From 64b4f483832b436849ecbbd30c3cbea0bd663648 Mon Sep 17 00:00:00 2001 From: Jernej Jakob Date: Thu, 11 Jun 2020 09:12:00 +0200 Subject: dns forwarding: T2486: add conf nodes 'addnta', 'recursion-desired', migrator Add new nodes for 'service dns forwarding domain': 'addnta': adds addNTA to lua-config-file 'recursion-desired': sets '+' before the zone in forward-zones-file The migrator sets both options for all configured domains. This is usually the desired config. --- interface-definitions/dns-forwarding.xml.in | 14 +++++++- src/migration-scripts/dns-forwarding/2-to-3 | 51 +++++++++++++++++++++++++++++ 2 files changed, 64 insertions(+), 1 deletion(-) create mode 100755 src/migration-scripts/dns-forwarding/2-to-3 diff --git a/interface-definitions/dns-forwarding.xml.in b/interface-definitions/dns-forwarding.xml.in index 8b89bf758..993d69fe1 100644 --- a/interface-definitions/dns-forwarding.xml.in +++ b/interface-definitions/dns-forwarding.xml.in @@ -28,7 +28,7 @@ - Use DNS servers received from DHCP server for specified interface + Interfaces whose DHCP client nameservers to forward requests to @@ -89,6 +89,18 @@ + + + Add NTA (negative trust anchor) for this domain (must be set if the domain doesn't support DNSSEC) + + + + + + Set the "recursion desired" bit in requests to the upstream nameserver + + + diff --git a/src/migration-scripts/dns-forwarding/2-to-3 b/src/migration-scripts/dns-forwarding/2-to-3 new file mode 100755 index 000000000..01e445b22 --- /dev/null +++ b/src/migration-scripts/dns-forwarding/2-to-3 @@ -0,0 +1,51 @@ +#!/usr/bin/env python3 +# +# Copyright (C) 2020 VyOS maintainers and contributors +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 or later as +# published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . +# + +# Sets the new options "addnta" and "recursion-desired" for all +# 'dns forwarding domain' as this is usually desired + +import sys +from vyos.configtree import ConfigTree + +if (len(sys.argv) < 1): + print("Must specify file name!") + sys.exit(1) + +file_name = sys.argv[1] + +with open(file_name, 'r') as f: + config_file = f.read() + +config = ConfigTree(config_file) + +base = ['service', 'dns', 'forwarding'] +if not config.exists(base): + # Nothing to do + sys.exit(0) + +if config.exists(base + ['domain']): + for domain in config.list_nodes(base + ['domain']): + domain_base = base + ['domain', domain] + config.set(domain_base + ['addnta']) + config.set(domain_base + ['recursion-desired']) + + try: + with open(file_name, 'w') as f: + f.write(config.to_string()) + except OSError as e: + print("Failed to save the modified config: {}".format(e)) + sys.exit(1) -- cgit v1.2.3