Skip to content

GitLab

R
resolvers-yang
Commit 141eac9f authored by mrazekales's avatar mrazekales Committed by Ales Mrazek
Browse files
Options

basic structure

parent a45ea51c
Expand all Hide whitespace changes
Inline Side-by-side
Showing with 4110 additions and 2 deletions
.gitignore 0 → 100644
View file @ 141eac9f
.cache
.eggs
*.pyc
bin
dist
docs/_build
include
lib
lib64
MANIFEST
pip-selfcheck.json
pyvenv.cfg
TAGS
*.egg-info
Makefile 0 → 100644
View file @ 141eac9f
PROJECT = resolvers_yang
VERSION = 0.1
.PHONY = tags deps install-deps
tags:
find $(PROJECT) -name "*.py" | etags -
deps:
mv requirements.txt requirements.txt.old
pip freeze > requirements.txt
install-deps:
pip install -r requirements.txt
README.md
View file @ 141eac9f
# resolvers-yang
YANG data models and tools for unified configuration of DNS resolvers
\ No newline at end of file
# Resolvers-YANG
YANG data models and tools for unified configuration of DNS resolvers
Data model and library for DNS resolvers:
* [Knot Resolver](https://www.knot-resolver.cz/)
* [Unbound](https://www.unbound.net/)
* [PowerDNS](https://www.powerdns.com/)
* [BIND](https://www.isc.org/downloads/bind/)
## Data Model
* [Current schema tree](https://gitlab.labs.nic.cz/jetconf/jetconf-resolver/raw/master/data-model/model.tree)
* [Example JSON data](https://gitlab.labs.nic.cz/jetconf/jetconf-resolver/raw/master/tests/complete/example-data.json)
#### YANG Modules
* [cznic-dns-types](https://gitlab.labs.nic.cz/jetconf/jetconf-resolver/raw/master/yang-modules/cznic-dns-types@2018-05-14.yang)
* [cznic-resolver-common](https://gitlab.labs.nic.cz/jetconf/jetconf-resolver/raw/master/yang-modules/cznic-resolver-common@2018-07-27.yang)
* [cznic-resolver-knot](https://gitlab.labs.nic.cz/jetconf/jetconf-resolver/raw/master/yang-modules/cznic-resolver-knot@2018-07-27.yang)
## Getting Started
### Get Clone
```bash
$ git clone git@gitlab.labs.nic.cz:labs/resolvers-yang.git
$ cd resolvers-yang
```
### Requirements
**Python 3.5** or newer
```bash
$ sudo apt-get install python3
```
### Development
The recommended way is to use a Python virtual environment ([installation instructions](https://gitlab.labs.nic.cz/jetconf/jetconf-resolver/wikis/devinstall))
Then install dependencies
```bash
$ make install-deps
```
Adding new dependencies
```bash
$ make deps
```
### Installation
```bash
$ git clone https://gitlab.labs.nic.cz/jetconf/jetconf-resolver
$ cd jetconf-resolver
$ python3 setup.py install
```
## Example library usages
* [JSON Validation, Generate configuration, Convert from unbound.conf](https://gitlab.labs.nic.cz/jetconf/jetconf-resolver/wikis/examples)
## Links
* [Official Documentation]()
* [Wiki](https://gitlab.labs.nic.cz/jetconf/jetconf-resolver/wikis/home)
* [Deckard config](https://gitlab.labs.nic.cz/jetconf/jetconf-resolver/wikis/deckard)
\ No newline at end of file
data-model/.gitignore 0 → 100644
View file @ 141eac9f
hello.xml
model.xsl
data-model/Makefile 0 → 100644
View file @ 141eac9f
MODULES = cznic-resolver-common cznic-resolver-knot cznic-deckard
DATE ?= $(shell date +%F)
xsldir = ../../yangson/tools/xslt
yypars = --stringparam date $(DATE)
yams = $(addsuffix .yang, $(MODULES))
.PHONY: all
all: $(yams)
%.yang: %.yinx
@xsltproc --xinclude $(xsldir)/canonicalize.xsl $< | \
xsltproc --output $@ $(yypars) $(xsldir)/yin2yang.xsl -
model.tree: $(yams)
@pyang $(PYANG_OPTS) -f tree -o $@ $^
data-model/cznic-deckard.yang 0 → 100644
View file @ 141eac9f
module cznic-deckard {
yang-version "1.1";
namespace "https://www.nic.cz/ns/yang/deckard";
prefix "dcd";
import cznic-resolver-common {
prefix "drc";
}
organization
"CZ.NIC, z. s. p. o.";
contact
"Editor:   Ladislav Lhotka
          <mailto:lhotka@nic.cz>";
description
"This YANG module defines data for deckard test tool.";
revision 2018-07-27 {
description
"Initial revision.";
}
/* Data nodes */
container deckard {
description
"Parameters for deckard test tool.";
leaf mock-data {
type drc:fs-path;
description
"Name of the file containing mock data for the test DNS
server and client instructions.
