NamedCheckconf parser - command named-checkconf -p
Named-checkconf is a syntax checking tool for named configuration file. Named is a name server used by BIND.
- class insights.parsers.named_checkconf.NamedCheckconf(context)[source]
Bases:
CommandParser
Class for parsing the
named-checkconf -p
command.- is_dnssec_disabled
True, if dnssec is not enabled, False otherwise.
- Type:
bool
- dnssec_line
The line which disabled dnssec, if it is not enabled, None otherwise.
- Type:
string
- disable_algorithms
Dictionary where the key is a domain and the value is a list of all algorithms associated with it.
- Type:
dict
- disable_ds_digests
Dictionary where the key is a domain and the value is a list of all digests associated with it.
- Type:
dict
- Raises:
SkipComponent -- When content is empty or cannot be parsed.
Sample output of this command is:
logging { channel "default_debug" { file "data/named.run"; severity dynamic; }; }; options { directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; listen-on port 53 { 127.0.0.1/32; }; listen-on-v6 port 53 { ::1/128; }; managed-keys-directory "/var/named/dynamic"; memstatistics-file "/var/named/data/named_mem_stats.txt"; pid-file "/run/named/named.pid"; recursing-file "/var/named/data/named.recursing"; secroots-file "/var/named/data/named.secroots"; session-keyfile "/run/named/session.key"; statistics-file "/var/named/data/named_stats.txt"; disable-algorithms "." { "RSAMD5"; "DSA"; }; disable-ds-digests "." { "GOST"; }; dnssec-enable yes; dnssec-validation yes; recursion yes; allow-query { "localhost"; }; }; managed-keys { "." initial-key 257 3 8 "AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjF FVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoX bfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaD X6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpz W5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relS Qageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulq QxA+Uk1ihz0="; "." initial-key 257 3 8 "AwEAAaz/tAm8yTn4Mfeh5eyI96WSVexTBAvkMgJzkKTOiW1vkIbzxeF3 +/4RgWOq7HrxRixHlFlExOLAJr5emLvN7SWXgnLh4+B5xQlNVz8Og8kv ArMtNROxVQuCaSnIDdD5LKyWbRd2n9WGe2R8PzgCmr3EgVLrjyBxWezF 0jLHwVN8efS3rCj/EWgvIWgb9tarpVUDK/b58Da+sqqls3eNbuv7pr+e oZG+SrDK6nWeL3c6H5Apxz7LjVc1uTIdsIXxuOLYA4/ilBmSVIzuDWfd RUfhHdY6+cn8HFRm+2hM8AnXGXws9555KrUB5qihylGa8subX2Nn6UwN R1AkUTV74bU="; }; zone "." IN { type hint; file "named.ca"; }; zone "localhost.localdomain" IN { type master; file "named.localhost"; allow-update { "none"; }; }; zone "localhost" IN { type master; file "named.localhost"; allow-update { "none"; }; }; zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN { type master; file "named.loopback"; allow-update { "none"; }; }; zone "1.0.0.127.in-addr.arpa" IN { type master; file "named.loopback"; allow-update { "none"; }; }; zone "0.in-addr.arpa" IN { type master; file "named.empty"; allow-update { "none"; }; };
Examples
>>> type(named_checkconf) <class 'insights.parsers.named_checkconf.NamedCheckconf'> >>> named_checkconf.is_dnssec_disabled False >>> named_checkconf.dnssec_line is None True >>> named_checkconf.disable_algorithms {'.': ['RSAMD5', 'DSA']} >>> named_checkconf.disable_ds_digests {'.': ['GOST']}
- retrieve_disabled(section_regex, source)[source]
Parses ‘disable-algorithms’ or ‘disable_ds_digests’ section into a dictionary, where the key is a domain and the value is a list of all algorithms/digests associated with it.
- section_regex
The regular expression for a given section.
- Type:
string
- source
The source in which a given section is searched for.
- Type:
string