basic structure

.gitignore

+.cache
+.eggs
+*.pyc
+bin
+dist
+docs/_build
+include
+lib
+lib64
+MANIFEST
+pip-selfcheck.json
+pyvenv.cfg
+TAGS
+*.egg-info

Makefile

+PROJECT = resolvers_yang
+VERSION = 0.1
+.PHONY = tags deps install-deps
+
+tags:
+	find $(PROJECT) -name "*.py" | etags -
+
+deps:
+	mv requirements.txt requirements.txt.old
+	pip freeze > requirements.txt
+
+install-deps:
+	pip install -r requirements.txt
+
+

README.md

-# resolvers-yang
 
-YANG data models and tools for unified configuration of DNS resolvers
\ No newline at end of file
+# Resolvers-YANG
+
+YANG data models and tools for unified configuration of DNS resolvers
+
+Data model and library for DNS resolvers:
+* [Knot Resolver](https://www.knot-resolver.cz/)
+* [Unbound](https://www.unbound.net/)
+* [PowerDNS](https://www.powerdns.com/)
+* [BIND](https://www.isc.org/downloads/bind/)
+
+## Data Model
+* [Current schema tree](https://gitlab.labs.nic.cz/jetconf/jetconf-resolver/raw/master/data-model/model.tree)
+* [Example JSON data](https://gitlab.labs.nic.cz/jetconf/jetconf-resolver/raw/master/tests/complete/example-data.json)
+
+#### YANG Modules
+* [cznic-dns-types](https://gitlab.labs.nic.cz/jetconf/jetconf-resolver/raw/master/yang-modules/cznic-dns-types@2018-05-14.yang)
+* [cznic-resolver-common](https://gitlab.labs.nic.cz/jetconf/jetconf-resolver/raw/master/yang-modules/cznic-resolver-common@2018-07-27.yang)
+* [cznic-resolver-knot](https://gitlab.labs.nic.cz/jetconf/jetconf-resolver/raw/master/yang-modules/cznic-resolver-knot@2018-07-27.yang)
+
+## Getting Started
+
+### Get Clone
+```bash
+$ git clone git@gitlab.labs.nic.cz:labs/resolvers-yang.git
+$ cd resolvers-yang
+```
+
+### Requirements
+
+**Python 3.5** or newer
+
+```bash
+$ sudo apt-get install python3
+```
+
+### Development
+
+The recommended way is to use a Python virtual environment ([installation instructions](https://gitlab.labs.nic.cz/jetconf/jetconf-resolver/wikis/devinstall))
+
+Then install dependencies
+```bash
+$ make install-deps
+```
+Adding new dependencies
+```bash
+$ make deps
+```
+
+### Installation
+
+```bash
+$ git clone https://gitlab.labs.nic.cz/jetconf/jetconf-resolver
+$ cd jetconf-resolver
+$ python3 setup.py install
+```
+
+## Example library usages
+* [JSON Validation, Generate configuration, Convert from unbound.conf](https://gitlab.labs.nic.cz/jetconf/jetconf-resolver/wikis/examples)
+
+## Links
+* [Official Documentation]()
+* [Wiki](https://gitlab.labs.nic.cz/jetconf/jetconf-resolver/wikis/home)
+* [Deckard config](https://gitlab.labs.nic.cz/jetconf/jetconf-resolver/wikis/deckard)
\ No newline at end of file

data-model/.gitignore

+hello.xml
+model.xsl

data-model/Makefile

+MODULES = cznic-resolver-common cznic-resolver-knot cznic-deckard
+DATE ?= $(shell date +%F)
+
+xsldir = ../../yangson/tools/xslt
+yypars = --stringparam date $(DATE)
+yams = $(addsuffix .yang, $(MODULES))
+
+.PHONY: all
+
+all: $(yams)
+
+%.yang: %.yinx
+	@xsltproc --xinclude $(xsldir)/canonicalize.xsl $< | \
+	  xsltproc --output $@ $(yypars) $(xsldir)/yin2yang.xsl -
+
+model.tree: $(yams)
+	@pyang $(PYANG_OPTS) -f tree -o $@ $^

