netconfcentral logo

ietf-dns-zone-provisioning@2020-03-09



  module ietf-dns-zone-provisioning {

    yang-version 1.1;

    namespace
      "urn:ietf:params:xml:ns:yang"
        + ":ietf-dns-zone-provisioning";

    prefix dnszp;

    import ietf-inet-types {
      prefix inet;
    }

    organization
      "IETF Domain Name System Operations Working Group (dnsop)";

    contact
      "WG Web:   <https://datatracker.ietf.org/wg/dnsop/>
     WG List:  <mailto:dnsop@ietf.org>

     Editor:   Willem Toorop
               <mailto:willem@nlnetlabs.nl>";

    description
      "This YANG module defines a model for configuring DNS Zone
     provisioning on authoritative nameservers.

     Copyright (c) 2020 IETF Trust and the persons identified as
     authors of the code. All rights reserved.

     Redistribution and use in source and binary forms, with or
     without modification, is permitted pursuant to, and subject to
     the license terms contained in, the Simplified BSD License set
     forth in Section 4.c of the IETF Trust's Legal Provisions
     Relating to IETF Documents
     (https://trustee.ietf.org/license-info).

     This version of this YANG module is part of RFC ????; see the
     RFC itself for full legal notices.";

    revision "2020-03-09" {
      description "Initial revision.";
      reference
        "RFC XXXX: A YANG Data Model for DNS Zone provisioning configuration";

    }


    container tsig-keys {
      description
        "The list of tsig-keys which are referred from
       acl-net-key and addr-key.";
      list tsig-key {
        key "name";
        description
          "The tsig-key which is referred to from acl-net-key
         and/or addr-key.";
        leaf name {
          type inet:domain-name;
          mandatory true;
          description "The name of the key";
        }

        leaf algorithm {
          type inet:domain-name;
          mandatory true;
          description
            "Name of the algorithm";
          reference
            "<https://www.iana.org/assignments/tsig-algorithm-names/tsig-algorithm-names.xhtml>";

        }

        leaf secret {
          type string;
          mandatory true;
          description
            "Shared secret in base64 format. Possible lengths are
dependent on the algorithm";
        }
      }  // list tsig-key
    }  // container tsig-keys

    container zones {
      description
        "The list of DNS Zones for which the properties are defined
       that describe the primary/secondary relationships.";
      list zone {
        key "name";
        description
          "A DNS Zone with properties which describe the provisioning
         relationships within for authoritative nameserver.";
        leaf name {
          type inet:domain-name;
          description
            "The name of the DNS Zone";
        }

        list allow-notify {
          key "subnet";
          description
            "Secondary servers allow notifies for DNS Zone updates
           from IP addresses from this subnet. If a tsig-key is
           given, the notify must be signed with that key.";
          leaf subnet {
            type inet:ip-prefix;
            mandatory true;
            description
              "Contacting IP address must match this subnet.";
          }

          leaf tsig-key {
            type leafref {
              path "/tsig-keys/tsig-key/name";
            }
            description
              "When provided all interactions to and from the
contacting remote end must use this tsig-key.";
          }
        }  // list allow-notify

        list allow-transfer {
          key "subnet";
          description
            "Primary servers allow transfers to the IP addresses
           to the given subnet. If a tsig-key is given, the transfer
           request must be signed and the DNS messages used for the
           transfer will also be signed with that tsig-key";
          leaf subnet {
            type inet:ip-prefix;
            mandatory true;
            description
              "Contacting IP address must match this subnet.";
          }

          leaf tsig-key {
            type leafref {
              path "/tsig-keys/tsig-key/name";
            }
            description
              "When provided all interactions to and from the
contacting remote end must use this tsig-key.";
          }
        }  // list allow-transfer

        list notify-to {
          key "ip port";
          description
            "Primary servers send NOTIFY messages when the Zonne
           has been updated to this IP. If a tsig-key is given,
           it will be signed with that key.";
          leaf ip {
            type inet:ip-address;
            mandatory true;
            description
              "IP address to contact.";
          }

          leaf port {
            type inet:port-number;
            default "53";
            description "Port to conact.";
          }

          leaf tsig-key {
            type leafref {
              path "/tsig-keys/tsig-key/name";
            }
            description
              "When provided all interactions with to and from the
contacted remote end must use this tsig-key.";
          }
        }  // list notify-to

        list transfer-from {
          key "ip port";
          description
            "Secondary servers contact the given ip-address to
           acquire DNS Zone content. When a tsig-key is given
           the request will be signed with it, and the DNS
           messages conveying the Zone must be signed with
           that tsig-key.";
          leaf ip {
            type inet:ip-address;
            mandatory true;
            description
              "IP address to contact.";
          }

          leaf port {
            type inet:port-number;
            default "53";
            description "Port to conact.";
          }

          leaf tsig-key {
            type leafref {
              path "/tsig-keys/tsig-key/name";
            }
            description
              "When provided all interactions with to and from the
contacted remote end must use this tsig-key.";
          }
        }  // list transfer-from
      }  // list zone
    }  // container zones
  }  // module ietf-dns-zone-provisioning