dns

2017-01-13 03:57:09 +01:00 · 2017-01-13 03:57:09 +01:00 · 02663013a2
parent 52f7bf5266
commit 02663013a2
11 changed files with 241 additions and 0 deletions
--- a/salt-pillar/bind/dns.sls
+++ b/salt-pillar/bind/dns.sls
@ -0,0 +1,21 @@
+bind:
+  root-domain: zentralwerk.online
+  master-ns: dns.serv.zentralwerk.online
+  public-ns:
+    - ns.c3d2.de
+    - spaceboyz.net
+  serial: 2017011300
+  
+  reverse-zones-inet:
+    - 172.20.72
+    - 172.20.73
+    - 172.20.74
+    - 172.20.75
+    - 172.20.76
+    - 172.20.77
+    - 172.20.78
+    - 172.20.79
+  
+  reverse-zones-inet6:
+    - '8.5.0.2.d.3.c.2.4.0.0.3.2.d.f.ip6.arpa'
+    - 'c.5.0.2.d.3.c.2.4.0.0.3.2.d.f.ip6.arpa'
--- a/salt-pillar/hosts/init.sls
+++ b/salt-pillar/hosts/init.sls
@ -71,38 +71,69 @@ hosts-inet:

  pub:
    pub-gw: 172.20.76.1
+{%- for i in range(2, 256) %}
+    guest{{ i }}: 172.20.76.{{ i }}
+{%- endfor %}
+{%- for i in range(0, 255) %}
+    guest{{ 256 + i }}: 172.20.77.{{ i }}
+{%- endfor %}
  serv:
    serv-gw: 172.20.73.1
+    dns: 172.20.73.2
  priv1:
    priv1-gw: 172.20.74.1
+{%- for i in range(1, 14) %}
+    dhcp{{ i }}: 172.20.74.{{ 1 + i }}
+{%- endfor %}
  priv9:
    priv9-gw: 172.20.74.33
  priv5:
    priv5-gw: 172.20.74.65
+{%- for i in range(1, 14) %}
+    dhcp{{ i }}: 172.20.74.{{ 65 + i }}
+{%- endfor %}
  priv10:
    priv10-gw: 172.20.74.97
  priv3:
    priv3-gw: 172.20.74.129
+{%- for i in range(1, 14) %}
+    dhcp{{ i }}: 172.20.75.{{ 129 + i }}
+{%- endfor %}
  priv11:
    priv11-gw: 172.20.74.161
  priv6:
    priv6-gw: 172.20.74.193
+{%- for i in range(1, 14) %}
+    dhcp{{ i }}: 172.20.74.{{ 193 + i }}
+{%- endfor %}
  priv12:
    priv12-gw: 172.20.74.225
  priv2:
    priv2-gw: 172.20.75.1
+{%- for i in range(1, 31) %}
+    dhcp{{ i }}: 172.20.75.{{ 1 + i }}
+{%- endfor %}
  priv13:
    priv13-gw: 172.20.75.33
  priv7:
    priv7-gw: 172.20.75.65
+{%- for i in range(1, 14) %}
+    dhcp{{ i }}: 172.20.75.{{ 65 + i }}
+{%- endfor %}
  priv14:
    priv14-gw: 172.20.75.97
  priv4:
    priv4-gw: 172.20.75.129
+{%- for i in range(1, 14) %}
+    dhcp{{ i }}: 172.20.75.{{ 129 + i }}
+{%- endfor %}
  priv15:
    priv15-gw: 172.20.75.161
  priv8:
    priv8-gw: 172.20.75.193
+{%- for i in range(1, 14) %}
+    dhcp{{ i }}: 172.20.75.{{ 193 + i }}
+{%- endfor %}
  priv16:
    priv16-gw: 172.20.75.225

@ -147,6 +178,7 @@ hosts-inet6:

  serv:
    serv-gw: fd23:42:c3d2:582::1
+    dns: fd23:42:c3d2:582:2:0:0:2
  pub:
    pub-gw: fd23:42:c3d2:583::1
  priv1:
--- a/salt-pillar/lxc-containers/server1.sls
+++ b/salt-pillar/lxc-containers/server1.sls
@ -135,3 +135,10 @@ containers:
        gw: upstream1
      c3d2:
        type: veth
+
+  dns:
+    interfaces:
+      serv:
+        type: veth
+        gw: serv-gw
+        gw6: serv-gw
--- a/salt-pillar/top.sls
+++ b/salt-pillar/top.sls
@ -29,3 +29,5 @@ base:
    - lxc-containers.server1
    - switches
    - cpe.aps
+  'dns':
+    - bind.dns
--- a/salt/bind/init.sls
+++ b/salt/bind/init.sls
@ -0,0 +1,61 @@
+bind9:
+  pkg.installed: []
+  service:
+    - running
+    - enable: True
+    - restart: True
+    - watch:
+      - file: /etc/bind/named.conf*
+      - file: /etc/bind/*.zone
+      - pkg: bind9
+
+/etc/bind/named.conf.local:
+  file.managed:
+    - require:
+        - pkg: bind9
+    - source: salt://bind/named.conf
+    - template: 'jinja'
+
+# zentralwerk.online
+/etc/bind/{{ pillar['bind']['root-domain'] }}:
+  file.managed:
+    - source: salt://bind/root-domain.zone
+    - template: 'jinja'
+    - context:
+        domain: {{ pillar['bind']['root-domain'] }}
+
+# *.zentralwerk.online
+{%- for net, subnet4 in pillar['subnets-inet'].items() %}
+{%- set domain = net ~ '.' ~ pillar['bind']['root-domain'] %}
+/etc/bind/{{ domain }}.zone:
+  file.managed:
+    - source: salt://bind/net-domain.zone
+    - template: 'jinja'
+    - context:
+        domain: {{ domain }}
+        net: {{ net }}
+
+{%- endfor %}
+
+# IPv4 reverse
+{%- for subnet in pillar['bind']['reverse-zones-inet'] %}
+{%-   set domain = '.'.join(subnet.split('.').__reversed__()) ~ '.in-addr.arpa' %}
+/etc/bind/reverse4-{{ subnet }}.zone:
+  file.managed:
+    - source: salt://bind/reverse4.zone
+    - template: 'jinja'
+    - context:
+        domain: {{ domain }}
+        subnet: {{ subnet }}
+
+{%- endfor %}
+
+# IPv6 reverse
+{%- for domain in pillar['bind']['reverse-zones-inet6'] %}
+/etc/bind/reverse6-{{ domain }}.zone:
+  file.managed:
+    - source: salt://bind/reverse6.zone
+    - template: 'jinja'
+    - context:
+        domain: {{ domain }}
+{%- endfor %}
--- a/salt/bind/named.conf
+++ b/salt/bind/named.conf
@ -0,0 +1,23 @@
+{%- for net, subnet4 in pillar['subnets-inet'].items() %}
+{%- set domain = net ~ '.' ~ pillar['bind']['root-domain'] %}
+zone "{{ domain }}" IN {
+     type master;
+     file "/etc/bind/{{ domain }}.zone";
+};
+
+{%- endfor %}
+
+{%- for subnet in pillar['bind']['reverse-zones-inet'] %}
+{%- set domain = '.'.join(subnet.split('.').__reversed__()) ~ '.in-addr.arpa' %}
+zone "{{ domain }}" IN {
+     type master;
+     file "/etc/bind/reverse4-{{ subnet }}.zone";
+};
+{%- endfor %}
+
+{%- for domain in pillar['bind']['reverse-zones-inet6'] %}
+zone "{{ domain }}" IN {
+     type master;
+     file "/etc/bind/reverse6-{{ domain }}.zone";
+};
+{%- endfor %}
--- a/salt/bind/net-domain.zone
+++ b/salt/bind/net-domain.zone
@ -0,0 +1,25 @@
+$ORIGIN {{ domain }}.