data-model/cznic-deckard.yang

+module cznic-deckard {
+
+  yang-version "1.1";
+
+  namespace "https://www.nic.cz/ns/yang/deckard";
+
+  prefix "dcd";
+
+  import cznic-resolver-common {
+    prefix "drc";
+  }
+
+  organization
+    "CZ.NIC, z. s. p. o.";
+
+  contact
+    "Editor:   Ladislav Lhotka
+               <mailto:lhotka@nic.cz>";
+
+  description
+    "This YANG module defines data for deckard test tool.";
+
+  revision 2018-07-27 {
+    description
+      "Initial revision.";
+  }
+
+  /* Data nodes */
+
+  container deckard {
+    description
+      "Parameters for deckard test tool.";
+    leaf mock-data {
+      type drc:fs-path;
+      description
+        "Name of the file containing mock data for the test DNS
+         server and client instructions.
+
+         This data is copied to the resulting RPL file.";
+    }
+  }
+}

data-model/cznic-deckard.yinx

+<?xml version="1.0" encoding="utf-8"?>
+<module name="cznic-deckard"
+        xmlns="urn:ietf:params:xml:ns:yang:yin:1"
+        xmlns:dcd="https://www.nic.cz/ns/yang/deckard"
+	xmlns:h="http://www.w3.org/1999/xhtml">
+  <namespace uri="https://www.nic.cz/ns/yang/deckard"/>
+  <prefix value="dcd"/>
+  <yang-version value="1.1"/>
+  <import module="cznic-resolver-common">
+    <prefix value="drc"/>
+  </import>
+  <organization>
+    <text>CZ.NIC, z. s. p. o.</text>
+  </organization>
+  <contact>
+    <text>
+      <h:p>
+        Editor:   Ladislav Lhotka<h:br/>
+                  &lt;mailto:lhotka@nic.cz&gt;
+      </h:p>
+    </text>
+  </contact>
+  <description>
+    <text>
+      This YANG module defines data for deckard test tool.
+    </text>
+  </description>
+
+  <revision date="2018-06-06">
+    <description>
+      <text>Initial revision.</text>
+    </description>
+  </revision>
+
+  <!-- Data nodes -->
+
+  <container name="deckard">
+    <description>
+      <text>Parameters for deckard test tool.</text>
+    </description>
+    <leaf name="mock-data">
+      <type name="drc:fs-path"/>
+      <description>
+	<text>
+	  <h:p>Name of the file containing mock data for the test DNS
+	  server and client instructions.</h:p>
+	  <h:p>This data is copied to the resulting RPL file.</h:p>
+	</text>
+      </description>
+    </leaf>
+  </container>
+
+</module>

data-model/cznic-dns-types.yang

+module cznic-dns-types {
+
+  yang-version "1.1";
+
+  namespace "https://www.nic.cz/ns/yang/dns-types";
+
+  prefix "dns";
+
+  organization
+    "CZ.NIC, z. s. p. o.";
+
+  contact
+    "Editor:   Ladislav Lhotka
+               <mailto:lhotka@nic.cz>";
+
+  description
+    "This YANG module defines common types related to DNS.";
+
+  revision 2018-05-14 {
+    description
+      "Initial revision.";
+    reference
+      "TODO: put git tag here";
+  }
+
+  /* Typedefs */
+
+  typedef domain-name {
+    type string {
+      length "1..253";
+      pattern "((\\*\\.)?(([a-zA-Z0-9_]([a-zA-Z0-9\\-/_]){0,61})?[a-zA-Z0-9]\\.)*([a-zA-Z0-9_]([a-zA-Z0-9\\-_]){0,61})?[a-zA-Z0-9]\\.?)|"
+            + "\\.";
+    }
+  }
+}

