Commit 141eac9f authored by mrazekales's avatar mrazekales Committed by Ales Mrazek

basic structure

parent a45ea51c
.cache
.eggs
*.pyc
bin
dist
docs/_build
include
lib
lib64
MANIFEST
pip-selfcheck.json
pyvenv.cfg
TAGS
*.egg-info
PROJECT = resolvers_yang
VERSION = 0.1
.PHONY = tags deps install-deps
tags:
find $(PROJECT) -name "*.py" | etags -
deps:
mv requirements.txt requirements.txt.old
pip freeze > requirements.txt
install-deps:
pip install -r requirements.txt
# resolvers-yang
# Resolvers-YANG
YANG data models and tools for unified configuration of DNS resolvers
Data model and library for DNS resolvers:
* [Knot Resolver](https://www.knot-resolver.cz/)
* [Unbound](https://www.unbound.net/)
* [PowerDNS](https://www.powerdns.com/)
* [BIND](https://www.isc.org/downloads/bind/)
## Data Model
* [Current schema tree](https://gitlab.labs.nic.cz/jetconf/jetconf-resolver/raw/master/data-model/model.tree)
* [Example JSON data](https://gitlab.labs.nic.cz/jetconf/jetconf-resolver/raw/master/tests/complete/example-data.json)
#### YANG Modules
* [cznic-dns-types](https://gitlab.labs.nic.cz/jetconf/jetconf-resolver/raw/master/yang-modules/cznic-dns-types@2018-05-14.yang)
* [cznic-resolver-common](https://gitlab.labs.nic.cz/jetconf/jetconf-resolver/raw/master/yang-modules/cznic-resolver-common@2018-07-27.yang)
* [cznic-resolver-knot](https://gitlab.labs.nic.cz/jetconf/jetconf-resolver/raw/master/yang-modules/cznic-resolver-knot@2018-07-27.yang)
## Getting Started
### Get Clone
```bash
$ git clone git@gitlab.labs.nic.cz:labs/resolvers-yang.git
$ cd resolvers-yang
```
### Requirements
**Python 3.5** or newer
```bash
$ sudo apt-get install python3
```
### Development
The recommended way is to use a Python virtual environment ([installation instructions](https://gitlab.labs.nic.cz/jetconf/jetconf-resolver/wikis/devinstall))
Then install dependencies
```bash
$ make install-deps
```
Adding new dependencies
```bash
$ make deps
```
### Installation
```bash
$ git clone https://gitlab.labs.nic.cz/jetconf/jetconf-resolver
$ cd jetconf-resolver
$ python3 setup.py install
```
## Example library usages
* [JSON Validation, Generate configuration, Convert from unbound.conf](https://gitlab.labs.nic.cz/jetconf/jetconf-resolver/wikis/examples)
## Links
* [Official Documentation]()
* [Wiki](https://gitlab.labs.nic.cz/jetconf/jetconf-resolver/wikis/home)
* [Deckard config](https://gitlab.labs.nic.cz/jetconf/jetconf-resolver/wikis/deckard)
\ No newline at end of file
hello.xml
model.xsl
MODULES = cznic-resolver-common cznic-resolver-knot cznic-deckard
DATE ?= $(shell date +%F)
xsldir = ../../yangson/tools/xslt
yypars = --stringparam date $(DATE)
yams = $(addsuffix .yang, $(MODULES))
.PHONY: all
all: $(yams)
%.yang: %.yinx
@xsltproc --xinclude $(xsldir)/canonicalize.xsl $< | \
xsltproc --output $@ $(yypars) $(xsldir)/yin2yang.xsl -
model.tree: $(yams)
@pyang $(PYANG_OPTS) -f tree -o $@ $^
module cznic-deckard {
yang-version "1.1";
namespace "https://www.nic.cz/ns/yang/deckard";
prefix "dcd";
import cznic-resolver-common {
prefix "drc";
}
organization
"CZ.NIC, z. s. p. o.";
contact
"Editor:   Ladislav Lhotka
          <mailto:lhotka@nic.cz>";
description
"This YANG module defines data for deckard test tool.";
revision 2018-07-27 {
description
"Initial revision.";
}
/* Data nodes */
container deckard {
description
"Parameters for deckard test tool.";
leaf mock-data {
type drc:fs-path;
description
"Name of the file containing mock data for the test DNS
server and client instructions.
This data is copied to the resulting RPL file.";
}
}
}
<?xml version="1.0" encoding="utf-8"?>
<module name="cznic-deckard"
xmlns="urn:ietf:params:xml:ns:yang:yin:1"
xmlns:dcd="https://www.nic.cz/ns/yang/deckard"
xmlns:h="http://www.w3.org/1999/xhtml">
<namespace uri="https://www.nic.cz/ns/yang/deckard"/>
<prefix value="dcd"/>
<yang-version value="1.1"/>
<import module="cznic-resolver-common">
<prefix value="drc"/>
</import>
<organization>
<text>CZ.NIC, z. s. p. o.</text>
</organization>
<contact>
<text>
<h:p>
Editor:   Ladislav Lhotka<h:br/>
          &lt;mailto:lhotka@nic.cz&gt;
</h:p>
</text>
</contact>
<description>
<text>
This YANG module defines data for deckard test tool.
</text>
</description>
<revision date="2018-06-06">
<description>
<text>Initial revision.</text>
</description>
</revision>
<!-- Data nodes -->
<container name="deckard">
<description>
<text>Parameters for deckard test tool.</text>
</description>
<leaf name="mock-data">
<type name="drc:fs-path"/>
<description>
<text>
<h:p>Name of the file containing mock data for the test DNS
server and client instructions.</h:p>
<h:p>This data is copied to the resulting RPL file.</h:p>
</text>
</description>
</leaf>
</container>
</module>
module cznic-dns-types {
yang-version "1.1";
namespace "https://www.nic.cz/ns/yang/dns-types";
prefix "dns";
organization
"CZ.NIC, z. s. p. o.";
contact
"Editor:   Ladislav Lhotka
          <mailto:lhotka@nic.cz>";
description
"This YANG module defines common types related to DNS.";
revision 2018-05-14 {
description
"Initial revision.";
reference
"TODO: put git tag here";
}
/* Typedefs */
typedef domain-name {
type string {
length "1..253";
pattern "((\\*\\.)?(([a-zA-Z0-9_]([a-zA-Z0-9\\-/_]){0,61})?[a-zA-Z0-9]\\.)*([a-zA-Z0-9_]([a-zA-Z0-9\\-_]){0,61})?[a-zA-Z0-9]\\.?)|"
+ "\\.";
}
}
}
This diff is collapsed.
This diff is collapsed.
module cznic-resolver-knot {
yang-version "1.1";
namespace "https://www.nic.cz/ns/yang/resolver-knot";
prefix "kres";
import ietf-inet-types {
prefix "inet";
}
import cznic-resolver-common {
prefix "drc";
}
organization
"CZ.NIC, z. s. p. o.";
contact
"Editor:   Ladislav Lhotka
          <mailto:lhotka@nic.cz>";
description
"This YANG module augment common resolver data with parts
specific to Knot Resolver.";
revision 2018-07-27 {
description
"Initial revision.";
}
/* Data definitions */
augment "/drc:dns-resolver/drc:resolver/drc:hints" {
description
"Knot Resolver module: hints";
list hint {
key "name";
description
"Each entry defines a static hint.
Forward queries for A/AAAA records corresponding to 'name'
(the list key) shall be answered with all IPv4/IPv6
addresses from the 'values' leaf-list.
The PTR record linking all addresses from 'values' to 'name'
in the reverse zone.