+$TTL 10M
+
+@		IN SOA	{{ pillar['bind']['master-ns'] }}. astro.spaceboyz.net. (
+				{{ pillar['bind']['serial'] }} ; serial
+				1H ; refresh
+				1M ; retry
+				2H ; expire
+				5M ; minimum
+			)
+{%- for ns in pillar['bind']['public-ns'] %}
+		IN NS	{{ ns }}.
+{%- endfor %}
+
+{%- if pillar['hosts-inet'].get(net) %}
+{%-   for name, a in pillar['hosts-inet'][net].items() %}
+{{ name }}	IN A	{{ a }}
+{%-   endfor %}
+{%- endif %}
+
+{%- if pillar['hosts-inet6'].get(net) %}
+{%-   for name, aaaa in pillar['hosts-inet6'][net].items() %}
+{{ name }}	IN AAAA	{{ aaaa }}
+{%-   endfor %}
+{%- endif %}
--- a/salt/bind/reverse4.zone
+++ b/salt/bind/reverse4.zone
@ -0,0 +1,26 @@
+$ORIGIN {{ domain }}.
+$TTL 10M
+
+@		IN SOA	{{ pillar['bind']['master-ns'] }}. astro.spaceboyz.net. (
+				{{ pillar['bind']['serial'] }} ; serial
+				1H ; refresh
+				1M ; retry
+				2H ; expire
+				5M ; minimum
+			)
+{%- for ns in pillar['bind']['public-ns'] %}
+		IN NS	{{ ns }}.
+{%- endfor %}
+
+{%- for i in range(1, 255) %}
+{%-   set addr = subnet ~ '.' ~ i %}
+
+{%-   for net, hosts in pillar['hosts-inet'].items() %}
+{%-     for host, a in hosts.items() %}
+{%-       if a == addr %}
+{{ i }}		IN PTR	{{ host }}.{{ net }}.{{ pillar['bind']['root-domain'] }}.
+{%-       endif %}
+{%-     endfor %}
+{%-   endfor %}
+
+{%- endfor %}
--- a/salt/bind/reverse6.zone
+++ b/salt/bind/reverse6.zone
@ -0,0 +1,22 @@
+$ORIGIN {{ domain }}.
+$TTL 10M
+
+@		IN SOA	{{ pillar['bind']['master-ns'] }}. astro.spaceboyz.net. (
+				{{ pillar['bind']['serial'] }} ; serial
+				1H ; refresh
+				1M ; retry
+				2H ; expire
+				5M ; minimum
+			)
+{%- for ns in pillar['bind']['public-ns'] %}
+		IN NS	{{ ns }}.
+{%- endfor %}
+
+{%- for net, hosts in pillar['hosts-inet6'].items() %}
+{%-   for host, aaaa in hosts.items() %}
+{%-     set reverse = salt['network.reverse_ip'](aaaa) %}
+{%-     if reverse.endswith(domain) %}
+{{ reverse.replace('.' ~ domain, '') }}	IN PTR	{{ host }}.{{ net }}.{{ pillar['bind']['root-domain'] }}.
+{%-     endif %}
+{%-   endfor %}
+{%- endfor %}
--- a/salt/bind/root-domain.zone
+++ b/salt/bind/root-domain.zone
@ -0,0 +1,19 @@
+$ORIGIN {{ domain }}
+$TTL 10M
+
+@		IN SOA	{{ pillar['bind']['master-ns'] }}. astro.spaceboyz.net. (
+				{{ pillar['bind']['serial'] }} ; serial
+				1H ; refresh
+				1M ; retry
+				2H ; expire
+				5M ; minimum
+			)
+{%- for ns in pillar['bind']['public-ns'] %}
+		IN NS	{{ ns }}.
+{%- endfor %}
+
+{%- for net, hosts in pillar['hosts-inet'].items() %}
+{%-   for ns in pillar['bind']['public-ns'] %}
+{{ net }}		IN NS	{{ ns }}.
+{%-   endfor %}
+{%- endfor %}
--- a/salt/top.sls
+++ b/salt/top.sls
@ -46,3 +46,6 @@ base:
    - upstream.masquerade
    - upstream.shaping
    - upstream.nat66
+  'dns':
+    - no-ssh
+    - bind