data-model/cznic-resolver-knot.yang

+module cznic-resolver-knot {
+
+  yang-version "1.1";
+
+  namespace "https://www.nic.cz/ns/yang/resolver-knot";
+
+  prefix "kres";
+
+  import ietf-inet-types {
+    prefix "inet";
+  }
+
+  import cznic-resolver-common {
+    prefix "drc";
+  }
+
+  organization
+    "CZ.NIC, z. s. p. o.";
+
+  contact
+    "Editor:   Ladislav Lhotka
+               <mailto:lhotka@nic.cz>";
+
+  description
+    "This YANG module augment common resolver data with parts
+     specific to Knot Resolver.";
+
+  revision 2018-07-27 {
+    description
+      "Initial revision.";
+  }
+
+  /* Data definitions */
+
+  augment "/drc:dns-resolver/drc:resolver/drc:hints" {
+    description
+      "Knot Resolver module: hints";
+    list hint {
+      key "name";
+      description
+        "Each entry defines a static hint.
+
+         Forward queries for A/AAAA records corresponding to 'name'
+         (the list key) shall be answered with all IPv4/IPv6
+         addresses from the 'values' leaf-list.
+
+         The PTR record linking all addresses from 'values' to 'name'
+         in the reverse zone.
+
+         If multiple entries with the same address in 'values' exist,
+         the one having the 'canonical' flag set to true is used for
+         the PTR record in the reverse zone. If no such entry exists,
+         the name for the PTR record is chosen randomly.";
+      uses drc:static-hint;
+      leaf canonical {
+        type boolean;
+        must ". = 'false' or "
+           + "not(../preceding-sibling::hint[canonical = 'true' and "
+           + "values = current()/../values])" {
+          error-message
+            "Duplicate canonical name for the same IP address.";
+        }
+        default "false";
+        description
+          "Only one key can be designated as the canonical name for
+           any given IP address.";
+      }
+    }
+    leaf hosts-file {
+      type drc:fs-path;
+      description
+        "Static hints will be added from the file with this path. The
+         file has to be in the format of Unix /etc/hosts file.";
+    }
+  }
+
+  augment "/drc:dns-resolver/drc:cache" {
+    description
+      "Knot Resolver module: prefill";
+    list prefill {
+      key "origin";
+      description
+        "Prefill the cache periodically by importing zone data
+         obtained over HTTP.";
+      leaf origin {
+        type inet:domain-name;
+        must ". = '.'" {
+          error-message "Cache prefilling is not yet supported for "
+                      + "non-root zones.";
+          description
+            "Cache prefilling is only supported for the root zone.";
+        }
+        description
+          "Origin for the imported data.";
+      }
+      leaf url {
+        type inet:uri;
+        mandatory "true";
+        description
+          "URL of the zone file to be imported.";
+      }
+      leaf ca-file {
+        type drc:fs-path;
+        mandatory "true";
+        description
+          "Path to the file containing a CA certificate bundle that
+           is used to authenticate the HTTPS connection.";
+      }
+      leaf refresh-interval {
+        type uint32;
+        units "seconds";
+        default "86400";
+        description
+          "Time interval between consecutive refreshes of the
+           imported zone data.";
+      }
+    }
+  }
+}

