Commit a6f174ac authored by Daniel Salzman's avatar Daniel Salzman

conf: optimize configuration scheme

RENAME
------
server:
  asynchronous-start -> async-start
  rate-limit-size -> rate-limit-table-size
zone:
  dnssec-enable -> dnssec-signing
  ixfr-fslimit -> max-journal-size

REMOVE
------
zone:
  notify-timeout
  notify-retries
  signature-lifetime
parent cda91002
......@@ -56,7 +56,7 @@ A ``default`` template identifier is reserved for the default template::
- id: signed
storage: /var/lib/knot/signed
dnssec-enable: on
dnssec-signing: on
semantic-checks: on
- id: slave
......@@ -268,7 +268,7 @@ can operate in two modes:
according to assigned policy and are rolled automatically in a safe manner.
No zone operator intervention is necessary.
The DNSSEC signing is controlled by the :ref:`template_dnssec-enable` and
The DNSSEC signing is controlled by the :ref:`template_dnssec-signing` and
:ref:`template_kasp_db` configuration options. The first option states
if the signing is enabled for a particular zone, the second option points to
a KASP database holding the signing configuration.
......@@ -284,7 +284,7 @@ default template, but the signing is explicitly disabled for zone
template:
- id: default
dnssec-enable: on
dnssec-signing: on
kasp-db: /var/lib/knot/kasp
zone:
......@@ -293,7 +293,7 @@ default template, but the signing is explicitly disabled for zone
- domain: example.dev
file: example.dev.zone
dnssec-enable: off
dnssec-signing: off
.. _dnssec-kasp:
......@@ -366,7 +366,7 @@ The configuration fragment might look similar to::
zone:
- domain: myzone.test
dnssec-enable: on
dnssec-signing: on
Finally, reload the server:
......
......@@ -116,7 +116,7 @@ server:
pidfile: STR
workers: INT
background\-workers: INT
asynchronous\-start: BOOL
async\-start: BOOL
max\-conn\-idle: TIME
max\-conn\-handshake: TIME
max\-conn\-reply: TIME
......@@ -125,7 +125,7 @@ server:
transfers: INT
rate\-limit: INT
rate\-limit\-slip: INT
rate\-limit\-size: INT
rate\-limit\-table\-size: INT
listen: ADDR[@INT] ...
.ft P
.fi
......@@ -178,7 +178,7 @@ A number of workers (threads) used to execute background operations (zone
loading, zone updates, etc.).
.sp
Default: auto\-estimated optimal value based on the number of online CPUs
.SS asynchronous\-start
.SS async\-start
.sp
If enabled, server doesn\(aqt wait for the zones to be loaded and starts
responding immediately with SERVFAIL answers until the zone loads.
......@@ -227,13 +227,13 @@ response is rejected or enters \fI\%SLIP\fP
is recalculated each second.
.sp
Default: 0 (disabled)
.SS rate\-limit\-size
.SS rate\-limit\-table\-size
.sp
Size of hashtable buckets. The larger the hashtable, the lesser probability
of a hash collision, but at the expense of additional memory costs. Each bucket
is estimated roughly to 32 bytes. Size should be selected as a reasonably large
prime due to the better hash function distribution properties. Hash table is
internally chained and works well up to a fill rate of 90 %, general
Size of the hashtable in number of buckets. The larger the hashtable, the lesser
probability of a hash collision, but at the expense of additional memory costs.
Each bucket is estimated roughly to 32 bytes. Size should be selected as
a reasonably large prime due to the better hash function distribution properties.
Hash table is internally chained and works well up to a fill rate of 90 %, general
rule of thumb is to select a prime near 1.2 * maximum_qps.
.sp
Default: 393241
......@@ -433,14 +433,11 @@ template:
acl: acl_id ...
semantic\-checks: BOOL
disable\-any: BOOL
notify\-timeout: TIME
notify\-retries: INT
zonefile\-sync: TIME
ixfr\-from\-differences: BOOL
ixfr\-fslimit: SIZE
dnssec\-enable: BOOL
max\-journal\-size: SIZE
dnssec\-signing: BOOL
kasp\-db: STR
signature\-lifetime: TIME
serial\-policy: increment | unixtime
module: STR/STR ...
.ft P
......@@ -537,16 +534,6 @@ with an empty response and with the TC bit set. Use this option to minimize
the risk of DNS reflection attack.
.sp
Default: off
.SS notify\-timeout
.sp
The time how long will server wait for a notify response.
.sp
Default: 60
.SS notify\-retries
.sp
The number of retries the server sends a notify message.
.sp
Default: 5
.SS zonefile\-sync
.sp
The time after which the current zone in memory will be synced to zone file
......@@ -567,31 +554,22 @@ zone file upon server reload. This option is only relevant if the server
is a master server for the zone.
.sp
Default: off
.SS ixfr\-fslimit
.SS max\-journal\-size
.sp
Maximum zone journal file.
Maximum size of the zone journal file.
.sp
Default: unlimited
.SS dnssec\-enable
.SS dnssec\-signing
.sp
If enabled, automatic DNSSEC signing for the zone is turned on.
.sp
Default: off
.SS kasp_db
.SS kasp\-db
.sp
A KASP database path. Non absolute path is relative to
\fI\%storage\fP\&.
.sp
Default: \fI\%storage\fP/keys
.SS signature\-lifetime
.sp
The time how long the automatically generated DNSSEC signatures should be valid.
Expiration will thus be set as current time (in the moment of signing)
+ \fBsignature\-lifetime\fP\&. The signatures are refreshed one tenth of the
signature lifetime before the signature expiration (i.e. 3 days before the
expiration with the default value). Minimum possible value is 10801.
.sp
Default: 30 * 24 * 3600
.SS serial\-policy
.sp
Specifies how the zone serial is updated after a dynamic update or
......
......@@ -39,7 +39,7 @@ generated by Bind.
4. Add the zone into the Knot DNS configuration file. Zone
configuration should contain at least specification of the zone
file (option ``file``), key directory (option ``kasp-db``),
and enable automatic DNSSEC signing (option ``dnssec-enable``).
and enable automatic DNSSEC signing (option ``dnssec-signing``).
You can follow this example::
......@@ -47,7 +47,7 @@ generated by Bind.
- domain: "example.com."
file: "example.com.db"
storage: "/var/lib/knot"
dnssec-enable: on
dnssec-signing: on
kasp-db: "example.com.keys"
5. Start Knot DNS and check the log files to make sure that everything went right.
......@@ -85,7 +85,7 @@ General options related to the server.
pidfile: STR
workers: INT
background-workers: INT
asynchronous-start: BOOL
async-start: BOOL
max-conn-idle: TIME
max-conn-handshake: TIME
max-conn-reply: TIME
......@@ -94,7 +94,7 @@ General options related to the server.
transfers: INT
rate-limit: INT
rate-limit-slip: INT
rate-limit-size: INT
rate-limit-table-size: INT
listen: ADDR[@INT] ...
.. _server_identity:
......@@ -176,10 +176,10 @@ loading, zone updates, etc.).
Default: auto-estimated optimal value based on the number of online CPUs
.. _server_asynchronous-start:
.. _server_async-start:
asynchronous-start
------------------
async-start
-----------
If enabled, server doesn't wait for the zones to be loaded and starts
responding immediately with SERVFAIL answers until the zone loads.
......@@ -253,16 +253,16 @@ is recalculated each second.
Default: 0 (disabled)
.. _server_rate-limit-size:
.. _server_rate-limit-table-size:
rate-limit-size
---------------
rate-limit-table-size
---------------------
Size of hashtable buckets. The larger the hashtable, the lesser probability
of a hash collision, but at the expense of additional memory costs. Each bucket
is estimated roughly to 32 bytes. Size should be selected as a reasonably large
prime due to the better hash function distribution properties. Hash table is
internally chained and works well up to a fill rate of 90 %, general
Size of the hashtable in number of buckets. The larger the hashtable, the lesser
probability of a hash collision, but at the expense of additional memory costs.
Each bucket is estimated roughly to 32 bytes. Size should be selected as
a reasonably large prime due to the better hash function distribution properties.
Hash table is internally chained and works well up to a fill rate of 90 %, general
rule of thumb is to select a prime near 1.2 * maximum_qps.
Default: 393241
......@@ -518,14 +518,11 @@ configuration if a zone doesn't have a teplate specified.
acl: acl_id ...
semantic-checks: BOOL
disable-any: BOOL
notify-timeout: TIME
notify-retries: INT
zonefile-sync: TIME
ixfr-from-differences: BOOL
ixfr-fslimit: SIZE
dnssec-enable: BOOL
max-journal-size: SIZE
dnssec-signing: BOOL
kasp-db: STR
signature-lifetime: TIME
serial-policy: increment | unixtime
module: STR/STR ...
......@@ -625,24 +622,6 @@ the risk of DNS reflection attack.
Default: off
.. _template_notify-timeout:
notify-timeout
--------------
The time how long will server wait for a notify response.
Default: 60
.. _template_notify-retries:
notify-retries
--------------
The number of retries the server sends a notify message.
Default: 5
.. _template_zonefile-sync:
zonefile-sync
......@@ -671,19 +650,19 @@ is a master server for the zone.
Default: off
.. _template_ixfr-fslimit:
.. _template_max_journal_size:
ixfr-fslimit
------------
max-journal-size
----------------
Maximum zone journal file.
Maximum size of the zone journal file.
Default: unlimited
.. _template_dnssec-enable:
.. _template_dnssec-signing:
dnssec-enable
-------------
dnssec-signing
--------------
If enabled, automatic DNSSEC signing for the zone is turned on.
......@@ -691,7 +670,7 @@ Default: off
.. _template_kasp_db:
kasp_db
kasp-db
-------
A KASP database path. Non absolute path is relative to
......@@ -699,19 +678,6 @@ A KASP database path. Non absolute path is relative to
Default: :ref:`storage<template_storage>`/keys
.. _template_signature-lifetime:
signature-lifetime
------------------
The time how long the automatically generated DNSSEC signatures should be valid.
Expiration will thus be set as current time (in the moment of signing)
+ ``signature-lifetime``. The signatures are refreshed one tenth of the
signature lifetime before the signature expiration (i.e. 3 days before the
expiration with the default value). Minimum possible value is 10801.
Default: 30 * 24 * 3600
.. _template_serial-policy:
serial-policy
......
......@@ -71,29 +71,29 @@ static const lookup_table_t log_severities[] = {
};
static const yp_item_t desc_server[] = {
{ C_IDENT, YP_TSTR, YP_VNONE },
{ C_VERSION, YP_TSTR, YP_VNONE },
{ C_NSID, YP_TDATA, YP_VDATA = { 0, NULL, hex_text_to_bin,
hex_text_to_txt } },
{ C_RUNDIR, YP_TSTR, YP_VSTR = { RUN_DIR } },
{ C_USER, YP_TSTR, YP_VNONE },
{ C_PIDFILE, YP_TSTR, YP_VSTR = { "knot.pid" } },
{ C_WORKERS, YP_TINT, YP_VINT = { 1, 255, YP_NIL } },
{ C_BG_WORKERS, YP_TINT, YP_VINT = { 1, 255, YP_NIL } },
{ C_ASYNC_START, YP_TBOOL, YP_VNONE },
{ C_MAX_CONN_IDLE, YP_TINT, YP_VINT = { 0, INT32_MAX, 20, YP_STIME } },
{ C_MAX_CONN_HANDSHAKE, YP_TINT, YP_VINT = { 0, INT32_MAX, 5, YP_STIME } },
{ C_MAX_CONN_REPLY, YP_TINT, YP_VINT = { 0, INT32_MAX, 10, YP_STIME } },
{ C_MAX_TCP_CLIENTS, YP_TINT, YP_VINT = { 0, INT32_MAX, 100 } },
{ C_MAX_UDP_PAYLOAD, YP_TINT, YP_VINT = { KNOT_EDNS_MIN_UDP_PAYLOAD,
KNOT_EDNS_MAX_UDP_PAYLOAD,
4096, YP_SSIZE } },
{ C_TRANSFERS, YP_TINT, YP_VINT = { 1, INT32_MAX, 10 } },
{ C_RATE_LIMIT, YP_TINT, YP_VINT = { 0, INT32_MAX, 0 } },
{ C_RATE_LIMIT_SLIP, YP_TINT, YP_VINT = { 1, RRL_SLIP_MAX, 1 } },
{ C_RATE_LIMIT_SIZE, YP_TINT, YP_VINT = { 1, INT32_MAX, 393241 } },
{ C_LISTEN, YP_TADDR, YP_VADDR = { 53 }, YP_FMULTI },
{ C_COMMENT, YP_TSTR, YP_VNONE },
{ C_IDENT, YP_TSTR, YP_VNONE },
{ C_VERSION, YP_TSTR, YP_VNONE },
{ C_NSID, YP_TDATA, YP_VDATA = { 0, NULL, hex_text_to_bin,
hex_text_to_txt } },
{ C_RUNDIR, YP_TSTR, YP_VSTR = { RUN_DIR } },
{ C_USER, YP_TSTR, YP_VNONE },
{ C_PIDFILE, YP_TSTR, YP_VSTR = { "knot.pid" } },
{ C_WORKERS, YP_TINT, YP_VINT = { 1, 255, YP_NIL } },
{ C_BG_WORKERS, YP_TINT, YP_VINT = { 1, 255, YP_NIL } },
{ C_ASYNC_START, YP_TBOOL, YP_VNONE },
{ C_MAX_CONN_IDLE, YP_TINT, YP_VINT = { 0, INT32_MAX, 20, YP_STIME } },
{ C_MAX_CONN_HANDSHAKE, YP_TINT, YP_VINT = { 0, INT32_MAX, 5, YP_STIME } },
{ C_MAX_CONN_REPLY, YP_TINT, YP_VINT = { 0, INT32_MAX, 10, YP_STIME } },
{ C_MAX_TCP_CLIENTS, YP_TINT, YP_VINT = { 0, INT32_MAX, 100 } },
{ C_MAX_UDP_PAYLOAD, YP_TINT, YP_VINT = { KNOT_EDNS_MIN_UDP_PAYLOAD,
KNOT_EDNS_MAX_UDP_PAYLOAD,
4096, YP_SSIZE } },
{ C_TRANSFERS, YP_TINT, YP_VINT = { 1, INT32_MAX, 10 } },
{ C_RATE_LIMIT, YP_TINT, YP_VINT = { 0, INT32_MAX, 0 } },
{ C_RATE_LIMIT_SLIP, YP_TINT, YP_VINT = { 1, RRL_SLIP_MAX, 1 } },
{ C_RATE_LIMIT_TBL_SIZE, YP_TINT, YP_VINT = { 1, INT32_MAX, 393241 } },
{ C_LISTEN, YP_TADDR, YP_VADDR = { 53 }, YP_FMULTI },
{ C_COMMENT, YP_TSTR, YP_VNONE },
{ NULL }
};
......@@ -131,24 +131,21 @@ static const yp_item_t desc_remote[] = {
};
#define ZONE_ITEMS \
{ C_STORAGE, YP_TSTR, YP_VSTR = { STORAGE_DIR } }, \
{ C_MASTER, YP_TREF, YP_VREF = { C_RMT }, YP_FMULTI, { check_ref } }, \
{ C_NOTIFY, YP_TREF, YP_VREF = { C_RMT }, YP_FMULTI, { check_ref } }, \
{ C_ACL, YP_TREF, YP_VREF = { C_ACL }, YP_FMULTI, { check_ref } }, \
{ C_SEM_CHECKS, YP_TBOOL, YP_VNONE }, \
{ C_DISABLE_ANY, YP_TBOOL, YP_VNONE }, \
{ C_NOTIFY_TIMEOUT, YP_TINT, YP_VINT = { 1, INT32_MAX, 60, YP_STIME } }, \
{ C_NOTIFY_RETRIES, YP_TINT, YP_VINT = { 1, INT32_MAX, 5 } }, \
{ C_ZONEFILE_SYNC, YP_TINT, YP_VINT = { 0, INT32_MAX, 0, YP_STIME } }, \
{ C_IXFR_DIFF, YP_TBOOL, YP_VNONE }, \
{ C_IXFR_FSLIMIT, YP_TINT, YP_VINT = { 0, INT64_MAX, INT64_MAX, YP_SSIZE } }, \
{ C_DNSSEC_ENABLE, YP_TBOOL, YP_VNONE }, \
{ C_KASP_DB, YP_TSTR, YP_VSTR = { "keys" } }, \
{ C_SIG_LIFETIME, YP_TINT, YP_VINT = { 3 * 3600, INT32_MAX, 30 * 24 * 3600, YP_STIME } }, \
{ C_SERIAL_POLICY, YP_TOPT, YP_VOPT = { serial_policies, SERIAL_POLICY_INCREMENT } }, \
{ C_MODULE, YP_TDATA, YP_VDATA = { 0, NULL, mod_id_to_bin, mod_id_to_txt }, \
YP_FMULTI, { check_modref } }, \
{ C_COMMENT, YP_TSTR, YP_VNONE },
{ C_STORAGE, YP_TSTR, YP_VSTR = { STORAGE_DIR } }, \
{ C_MASTER, YP_TREF, YP_VREF = { C_RMT }, YP_FMULTI, { check_ref } }, \
{ C_NOTIFY, YP_TREF, YP_VREF = { C_RMT }, YP_FMULTI, { check_ref } }, \
{ C_ACL, YP_TREF, YP_VREF = { C_ACL }, YP_FMULTI, { check_ref } }, \
{ C_SEM_CHECKS, YP_TBOOL, YP_VNONE }, \
{ C_DISABLE_ANY, YP_TBOOL, YP_VNONE }, \
{ C_ZONEFILE_SYNC, YP_TINT, YP_VINT = { 0, INT32_MAX, 0, YP_STIME } }, \
{ C_IXFR_DIFF, YP_TBOOL, YP_VNONE }, \
{ C_MAX_JOURNAL_SIZE, YP_TINT, YP_VINT = { 0, INT64_MAX, INT64_MAX, YP_SSIZE } }, \
{ C_DNSSEC_SIGNING, YP_TBOOL, YP_VNONE }, \
{ C_KASP_DB, YP_TSTR, YP_VSTR = { "keys" } }, \
{ C_SERIAL_POLICY, YP_TOPT, YP_VOPT = { serial_policies, SERIAL_POLICY_INCREMENT } }, \
{ C_MODULE, YP_TDATA, YP_VDATA = { 0, NULL, mod_id_to_bin, mod_id_to_txt }, \
YP_FMULTI, { check_modref } }, \
{ C_COMMENT, YP_TSTR, YP_VNONE },
static const yp_item_t desc_template[] = {
{ C_ID, YP_TSTR, YP_VNONE },
......
......@@ -32,48 +32,45 @@
#define C_ADDR "\x07""address"
#define C_ALG "\x09""algorithm"
#define C_ANY "\x03""any"
#define C_ASYNC_START "\x12""asynchronous-start"
#define C_ASYNC_START "\x0B""async-start"
#define C_BG_WORKERS "\x12""background-workers"
#define C_COMMENT "\x07""comment"
#define C_CTL "\x07""control"
#define C_DENY "\x04""deny"
#define C_DISABLE_ANY "\x0B""disable-any"
#define C_DNSSEC_SIGNING "\x0E""dnssec-signing"
#define C_DOMAIN "\x06""domain"
#define C_DNSSEC_ENABLE "\x0D""dnssec-enable"
#define C_FILE "\x04""file"
#define C_IDENT "\x08""identity"
#define C_ID "\x02""id"
#define C_IDENT "\x08""identity"
#define C_INCL "\x07""include"
#define C_IXFR_DIFF "\x15""ixfr-from-differences"
#define C_IXFR_FSLIMIT "\x0C""ixfr-fslimit"
#define C_KASP_DB "\x07""kasp-db"
#define C_KEY "\x03""key"
#define C_LOG "\x03""log"
#define C_LISTEN "\x06""listen"
#define C_LOG "\x03""log"
#define C_MASTER "\x06""master"
#define C_MAX_CONN_HANDSHAKE "\x12""max-conn-handshake"
#define C_MAX_CONN_IDLE "\x0D""max-conn-idle"
#define C_MAX_CONN_REPLY "\x0E""max-conn-reply"
#define C_MAX_JOURNAL_SIZE "\x10""max-journal-size"
#define C_MAX_TCP_CLIENTS "\x0F""max-tcp-clients"
#define C_MAX_UDP_PAYLOAD "\x0F""max-udp-payload"
#define C_MODULE "\x06""module"
#define C_NOTIFY "\x06""notify"
#define C_NOTIFY_RETRIES "\x0E""notify-retries"
#define C_NOTIFY_TIMEOUT "\x0E""notify-timeout"
#define C_NSID "\x04""nsid"
#define C_PIDFILE "\x07""pidfile"
#define C_RATE_LIMIT "\x0A""rate-limit"
#define C_RATE_LIMIT_SIZE "\x0F""rate-limit-size"
#define C_RATE_LIMIT_SLIP "\x0F""rate-limit-slip"
#define C_RATE_LIMIT_TBL_SIZE "\x15""rate-limit-table-size"
#define C_RMT "\x06""remote"
#define C_RUNDIR "\x06""rundir"
#define C_SECRET "\x06""secret"
#define C_SEM_CHECKS "\x0F""semantic-checks"
#define C_SERIAL_POLICY "\x0D""serial-policy"
#define C_SERVER "\x06""server"
#define C_SIG_LIFETIME "\x12""signature-lifetime"
#define C_STORAGE "\x07""storage"
#define C_SRV "\x06""server"
#define C_STORAGE "\x07""storage"
#define C_TARGET "\x06""target"
#define C_TPL "\x08""template"
#define C_TRANSFERS "\x09""transfers"
......
......@@ -227,7 +227,7 @@ static int remote_zone_sign(zone_t *zone, remote_cmdargs_t *a)
UNUSED(a);
rcu_read_lock();
conf_val_t val = conf_zone_get(conf(), C_DNSSEC_ENABLE, zone->name);
conf_val_t val = conf_zone_get(conf(), C_DNSSEC_SIGNING, zone->name);
bool dnssec_enable = conf_bool(&val);
rcu_read_unlock();
......@@ -354,7 +354,7 @@ static int remote_zonestatus(zone_t *zone, remote_cmdargs_t *a)
char dnssec_buf[128] = { '\0' };
char *zone_name = knot_dname_to_str_alloc(zone->name);
conf_val_t val = conf_zone_get(conf(), C_DNSSEC_ENABLE, zone->name);
conf_val_t val = conf_zone_get(conf(), C_DNSSEC_SIGNING, zone->name);
bool dnssec_enable = conf_bool(&val);
bool is_master = zone_is_master(zone);
......
