... | ... | @@ -12,17 +12,19 @@ Knot DNS. |
|
|
|
|
|
## Proposed implementation
|
|
|
|
|
|
The proposed implementation utilizes existing ACLs with to build matching rules for views. The
|
|
|
views are defined in a new configuration section *view* and are process in order according to
|
|
|
their binary (alphabetically) ordered unique identifiers. The only attribute of the view is the
|
|
|
*acl* attribute which carries a list of ACLs to match. The **first matching ACL** determines the
|
|
|
view, **any ACL** in a view can match.
|
|
|
The proposed implementation utilizes existing ACLs to build matching rules for views. The views
|
|
|
are defined in a new configuration section *view*. Each view has two attributes: The *priority*
|
|
|
attribute to control order of evaluation and the *acl* attribute carrying a list of ACLs to match.
|
|
|
|
|
|
The views are sorted by a compound key *(priority, id)* in ascending order and evaluated
|
|
|
sequentially. The **first matching ACL** determines the view, **any ACL** in a view can match.
|
|
|
|
|
|
The new syntax is as follows:
|
|
|
|
|
|
```
|
|
|
view:
|
|
|
- id: STR
|
|
|
priority: NUM
|
|
|
acl: acl_id ...
|
|
|
```
|
|
|
|
... | ... | @@ -51,6 +53,7 @@ For backward compatibility, the defaults are defined as follows: |
|
|
```
|
|
|
view:
|
|
|
- id: default
|
|
|
priority: 0
|
|
|
acl: []
|
|
|
|
|
|
template:
|
... | ... | @@ -77,19 +80,21 @@ acl: |
|
|
action: query
|
|
|
|
|
|
view:
|
|
|
- id: 00_internal
|
|
|
- id: internal
|
|
|
priority: 1
|
|
|
acl: interal_clients
|
|
|
- id: 99_external
|
|
|
- id: external
|
|
|
priority: 2
|
|
|
|
|
|
zone:
|
|
|
- domain: acme.test
|
|
|
view: 99_external
|
|
|
view: external
|
|
|
file: acme.test.zone
|
|
|
- domain: acme.test@internal
|
|
|
view: 00_internal
|
|
|
view: internal
|
|
|
file: int/acme.test.zone
|
|
|
- domain: int.acme.test
|
|
|
view: 00_internal
|
|
|
view: internal
|
|
|
file: int/int.acme.test.zone
|
|
|
```
|
|
|
|
... | ... | @@ -119,26 +124,30 @@ acl: |
|
|
action: query
|
|
|
|
|
|
view:
|
|
|
- id: 00_admin
|
|
|
- id: admin
|
|
|
priority: 0
|
|
|
acl: admins
|
|
|
- id: 01_office
|
|
|
- id: office
|
|
|
priority: 1
|
|
|
acl: office
|
|
|
- id: 02_lab
|
|
|
- id: lab
|
|
|
priority: 2
|
|
|
acl: lab
|
|
|
- id: 99_external
|
|
|
- id: external
|
|
|
priority: 100
|
|
|
|
|
|
zone:
|
|
|
- domain: acme.test
|
|
|
view: 99_external
|
|
|
view: external
|
|
|
file: acme.test.zone
|
|
|
- domain: acme.test@internal
|
|
|
view: [00_admin, 01_office, 02_lab]
|
|
|
view: [admin, office, lab]
|
|
|
file: int/acme.test.zone
|
|
|
- domain: int.acme.test
|
|
|
view: [00_admin, 01_office, 02_lab]
|
|
|
view: [admin, office, lab]
|
|
|
file: int/acme.test.zone
|
|
|
- domain: builds.acme.test
|
|
|
view: [00_admin, 02_lab]
|
|
|
view: [admin, lab]
|
|
|
file: builds.acme.test.zone
|
|
|
```
|
|
|
|
... | ... | @@ -177,17 +186,19 @@ acl: |
|
|
action: query
|
|
|
|
|
|
view:
|
|
|
- id: 00_internal
|
|
|
- id: internal
|
|
|
priority: 1
|
|
|
acl: [query_from_internal_client, query_from_slave_internal]
|
|
|
- id: 99_external
|
|
|
- id: external
|
|
|
priority: 2
|
|
|
|
|
|
template:
|
|
|
- id: default
|
|
|
view: 00_internal
|
|
|
view: internal
|
|
|
file: "/var/lib/knot/int_%s.zone"
|
|
|
acl: [transfer_to_slave]
|
|
|
- id: external
|
|
|
view: 99_external
|
|
|
view: external
|
|
|
file: "/var/lib/knot/ext_%s.zone"
|
|
|
acl: [transfer_to_slave]
|
|
|
|
... | ... | @@ -215,11 +226,11 @@ remote: |
|
|
|
|
|
template:
|
|
|
- id: default
|
|
|
view: 00_internal
|
|
|
view: internal
|
|
|
file: "/var/lib/knot/int_%s.zone"
|
|
|
master: master_as_internal
|
|
|
- id: external
|
|
|
view: 99_external
|
|
|
view: external
|
|
|
file: "/var/lib/knot/ext_%s.zone"
|
|
|
master: master_as_external
|
|
|
|
... | ... | @@ -273,4 +284,4 @@ zone: |
|
|
template: external
|
|
|
- domain: acme.test
|
|
|
- domain: int.acme.test
|
|
|
``` |
|
|
\ No newline at end of file |
|
|
``` |