data-model/cznic-resolver-knot.yinx

+<?xml version="1.0" encoding="utf-8"?>
+<module name="cznic-resolver-knot"
+        xmlns="urn:ietf:params:xml:ns:yang:yin:1"
+        xmlns:kres="https://www.nic.cz/ns/yang/resolver-knot"
+        xmlns:drc="https://www.nic.cz/ns/yang/resolver-common"
+	xmlns:h="http://www.w3.org/1999/xhtml">
+  <namespace uri="https://www.nic.cz/ns/yang/resolver-knot"/>
+  <prefix value="kres"/>
+  <yang-version value="1.1"/>
+  <import module="ietf-inet-types">
+    <prefix value="inet"/>
+  </import>
+  <import module="cznic-resolver-common">
+    <prefix value="drc"/>
+  </import>
+  <organization>
+    <text>CZ.NIC, z. s. p. o.</text>
+  </organization>
+  <contact>
+    <text>
+      <h:p>
+        Editor:   Ladislav Lhotka<h:br/>
+                  &lt;mailto:lhotka@nic.cz&gt;
+      </h:p>
+    </text>
+  </contact>
+  <description>
+    <text>
+      This YANG module augment common resolver data with parts
+      specific to Knot Resolver.
+    </text>
+  </description>
+
+  <revision date="2018-07-27">
+    <description>
+      <text>Initial revision.</text>
+    </description>
+  </revision>
+  
+  <!-- Data definitions -->
+
+  <augment target-node="/drc:dns-resolver/drc:resolver/drc:hints">
+    <description>
+      <text>Knot Resolver module: hints</text>
+    </description>
+    <list name="hint">
+      <key value="name"/>
+      <uses name="drc:static-hint"/>
+      <leaf name="canonical">
+	<type name="boolean"/>
+	<default value="false"/>
+	<must condition=". = 'false' or not(../preceding-sibling::hint[canonical = 'true' and values = current()/../values])">
+	  <error-message>
+	    <value>Duplicate canonical name for the same IP address.</value>
+	  </error-message>
+	</must>
+	<description>
+	  <text>Only one key can be designated as the canonical name
+	  for any given IP address.</text>
+	</description>
+      </leaf>
+      <description>
+	<text>
+	  <h:p>Each entry defines a static hint.</h:p>
+	  <h:p>Forward queries for A/AAAA records corresponding to
+	  'name' (the list key) shall be answered with all IPv4/IPv6
+	  addresses from the 'values' leaf-list.</h:p>
+	  <h:p>The PTR record linking all
+	  addresses from 'values' to 'name' in the reverse zone.</h:p>
+	  <h:p>If multiple entries with the same address in 'values'
+	  exist, the one having the 'canonical' flag set to true is
+	  used for the PTR record in the reverse zone. If no such
+	  entry exists, the name for the PTR record is chosen
+	  randomly.</h:p>
+	</text>
+      </description>
+    </list>
+    <leaf name="hosts-file">
+      <type name="drc:fs-path"/>
+      <description>
+	<text>Static hints will be added from the file with this
+	path. The file has to be in the format of Unix /etc/hosts
+	file.</text>
+      </description>
+    </leaf>
+  </augment>
+
+  <augment target-node="/drc:dns-resolver/drc:cache">
+    <description>
+      <text>Knot Resolver module: prefill</text>
+    </description>
+    <list name="prefill">
+      <key value="origin"/>
+      <description>
+	<text>Prefill the cache periodically by importing zone data
+	  obtained over HTTP.</text>
+      </description>
+      <leaf name="origin">
+	<type name="inet:domain-name"/>
+	<must condition=". = '.'">
+	  <error-message>
+	    <value>Cache prefilling is not yet supported for non-root
+	    zones.</value>
+	  </error-message>
+	  <description>
+	    <text>Cache prefilling is only supported for the root
+	    zone.</text>
+	  </description>
+	</must>
+	<description>
+	  <text>Origin for the imported data.</text>
+	</description>
+      </leaf>
+      <leaf name="url">
+	<type name="inet:uri"/>
+	<mandatory value="true"/>
+	<description>
+	  <text>URL of the zone file to be imported.</text>
+	</description>
+      </leaf>
+      <leaf name="ca-file">
+	<type name="drc:fs-path"/>
+	<mandatory value="true"/>
+	<description>
+	  <text>Path to the file containing a CA certificate bundle
+	  that is used to authenticate the HTTPS connection.</text>
+	</description>
+      </leaf>
+      <leaf name="refresh-interval">
+	<type name="uint32"/>
+	<units name="seconds"/>
+	<default value="86400"/>
+	<description>
+	  <text>Time interval between consecutive refreshes of the
+	  imported zone data.</text>
+	</description>
+      </leaf>
+    </list>
+  </augment>
+
+</module>

