blob: 31a29beac75b162ac36a69a40ffd0c8fa0003bc8 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
|
{% from 'macros/common_macros.lua.j2' import boolean %}
{% if not cfg.dnssec %}
-- disable dnssec
trust_anchors.remove('.')
{% endif %}
-- options.trust-anchor-sentinel
{% if cfg.dnssec.trust_anchor_sentinel %}
modules.load('ta_sentinel')
{% else %}
modules.unload('ta_sentinel')
{% endif %}
-- options.trust-anchor-signal-query
{% if cfg.dnssec.trust_anchor_signal_query %}
modules.load('ta_signal_query')
{% else %}
modules.unload('ta_signal_query')
{% endif %}
-- options.time-skew-detection
{% if cfg.dnssec.time_skew_detection %}
modules.load('detect_time_skew')
{% else %}
modules.unload('detect_time_skew')
{% endif %}
-- dnssec.keep-removed
trust_anchors.keep_removed = {{ cfg.dnssec.keep_removed }}
{% if cfg.dnssec.refresh_time %}
-- dnssec.refresh-time
trust_anchors.refresh_time = {{ cfg.dnssec.refresh_time.seconds()|string }}
{% endif %}
{% if cfg.dnssec.trust_anchors %}
-- dnssec.trust-anchors
{% for ta in cfg.dnssec.trust_anchors %}
trust_anchors.add('{{ ta }}')
{% endfor %}
{% endif %}
{% if cfg.dnssec.negative_trust_anchors %}
-- dnssec.negative-trust-anchors
trust_anchors.set_insecure({
{% for nta in cfg.dnssec.negative_trust_anchors %}
'{{ nta }}',
{% endfor %}
})
{% endif %}
{% if cfg.dnssec.trust_anchors_files %}
-- dnssec.trust-anchors-files
{% for taf in cfg.dnssec.trust_anchors_files %}
trust_anchors.add_file('{{ taf.file }}', readonly = {{ boolean(taf.read_only) }})
{% endfor %}
{% endif %}
|
