diff options
author | Viacheslav Hletenko <v.gletenko@vyos.io> | 2022-07-04 18:16:06 +0000 |
---|---|---|
committer | Viacheslav Hletenko <v.gletenko@vyos.io> | 2022-07-05 10:05:44 +0000 |
commit | 2bdf4798570222b57af2de2f0b443529abdc3feb (patch) | |
tree | 6c6415598e41eb0686a9d0fc0225b631ab867935 | |
parent | 7a09c9d4b3d74fd0c953f9f097ffecf4af8683d3 (diff) | |
download | vyos-1x-2bdf4798570222b57af2de2f0b443529abdc3feb.tar.gz vyos-1x-2bdf4798570222b57af2de2f0b443529abdc3feb.zip |
dns: T4509: Add dns64-prefix option
rfc6147: DNS Extensions for Network Address Translation
from IPv6 Clients to IPv4 Servers
set service dns forwarding dns64-prefix 2001:db8:aabb::/96
-rw-r--r-- | data/templates/dns-forwarding/recursor.conf.j2 | 5 | ||||
-rw-r--r-- | interface-definitions/dns-forwarding.xml.in | 12 | ||||
-rwxr-xr-x | smoketest/scripts/cli/test_service_dns_forwarding.py | 11 | ||||
-rwxr-xr-x | src/conf_mode/dns_forwarding.py | 6 |
4 files changed, 34 insertions, 0 deletions
diff --git a/data/templates/dns-forwarding/recursor.conf.j2 b/data/templates/dns-forwarding/recursor.conf.j2 index c1950e1bc..ce1b676d1 100644 --- a/data/templates/dns-forwarding/recursor.conf.j2 +++ b/data/templates/dns-forwarding/recursor.conf.j2 @@ -32,6 +32,11 @@ local-address={{ listen_address | join(',') }} # dnssec dnssec={{ dnssec }} +{% if dns64_prefix is vyos_defined %} +# dns64-prefix +dns64-prefix={{ dns64_prefix }} +{% endif %} + # serve rfc1918 records serve-rfc1918={{ 'no' if no_serve_rfc1918 is vyos_defined else 'yes' }} diff --git a/interface-definitions/dns-forwarding.xml.in b/interface-definitions/dns-forwarding.xml.in index baff4a841..3de0dc0eb 100644 --- a/interface-definitions/dns-forwarding.xml.in +++ b/interface-definitions/dns-forwarding.xml.in @@ -36,6 +36,18 @@ <multi/> </properties> </leafNode> + <leafNode name="dns64-prefix"> + <properties> + <help>Help to communicate between IPv6-only client and IPv4-only server</help> + <valueHelp> + <format>ipv6net</format> + <description>IPv6 address and /96 only prefix length</description> + </valueHelp> + <constraint> + <validator name="ipv6-prefix"/> + </constraint> + </properties> + </leafNode> <leafNode name="dnssec"> <properties> <help>DNSSEC mode</help> diff --git a/smoketest/scripts/cli/test_service_dns_forwarding.py b/smoketest/scripts/cli/test_service_dns_forwarding.py index 5929f8cba..dcc0dc1e2 100755 --- a/smoketest/scripts/cli/test_service_dns_forwarding.py +++ b/smoketest/scripts/cli/test_service_dns_forwarding.py @@ -51,6 +51,7 @@ class TestServicePowerDNS(VyOSUnitTestSHIM.TestCase): # Check basic DNS forwarding settings cache_size = '20' negative_ttl = '120' + dns_prefix = '64:ff9b::/96' self.cli_set(base_path + ['cache-size', cache_size]) self.cli_set(base_path + ['negative-ttl', negative_ttl]) @@ -67,6 +68,12 @@ class TestServicePowerDNS(VyOSUnitTestSHIM.TestCase): for address in listen_adress: self.cli_set(base_path + ['listen-address', address]) + # Check dns64-prefix - must be prefix /96 + self.cli_set(base_path + ['dns64-prefix', '2001:db8:aabb::/64']) + with self.assertRaises(ConfigSessionError): + self.cli_commit() + self.cli_set(base_path + ['dns64-prefix', dns_prefix]) + # configure DNSSEC self.cli_set(base_path + ['dnssec', 'validate']) @@ -100,6 +107,10 @@ class TestServicePowerDNS(VyOSUnitTestSHIM.TestCase): tmp = get_config_value('serve-rfc1918') self.assertEqual(tmp, 'yes') + # dns64-prefix + tmp = get_config_value('dns64-prefix') + self.assertEqual(tmp, dns_prefix) + # Check for running process self.assertTrue(process_named_running(PROCESS_NAME)) diff --git a/src/conf_mode/dns_forwarding.py b/src/conf_mode/dns_forwarding.py index 41023c135..a96183b04 100755 --- a/src/conf_mode/dns_forwarding.py +++ b/src/conf_mode/dns_forwarding.py @@ -266,6 +266,12 @@ def verify(dns): if 'server' not in dns['domain'][domain]: raise ConfigError(f'No server configured for domain {domain}!') + if 'dns64_prefix' in dns: + dns_prefix = dns['dns64_prefix'].split('/')[1] + # RFC 6147 requires prefix /96 + if int(dns_prefix) != 96: + raise ConfigError('DNS forwarding "dns64-prefix" must be /96') + if ('authoritative_zone_errors' in dns) and dns['authoritative_zone_errors']: for error in dns['authoritative_zone_errors']: print(error) |