data-model/model-deckard.tree

+module: cznic-resolver-common
+  +--rw dns-resolver
+     +--rw server
+     |  +--rw user-name?    string
+     |  +--rw group-name?   string {set-group}?
+     +--rw network
+     |  +--rw listen-interfaces* [name]
+     |  |  +--rw name          string
+     |  |  +--rw ip-address    inet:ip-address
+     |  |  +--rw port?         inet:port-number
+     |  +--rw source-address
+     |  |  +--rw ipv4?   inet:ipv4-address-no-zone
+     |  |  +--rw ipv6?   inet:ipv6-address-no-zone
+     |  +--rw client-transport
+     |  |  +--rw l2-protocols?   l2-protocol-selection
+     |  +--rw recursion-transport
+     |  |  +--rw l2-protocols?   l2-protocol-selection
+     |  +--rw udp-payload-size?      uint16
+     +--rw resolver
+     |  +--rw stub-zones* [domain]
+     |  |  +--rw domain        inet:domain-name
+     |  |  +--rw nameserver?   inet:host
+     |  |  +--rw port?         inet:port-number
+     |  +--rw hints
+     |  |  +--rw root-hint* [name]
+     |  |  |  +--rw name      inet:domain-name
+     |  |  |  +--rw values*   inet:ip-address-no-zone
+     |  |  +--rw root-zone-file?    fs-path
+     |  |  +--rw kres:hint* [name]
+     |  |  |  +--rw kres:name         inet:domain-name
+     |  |  |  +--rw kres:values*      inet:ip-address-no-zone
+     |  |  |  +--rw kres:canonical?   boolean
+     |  |  +--rw kres:hosts-file?   drc:fs-path
+     |  +--rw options
+     |     +--rw glue-checking?        enumeration
+     |     +--rw qname-minimisation?   boolean
+     |     +--rw query-loopback?       boolean
+     |     +--rw reorder-rrset?        boolean
+     +--rw logging
+     |  +--rw verbosity?   uint8
+     +--rw dnssec!
+     |  +--rw trust-anchors
+     |  |  +--rw key-files* [domain]
+     |  |     +--rw domain       inet:domain-name
+     |  |     +--rw file?        fs-path
+     |  |     +--rw read-only?   boolean
+     |  +--rw negative-trust-anchors*   inet:domain-name
+     +--rw cache
+     |  +--rw max-size?       uint64
+     |  +--ro current-size?   uint64
+     |  +--rw max-ttl?        uint32
+     |  +--rw min-ttl?        uint32
+     |  +--rw kres:prefill* [origin]
+     |     +--rw kres:origin              inet:domain-name
+     |     +--rw kres:url                 inet:uri
+     |     +--rw kres:ca-file             drc:fs-path
+     |     +--rw kres:refresh-interval?   uint32
+     +--rw dns64!
+        +--rw prefix?   inet:ipv6-prefix
+module: cznic-deckard
+  +--rw deckard
+     +--rw mock-data?   drc:fs-path

data-model/model.tree

+module: cznic-resolver-common
+  +--rw dns-resolver
+     +--rw server
+     |  +--rw user-name?    string
+     |  +--rw group-name?   string {set-group}?
+     +--rw network
+     |  +--rw listen-interfaces* [name]
+     |  |  +--rw name          string
+     |  |  +--rw ip-address    inet:ip-address
+     |  |  +--rw port?         inet:port-number
+     |  +--rw source-address
+     |  |  +--rw ipv4?   inet:ipv4-address-no-zone
+     |  |  +--rw ipv6?   inet:ipv6-address-no-zone
+     |  +--rw client-transport
+     |  |  +--rw l2-protocols?   l2-protocol-selection
+     |  +--rw recursion-transport
+     |  |  +--rw l2-protocols?   l2-protocol-selection
+     |  +--rw udp-payload-size?      uint16
+     +--rw resolver
+     |  +--rw stub-zones* [domain]
+     |  |  +--rw domain        inet:domain-name
+     |  |  +--rw nameserver?   inet:host
+     |  |  +--rw port?         inet:port-number
+     |  +--rw hints
+     |  |  +--rw root-hint* [name]
+     |  |  |  +--rw name      inet:domain-name
+     |  |  |  +--rw values*   inet:ip-address-no-zone
+     |  |  +--rw root-zone-file?    fs-path
+     |  |  +--rw kres:hint* [name]
+     |  |  |  +--rw kres:name         inet:domain-name
+     |  |  |  +--rw kres:values*      inet:ip-address-no-zone
+     |  |  |  +--rw kres:canonical?   boolean
+     |  |  +--rw kres:hosts-file?   drc:fs-path
+     |  +--rw options
+     |     +--rw glue-checking?        enumeration
+     |     +--rw qname-minimisation?   boolean
+     |     +--rw query-loopback?       boolean
+     |     +--rw reorder-rrset?        boolean
+     +--rw logging
+     |  +--rw verbosity?   uint8
+     +--rw dnssec!
+     |  +--rw trust-anchors
+     |  |  +--rw key-files* [domain]
+     |  |     +--rw domain       inet:domain-name
+     |  |     +--rw file?        fs-path
+     |  |     +--rw read-only?   boolean
+     |  +--rw negative-trust-anchors*   inet:domain-name
+     +--rw cache
+     |  +--rw max-size?       uint64
+     |  +--ro current-size?   uint64
+     |  +--rw max-ttl?        uint32
+     |  +--rw min-ttl?        uint32
+     |  +--rw kres:prefill* [origin]
+     |     +--rw kres:origin              inet:domain-name
+     |     +--rw kres:url                 inet:uri
+     |     +--rw kres:ca-file             drc:fs-path
+     |     +--rw kres:refresh-interval?   uint32
+     +--rw dns64!
+        +--rw prefix?   inet:ipv6-prefix

