Commit 04004355 authored by Petr Špaček's avatar Petr Špaček

Support multiple trust anchors in CONFIG section

parent 61af39b9
......@@ -38,7 +38,7 @@ Create a config file template
If the tested server accepts a config file(s), you have to create a template for it.
Deckard uses the Jinja2_ templating engine (like Ansible or Salt) with several variables that you can use.
It's okay if you don't use them, but expect some tests to fail (i.e. if you don't set the ``TRUST_ANCHOR``,
It's okay if you don't use them, but expect some tests to fail (i.e. if you don't set the ``TRUST_ANCHORS``,
then the DNSSEC tests won't work properly).
- ``ROOT_ADDR`` - root server hint. Port is not set and assumed to be equal to 53.
......@@ -47,7 +47,7 @@ then the DNSSEC tests won't work properly).
- ``WORKING_DIR`` - working directory, equivalent to the value of a ``SOCKET_WRAPPER_DIR``
environment variable.
- ``INSTALL_DIR`` - Deckard home directory
- ``TRUST_ANCHOR`` - a trust anchor in form of a DS record, see `scenario guide <https://gitlab.labs.nic.cz/knot/deckard/blob/master/SCENARIO_GUIDE.rst>`_.
- ``TRUST_ANCHORS`` - list of trust anchors in form of a DS records, see `scenario guide <https://gitlab.labs.nic.cz/knot/deckard/blob/master/SCENARIO_GUIDE.rst>`_.
Setting up the test
^^^^^^^^^^^^^^^^^^^
......@@ -84,7 +84,9 @@ Examples
hints.root({['k.root-servers.net'] = '{{ROOT_ADDR}}'})
option('NO_MINIMIZE', {{NO_MINIMIZE}})
option('ALLOW_LOCAL', true)
trust_anchors.add('{{TRUST_ANCHOR}}')
{% for TA in TRUST_ANCHORS %}
trust_anchors.add('{{TA}}')
{% endfor %}
2. Configuration file example for PowerDNS Recursor [#]_:
......
......@@ -103,7 +103,7 @@ def setup_env(scenario, child_env, config, config_name_list, j2template_list):
child_env["SOCKET_WRAPPER_DEFAULT_IFACE"] = "%i" % CHILD_IFACE
child_env["SOCKET_WRAPPER_DIR"] = TMPDIR
no_minimize = os.environ.get("NO_MINIMIZE", "true")
trust_anchor_str = ""
trust_anchor_list = []
stub_addr = ""
features = {}
feature_list_delimiter = DEFAULT_FEATURE_LIST_DELIM
......@@ -114,7 +114,7 @@ def setup_env(scenario, child_env, config, config_name_list, j2template_list):
if k == 'query-minimization' and str2bool(v):
no_minimize = "false"
elif k == 'trust-anchor':
trust_anchor_str = v.strip('"\'')
trust_anchor_list.append(v.strip('"\''))
elif k == 'val-override-timestamp':
override_timestamp_str = v.strip('"\'')
write_timestamp_file(child_env["FAKETIME_TIMESTAMP_FILE"], int(override_timestamp_str))
......@@ -181,7 +181,7 @@ def setup_env(scenario, child_env, config, config_name_list, j2template_list):
"ROOT_ADDR" : selfaddr,
"SELF_ADDR" : childaddr,
"NO_MINIMIZE" : no_minimize,
"TRUST_ANCHOR" : trust_anchor_str,
"TRUST_ANCHORS" : trust_anchor_list,
"WORKING_DIR" : TMPDIR,
"INSTALL_DIR" : INSTALLDIR,
"FEATURES" : features
......
{{TRUST_ANCHOR}}
{% for TA in TRUST_ANCHORS %}
{{TA}}
{% endfor %}
{% if TRUST_ANCHOR != "" %}
addDS('.', '{{' '.join(TRUST_ANCHOR.split()[4:])}}')
{% endif %}
{% for TA in TRUST_ANCHORS %}
addDS('.', '{{' '.join(TA.split()[4:])}}')
{% endfor %}
......@@ -7,7 +7,9 @@ option('NO_MINIMIZE', {{NO_MINIMIZE}})
option('PERMISSIVE', true)
-- Always retry failing resolver
option('NO_THROTTLE', true)
trust_anchors.add('{{TRUST_ANCHOR}}')
{% for TA in TRUST_ANCHORS %}
trust_anchors.add('{{TA}}')
{% endfor %}
{% if FEATURES.dns64_prefix is defined %}
modules.load( 'dns64')
......
......@@ -66,7 +66,7 @@ daemon=no
#
# disable-packetcache=no
dnssec={% if TRUST_ANCHOR != "" %}validate{%else%}process{%endif%}
dnssec={% if TRUST_ANCHORS|length > 0 %}validate{%else%}process{%endif%}
#################################
# dont-query If set, do not query these netmasks for DNS data
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment