modules/daf,renumber: fixed the modules and added tests
This fixes most of the rules in DAF that were broken in 2.0 and adds tests. It also allows policy filter to evaluate policies in the checkout layer, before the subrequest is sent to authoritative. This is used primarily for negotiating features between resolver and authoritatives, or disabling transports.
The policy filter can now match on:
- NS suffix - to apply policies on any zone on given nameservers
- Query type
New actions:
- REFUSE - block query with an RCODE=REFUSED, fixes #337 (closed)
The DAF can now toggle features between resolver and authoritatives.
fixes #322 (closed)
cc @anb
Merge request reports
Activity
Depends on a commit from https://gitlab.labs.nic.cz/knot/knot-resolver/merge_requests/527 to retrieve the last processed query, so I added it to this PR as well.
117 local function serve(h, stream) 117 local function serve(endpoints, h, stream) 118 118 local hsend = http_headers.new() 119 119 local path = h:get(':path') 120 local entry = M.endpoints[path] 120 local entry = endpoints[path] 121 121 if not entry then -- Accept top-level path match 122 entry = M.endpoints[path:match '^/[^/]*'] 122 entry = endpoints[path:match '^/[^/?]*'] 123 123 end 124 124 -- Unpack MIME and data 125 local mime, data, err 125 local data, mime, ttl, err 126 126 if entry then 127 mime, data = unpack(entry) 127 mime = entry[1] Put
datain the first slot, for people who do not care MIME too much, and line up with the order later for the data callbackdata, err, set_mime, set_ttl = data(h, stream)?Also, the doc about endpoint is outdated.
Edited by Anbang WenThis is a cherry-pick from https://gitlab.labs.nic.cz/knot/knot-resolver/merge_requests/527 because I need
request:last(), see that PR for more details.
Related, to be considered before merge: #217 (closed) #205 (closed)
Replaced by !716 (merged) which does not contain changes in cache.