docs/Makefile

+# Minimal makefile for Sphinx documentation
+#
+
+# You can set these variables from the command line.
+SPHINXOPTS    =
+SPHINXBUILD   = sphinx-build
+SOURCEDIR     = .
+BUILDDIR      = _build
+
+# Put it first so that "make" without argument is like "make help".
+help:
+	@$(SPHINXBUILD) -M help "$(SOURCEDIR)" "$(BUILDDIR)" $(SPHINXOPTS) $(O)
+
+.PHONY: help Makefile
+
+# Catch-all target: route all unknown targets to Sphinx using the new
+# "make mode" option.  $(O) is meant as a shortcut for $(SPHINXOPTS).
+%: Makefile
+	@$(SPHINXBUILD) -M $@ "$(SOURCEDIR)" "$(BUILDDIR)" $(SPHINXOPTS) $(O)
\ No newline at end of file

docs/conf.py

+# -*- coding: utf-8 -*-
+#
+# Configuration file for the Sphinx documentation builder.
+#
+# This file does only contain a selection of the most common options. For a
+# full list see the documentation:
+# http://www.sphinx-doc.org/en/master/config
+
+# -- Path setup --------------------------------------------------------------
+
+# If extensions (or modules to document with autodoc) are in another directory,
+# add these directories to sys.path here. If the directory is relative to the
+# documentation root, use os.path.abspath to make it absolute, like shown here.
+#
+# import os
+# import sys
+# sys.path.insert(0, os.path.abspath('.'))
+
+
+# -- Project information -----------------------------------------------------
+
+project = 'Resolvers-YANG'
+copyright = '2018, CZ.NIC, z. s. p. o.'
+author = 'Ales Mrazek'
+
+# The short X.Y version
+version = ''
+# The full version, including alpha/beta/rc tags
+release = '0.1'
+
+
+# -- General configuration ---------------------------------------------------
+
+# If your documentation needs a minimal Sphinx version, state it here.
+#
+# needs_sphinx = '1.0'
+
+# Add any Sphinx extension module names here, as strings. They can be
+# extensions coming with Sphinx (named 'sphinx.ext.*') or your custom
+# ones.
+extensions = [
+    'sphinx.ext.autodoc',
+    'sphinx.ext.todo',
+]
+
+# Add any paths that contain templates here, relative to this directory.
+templates_path = ['_templates']
+
+# The suffix(es) of source filenames.
+# You can specify multiple suffix as a list of string:
+#
+# source_suffix = ['.rst', '.md']
+source_suffix = '.rst'
+
+# The master toctree document.
+master_doc = 'index'
+
+# The language for content autogenerated by Sphinx. Refer to documentation
+# for a list of supported languages.
+#
+# This is also used if you do content translation via gettext catalogs.
+# Usually you set "language" from the command line for these cases.
+language = None
+
+# List of patterns, relative to source directory, that match files and
+# directories to ignore when looking for source files.
+# This pattern also affects html_static_path and html_extra_path.
+exclude_patterns = ['_build', 'Thumbs.db', '.DS_Store']
+
+# The name of the Pygments (syntax highlighting) style to use.
+pygments_style = 'sphinx'