Commit d269cbb5 authored by Petr Špaček's avatar Petr Špaček

Merge branch 'docker_speedup' into 'master'

Dockerfile: optimize dnspython using Cython

See merge request !10
parents 11bc6756 10fed0cf
Pipeline #41266 passed with stages
in 7 minutes and 39 seconds
# see ci/Dockerfile
FROM registry.labs.nic.cz/knot/edns-zone-scanner/ci
# build Cythonized version of dnspython for Python 3 to speed operation on big zones
RUN dnf remove --noautoremove python3-dns -y
RUN dnf install python3-Cython /usr/lib/rpm/redhat/redhat-hardened-cc1 python3-devel -y
RUN pip3 install --install-option="--cython-compile" git+https://github.com/rthalley/dnspython.git
# copy scanner files to /usr/local/bin so they are easy to execute
COPY . /usr/local/bin
......
......@@ -15,6 +15,16 @@ The scanner tool does not check any of these and failure to provide
Software dependencies
---------------------
Easiest way how to get the tool up and running is to use Docker image
from CZ.NIC Docker registry::
$ sudo docker run --network=host -v /home/test:/data registry.labs.nic.cz/knot/edns-zone-scanner/prod
The image has all the tools installed in /usr/local/bin and is ready to run.
If you want to install everything yourself you will need:
1. The EDNS compliance test for single domain is actually done by
ISC's tool genreport which is available from this URL:
https://gitlab.isc.org/isc-projects/DNS-Compliance-Testing
......@@ -24,5 +34,10 @@ Software dependencies
canonicalize zone files with some non-ASCII values.
This breaks processing on certain TLDs so always canonicalize the zone file.
3. ldns command line tool ldns-read-zone for zone canonicalization
3. For big zones it is advisable to compile python-dns library using Cython
as it provides ~ 30 % speedup. (The Docker image already has it.)::
$ pip3 install --install-option="--cython-compile" git+https://github.com/rthalley/dnspython.git
4. ldns command line tool ldns-read-zone for zone canonicalization
and to strip out unnecessary data.
......@@ -25,12 +25,13 @@ Preparation
It is important to check network requirements listed
in file doc/prerequisites.rst!
Once network is ready it might be easiest to use Docker image from CZ.NIC:
Once network is ready it might be easiest to use Docker image from CZ.NIC::
$ sudo docker run --network=host -v /home/test:/data registry.labs.nic.cz/knot/edns-zone-scanner/prod
3. Canonicalize the zone file and strip out unnecessary data
to speed up further processing. Do not skip this step, missing canonicalization
might cause problems down the road:
might cause problems down the road::
$ ldns-read-zone -E SOA -E NS -E A -E AAAA input_zone > zone.nodnssec
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment