Commit 6da5e226 authored by Ladislav Lhotka's avatar Ladislav Lhotka

Replace YANG modules with latest revisions.

parent d8c3f096
......@@ -33,7 +33,7 @@ module dns-server {
"This YANG module defines the data model for an authoritative DNS
server.";
revision 2016-01-14 {
revision 2016-08-03 {
description
"Initial revision.";
reference
......@@ -191,7 +191,7 @@ module dns-server {
leaf name {
type string;
description
"The name of the list entry.";
"Name of a list entry.";
}
}
......
module dns-zones {
yang-version "1.1";
namespace "http://www.nic.cz/ns/yang/dns-zones";
prefix "dnsz";
/* Imports */
import ietf-inet-types {
prefix "inet";
}
import ietf-yang-types {
prefix "yang";
}
import iana-dns-parameters {
prefix "ianadns";
}
/* Metadata */
organization
"CZ.NIC, z. s. p. o.";
contact
"Editor:   Ladislav Lhotka
          <mailto:lhotka@nic.cz>";
description
"This module defines a data model for DNS zone configuration.";
reference
"RFC 1035: Domain Names - Implementation and Specification.";
revision 2016-08-03 {
description
"Initial revision.";
}
/* Typedefs */
typedef domain-name {
type string {
length "1..253";
pattern "((\\*\\.)?(([a-zA-Z0-9_]([a-zA-Z0-9\\-/_]){0,61})"
+ "?[a-zA-Z0-9]\\.)*([a-zA-Z0-9_]([a-zA-Z0-9\\-_])"
+ "{0,61})?[a-zA-Z0-9]\\.?)|\\.";
}
}
typedef ascii-string {
type string {
pattern "\\p{IsBasicLatin}*";
}
description
"A string consisting of ASCII characters (U+0000 to U+007F).";
}
typedef base32hex {
type string {
pattern "([0-9A-Va-v]{8})*([0-9A-Va-v]{2}={6}||"
+ "[0-9A-Va-v]{4}={4}|[0-9A-Va-v]{5}===|"
+ "[0-9A-Va-v]{7}=)?";
}
description
"This typedef represents binary data in Base 32 encoding with
extended hex alphabet.
This type differs from base32hex spec in that letters can be
upper- or lower-case.";
reference
"RFC 4648: The Base16, Base32, and Base64 Data Encodings";
}
typedef hex-digits {
type string {
pattern "[0-9A-Fa-f]*";
}
description
"A string of case-insensitive hexadecimal digits, possibly
empty.";
}
typedef time-interval {
type uint32 {
range "1..max";
}
units "seconds";
description
"32-bit time interval.";
}
typedef utc-date-time {
type yang:date-and-time {
pattern ".*Z";
}
description
"UTC date and time.";
}
/* Groupings */
grouping description {
description
"This grouping defines a reusable description (comment).";
leaf description {
type string;
description
"Description of the parent item.";
}
}
grouping rrsig-data {
description
"This grouping defines DNSSEC signature and its parameters.";
container RRSIG {
presence "DNSSEC signature";
description
"DNSSEC signature information for the parent RRSet.";
reference
"RFC 4034: Resource Records for the DNS Security
Extensions";
leaf algorithm {
type ianadns:dnssec-algorithm;
mandatory "true";
description
"This field identifies the cryptographic algorithm used to
create the signature.";
}
leaf signature-expiration {
type utc-date-time;
mandatory "true";
description
"This field specifies the end of a validity period for the
signature as UTC date and time. The RRSIG record MUST NOT
be used for authentication after the expiration date and
time.";
}
leaf signature-inception {
type utc-date-time;
mandatory "true";
description
"This field specifies the start of a validity period for
the signature as UTC date and time. The RRSIG record MUST
NOT be used for authentication prior the inception date
and time.
This date MUST precede the date specified in
'signature-expiration'.";
}
uses key-tag-field;
leaf signature {
type binary {
length "1..max";
}
mandatory "true";
description
"This field contains the cryptographic signature that
covers the RRSIG RDATA (excluding the Signature field) and
the RRset specified by the RRSIG owner name, RRSIG class,
and RRSIG Type Covered field.
The format of this field depends on the algorithm in
use.";
}
}
}
grouping entry-id {
description
"This grouping defines a leaf that is intended for use as a
list key.";
leaf id {
type string;
description
"Opaque ID of a list entry.";
}
}
grouping owner-field {
description
"This grouping defines the content of the 'owner' field in a
resource record or RRSet.";
}
grouping ttl-field {
description
"This grouping defines the content of the 'ttl' field in a
resource record or RRSet.";
leaf ttl {
type time-interval;
description
"Time-To-Live of a resource record or RRSet.";
}
}
grouping key-tag-field {
description
"This grouping defines the 'key-tag' field that is used in
RRSIG and DS resource records.";
leaf key-tag {
type uint16;
mandatory "true";
description
"The Key Tag field contains the key tag value of the DNSKEY
RR that validates this signature, in network byte order.";
}
}
grouping rrset-types {
description
"This grouping defines a sequence of RR types, It is used in
NSEC and NSEC3 resource records.";
leaf-list rrset-type {
type identityref {
base ianadns:data-rrtype;
}
min-elements "1";
description
"This leaf-list represents the Type Bit Maps field. Its
entries identify the RRset types that exist at the NSEC RR's
owner name.";
}
}
grouping nsec3-common {
description
"This grouping defines common field of NSEC3 and NSEC3PARAM
resource records.";
leaf hash-algorithm {
type ianadns:dnssec-nsec3-hash-algorithm;
default "SHA-1";
description
"This field identifies the cryptographic hash algorithm used
to construct the hash-value.";
}
leaf iterations {
type uint16;
mandatory "true";
description
"This field defines the number of additional times the hash
function has been performed.";
}
leaf salt {
type hex-digits {
length "0..510";
}
mandatory "true";
description
"This field is appended to the original owner name before
hashing in order to defend against pre-calculated dictionary
attacks.";
}
}
/* Configuration data */
container zones {
description
"Container for DNS zones.";
list zone {
key "name class";
description
"Data for a DNS zone.";
leaf name {
type domain-name;
description
"Zone name.";
}
leaf class {
type ianadns:class;
description
"RR Class";
}
uses description;
leaf default-ttl {
type time-interval;
mandatory "true";
description
"Default TTL for the entire zone.";
}
container SOA {
description
"SOA RR for the zone.";
uses ttl-field;
leaf mname {
type domain-name;
mandatory "true";
description
"Name server that was the original or primary source of
data for this zone.";
}
leaf rname {
type domain-name;
mandatory "true";
description
"Mailbox of the person responsible for this zone.";
}
leaf serial {
type yang:counter32;
mandatory "true";
description
"Version number of the original copy of the zone.";
}
leaf refresh {
type time-interval;
mandatory "true";
description
"Time interval that should elapse before the zone should
be refreshed.";
}
leaf retry {
type time-interval;
mandatory "true";
description
"Time interval that should elapse before a failed refresh
should be retried.";
}
leaf expire {
type time-interval;
mandatory "true";
description
"Upper limit on the time interval that can elapse before
the zone is no longer authoritative.";
}
leaf minimum {
type time-interval;
mandatory "true";
description
"Minimum TTL that should be exported with any RR from
this zone.";
}
uses rrsig-data;
}
list rrset {
key "owner type";
description
"RRSet";
leaf owner {
type domain-name;
description
"Owner of the RRSet.
It is an absolute domain name without the trailing
period.";
}
leaf type {
type identityref {
base ianadns:data-rrtype;
}
description
"RR type";
}
uses ttl-field {
description
"TTL of all resource records in the RRSet.";
}
uses description;
uses rrsig-data;
list rdata {
key "id";
min-elements "1";
uses entry-id;
uses description;
choice rdata-content {
mandatory "true";
description
"Each (shorthand) case of this choice defines the
content of a single RR type wrapped in a container
whose name is the RR type.
The SOA RR for the zone and RRSIG for the RRSet are
specified separately.