This data is copied to the resulting RPL file.";
}
}
}
data-model/cznic-deckard.yinx 0 → 100644
View file @ 141eac9f
<?xml version="1.0" encoding="utf-8"?>
<module name="cznic-deckard"
xmlns="urn:ietf:params:xml:ns:yang:yin:1"
xmlns:dcd="https://www.nic.cz/ns/yang/deckard"
xmlns:h="http://www.w3.org/1999/xhtml">
<namespace uri="https://www.nic.cz/ns/yang/deckard"/>
<prefix value="dcd"/>
<yang-version value="1.1"/>
<import module="cznic-resolver-common">
<prefix value="drc"/>
</import>
<organization>
<text>CZ.NIC, z. s. p. o.</text>
</organization>
<contact>
<text>
<h:p>
Editor:   Ladislav Lhotka<h:br/>
          &lt;mailto:lhotka@nic.cz&gt;
</h:p>
</text>
</contact>
<description>
<text>
This YANG module defines data for deckard test tool.
</text>
</description>
<revision date="2018-06-06">
<description>
<text>Initial revision.</text>
</description>
</revision>
<!-- Data nodes -->
<container name="deckard">
<description>
<text>Parameters for deckard test tool.</text>
</description>
<leaf name="mock-data">
<type name="drc:fs-path"/>
<description>
<text>
<h:p>Name of the file containing mock data for the test DNS
server and client instructions.</h:p>
<h:p>This data is copied to the resulting RPL file.</h:p>
</text>
</description>
</leaf>
</container>
</module>
data-model/cznic-dns-types.yang 0 → 100644
View file @ 141eac9f
module cznic-dns-types {
yang-version "1.1";
namespace "https://www.nic.cz/ns/yang/dns-types";
prefix "dns";
organization
"CZ.NIC, z. s. p. o.";
contact
"Editor:   Ladislav Lhotka
          <mailto:lhotka@nic.cz>";
description
"This YANG module defines common types related to DNS.";
revision 2018-05-14 {
description
"Initial revision.";
reference
"TODO: put git tag here";
}
/* Typedefs */
typedef domain-name {
type string {
length "1..253";
pattern "((\\*\\.)?(([a-zA-Z0-9_]([a-zA-Z0-9\\-/_]){0,61})?[a-zA-Z0-9]\\.)*([a-zA-Z0-9_]([a-zA-Z0-9\\-_]){0,61})?[a-zA-Z0-9]\\.?)|"
+ "\\.";
}
}
}
data-model/cznic-resolver-common.yang 0 → 100644
View file @ 141eac9f
This diff is collapsed.
data-model/cznic-resolver-common.yinx 0 → 100644
View file @ 141eac9f
This diff is collapsed.
