unbound: add local & dn42 forward-zones

2017-01-20 00:00:37 +01:00 · 2017-01-20 00:00:37 +01:00 · 2e4d0e6fb0
parent beec71f387
commit 2e4d0e6fb0
4 changed files with 68 additions and 0 deletions
--- a/salt-pillar/top.sls
+++ b/salt-pillar/top.sls
@ -21,6 +21,9 @@ base:
  'anon1':
    - vpn.anon1
    - upstream.anon1
+  'upstream*':
+    # for forward-zones in unbound
+    - bind.dns
  'upstream1':
    - upstream.upstream1
  'upstream2':
--- a/salt/unbound/dn42-zones.conf
+++ b/salt/unbound/dn42-zones.conf
@ -0,0 +1,34 @@
+# https://dn42.net/services/dns/Configuration#forwarder-setup_unbound
+
+server:
+      domain-insecure: "dn42"
+      domain-insecure: "20.172.in-addr.arpa"
+      domain-insecure: "21.172.in-addr.arpa"
+      domain-insecure: "22.172.in-addr.arpa"
+      domain-insecure: "23.172.in-addr.arpa"
+      domain-insecure: "d.f.ip6.arpa"
+      local-zone: "20.172.in-addr.arpa." nodefault
+      local-zone: "21.172.in-addr.arpa." nodefault
+      local-zone: "22.172.in-addr.arpa." nodefault
+      local-zone: "23.172.in-addr.arpa." nodefault
+      local-zone: "d.f.ip6.arpa." nodefault
+
+forward-zone: 
+      name: "dn42"
+      forward-addr: 172.22.0.53
+
+forward-zone: 
+      name: "20.172.in-addr.arpa"
+      forward-addr: 172.22.0.53
+
+forward-zone: 
+      name: "22.172.in-addr.arpa"
+      forward-addr: 172.22.0.53
+
+forward-zone: 
+      name: "23.172.in-addr.arpa"
+      forward-addr: 172.22.0.53
+
+forward-zone:
+      name: "d.f.ip6.arpa"
+      forward-addr: 172.22.0.53
--- a/salt/unbound/init.sls
+++ b/salt/unbound/init.sls
@ -20,3 +20,13 @@ dns-root-data:
 /etc/unbound/unbound.conf.d/verbose.conf:
  file.managed:
    - source: salt://unbound/verbose.conf
+
+/etc/unbound/unbound.conf.d/local-zones.conf:
+  file.managed:
+    - source: salt://unbound/local-zones.conf
+    - template: 'jinja'
+
+/etc/unbound/unbound.conf.d/dn42-zones.conf:
+  file.managed:
+    - source: salt://unbound/dn42-zones.conf
+    - template: 'jinja'
--- a/salt/unbound/local-zones.conf
+++ b/salt/unbound/local-zones.conf
@ -0,0 +1,21 @@
+server:
+  domain-insecure: "{{ pillar['bind']['root-domain'] }}"
+
+forward-zone:
+  name: "{{ pillar['bind']['root-domain'] }}"
+  forward-addr: {{ pillar['hosts-inet']['serv']['dns'] }}
+  forward-addr: {{ pillar['hosts-inet6']['serv']['dns'] }}
+
+{%- for domain in pillar['bind']['reverse-zones-inet'] %}
+forward-zone:
+  name: "{{ domain }}"
+  forward-addr: {{ pillar['hosts-inet']['serv']['dns'] }}
+  forward-addr: {{ pillar['hosts-inet6']['serv']['dns'] }}
+{%- endfor %}
+
+{%- for domain in pillar['bind']['reverse-zones-inet6'] %}
+forward-zone:
+  name: "{{ domain }}"
+  forward-addr: {{ pillar['hosts-inet']['serv']['dns'] }}
+  forward-addr: {{ pillar['hosts-inet6']['serv']['dns'] }}
+{%- endfor %}