New RR types defined in other modules shall augment
the 'rdata-content' choice.";
/* RFC 1035 */
container A {
when "derived-from-or-self(../../type, 'ianadns:A')";
description
"RDATA content for 'A' Resource Record.";
reference
"RFC 1035: Domain Names - Implementation and
Specification.";
leaf address {
type inet:ipv4-address-no-zone;
mandatory "true";
description
"IPv4 address.";
}
}
container CNAME {
when
"derived-from-or-self(../../type, 'ianadns:CNAME')";
description
"RDATA content for 'CNAME' Resource Record.";
reference
"RFC 1035: Domain Names - Implementation and
Specification.";
leaf cname {
type domain-name;
mandatory "true";
description
"Canonical or primary name for the owner.";
}
}
container HINFO {
when
"derived-from-or-self(../../type, 'ianadns:HINFO')";
description
"RDATA content for 'HINFO' Resource Record.";
reference
"RFC 1035: Domain Names - Implementation and
Specification.";
leaf cpu {
type ascii-string;
mandatory "true";
description
"CPU type.";
}
leaf os {
type ascii-string;
mandatory "true";
description
"Operating system type.";
}
}
container MB {
when "derived-from-or-self(../../type, 'ianadns:MB')";
description
"RDATA content for 'MB' Resource Record.";
reference
"RFC 1035: Domain Names - Implementation and
Specification.";
leaf madname {
type domain-name;
mandatory "true";
description
"Host which has the specified mailbox.";
}
}
container MD {
when "derived-from-or-self(../../type, 'ianadns:MD')";
status "obsolete";
description
"RDATA content for 'MD' Resource Record (obsolete,
use MX).";
reference
"RFC 1035: Domain Names - Implementation and
Specification.";
leaf madname {
type domain-name;
mandatory "true";
description
"Host which has a mail agent for the domain which
should be able to deliver mail for the domain.";
}
}
container MF {
when "derived-from-or-self(../../type, 'ianadns:MF')";
status "obsolete";
description
"RDATA content for 'MF' Resource Record (obsolete,
use MX).";
reference
"RFC 1035: Domain Names - Implementation and
Specification.";
leaf madname {
type domain-name;
mandatory "true";
description
"Host which has a mail agent for the domain which
will accept mail for forwarding to the domain.";
}
}
container MG {
when "derived-from-or-self(../../type, 'ianadns:MG')";
description
"RDATA content for 'MG' Resource Record.";
reference
"RFC 1035: Domain Names - Implementation and
Specification.";
leaf mgmname {
type domain-name;
mandatory "true";
description
"Mailbox which is a member of the mail group
specified by the domain name.";
}
}
container MINFO {
when
"derived-from-or-self(../../type, 'ianadns:MINFO')";
description
"RDATA content for 'MINFO' Resource Record.";
reference
"RFC 1035: Domain Names - Implementation and
Specification.";
leaf rmailbx {
type domain-name;
mandatory "true";
description
"Mailbox which is responsible for the mailing list
or mailbox.";
}
leaf emailbx {
type domain-name;
mandatory "true";
description
"Mailbox which is to receive error messages related
to the mailing list or mailbox specified by the
owner of the MINFO RR.";
}
}
container MR {
when "derived-from-or-self(../../type, 'ianadns:MR')";
description
"RDATA content for 'MR' Resource Record.";
reference
"RFC 1035: Domain Names - Implementation and
Specification.";
leaf newname {
type domain-name;
mandatory "true";
description
"Mailbox which is the proper rename of the
specified mailbox.";
}
}
container MX {
when "derived-from-or-self(../../type, 'ianadns:MX')";
description
"RDATA content for 'MX' Resource Record.";
reference
"RFC 1035: Domain Names - Implementation and
Specification.";
leaf preference {
type uint16;
mandatory "true";
description
"Preference given to this RR among others at the
same owner. Lower values are preferred.";
}
leaf exchange {
type domain-name;
mandatory "true";
description
"Host willing to act as a mail exchange for the
owner name.";
}
}
container NS {
when "derived-from-or-self(../../type, 'ianadns:NS')";
description
"RDATA content for 'NS' Resource Record.";
reference
"RFC 1035: Domain Names - Implementation and
Specification.";
leaf nsdname {
type domain-name;
mandatory "true";
description