......@@ -16,7 +16,6 @@
#include <assert.h>
#include "knot/conf/conf.h"
#include "knot/dnssec/context.h"
#include "knot/zone/contents.h"
#include "libknot/rrtype/soa.h"
......@@ -47,8 +46,7 @@ void update_policy_from_zone(dnssec_kasp_policy_t *policy,
void set_default_policy(dnssec_kasp_policy_t *policy,
const zone_contents_t *zone)
{
conf_val_t val = conf_zone_get(conf(), C_SIG_LIFETIME, zone->apex->owner);
policy->rrsig_lifetime = conf_int(&val);
policy->rrsig_lifetime = 30 * 24 * 3600;
policy->rrsig_refresh_before = policy->rrsig_lifetime / 10;
policy->algorithm = 0;
policy->propagation_delay = 0;
......
......@@ -238,7 +238,7 @@ static int process_normal(zone_t *zone, list_t *requests)
}
assert(new_contents);
conf_val_t val = conf_zone_get(conf(), C_DNSSEC_ENABLE, zone->name);
conf_val_t val = conf_zone_get(conf(), C_DNSSEC_SIGNING, zone->name);
bool dnssec_enable = conf_bool(&val);
// Sign the update.
......@@ -342,7 +342,7 @@ static int process_requests(zone_t *zone, list_t *requests)
static int forward_request(zone_t *zone, struct knot_request *request)
{
/* Ignore if DNSSEC enabled. */
conf_val_t val = conf_zone_get(conf(), C_DNSSEC_ENABLE, zone->name);
conf_val_t val = conf_zone_get(conf(), C_DNSSEC_SIGNING, zone->name);
if (conf_bool(&val)) {
log_zone_notice(zone->name, "ignoring ddns forward due to "
"enabled automatic DNSSEC signing.");
......
......@@ -601,7 +601,7 @@ static int reconfigure_rate_limits(conf_t *conf, server_t *server)
/* Rate limiting. */
if (!server->rrl && rrl > 0) {
val = conf_get(conf, C_SRV, C_RATE_LIMIT_SIZE);
val = conf_get(conf, C_SRV, C_RATE_LIMIT_TBL_SIZE);
server->rrl = rrl_create(conf_int(&val));
if (!server->rrl) {
log_error("failed to initialize rate limiting table");
......
......@@ -295,7 +295,7 @@ int event_reload(zone_t *zone)
}
/* Schedule zone resign. */
conf_val_t val = conf_zone_get(conf(), C_DNSSEC_ENABLE, zone->name);
conf_val_t val = conf_zone_get(conf(), C_DNSSEC_SIGNING, zone->name);
if (conf_bool(&val)) {
schedule_dnssec(zone, dnssec_refresh);
}
......@@ -325,7 +325,7 @@ int event_refresh(zone_t *zone)
}
/* Ignore if DNSSEC enabled. */
conf_val_t val = conf_zone_get(conf(), C_DNSSEC_ENABLE, zone->name);
conf_val_t val = conf_zone_get(conf(), C_DNSSEC_SIGNING, zone->name);
if (conf_bool(&val)) {
log_zone_notice(zone->name, "ignoring zone refresh due to "
"enabled automatic DNSSEC signing.");
......@@ -368,7 +368,7 @@ int event_xfer(zone_t *zone)
}
/* Ignore if DNSSEC enabled. */
conf_val_t val = conf_zone_get(conf(), C_DNSSEC_ENABLE, zone->name);
conf_val_t val = conf_zone_get(conf(), C_DNSSEC_SIGNING, zone->name);
if (conf_bool(&val)) {
log_zone_notice(zone->name, "ignoring slave transfer due to "
"enabled automatic DNSSEC signing.");
......
......@@ -111,7 +111,7 @@ static void duplicate_ddns_q(zone_t *zone, zone_t *old_zone)
/*!< Replans DNSSEC event. Not whole resign needed, \todo #247 */
static void replan_dnssec(zone_t *zone)
{
conf_val_t val = conf_zone_get(conf(), C_DNSSEC_ENABLE, zone->name);
conf_val_t val = conf_zone_get(conf(), C_DNSSEC_SIGNING, zone->name);
if (conf_bool(&val)) {
/* Keys could have changed, force resign. */
zone_events_schedule(zone, ZONE_EVENT_DNSSEC, ZONE_EVENT_NOW);
......
......@@ -145,7 +145,7 @@ int zone_load_post(conf_t *conf, zone_contents_t *contents, zone_t *zone,
}
/* Sign zone using DNSSEC (if configured). */
conf_val_t val = conf_zone_get(conf, C_DNSSEC_ENABLE, zone->name);
conf_val_t val = conf_zone_get(conf, C_DNSSEC_SIGNING, zone->name);
bool dnssec_enable = conf_bool(&val);
val = conf_zone_get(conf, C_IXFR_DIFF, zone->name);
bool build_diffs = conf_bool(&val);
......
......@@ -115,7 +115,7 @@ int zone_change_store(zone_t *zone, changeset_t *change)
assert(zone);
assert(change);
conf_val_t val = conf_zone_get(conf(), C_IXFR_FSLIMIT, zone->name);
conf_val_t val = conf_zone_get(conf(), C_MAX_JOURNAL_SIZE, zone->name);
int64_t ixfr_fslimit = conf_int(&val);
char *journal_file = conf_journalfile(conf(), zone->name);
......@@ -142,7 +142,7 @@ int zone_changes_store(zone_t *zone, list_t *chgs)
assert(zone);
assert(chgs);
conf_val_t val = conf_zone_get(conf(), C_IXFR_FSLIMIT, zone->name);
conf_val_t val = conf_zone_get(conf(), C_MAX_JOURNAL_SIZE, zone->name);
int64_t ixfr_fslimit = conf_int(&val);
char *journal_file = conf_journalfile(conf(), zone->name);
......
This diff is collapsed.
......@@ -468,28 +468,28 @@ interfaces:
;
system:
SYSTEM '{' { f_section(scanner, R_SYS, S_SRV); }
| system SVERSION TEXT ';' { f_quote(scanner, R_SYS, C_VERSION, $3.t); free($3.t); }
| system SVERSION BOOL ';' { f_auto_str(scanner, R_SYS, C_VERSION, $3.i); }
| system IDENTITY TEXT ';' { f_quote(scanner, R_SYS, C_IDENT, $3.t); free($3.t); }
| system IDENTITY BOOL ';' { f_auto_str(scanner, R_SYS, C_IDENT, $3.i); }
| system NSID TEXT ';' { f_quote(scanner, R_SYS, C_NSID, $3.t); free($3.t); }
| system NSID BOOL ';' { f_auto_str(scanner, R_SYS, C_NSID, $3.i); }
| system MAX_UDP_PAYLOAD NUM ';' { f_int(scanner, R_SYS, C_MAX_UDP_PAYLOAD, $3.i); }
| system RUNDIR TEXT ';' { f_quote(scanner, R_SYS, C_RUNDIR, $3.t); free($3.t); }
| system PIDFILE TEXT ';' { f_quote(scanner, R_SYS, C_PIDFILE, $3.t); free($3.t); }
| system WORKERS NUM ';' { f_int(scanner, R_SYS, C_WORKERS, $3.i); }
| system BACKGROUND_WORKERS NUM ';' { f_int(scanner, R_SYS, C_BG_WORKERS, $3.i); }
| system ASYNC_START BOOL ';' { f_bool(scanner, R_SYS, C_ASYNC_START, $3.i); }
| system MAX_CONN_IDLE INTERVAL ';' { f_int(scanner, R_SYS, C_MAX_CONN_IDLE, $3.i); }
| system MAX_CONN_HS INTERVAL ';' { f_int(scanner, R_SYS, C_MAX_CONN_HANDSHAKE, $3.i); }
| system MAX_CONN_REPLY INTERVAL ';' { f_int(scanner, R_SYS, C_MAX_CONN_REPLY, $3.i); }
| system MAX_TCP_CLIENTS NUM ';' { f_int(scanner, R_SYS, C_MAX_TCP_CLIENTS, $3.i); }
| system RATE_LIMIT NUM ';' { f_int(scanner, R_SYS, C_RATE_LIMIT, $3.i); }
| system RATE_LIMIT_SIZE SIZE ';' { f_int(scanner, R_SYS, C_RATE_LIMIT_SIZE, $3.l); }
| system RATE_LIMIT_SIZE NUM ';' { f_int(scanner, R_SYS, C_RATE_LIMIT_SIZE, $3.i); }
| system RATE_LIMIT_SLIP NUM ';' { f_int(scanner, R_SYS, C_RATE_LIMIT_SLIP, $3.i); }
| system TRANSFERS NUM ';' { f_int(scanner, R_SYS, C_TRANSFERS, $3.i); }
SYSTEM '{' { f_section(scanner, R_SYS, S_SRV); }
| system SVERSION TEXT ';' { f_quote(scanner, R_SYS, C_VERSION, $3.t); free($3.t); }
| system SVERSION BOOL ';' { f_auto_str(scanner, R_SYS, C_VERSION, $3.i); }
| system IDENTITY TEXT ';' { f_quote(scanner, R_SYS, C_IDENT, $3.t); free($3.t); }
| system IDENTITY BOOL ';' { f_auto_str(scanner, R_SYS, C_IDENT, $3.i); }
| system NSID TEXT ';' { f_quote(scanner, R_SYS, C_NSID, $3.t); free($3.t); }
| system NSID BOOL ';' { f_auto_str(scanner, R_SYS, C_NSID, $3.i); }
| system MAX_UDP_PAYLOAD NUM ';' { f_int(scanner, R_SYS, C_MAX_UDP_PAYLOAD, $3.i); }
| system RUNDIR TEXT ';' { f_quote(scanner, R_SYS, C_RUNDIR, $3.t); free($3.t); }
| system PIDFILE TEXT ';' { f_quote(scanner, R_SYS, C_PIDFILE, $3.t); free($3.t); }
| system WORKERS NUM ';' { f_int(scanner, R_SYS, C_WORKERS, $3.i); }
| system BACKGROUND_WORKERS NUM ';' { f_int(scanner, R_SYS, C_BG_WORKERS, $3.i); }
| system ASYNC_START BOOL ';' { f_bool(scanner, R_SYS, C_ASYNC_START, $3.i); }
| system MAX_CONN_IDLE INTERVAL ';' { f_int(scanner, R_SYS, C_MAX_CONN_IDLE, $3.i); }
| system MAX_CONN_HS INTERVAL ';' { f_int(scanner, R_SYS, C_MAX_CONN_HANDSHAKE, $3.i); }
| system MAX_CONN_REPLY INTERVAL ';' { f_int(scanner, R_SYS, C_MAX_CONN_REPLY, $3.i); }
| system MAX_TCP_CLIENTS NUM ';' { f_int(scanner, R_SYS, C_MAX_TCP_CLIENTS, $3.i); }
| system RATE_LIMIT NUM ';' { f_int(scanner, R_SYS, C_RATE_LIMIT, $3.i); }
| system RATE_LIMIT_SIZE SIZE ';' { f_int(scanner, R_SYS, C_RATE_LIMIT_TBL_SIZE, $3.l); }
| system RATE_LIMIT_SIZE NUM ';' { f_int(scanner, R_SYS, C_RATE_LIMIT_TBL_SIZE, $3.i); }
| system RATE_LIMIT_SLIP NUM ';' { f_int(scanner, R_SYS, C_RATE_LIMIT_SLIP, $3.i); }
| system TRANSFERS NUM ';' { f_int(scanner, R_SYS, C_TRANSFERS, $3.i); }
| system HOSTNAME TEXT ';' { /* Deprecated */ free($3.t); }
| system STORAGE TEXT ';' { /* Deprecated */ free($3.t); }
| system KEY TSIG_ALGO_NAME TEXT ';' { /* Deprecated */ free($3.t); free($4.t); }
......@@ -652,22 +652,22 @@ zone_start:
zone:
zone_start '{'
| zone zone_acl_start zone_acl_list
| zone FILENAME TEXT ';' { f_quote(scanner, R_ZONE, C_FILE, $3.t); free($3.t); }
| zone DISABLE_ANY BOOL ';' { f_bool(scanner, R_ZONE, C_DISABLE_ANY, $3.i); }
| zone BUILD_DIFFS BOOL ';' { f_bool(scanner, R_ZONE, C_IXFR_DIFF, $3.i); }
| zone SEMANTIC_CHECKS BOOL ';' { f_bool(scanner, R_ZONE, C_SEM_CHECKS, $3.i); }
| zone IXFR_FSLIMIT SIZE ';' { f_int(scanner, R_ZONE, C_IXFR_FSLIMIT, $3.l); }
| zone IXFR_FSLIMIT NUM ';' { f_int(scanner, R_ZONE, C_IXFR_FSLIMIT, $3.i); }
| zone NOTIFY_RETRIES NUM ';' { f_int(scanner, R_ZONE, C_NOTIFY_RETRIES, $3.i); }
| zone NOTIFY_TIMEOUT NUM ';' { f_int(scanner, R_ZONE, C_NOTIFY_TIMEOUT, $3.i); }
| zone DBSYNC_TIMEOUT NUM ';' { f_int(scanner, R_ZONE, C_ZONEFILE_SYNC, $3.i); }
| zone DBSYNC_TIMEOUT INTERVAL ';' { f_int(scanner, R_ZONE, C_ZONEFILE_SYNC, $3.i); }
| zone STORAGE TEXT ';' { f_quote(scanner, R_ZONE, C_STORAGE, $3.t); free($3.t); }
| zone DNSSEC_ENABLE BOOL ';' { f_bool(scanner, R_ZONE, C_DNSSEC_ENABLE, $3.i); }
| zone DNSSEC_KEYDIR TEXT ';' { f_quote(scanner, R_ZONE, C_KASP_DB, $3.t); free($3.t); }
| zone SIGNATURE_LIFETIME NUM ';' { f_int(scanner, R_ZONE, C_SIG_LIFETIME, $3.i); }
| zone SIGNATURE_LIFETIME INTERVAL ';' { f_int(scanner, R_ZONE, C_SIG_LIFETIME, $3.i); }
| zone SERIAL_POLICY SERIAL_POLICY_VAL ';' { f_str(scanner, R_ZONE, C_SERIAL_POLICY, $3.t); }
| zone FILENAME TEXT ';' { f_quote(scanner, R_ZONE, C_FILE, $3.t); free($3.t); }
| zone DISABLE_ANY BOOL ';' { f_bool(scanner, R_ZONE, C_DISABLE_ANY, $3.i); }
| zone BUILD_DIFFS BOOL ';' { f_bool(scanner, R_ZONE, C_IXFR_DIFF, $3.i); }
| zone SEMANTIC_CHECKS BOOL ';' { f_bool(scanner, R_ZONE, C_SEM_CHECKS, $3.i); }
| zone IXFR_FSLIMIT SIZE ';' { f_int(scanner, R_ZONE, C_MAX_JOURNAL_SIZE, $3.l); }
| zone IXFR_FSLIMIT NUM ';' { f_int(scanner, R_ZONE, C_MAX_JOURNAL_SIZE, $3.i); }
| zone DBSYNC_TIMEOUT NUM ';' { f_int(scanner, R_ZONE, C_ZONEFILE_SYNC, $3.i); }
| zone DBSYNC_TIMEOUT INTERVAL ';' { f_int(scanner, R_ZONE, C_ZONEFILE_SYNC, $3.i); }
| zone STORAGE TEXT ';' { f_quote(scanner, R_ZONE, C_STORAGE, $3.t); free($3.t); }
| zone DNSSEC_ENABLE BOOL ';' { f_bool(scanner, R_ZONE, C_DNSSEC_SIGNING, $3.i); }
| zone DNSSEC_KEYDIR TEXT ';' { f_quote(scanner, R_ZONE, C_KASP_DB, $3.t); free($3.t); }
| zone SERIAL_POLICY SERIAL_POLICY_VAL ';' { f_str(scanner, R_ZONE, C_SERIAL_POLICY, $3.t); }
| zone SIGNATURE_LIFETIME NUM ';' { /* Not used. */ }
| zone SIGNATURE_LIFETIME INTERVAL ';' { /* Not used. */ }
| zone NOTIFY_RETRIES NUM ';' { /* Not used. */ }
| zone NOTIFY_TIMEOUT NUM ';' { /* Not used. */ }
| zone QUERY_MODULE '{' {
if (cf_get_extra(scanner)->run == S_FIRST) {
cf_warning(scanner, "query module is not yet implemented");
......@@ -691,21 +691,21 @@ zones:
}
}
| zones zone '}'
| zones DISABLE_ANY BOOL ';' { f_bool(scanner, R_ZONE_TPL, C_DISABLE_ANY, $3.i); }
