{{SELF_ADDR}}')
{% else %}
net.outgoing_v4('{{SELF_ADDR}}')
{% endif %}
net.bufsize(4096)
modules = {'stats', 'policy', 'hints'}
-- trace logging for all requests
policy.add(policy.all(policy.DEBUG_ALWAYS))
-- test. domain is used by some tests, allow it
policy.add(policy.suffix(policy.PASS, {todname('test.')}))
{% if FORWARD_ADDR %}
policy.add(policy.all(policy.FORWARD('{{FORWARD_ADDR}}')))
{% endif %}
cache.size = 2*MB
hints.root({['{{ROOT_NAME}}'] = '{{ROOT_ADDR}}'})
{% if QMIN == "false" %}
option('NO_MINIMIZE', true)
{% else %}
option('NO_MINIMIZE', false)
{% endif %}
{% if DO_NOT_QUERY_LOCALHOST == "false" %}
option('ALLOW_LOCAL', true)
{% else %}
option('ALLOW_LOCAL', false)
{% endif %}
{% if HARDEN_GLUE == "true" %}
mode('normal')
{% else %}
mode('permissive')
{% endif %}
-- make sure that value specified at compile-time does not break tests
trust_anchors.remove('.')
{% for TAF in TRUST_ANCHOR_FILES %}
trust_anchors.add_file('{{TAF}}')
{% endfor %}
trust_anchors.set_insecure({
{% for DI in NEGATIVE_TRUST_ANCHORS %}
"{{DI}}",
{% endfor %}
})
{% if DO_IP6 == "true" %}
net.ipv6 = true
{% else %}
net.ipv6 = false
{% endif %}
{% if DO_IP4 == "true" %}
net.ipv4 = true
{% else %}
net.ipv4 = false
{% endif %}
{% if FEATURES.min_ttl is defined %}
cache.min_ttl({{FEATURES.min_ttl}})
{% endif %}
{% if FEATURES.max_ttl is defined %}
cache.max_ttl({{FEATURES.max_ttl}})
{% endif %}
{% if FEATURES.dns64_prefix is defined %}
modules.load( 'dns64')
dns64.config('{{FEATURES.dns64_prefix}}')
{% endif %}
{% if FEATURES.static_hint_name is defined %}
{% if FEATURES.static_hint_addr is defined %}
hints['{{FEATURES.static_hint_name}}'] = '{{FEATURES.static_hint_addr}}'
{% endif %}
{% endif %}
{% if FEATURES.renumber_src is defined %}
{% if FEATURES.renumber_dst is defined %}
modules.load( 'renumber')
renumber.config({{ '{{' }}'{{FEATURES.renumber_src}}','{{FEATURES.renumber_dst}}' {{ '}}' }})
{% endif %}
{% endif %}
{% for policy in FEATURES.policy %}
{{policy}}
{% endfor %}
{% if FEATURES.view is defined %}
modules.load( 'view')
{% for view in FEATURES.view %}
{{view}}
{% endfor %}
{% endif %}
{% if FEATURES.workarounds is defined %}
modules = { 'workarounds < iterate' }
{% endif %}
-- Disable RFC5011 TA update
if ta_update then
modules.unload('ta_update')
end
-- Disable RFC8145 signaling, scenario doesn't provide expected ansers
if ta_signal_query then
modules.unload('ta_signal_query')
end
-- Disable RFC8109 priming, scenario doesn't provide expected ansers
if priming then
modules.unload('priming')
end
-- Disable this module because it make one priming query.
if detect_time_skew then
modules.unload('detect_time_skew')
end
-- Self-checks on globals
assert(help() ~= nil)
assert(worker.id ~= nil)
-- Self-checks on facilities
assert(cache.count() == 0)
assert(cache.stats() ~= nil)
assert(cache.backends() ~= nil)
assert(worker.stats() ~= nil)
assert(net.interfaces() ~= nil)
-- Self-checks on loaded stuff
assert(net.list()[1].transport.ip == '{{SELF_ADDR}}')
assert(#modules.list() > 0)
-- Self-check timers
ev = event.recurrent(1 * sec, function (ev) return 1 end)
event.cancel(ev)
ev = event.after(0, function (ev) return 1 end)
|