"Host which should be authoritative for the
specified domain.";
}
}
container NULL {
when
"derived-from-or-self(../../type, 'ianadns:NULL')";
description
"RDATA content for 'NULL' Resource Record.";
reference
"RFC 1035: Domain Names - Implementation and
Specification.";
leaf data {
type binary {
length "0..65535";
}
mandatory "true";
description
"Arbitrary data.";
}
}
container PTR {
when
"derived-from-or-self(../../type, 'ianadns:PTR')";
description
"RDATA content for 'PTR' Resource Record.";
reference
"RFC 1035: Domain Names - Implementation and
Specification.";
leaf ptrdname {
type domain-name;
mandatory "true";
description
"A pointer to some location in the domain name
space.";
}
}
container TXT {
when
"derived-from-or-self(../../type, 'ianadns:TXT')";
description
"RDATA content for 'TXT' Resource Record.";
reference
"RFC 1035: Domain Names - Implementation and
Specification.";
leaf txt-data {
type ascii-string;
mandatory "true";
description
"Descriptive text whose semantics depends on the
domain where it is found.";
}
}
container WKS {
when
"derived-from-or-self(../../type, 'ianadns:WKS')";
description
"RDATA content for 'WKS' Resource Record.";
reference
"RFC 1035: Domain Names - Implementation and
Specification.";
leaf address {
type inet:ipv4-address-no-zone;
mandatory "true";
description
"IPv4 address.";
}
leaf protocol {
type uint8;
mandatory "true";
description
"IP protocol number.";
}
leaf bitmap {
type binary;
mandatory "true";
description
"A variable length bitmap that has one bit per port
of the specified protocol.";
}
}
/* RFC 3596 */
container AAAA {
when
"derived-from-or-self(../../type, 'ianadns:AAAA')";
description
"RDATA content for 'AAAA' Resource Record.";
reference
"RFC 3596: DNS Extensions to Support IP Version 6";
leaf address {
type inet:ipv6-address-no-zone;
mandatory "true";
description
"IPv6 address.";
}
}
/* RFC 4034 */
container DNSKEY {
when "derived-from-or-self(../../type, "
+ "'ianadns:DNSKEY')";
description
"RDATA content for 'DNSKEY' Resource Record.";
reference
"RFC 4034: Resource Records for the DNS Security
Extensions";
leaf flags {
type ianadns:dnskey-flags;
must "not(contains(., 'ZONE')) or ../../../owner = "
+ "../../../../name" {
error-message "For a Zone Key, owner name must be "
+ "the zone name.";
description
"For a Zone Key, the DNSKEY RR's owner name MUST
be the name of a zone.";
}
must
"contains(., 'ZONE') or not(contains(., 'SEP'))" {
error-message "'secure-entry-point' is set but "
+ "'zone-key' isn't";
description
"Secure Entry Point flag needs Zone Key flag.";
}
description
"DNSKEY RR flags.";
}
leaf protocol {
type uint8 {
range "3";
}
default "3";
description
"Protocol field. It's value MUST be 3.";
}
leaf algorithm {
type ianadns:dnssec-algorithm;
mandatory "true";
description
"This field identifies the public key's
cryptographic algorithm and determines the format
of the 'public-key' field.";
}
leaf public-key {
type binary {
length "1..max";
}
mandatory "true";
description
"This field contains public key material. Its
format depends on the algorithm.";
}
}
container NSEC {
when
"derived-from-or-self(../../type, 'ianadns:NSEC')";
description
"RDATA content for 'NSEC' Resource Record.";
reference
"RFC 4034: Resource Records for the DNS Security
Extensions";
leaf next-domain-name {
type domain-name;
mandatory "true";
description
"This field contains the next owner name (in the
canonical ordering of the zone) that has
authoritative data or contains a delegation point
NS RRset.";
}
uses rrset-types;
}
container DS {
when "derived-from-or-self(../../type, 'ianadns:DS')";
description
"RDATA content for 'DS' Resource Record.";
reference
"RFC 4034: Resource Records for the DNS Security
Extensions";
uses key-tag-field;
leaf algorithm {
type ianadns:dnssec-algorithm;
mandatory "true";
description
"This field specifies the algorithm of the DNSKEY
RR referred to by the DS record.";
}
leaf digest-type {
type ianadns:digest-algorithm;
mandatory "true";
description
"This field identifies the algorithm used to
construct the digest of the DNSKEY RR.";
}
leaf digest {
type hex-digits {
length "1..max";
}
mandatory "true";