| zones BUILD_DIFFS BOOL ';' { f_bool(scanner, R_ZONE_TPL, C_IXFR_DIFF, $3.i); }
| zones SEMANTIC_CHECKS BOOL ';' { f_bool(scanner, R_ZONE_TPL, C_SEM_CHECKS, $3.i); }
| zones IXFR_FSLIMIT SIZE ';' { f_int(scanner, R_ZONE_TPL, C_IXFR_FSLIMIT, $3.l); }
| zones IXFR_FSLIMIT NUM ';' { f_int(scanner, R_ZONE_TPL, C_IXFR_FSLIMIT, $3.i); }
| zones NOTIFY_RETRIES NUM ';' { f_int(scanner, R_ZONE_TPL, C_NOTIFY_RETRIES, $3.i); }
| zones NOTIFY_TIMEOUT NUM ';' { f_int(scanner, R_ZONE_TPL, C_NOTIFY_TIMEOUT, $3.i); }
| zones DBSYNC_TIMEOUT NUM ';' { f_int(scanner, R_ZONE_TPL, C_ZONEFILE_SYNC, $3.i); }
| zones DBSYNC_TIMEOUT INTERVAL ';' { f_int(scanner, R_ZONE_TPL, C_ZONEFILE_SYNC, $3.i); }
| zones STORAGE TEXT ';' { f_quote(scanner, R_ZONE_TPL, C_STORAGE, $3.t); free($3.t); }
| zones DNSSEC_ENABLE BOOL ';' { f_bool(scanner, R_ZONE_TPL, C_DNSSEC_ENABLE, $3.i); }
| zones DNSSEC_KEYDIR TEXT ';' { f_quote(scanner, R_ZONE_TPL, C_KASP_DB, $3.t); free($3.t); }
| zones SIGNATURE_LIFETIME NUM ';' { f_int(scanner, R_ZONE_TPL, C_SIG_LIFETIME, $3.i); }
| zones SIGNATURE_LIFETIME INTERVAL ';' { f_int(scanner, R_ZONE_TPL, C_SIG_LIFETIME, $3.i); }
| zones SERIAL_POLICY SERIAL_POLICY_VAL ';' { f_str(scanner, R_ZONE_TPL, C_SERIAL_POLICY, $3.t); }
| zones DISABLE_ANY BOOL ';' { f_bool(scanner, R_ZONE_TPL, C_DISABLE_ANY, $3.i); }
| zones BUILD_DIFFS BOOL ';' { f_bool(scanner, R_ZONE_TPL, C_IXFR_DIFF, $3.i); }
| zones SEMANTIC_CHECKS BOOL ';' { f_bool(scanner, R_ZONE_TPL, C_SEM_CHECKS, $3.i); }
| zones IXFR_FSLIMIT SIZE ';' { f_int(scanner, R_ZONE_TPL, C_MAX_JOURNAL_SIZE, $3.l); }
| zones IXFR_FSLIMIT NUM ';' { f_int(scanner, R_ZONE_TPL, C_MAX_JOURNAL_SIZE, $3.i); }
| zones DBSYNC_TIMEOUT NUM ';' { f_int(scanner, R_ZONE_TPL, C_ZONEFILE_SYNC, $3.i); }
| zones DBSYNC_TIMEOUT INTERVAL ';' { f_int(scanner, R_ZONE_TPL, C_ZONEFILE_SYNC, $3.i); }
| zones STORAGE TEXT ';' { f_quote(scanner, R_ZONE_TPL, C_STORAGE, $3.t); free($3.t); }
| zones DNSSEC_ENABLE BOOL ';' { f_bool(scanner, R_ZONE_TPL, C_DNSSEC_SIGNING, $3.i); }
| zones DNSSEC_KEYDIR TEXT ';' { f_quote(scanner, R_ZONE_TPL, C_KASP_DB, $3.t); free($3.t); }
| zones SERIAL_POLICY SERIAL_POLICY_VAL ';' { f_str(scanner, R_ZONE_TPL, C_SERIAL_POLICY, $3.t); }
| zones SIGNATURE_LIFETIME NUM ';' { /* Not used. */ }
| zones SIGNATURE_LIFETIME INTERVAL ';' { /* Not used. */ }
| zones NOTIFY_RETRIES NUM ';' { /* Not used. */ }
| zones NOTIFY_TIMEOUT NUM ';' { /* Not used. */ }
| zones QUERY_MODULE '{' {
if (cf_get_extra(scanner)->run == S_FIRST) {
cf_warning(scanner, "query module is not yet implemented");
......
......@@ -54,47 +54,45 @@ typedef enum {
#define C_ADDR "\x07""address"
#define C_ALG "\x09""algorithm"
#define C_ANY "\x03""any"
#define C_ASYNC_START "\x12""asynchronous-start"
#define C_ASYNC_START "\x0B""async-start"
#define C_BG_WORKERS "\x12""background-workers"
#define C_COMMENT "\x07""comment"
#define C_CTL "\x07""control"
#define C_DENY "\x04""deny"
#define C_DISABLE_ANY "\x0B""disable-any"
#define C_DNSSEC_SIGNING "\x0E""dnssec-signing"
#define C_DOMAIN "\x06""domain"
#define C_DNSSEC_ENABLE "\x0D""dnssec-enable"
#define C_FILE "\x04""file"
#define C_IDENT "\x08""identity"
#define C_ID "\x02""id"
#define C_IDENT "\x08""identity"
#define C_INCL "\x07""include"
#define C_IXFR_DIFF "\x15""ixfr-from-differences"
#define C_IXFR_FSLIMIT "\x0C""ixfr-fslimit"
#define C_KASP_DB "\x07""kasp-db"