allow enabling Extended DNS Errors (EDE)
This commit is contained in:
parent
75de211a06
commit
166863bcc4
|
@ -8,8 +8,15 @@ use crate::FQDN;
|
|||
|
||||
#[derive(Clone, Copy)]
|
||||
pub enum Config<'a> {
|
||||
NameServer { origin: &'a FQDN },
|
||||
Resolver { use_dnssec: bool, netmask: &'a str },
|
||||
NameServer {
|
||||
origin: &'a FQDN,
|
||||
},
|
||||
Resolver {
|
||||
use_dnssec: bool,
|
||||
netmask: &'a str,
|
||||
/// Extended DNS error (RFC8914)
|
||||
ede: bool,
|
||||
},
|
||||
}
|
||||
|
||||
impl Config<'_> {
|
||||
|
@ -42,6 +49,14 @@ pub enum Implementation {
|
|||
}
|
||||
|
||||
impl Implementation {
|
||||
pub fn supports_ede(&self) -> bool {
|
||||
match self {
|
||||
Implementation::Bind => false,
|
||||
Implementation::Hickory(_) => true,
|
||||
Implementation::Unbound => true,
|
||||
}
|
||||
}
|
||||
|
||||
#[must_use]
|
||||
pub fn is_bind(&self) -> bool {
|
||||
matches!(self, Self::Bind)
|
||||
|
@ -52,8 +67,11 @@ impl Implementation {
|
|||
Config::Resolver {
|
||||
use_dnssec,
|
||||
netmask,
|
||||
ede,
|
||||
} => match self {
|
||||
Self::Bind => {
|
||||
assert!(!ede, "the BIND resolver does not support EDE (RFC8914)");
|
||||
|
||||
minijinja::render!(
|
||||
include_str!("templates/named.resolver.conf.jinja"),
|
||||
use_dnssec => use_dnssec,
|
||||
|
@ -62,6 +80,7 @@ impl Implementation {
|
|||
}
|
||||
|
||||
Self::Hickory(_) => {
|
||||
// TODO enable EDE in Hickory when supported
|
||||
minijinja::render!(
|
||||
include_str!("templates/hickory.resolver.toml.jinja"),
|
||||
use_dnssec => use_dnssec,
|
||||
|
@ -73,6 +92,7 @@ impl Implementation {
|
|||
include_str!("templates/unbound.conf.jinja"),
|
||||
use_dnssec => use_dnssec,
|
||||
netmask => netmask,
|
||||
ede => ede,
|
||||
)
|
||||
}
|
||||
},
|
||||
|
|
|
@ -19,6 +19,7 @@ impl Resolver {
|
|||
#[allow(clippy::new_ret_no_self)]
|
||||
pub fn new(network: &Network, root: Root) -> ResolverSettings {
|
||||
ResolverSettings {
|
||||
ede: false,
|
||||
network: network.clone(),
|
||||
roots: vec![root],
|
||||
trust_anchor: TrustAnchor::empty(),
|
||||
|
@ -60,6 +61,8 @@ kill -TERM $(cat {pidfile})"
|
|||
}
|
||||
|
||||
pub struct ResolverSettings {
|
||||
/// Extended DNS Errors (RFC8914)
|
||||
ede: bool,
|
||||
network: Network,
|
||||
roots: Vec<Root>,
|
||||
trust_anchor: TrustAnchor,
|
||||
|
@ -84,6 +87,7 @@ impl ResolverSettings {
|
|||
let config = Config::Resolver {
|
||||
use_dnssec,
|
||||
netmask: self.network.netmask(),
|
||||
ede: self.ede,
|
||||
};
|
||||
container.cp(
|
||||
implementation.conf_file_path(config.role()),
|
||||
|
@ -115,6 +119,12 @@ impl ResolverSettings {
|
|||
})
|
||||
}
|
||||
|
||||
/// Enables the Extended DNS Errors (RFC8914) feature
|
||||
pub fn extended_dns_errors(&mut self) -> &mut Self {
|
||||
self.ede = true;
|
||||
self
|
||||
}
|
||||
|
||||
/// Adds a root hint
|
||||
pub fn root(&mut self, root: Root) -> &mut Self {
|
||||
self.roots.push(root);
|
||||
|
|
|
@ -5,6 +5,7 @@ server:
|
|||
access-control: {{ netmask }} allow
|
||||
root-hints: /etc/root.hints
|
||||
pidfile: /tmp/unbound.pid
|
||||
ede: {% if ede %} yes {% else %} no {% endif %}
|
||||
{% if use_dnssec %}
|
||||
trust-anchor-file: /etc/trusted-key.key
|
||||
{% endif %}
|
||||
|
|
Loading…
Reference in New Issue
Block a user