data-model/cznic-resolver-knot.yang 0 → 100644
View file @ 141eac9f
module cznic-resolver-knot {
yang-version "1.1";
namespace "https://www.nic.cz/ns/yang/resolver-knot";
prefix "kres";
import ietf-inet-types {
prefix "inet";
}
import cznic-resolver-common {
prefix "drc";
}
organization
"CZ.NIC, z. s. p. o.";
contact
"Editor:   Ladislav Lhotka
          <mailto:lhotka@nic.cz>";
description
"This YANG module augment common resolver data with parts
specific to Knot Resolver.";
revision 2018-07-27 {
description
"Initial revision.";
}
/* Data definitions */
augment "/drc:dns-resolver/drc:resolver/drc:hints" {
description
"Knot Resolver module: hints";
list hint {
key "name";
description
"Each entry defines a static hint.
Forward queries for A/AAAA records corresponding to 'name'
(the list key) shall be answered with all IPv4/IPv6
addresses from the 'values' leaf-list.
The PTR record linking all addresses from 'values' to 'name'
in the reverse zone.
If multiple entries with the same address in 'values' exist,
the one having the 'canonical' flag set to true is used for
the PTR record in the reverse zone. If no such entry exists,
the name for the PTR record is chosen randomly.";
uses drc:static-hint;
leaf canonical {
type boolean;
must ". = 'false' or "
+ "not(../preceding-sibling::hint[canonical = 'true' and "
+ "values = current()/../values])" {
error-message
"Duplicate canonical name for the same IP address.";
}
default "false";
description
"Only one key can be designated as the canonical name for
any given IP address.";
}
}
leaf hosts-file {
type drc:fs-path;
description
"Static hints will be added from the file with this path. The
file has to be in the format of Unix /etc/hosts file.";
}
}
augment "/drc:dns-resolver/drc:cache" {
description
"Knot Resolver module: prefill";
list prefill {
key "origin";
description
"Prefill the cache periodically by importing zone data
obtained over HTTP.";
leaf origin {
type inet:domain-name;
must ". = '.'" {
error-message "Cache prefilling is not yet supported for "
+ "non-root zones.";
description
"Cache prefilling is only supported for the root zone.";
}
description
"Origin for the imported data.";
}
leaf url {
type inet:uri;
mandatory "true";
description
"URL of the zone file to be imported.";
}
leaf ca-file {
type drc:fs-path;
mandatory "true";
description
"Path to the file containing a CA certificate bundle that
is used to authenticate the HTTPS connection.";
}
leaf refresh-interval {
type uint32;
units "seconds";
default "86400";
description
"Time interval between consecutive refreshes of the
imported zone data.";
}
}
}
}
data-model/cznic-resolver-knot.yinx 0 → 100644
View file @ 141eac9f
<?xml version="1.0" encoding="utf-8"?>
<module name="cznic-resolver-knot"
xmlns="urn:ietf:params:xml:ns:yang:yin:1"
xmlns:kres="https://www.nic.cz/ns/yang/resolver-knot"
xmlns:drc="https://www.nic.cz/ns/yang/resolver-common"
xmlns:h="http://www.w3.org/1999/xhtml">
<namespace uri="https://www.nic.cz/ns/yang/resolver-knot"/>
<prefix value="kres"/>
<yang-version value="1.1"/>
<import module="ietf-inet-types">
<prefix value="inet"/>
</import>
<import module="cznic-resolver-common">
<prefix value="drc"/>
</import>
<organization>
<text>CZ.NIC, z. s. p. o.</text>
</organization>
<contact>
<text>
<h:p>
Editor:   Ladislav Lhotka<h:br/>
          &lt;mailto:lhotka@nic.cz&gt;
</h:p>
</text>
</contact>
<description>
<text>
This YANG module augment common resolver data with parts
specific to Knot Resolver.
