пре 6 година · 9cd2c417e9
--- a/.env.default
+++ b/.env.default
@@ -1,4 +1,6 @@
 
				+# relevant DNS names
			
 
				 DESECSTACK_DOMAIN=example.com
			
 
				+DESECSTACK_NS=ns1.example.com ns2.example.com
			
 
				 
			
 
				 # network
			
 
				 DESECSTACK_IPV4_REAR_PREFIX16=172.16
			
@@ -28,6 +30,7 @@ DESECSTACK_DBLORD_PASSWORD_pdns=
 
				 DESECSTACK_NSLORD_APIKEY=
			
 
				 DESECSTACK_NSLORD_CARBONSERVER=
			
 
				 DESECSTACK_NSLORD_CARBONOURNAME=
			
 
				+DESECSTACK_NSLORD_DEFAULT_TTL=3600
			
 
				 
			
 
				 # nsmaster-related
			
 
				 DESECSTACK_DBMASTER_PASSWORD_pdns=
			
--- a/.travis.yml
+++ b/.travis.yml
@@ -7,6 +7,7 @@ node_js:
 
				 env:
			
 
				   global:
			
 
				    - DESECSTACK_DOMAIN=your.hostname.example.com
			
 
				+   - DESECSTACK_NS=ns1.example.com ns2.example.com
			
 
				    - DESECSTACK_API_ADMIN=john.doe@example.com
			
 
				    - DESECSTACK_API_SEPA_CREDITOR_ID=TESTCREDITORID
			
 
				    - DESECSTACK_API_SEPA_CREDITOR_NAME=TESTCREDITORNAME
			
@@ -24,6 +25,7 @@ env:
 
				    - DESECSTACK_DB_PASSWORD_ns2replication=9Fn33T5yGulkjhetrlkjew
			
 
				    - DESECSTACK_DB_SUBJECT_ns2replication=9Fn33T5yGukjnrtj
			
 
				    - DESECSTACK_NSLORD_APIKEY=9Fn33T5yGukjekwjew
			
 
				+   - DESECSTACK_NSLORD_DEFAULT_TTL=1234
			
 
				    - DESECSTACK_NSMASTER_APIKEY=LLq1orOQuXCINUz4TV
			
 
				    - DESECSTACK_DBMASTER_PORT=13306
			
 
				    - DESECSTACK_IPV4_REAR_PREFIX16=172.16
			
--- a/README.md
+++ b/README.md
@@ -24,6 +24,7 @@ Although most configuration is contained in this repository, some external depen
 
				 3.  Set sensitive information and network topology using environment variables or an `.env` file. You need (you can use the `.env.default` file as a template):
			
 
				     - global
			
 
				       - `DESECSTACK_DOMAIN`: domain name under which the entire system will be running. The API will be reachable at https://desec.$DESECSTACK_DOMAIN/api/. For development setup, we recommend using `yourname.dedyn.io`
			
 
				+      - `DESECSTACK_NS`: the names of the authoritative name servers, i.e. names pointing to your slave name servers. Minimum 2.
			
 
				     - network
			
 
				       - `DESECSTACK_IPV4_REAR_PREFIX16`: IPv4 net, size /16, for assignment of internal container IPv4 addresses. **NOTE:** If you change this in an existing setup, you 
			
 
				         need to manually update MySQL grant tables and the `nsmaster` supermaster table to update IP addresses! Better don't do it.
			
@@ -48,6 +49,7 @@ Although most configuration is contained in this repository, some external depen
 
				       - `DESECSTACK_NSLORD_APIKEY`: pdns API key on nslord
			
 
				       - `DESECSTACK_NSLORD_CARBONSERVER`: pdns `carbon-server` setting on nslord (optional)
			
 
				       - `DESECSTACK_NSLORD_CARBONOURNAME`: pdns `carbon-ourname` setting on nslord (optional)
			
 
				+      - `DESECSTACK_NSLORD_DEFAULT_TTL`: TTL to use by default, including for default NS records
			
 
				     - nsmaster-related
			
 
				       - `DESECSTACK_DBMASTER_PASSWORD_pdns`: mysql password for pdns on nsmaster
			
 
				       - `DESECSTACK_DBMASTER_PASSWORD_ns1replication`: slave 1 replication password
			
--- a/api/api/settings.py
+++ b/api/api/settings.py
@@ -142,7 +142,8 @@ ADMINS = [(address.split("@")[0], address) for address in os.environ['DESECSTACK
 
				 AUTH_USER_MODEL = 'desecapi.User'
			
 
				 
			
 
				 # default NS records
			
 
				-DEFAULT_NS = ['ns1.desec.io.', 'ns2.desec.io.']
			
