mirror of
https://gitlab.nic.cz/knot/knot-dns.git
synced 2026-02-03 18:49:28 -05:00
| .. | ||
| data | ||
| tests | ||
| tools | ||
| .gitignore | ||
| README | ||
| requirements.txt | ||
| runtests.py | ||
Prerequisites:
--------------
python3
dnspython >=2.2.0 (python3-dnspython)
psutil (python3-psutil)
bind9
dnssec-signzone (bind9-utils)
dnssec-keygen (bind9-utils)
dnssec-verify (bind9-utils)
certtool (gnutls-bin)
ldnsutils
lsof
gawk
objdump
softhsm2
(valgrind)
(gdb)
Python modules:
---------------
To install necessary Python modules using pip, run:
$ pip install -r requirements.txt
Optional loopback addresses configuration:
------------------------------------------
# for i in {1..64}; do sudo ip address add 127.0.1.$i/32 dev lo; done
# for i in {1..64}; do sudo ip address add ::1$i/128 dev lo; done
Ubuntu:
-------
Disable apparmor protection for system Bind:
$ sudo apparmor_parser -R /etc/apparmor.d/usr.sbin.named
or
$ sudo ln -s /etc/apparmor.d/usr.sbin.named /etc/apparmor.d/disable/
$ sudo /etc/init.d/apparmor restart
Allow ptrace:
# echo 0 | sudo tee /proc/sys/kernel/yama/ptrace_scope
or
# vim /etc/sysctl.d/10-ptrace.conf
# kernel.yama.ptrace_scope = 0
XDP:
----
XDP testing with Valgrind requires running under root. Testing with ASAN is
possible if lsof has two following capabilities:
$ sudo setcap "CAP_SYS_PTRACE,CAP_DAC_OVERRIDE+ep" `which lsof`
And knotd has set:
$ sudo setcap "CAP_NET_RAW,CAP_NET_ADMIN,CAP_SYS_ADMIN,CAP_IPC_LOCK,CAP_SYS_PTRACE+ep" `readlink -f ../src/knotd`
Tcpdump:
--------
$ sudo setcap "CAP_NET_RAW+ep" `which tcpdump`