</text>
</description>
<revision date="2018-07-27">
<description>
<text>Initial revision.</text>
</description>
</revision>
<!-- Data definitions -->
<augment target-node="/drc:dns-resolver/drc:resolver/drc:hints">
<description>
<text>Knot Resolver module: hints</text>
</description>
<list name="hint">
<key value="name"/>
<uses name="drc:static-hint"/>
<leaf name="canonical">
<type name="boolean"/>
<default value="false"/>
<must condition=". = 'false' or not(../preceding-sibling::hint[canonical = 'true' and values = current()/../values])">
<error-message>
<value>Duplicate canonical name for the same IP address.</value>
</error-message>
</must>
<description>
<text>Only one key can be designated as the canonical name
for any given IP address.</text>
</description>
</leaf>
<description>
<text>
<h:p>Each entry defines a static hint.</h:p>
<h:p>Forward queries for A/AAAA records corresponding to
'name' (the list key) shall be answered with all IPv4/IPv6
addresses from the 'values' leaf-list.</h:p>
<h:p>The PTR record linking all
addresses from 'values' to 'name' in the reverse zone.</h:p>
<h:p>If multiple entries with the same address in 'values'
exist, the one having the 'canonical' flag set to true is
used for the PTR record in the reverse zone. If no such
entry exists, the name for the PTR record is chosen
randomly.</h:p>
</text>
</description>
</list>
<leaf name="hosts-file">
<type name="drc:fs-path"/>
<description>
<text>Static hints will be added from the file with this
path. The file has to be in the format of Unix /etc/hosts
file.</text>
</description>
</leaf>
</augment>
<augment target-node="/drc:dns-resolver/drc:cache">
<description>
<text>Knot Resolver module: prefill</text>
</description>
<list name="prefill">
<key value="origin"/>
<description>
<text>Prefill the cache periodically by importing zone data
obtained over HTTP.</text>
</description>
<leaf name="origin">
<type name="inet:domain-name"/>
<must condition=". = '.'">
<error-message>
<value>Cache prefilling is not yet supported for non-root
zones.</value>
</error-message>
<description>
<text>Cache prefilling is only supported for the root
zone.</text>
</description>
</must>
<description>
<text>Origin for the imported data.</text>
</description>
</leaf>
<leaf name="url">
<type name="inet:uri"/>
<mandatory value="true"/>
<description>
<text>URL of the zone file to be imported.</text>
</description>
</leaf>
<leaf name="ca-file">
<type name="drc:fs-path"/>
<mandatory value="true"/>
<description>
<text>Path to the file containing a CA certificate bundle
that is used to authenticate the HTTPS connection.</text>
</description>
</leaf>
<leaf name="refresh-interval">
<type name="uint32"/>
<units name="seconds"/>
<default value="86400"/>
<description>
<text>Time interval between consecutive refreshes of the
imported zone data.</text>
</description>
</leaf>
</list>
</augment>
</module>
data-model/model-deckard.tree 0 → 100644
View file @ 141eac9f
module: cznic-resolver-common
+--rw dns-resolver
+--rw server
| +--rw user-name? string
| +--rw group-name? string {set-group}?
+--rw network
| +--rw listen-interfaces* [name]
| | +--rw name string
| | +--rw ip-address inet:ip-address
| | +--rw port? inet:port-number
| +--rw source-address
| | +--rw ipv4? inet:ipv4-address-no-zone
| | +--rw ipv6? inet:ipv6-address-no-zone
| +--rw client-transport
| | +--rw l2-protocols? l2-protocol-selection
| +--rw recursion-transport
| | +--rw l2-protocols? l2-protocol-selection
| +--rw udp-payload-size? uint16
+--rw resolver
| +--rw stub-zones* [domain]
| | +--rw domain inet:domain-name
| | +--rw nameserver? inet:host
| | +--rw port? inet:port-number
| +--rw hints
| | +--rw root-hint* [name]
| | | +--rw name inet:domain-name
| | | +--rw values* inet:ip-address-no-zone
| | +--rw root-zone-file? fs-path
| | +--rw kres:hint* [name]
| | | +--rw kres:name inet:domain-name
| | | +--rw kres:values* inet:ip-address-no-zone
| | | +--rw kres:canonical? boolean
| | +--rw kres:hosts-file? drc:fs-path
| +--rw options
| +--rw glue-checking? enumeration
| +--rw qname-minimisation? boolean
| +--rw query-loopback? boolean
| +--rw reorder-rrset? boolean
+--rw logging
| +--rw verbosity? uint8
+--rw dnssec!
