Allow disabling `$GENERATE`

[peterthomassen]

Motivation When reading a zone file, records can be dynamically generated using the $GENERATE directive. This is a BIND-specific feature, not a DNS feature. It should not necessarily be supported whenever presentation format is read.

We use dnspython to allow users at desec.io to paste their zone data when creating a domain at deSEC, for easy migration. We do not think that it is a good idea to allow creating server-side load via $GENERATE in that context. We would therefore like to be able to disable this directive, just like it is possible to disable $INCLUDE.

Describe the solution you'd like. Two options come to mind:

• Add a allow_generate argument to dns.zone.from_text(), which can be set to False to disable the functionality (like allow_include=False).
• More generically, turn the allow_directives argument of the Reader constructor from Boolean into a list, which has the names of the allowed directives. One could then very easily allow $TTL and/or $ORIGIN, while disabling others. -- Interaction with allow_include would have to be specified.

Not sure what's best.

@nils-wisiol

[rthalley]

At the moment I like the idea of allowing allow_directives in the Reader to be either a boolean or an iterable. (The boolean is for backwards compatibility). We then expose allow_directives in dns.zone.from_text() too, keeping allow_include for backwards compatibility, and saying that if both specified then allow_directives wins. This way we get fine grained control over all directives without adding an allow_ to the API every time.

[pspacek]

Limiting $GENERATE is certainly a good idea... as opposed to generating 2^31 RRs from a single-line snippet.

[peterthomassen]

complete by merge of #833 (thanks!)