It turns out the tree of dictionaries is not the best structure to
represent our grammar, unfortunatelly. The problem is that "zone" has
several context-dependent variants which change meaning of "zone" based
on inner field "type".
Redesigning the whole structure does not seem to be worth, so I settled
on this terrible hack.
(cherry picked from commit 0392144e99)
A new flag
.. namedconf:statement::
:suppress_grammar:
suppresses pretty-printing grammar.
It is useful mostly for zones because each zone has it's own grammar, so
printing all of them at once usually does not make sense.
(cherry picked from commit 1f5bc4fe3b)
A helper is needed to combine cfg_test output for generic options and
all the type-dependent zone block variants.
(cherry picked from commit a691ebd0c9)
It produces the same format as cfg_test --grammar. The advantage is that
it allows to print any node in configuration the tree, not just whole
blocks.
(cherry picked from commit 190004e46c)
The utility detects statements which use the same name (e.g.
max-zone-ttl) but use different grammar in different contexts. These
typically need special case in docs.
(cherry picked from commit 8960d51aa3)
It transforms named.conf/rndc.conf grammar from text format into Python
dictionary. This allows granular access to grammar elements.
Beware: It heavity depens on cfg_test output format!
(cherry picked from commit df08982930)
It uses the same mechanism as all other grammars, but the file is named
differently to distinguish it from named.conf grammars.
(cherry picked from commit fb474de3ab)
The next commit is going to add parser for ISC configuration format.
To simplify the parser the grammar files in doc/misc are no longer
line-wrapped as handling it would make the grammar parser unnecessairly
complicated.
This affects visible output in the ARM, but in the end we are going to
replace the auto-generated .rst files with grammar pretty printed, so
formatting of these files does not matter in practical terms.
(cherry picked from commit 699570cdec)
Nested rst syntax is now parsed and rendered. E.g.:
.. namedconf:statement:: example
:short: Use ``this`` **cool** syntax!
(cherry picked from commit 563eb8e1b9)
This commit add a check which verifies that HTTP endpoints are being
picked up properly by the BIND instance on a reconfiguration.
(cherry picked from commit 7822670d0f)
This commit ensures that on reconfiguration the set of HTTP
endpoints (=paths) is being updated within HTTP listeners.
(cherry picked from commit d2e13ddf22)
This commit ensures that on reconfiguration a proper value for HTTP
connections limit is picked up.
The commit also refactors how listeners settings are updated so that
there is less code duplication.
(cherry picked from commit a2379135fa)
This way only quota size is passed to the interface/listener
management code instead of a quota object. Thus, we can implement
updating the quota object size instead of recreating the object.
(cherry picked from commit 3f0b310772)
The function actually did not enforce that the duration string starts
with a P (or p), just that there is a P (or p) in the string.
(cherry picked from commit 8e18fa5874)
Remove the duplication from the defaultconf and inherit the values
not set in the "insecure" policy from the "default" policy. Therefore,
we must insist that the first read built-in policy is the default one.
(cherry picked from commit c2a7950417)
Most of the settings (durations) are already inheriting from the default
because they use the constants from lib/dns/kasp.h. We need them as
constants so we can use them in named-checkconf to verify the policy
parameters.
The NSEC(3) parameters and keys should come from the actual default
policy. Change the call to cfg_kasp_fromconfig() to include the default
kasp. We also no longer need to corner case where config is NULL we load
the built-in policy: the built-in policies are now loaded when config is
set to named_g_config.
Finally, add a debug log (it is useful to see which policies are being
loaded).
(cherry picked from commit 20acb8d3a3)
Update the defaultconf with the built-in policies. These will now be
printed with "named -C".
Change the defines in kasp.h to be strings, so they can be concatenated
in the defaultconf. This means when creating a kasp structure, we no
longer initialize the defaults (this is fine because only kaspconf.c
uses dns_kasp_create() and it inherits from the default policy).
In kaspconf.c, the default values now need to be parsed from string.
Introduce some variables so we don't need to do get_duration multiple
times on the same configuration option.
Finally, clang-format-14 decided to do some random formatting changes.
(cherry picked from commit 5ff414e986)
Since sslyze can test any TLS-enabled server, also use it for exercising
DNS-over-TLS code rather than just DNS-over-HTTPS code.
(cherry picked from commit 4f12892740)