| +--rw trust-anchors
| | +--rw key-files* [domain]
| | +--rw domain inet:domain-name
| | +--rw file? fs-path
| | +--rw read-only? boolean
| +--rw negative-trust-anchors* inet:domain-name
+--rw cache
| +--rw max-size? uint64
| +--ro current-size? uint64
| +--rw max-ttl? uint32
| +--rw min-ttl? uint32
| +--rw kres:prefill* [origin]
| +--rw kres:origin inet:domain-name
| +--rw kres:url inet:uri
| +--rw kres:ca-file drc:fs-path
| +--rw kres:refresh-interval? uint32
+--rw dns64!
+--rw prefix? inet:ipv6-prefix
module: cznic-deckard
+--rw deckard
+--rw mock-data? drc:fs-path
data-model/model.tree 0 → 100644
View file @ 141eac9f
module: cznic-resolver-common
+--rw dns-resolver
+--rw server
| +--rw user-name? string
| +--rw group-name? string {set-group}?
+--rw network
| +--rw listen-interfaces* [name]
| | +--rw name string
| | +--rw ip-address inet:ip-address
| | +--rw port? inet:port-number
| +--rw source-address
| | +--rw ipv4? inet:ipv4-address-no-zone
| | +--rw ipv6? inet:ipv6-address-no-zone
| +--rw client-transport
| | +--rw l2-protocols? l2-protocol-selection
| +--rw recursion-transport
| | +--rw l2-protocols? l2-protocol-selection
| +--rw udp-payload-size? uint16
+--rw resolver
| +--rw stub-zones* [domain]
| | +--rw domain inet:domain-name
| | +--rw nameserver? inet:host
| | +--rw port? inet:port-number
| +--rw hints
| | +--rw root-hint* [name]
| | | +--rw name inet:domain-name
| | | +--rw values* inet:ip-address-no-zone
| | +--rw root-zone-file? fs-path
| | +--rw kres:hint* [name]
| | | +--rw kres:name inet:domain-name
| | | +--rw kres:values* inet:ip-address-no-zone
| | | +--rw kres:canonical? boolean
| | +--rw kres:hosts-file? drc:fs-path
| +--rw options
| +--rw glue-checking? enumeration
| +--rw qname-minimisation? boolean
| +--rw query-loopback? boolean
| +--rw reorder-rrset? boolean
+--rw logging
| +--rw verbosity? uint8
+--rw dnssec!
| +--rw trust-anchors
| | +--rw key-files* [domain]
| | +--rw domain inet:domain-name
| | +--rw file? fs-path
| | +--rw read-only? boolean
| +--rw negative-trust-anchors* inet:domain-name
+--rw cache
| +--rw max-size? uint64
| +--ro current-size? uint64
| +--rw max-ttl? uint32
| +--rw min-ttl? uint32
| +--rw kres:prefill* [origin]
| +--rw kres:origin inet:domain-name
| +--rw kres:url inet:uri
| +--rw kres:ca-file drc:fs-path
| +--rw kres:refresh-interval? uint32
+--rw dns64!
+--rw prefix? inet:ipv6-prefix
docs/Makefile 0 → 100644
View file @ 141eac9f
# Minimal makefile for Sphinx documentation
#
# You can set these variables from the command line.
SPHINXOPTS =
SPHINXBUILD = sphinx-build
SOURCEDIR = .
BUILDDIR = _build