If multiple entries with the same address in 'values' exist,
the one having the 'canonical' flag set to true is used for
the PTR record in the reverse zone. If no such entry exists,
the name for the PTR record is chosen randomly.";
uses drc:static-hint;
leaf canonical {
type boolean;
must ". = 'false' or "
+ "not(../preceding-sibling::hint[canonical = 'true' and "
+ "values = current()/../values])" {
error-message
"Duplicate canonical name for the same IP address.";
}
default "false";
description
"Only one key can be designated as the canonical name for
any given IP address.";
}
}
leaf hosts-file {
type drc:fs-path;
description
"Static hints will be added from the file with this path. The
file has to be in the format of Unix /etc/hosts file.";
}
}
augment "/drc:dns-resolver/drc:cache" {
description
"Knot Resolver module: prefill";
list prefill {
key "origin";
description
"Prefill the cache periodically by importing zone data
obtained over HTTP.";
leaf origin {
type inet:domain-name;
must ". = '.'" {
error-message "Cache prefilling is not yet supported for "
+ "non-root zones.";
description
"Cache prefilling is only supported for the root zone.";
}
description
"Origin for the imported data.";
}
leaf url {
type inet:uri;
mandatory "true";
description
"URL of the zone file to be imported.";
}
leaf ca-file {
type drc:fs-path;
mandatory "true";
description
"Path to the file containing a CA certificate bundle that
is used to authenticate the HTTPS connection.";
}
leaf refresh-interval {
type uint32;
units "seconds";
default "86400";
description
"Time interval between consecutive refreshes of the
imported zone data.";
}
}
}
}
<?xml version="1.0" encoding="utf-8"?>
<module name="cznic-resolver-knot"
xmlns="urn:ietf:params:xml:ns:yang:yin:1"
xmlns:kres="https://www.nic.cz/ns/yang/resolver-knot"
xmlns:drc="https://www.nic.cz/ns/yang/resolver-common"
xmlns:h="http://www.w3.org/1999/xhtml">
<namespace uri="https://www.nic.cz/ns/yang/resolver-knot"/>
<prefix value="kres"/>
<yang-version value="1.1"/>
<import module="ietf-inet-types">
<prefix value="inet"/>
</import>
<import module="cznic-resolver-common">
<prefix value="drc"/>
</import>
<organization>
<text>CZ.NIC, z. s. p. o.</text>
</organization>
<contact>
<text>
<h:p>
Editor:   Ladislav Lhotka<h:br/>
          &lt;mailto:lhotka@nic.cz&gt;
</h:p>
</text>
</contact>
<description>
<text>
This YANG module augment common resolver data with parts
specific to Knot Resolver.
</text>
</description>
<revision date="2018-07-27">
<description>
<text>Initial revision.</text>
</description>
</revision>
<!-- Data definitions -->
<augment target-node="/drc:dns-resolver/drc:resolver/drc:hints">
<description>
<text>Knot Resolver module: hints</text>
</description>
<list name="hint">
<key value="name"/>
<uses name="drc:static-hint"/>
<leaf name="canonical">
<type name="boolean"/>
<default value="false"/>
<must condition=". = 'false' or not(../preceding-sibling::hint[canonical = 'true' and values = current()/../values])">
<error-message>
<value>Duplicate canonical name for the same IP address.</value>
</error-message>
</must>
<description>
<text>Only one key can be designated as the canonical name
for any given IP address.</text>
</description>
</leaf>
<description>
<text>
<h:p>Each entry defines a static hint.</h:p>
<h:p>Forward queries for A/AAAA records corresponding to
'name' (the list key) shall be answered with all IPv4/IPv6
addresses from the 'values' leaf-list.</h:p>
<h:p>The PTR record linking all
addresses from 'values' to 'name' in the reverse zone.</h:p>
<h:p>If multiple entries with the same address in 'values'
exist, the one having the 'canonical' flag set to true is
used for the PTR record in the reverse zone. If no such
entry exists, the name for the PTR record is chosen
randomly.</h:p>
</text>
</description>
</list>
<leaf name="hosts-file">
<type name="drc:fs-path"/>
<description>
<text>Static hints will be added from the file with this
path. The file has to be in the format of Unix /etc/hosts
file.</text>
</description>
</leaf>
</augment>
<augment target-node="/drc:dns-resolver/drc:cache">
<description>
<text>Knot Resolver module: prefill</text>
</description>
<list name="prefill">
<key value="origin"/>
<description>
<text>Prefill the cache periodically by importing zone data
obtained over HTTP.</text>
</description>
<leaf name="origin">
<type name="inet:domain-name"/>
<must condition=". = '.'">
<error-message>
<value>Cache prefilling is not yet supported for non-root
zones.</value>
</error-message>
<description>
<text>Cache prefilling is only supported for the root
zone.</text>
</description>
</must>
<description>
<text>Origin for the imported data.</text>
</description>
</leaf>
<leaf name="url">
<type name="inet:uri"/>
<mandatory value="true"/>
<description>
<text>URL of the zone file to be imported.</text>
</description>
</leaf>
<leaf name="ca-file">
<type name="drc:fs-path"/>
<mandatory value="true"/>
<description>
<text>Path to the file containing a CA certificate bundle
that is used to authenticate the HTTPS connection.</text>
</description>
</leaf>
<leaf name="refresh-interval">
<type name="uint32"/>
<units name="seconds"/>
<default value="86400"/>
<description>
<text>Time interval between consecutive refreshes of the
imported zone data.</text>
</description>
</leaf>
</list>
</augment>
</module>
module: cznic-resolver-common
+--rw dns-resolver
+--rw server
| +--rw user-name? string
| +--rw group-name? string {set-group}?
