summaryrefslogtreecommitdiffstats
path: root/etc/config/config.docker
blob: 84246000aed72adf440021414a08746696746607 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
-- SPDX-License-Identifier: CC0-1.0
-- vim:syntax=lua:set ts=4 sw=4:
-- Refer to manual: https://knot-resolver.readthedocs.io/en/stable/
print('Knot Resolver ' .. package_version())

-- Smaller cache size
cache.size = 10 * MB

local ffi = require('ffi')

function interactive_mode()
	-- Listen on all interfaces (localhost would not work in Docker)
	net.listen('0.0.0.0', 53, { kind = 'dns' })
	net.listen('0.0.0.0', 853, { kind = 'tls' })
	net.listen('0.0.0.0', 443, { kind = 'doh2' })
	net.listen('0.0.0.0', 8453, { kind = 'webmgmt' })

	-- Load Useful modules
	modules = {
		'stats',    -- Track internal statistics
		'http',
	}

	function print_help()
		print('\nUsage\n'
		   .. '=====\n'
		   .. 'Run this container using command:\n'
		   .. '$ docker run -Pti cznic/knot-resolver\n'
		   .. '\n'
		   .. 'Docker will map ports 53, 443, 853, and 8453 to some other numbers, see\n'
		   .. '$ docker ps\n'
		   .. '(column PORTS)\n'
		   .. '53   -> DNS protocol over UDP and TCP\n'
		   .. '443  -> DNS-over-HTTPS protocol\n'
		   .. '853  -> DNS-over-TLS protocol\n'
		   .. '8453 -> web interface\n'
		   .. '\n'
		   .. 'For verbose logging enter following command to prompt below:\n'
		   .. 'log_level("debug")\n')
	end
	print_help()
end

function debug_mode(qname, qtype)
	event.after(20*sec, function()
		print('ERROR: timeout which cannot happen actually happened, exiting')
		os.exit(1)
	end)
	env.KRESD_NO_LISTEN = 1

	-- limit noise in verbose logs
	modules.unload('detect_time_skew')
	modules.unload('priming')
	modules.unload('ta_signal_query')
	modules.unload('ta_update')

	-- always empty cache so this config works reliably outside Docker
	cache.clear()

	local cqueues = require('cqueues')

	-- execute query right after start up and exit when the query is finished
	event.after(0, function()
		-- ultra verbose log
		log_level('debug')
		policy.add(policy.all(policy.DEBUG_ALWAYS))
		log_debug(ffi.C.LOG_GRP_RESOLVER, 'starting DNS query for %s %s', qname, kres.tostring.type[qtype])
		local starttime = cqueues.monotime()
		resolve({
			name = qname,
			type = qtype,
			options = {'DNSSEC_WANT'},
			finish = function(pkt)
				-- delay exit after packet is finished
				-- to prevent us from losing policy.DEBUG finish callback
				event.after(1, -- milisecond
					function()
						local endtime = cqueues.monotime()
						log_debug(ffi.C.LOG_GRP_RESOLVER, '\nrequest finished in %f ms', (endtime - starttime) * 1000)
						os.exit()
					end)
				end
		})
	end)
end

local qname = os.getenv('QNAME')
local qtype = os.getenv('QTYPE')
if qname and qtype then
	qtypenum = kres.type[qtype]
	if not qtypenum then
		log_error(ffi.C.LOG_GRP_RESOLVER, 'ERROR: unsupported query type "%s", use TYPE12345 notation', qtype)
		os.exit()
	end
	debug_mode(qname, qtypenum)
else
	interactive_mode()
end