 
				+DEFAULT_NS = [name + '.' for name in os.environ['DESECSTACK_NS'].strip().split()]
			
 
				+DEFAULT_NS_TTL = os.environ['DESECSTACK_NSLORD_DEFAULT_TTL']
			
 
				 
			
 
				 # Public Suffix settings
			
 
				 PSL_RESOLVER = os.environ.get('DESECSTACK_API_PSL_RESOLVER')
			
--- a/api/desecapi/pdns_change_tracker.py
+++ b/api/desecapi/pdns_change_tracker.py
@@ -94,7 +94,7 @@ class PDNSChangeTracker:
 
				             rr_set = RRset(
			
 
				                 domain=Domain.objects.get(name=self.domain_name),
			
 
				                 type='NS', subname='',
			
 
				-                ttl=3600,  # TODO configure this via env settings
			
 
				+                ttl=api_settings.DEFAULT_NS_TTL,
			
 
				             )
			
 
				             rr_set.save()
			
 
				 
			
--- a/docker-compose.test-e2e.yml
+++ b/docker-compose.test-e2e.yml
@@ -31,9 +31,11 @@ services:
 
				     restart: "no"
			
 
				     environment:
			
 
				     - DESECSTACK_DOMAIN
			
 
				+    - DESECSTACK_NS
			
 
				     - DESECSTACK_IPV4_REAR_PREFIX16
			
 
				     - DESECSTACK_IPV6_SUBNET
			
 
				     - DESECSTACK_IPV6_ADDRESS
			
 
				+    - DESECSTACK_NSLORD_DEFAULT_TTL
			
 
				     mac_address: 06:42:ac:10:00:7f
			
 
				     depends_on:
			
 
				     - www
			
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -108,6 +108,7 @@ services:
 
				     - nslord
			
 
				     environment:
			
 
				     - DESECSTACK_DOMAIN
			
 
				+    - DESECSTACK_NS
			
 
				     - DESECSTACK_API_ADMIN
			
 
				     - DESECSTACK_API_SEPA_CREDITOR_ID
			
 
				     - DESECSTACK_API_SEPA_CREDITOR_NAME
			
@@ -121,6 +122,7 @@ services:
 
				     - DESECSTACK_IPV4_REAR_PREFIX16
			
 
				     - DESECSTACK_IPV6_SUBNET
			
 
				     - DESECSTACK_NSLORD_APIKEY
			
 
				+    - DESECSTACK_NSLORD_DEFAULT_TTL
			
 
				     - DESECSTACK_NSMASTER_APIKEY
			
 
				     - DESECSTACK_NORECAPTCHA_SITE_KEY
			
 
				     - DESECSTACK_NORECAPTCHA_SECRET_KEY
			
@@ -145,6 +147,7 @@ services:
 
				     - DESECSTACK_NSLORD_CARBONSERVER
			
 
				     - DESECSTACK_NSLORD_CARBONOURNAME
			
 
				     - DESECSTACK_NSLORD_CACHE_TTL=20
			
 
				+    - DESECSTACK_NSLORD_DEFAULT_TTL
			
 
				     depends_on:
			
 
				     - dblord
			
 
				     networks:
			
--- a/nslord/conf/pdns.conf.var
+++ b/nslord/conf/pdns.conf.var
@@ -4,7 +4,7 @@ api-key=${DESECSTACK_NSLORD_APIKEY}
 
				 default-soa-edit=INCREMENT-WEEKS
			
 
				 default-soa-mail=get.desec.io
			
 
				 default-soa-name=set.an.example
			
 
				-default-ttl=3600
			
 
				+default-ttl=${DESECSTACK_NSLORD_DEFAULT_TTL}
			
 
				 master=yes
			
 
				 only-notify=
			
 
				 setgid=pdns
			
--- a/test/e2e/setup.js
+++ b/test/e2e/setup.js
@@ -181,8 +181,9 @@ chakram.addProperty("dns", function(){});
 
				 chakram.addMethod("ttl", function (respObj, expected) {
			
 
				     this.assert(respObj.rcode === 'NOERROR', 'expected response to have rcode NOERROR');
			
 
				     this.assert(respObj.answers.length > 0, 'expected response to have answers');
			
 
				-    this.assert(respObj.answers.every(function(elem) { return elem.ttl === expected; }),
			
 
				-        'TTL of at least one answer in the DNS packet didn\'t match expected value of ' + expected);
			
 
				+    this.assert(respObj.answers.every(function(elem) { return elem.ttl === parseInt(expected); }),
			
 
				+        'TTL of at least one answer in the DNS packet didn\'t match expected value of ' + expected + ': ' +
			
 
				+        respObj.answers.map(x => x.ttl));
			
 
				 });
			
 
				 
			
 
				 exports.chakram = chakram;
			
--- a/test/e2e/spec/api_spec.js
+++ b/test/e2e/spec/api_spec.js
@@ -306,6 +306,8 @@ describe("API v1", function () {
 
				                     return chakram.wait();
			
 
				                 });
			
 
				 
			
 
				+                itShowsUpInPdnsAs('', domain, 'NS', process.env.DESECSTACK_NS.split(/\s+/),  process.env.DESECSTACK_NSLORD_DEFAULT_TTL);
			
 
				+
			
 
				                 describe("on rrsets/ endpoint", function () {
			
 
				                     it("can retrieve RRsets", function () {
			
 
				                         var response = chakram.get('/domains/' + domain + '/rrsets/');