+--rw network
| +--rw listen-interfaces* [name]
| | +--rw name string
| | +--rw ip-address inet:ip-address
| | +--rw port? inet:port-number
| +--rw source-address
| | +--rw ipv4? inet:ipv4-address-no-zone
| | +--rw ipv6? inet:ipv6-address-no-zone
| +--rw client-transport
| | +--rw l2-protocols? l2-protocol-selection
| +--rw recursion-transport
| | +--rw l2-protocols? l2-protocol-selection
| +--rw udp-payload-size? uint16
+--rw resolver
| +--rw stub-zones* [domain]
| | +--rw domain inet:domain-name
| | +--rw nameserver? inet:host
| | +--rw port? inet:port-number
| +--rw hints
| | +--rw root-hint* [name]
| | | +--rw name inet:domain-name
| | | +--rw values* inet:ip-address-no-zone
| | +--rw root-zone-file? fs-path
| | +--rw kres:hint* [name]
| | | +--rw kres:name inet:domain-name
| | | +--rw kres:values* inet:ip-address-no-zone
| | | +--rw kres:canonical? boolean
| | +--rw kres:hosts-file? drc:fs-path
| +--rw options
| +--rw glue-checking? enumeration
| +--rw qname-minimisation? boolean
| +--rw query-loopback? boolean
| +--rw reorder-rrset? boolean
+--rw logging
| +--rw verbosity? uint8
+--rw dnssec!
| +--rw trust-anchors
| | +--rw key-files* [domain]
| | +--rw domain inet:domain-name
| | +--rw file? fs-path
| | +--rw read-only? boolean
| +--rw negative-trust-anchors* inet:domain-name
+--rw cache
| +--rw max-size? uint64
| +--ro current-size? uint64
| +--rw max-ttl? uint32
| +--rw min-ttl? uint32
| +--rw kres:prefill* [origin]
| +--rw kres:origin inet:domain-name
| +--rw kres:url inet:uri
| +--rw kres:ca-file drc:fs-path
| +--rw kres:refresh-interval? uint32
+--rw dns64!
+--rw prefix? inet:ipv6-prefix
module: cznic-deckard
+--rw deckard
+--rw mock-data? drc:fs-path
module: cznic-resolver-common
+--rw dns-resolver
+--rw server
| +--rw user-name? string
| +--rw group-name? string {set-group}?
+--rw network
| +--rw listen-interfaces* [name]
| | +--rw name string
| | +--rw ip-address inet:ip-address
| | +--rw port? inet:port-number
| +--rw source-address
| | +--rw ipv4? inet:ipv4-address-no-zone
| | +--rw ipv6? inet:ipv6-address-no-zone
| +--rw client-transport
| | +--rw l2-protocols? l2-protocol-selection
| +--rw recursion-transport
| | +--rw l2-protocols? l2-protocol-selection
| +--rw udp-payload-size? uint16
+--rw resolver
| +--rw stub-zones* [domain]
| | +--rw domain inet:domain-name
| | +--rw nameserver? inet:host
| | +--rw port? inet:port-number
| +--rw hints
| | +--rw root-hint* [name]
| | | +--rw name inet:domain-name
| | | +--rw values* inet:ip-address-no-zone
| | +--rw root-zone-file? fs-path
| | +--rw kres:hint* [name]
| | | +--rw kres:name inet:domain-name
| | | +--rw kres:values* inet:ip-address-no-zone
| | | +--rw kres:canonical? boolean
| | +--rw kres:hosts-file? drc:fs-path
| +--rw options
| +--rw glue-checking? enumeration
| +--rw qname-minimisation? boolean
| +--rw query-loopback? boolean
| +--rw reorder-rrset? boolean
+--rw logging
| +--rw verbosity? uint8
+--rw dnssec!
| +--rw trust-anchors
| | +--rw key-files* [domain]
| | +--rw domain inet:domain-name
| | +--rw file? fs-path
| | +--rw read-only? boolean
| +--rw negative-trust-anchors* inet:domain-name
+--rw cache
| +--rw max-size? uint64
| +--ro current-size? uint64
| +--rw max-ttl? uint32
| +--rw min-ttl? uint32
| +--rw kres:prefill* [origin]
| +--rw kres:origin inet:domain-name
| +--rw kres:url inet:uri
| +--rw kres:ca-file drc:fs-path
| +--rw kres:refresh-interval? uint32
+--rw dns64!
