File: dnssec.lua.j2

package info (click to toggle)
knot-resolver 6.0.17-1
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid
  • size: 16,376 kB
  • sloc: javascript: 42,732; ansic: 40,311; python: 12,580; cpp: 2,121; sh: 1,988; xml: 193; makefile: 181
file content (54 lines) | stat: -rw-r--r-- 1,137 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
 
{% from 'macros/common_macros.lua.j2' import boolean %}

{% if cfg.dnssec.enable %}

-- dnssec.logging-bogus
{% if cfg.dnssec.log_bogus %}
modules.load('bogus_log')
{% else %}
-- modules.unload('bogus_log')
{% endif %}

-- dnssec.sentinel
{% if cfg.dnssec.sentinel %}
modules.load('ta_sentinel')
{% else %}
modules.unload('ta_sentinel')
{% endif %}

-- dnssec.signal-query
{% if cfg.dnssec.signal_query %}
modules.load('ta_signal_query')
{% else %}
modules.unload('ta_signal_query')
{% endif %}

{% if cfg.dnssec.trust_anchors %}
-- dnssec.trust-anchors
{% for ta in cfg.dnssec.trust_anchors %}
trust_anchors.add('{{ ta }}')
{% endfor %}
{% endif %}

{% if cfg.dnssec.negative_trust_anchors %}
-- dnssec.negative-trust-anchors
trust_anchors.set_insecure({
{% for nta in cfg.dnssec.negative_trust_anchors %}
    '{{ nta }}',
{% endfor %}
})
{% endif %}

{% if cfg.dnssec.trust_anchors_files %}
-- dnssec.trust-anchors-files
{% for taf in cfg.dnssec.trust_anchors_files %}
trust_anchors.add_file('{{ taf.file }}', {{ boolean(taf.read_only) }})
{% endfor %}
{% endif %}

{% else %}

-- Disable DNSSEC
trust_anchors.remove('.')

{% endif %}