+--rw prefix? inet:ipv6-prefix
# Minimal makefile for Sphinx documentation
#
# You can set these variables from the command line.
SPHINXOPTS =
SPHINXBUILD = sphinx-build
SOURCEDIR = .
BUILDDIR = _build
# Put it first so that "make" without argument is like "make help".
help:
@$(SPHINXBUILD) -M help "$(SOURCEDIR)" "$(BUILDDIR)" $(SPHINXOPTS) $(O)
.PHONY: help Makefile
# Catch-all target: route all unknown targets to Sphinx using the new
# "make mode" option. $(O) is meant as a shortcut for $(SPHINXOPTS).
%: Makefile
@$(SPHINXBUILD) -M $@ "$(SOURCEDIR)" "$(BUILDDIR)" $(SPHINXOPTS) $(O)
\ No newline at end of file
# -*- coding: utf-8 -*-
#
# Configuration file for the Sphinx documentation builder.
#
# This file does only contain a selection of the most common options. For a
# full list see the documentation:
# http://www.sphinx-doc.org/en/master/config
# -- Path setup --------------------------------------------------------------
# If extensions (or modules to document with autodoc) are in another directory,
# add these directories to sys.path here. If the directory is relative to the
# documentation root, use os.path.abspath to make it absolute, like shown here.
#
# import os
# import sys
# sys.path.insert(0, os.path.abspath('.'))
# -- Project information -----------------------------------------------------
project = 'Resolvers-YANG'
copyright = '2018, CZ.NIC, z. s. p. o.'
author = 'Ales Mrazek'
# The short X.Y version
version = ''
# The full version, including alpha/beta/rc tags
release = '0.1'
# -- General configuration ---------------------------------------------------
# If your documentation needs a minimal Sphinx version, state it here.
#
# needs_sphinx = '1.0'
# Add any Sphinx extension module names here, as strings. They can be
# extensions coming with Sphinx (named 'sphinx.ext.*') or your custom
# ones.
extensions = [
'sphinx.ext.autodoc',
'sphinx.ext.todo',
]
# Add any paths that contain templates here, relative to this directory.
templates_path = ['_templates']
# The suffix(es) of source filenames.
# You can specify multiple suffix as a list of string:
#
# source_suffix = ['.rst', '.md']
source_suffix = '.rst'
# The master toctree document.
master_doc = 'index'
# The language for content autogenerated by Sphinx. Refer to documentation
# for a list of supported languages.
#
# This is also used if you do content translation via gettext catalogs.
# Usually you set "language" from the command line for these cases.
language = None
# List of patterns, relative to source directory, that match files and
# directories to ignore when looking for source files.
# This pattern also affects html_static_path and html_extra_path.
exclude_patterns = ['_build', 'Thumbs.db', '.DS_Store']
# The name of the Pygments (syntax highlighting) style to use.
pygments_style = 'sphinx'
# -- Options for HTML output -------------------------------------------------
# The theme to use for HTML and HTML Help pages. See the documentation for
# a list of builtin themes.
#
html_theme = 'alabaster'
# Theme options are theme-specific and customize the look and feel of a theme
# further. For a list of options available for each theme, see the
# documentation.
#
# html_theme_options = {}
# Add any paths that contain custom static files (such as style sheets) here,
# relative to this directory. They are copied after the builtin static files,
# so a file named "default.css" will overwrite the builtin "default.css".
html_static_path = ['_static']
# Custom sidebar templates, must be a dictionary that maps document names
# to template names.
#
# The default sidebars (for documents that don't match any pattern) are
# defined by theme itself. Builtin themes are using these templates by
# default: ``['localtoc.html', 'relations.html', 'sourcelink.html',
# 'searchbox.html']``.