From 2e4d0e6fb023928b772c7a839dde285a60c755f1 Mon Sep 17 00:00:00 2001
From: Astro <astro@spaceboyz.net>
Date: Fri, 20 Jan 2017 00:00:37 +0100
Subject: [PATCH] unbound: add local & dn42 forward-zones

---
 salt-pillar/top.sls           |  3 +++
 salt/unbound/dn42-zones.conf  | 34 ++++++++++++++++++++++++++++++++++
 salt/unbound/init.sls         | 10 ++++++++++
 salt/unbound/local-zones.conf | 21 +++++++++++++++++++++
 4 files changed, 68 insertions(+)
 create mode 100644 salt/unbound/dn42-zones.conf
 create mode 100644 salt/unbound/local-zones.conf

diff --git a/salt-pillar/top.sls b/salt-pillar/top.sls
index 9dbe883..ac9f787 100644
--- a/salt-pillar/top.sls
+++ b/salt-pillar/top.sls
@@ -21,6 +21,9 @@ base:
   'anon1':
     - vpn.anon1
     - upstream.anon1
+  'upstream*':
+    # for forward-zones in unbound
+    - bind.dns
   'upstream1':
     - upstream.upstream1
   'upstream2':
diff --git a/salt/unbound/dn42-zones.conf b/salt/unbound/dn42-zones.conf
new file mode 100644
index 000000000..6a89f08
--- /dev/null
+++ b/salt/unbound/dn42-zones.conf
@@ -0,0 +1,34 @@
+# https://dn42.net/services/dns/Configuration#forwarder-setup_unbound
+
+server:
+      domain-insecure: "dn42"
+      domain-insecure: "20.172.in-addr.arpa"
+      domain-insecure: "21.172.in-addr.arpa"
+      domain-insecure: "22.172.in-addr.arpa"
+      domain-insecure: "23.172.in-addr.arpa"
+      domain-insecure: "d.f.ip6.arpa"
+      local-zone: "20.172.in-addr.arpa." nodefault
+      local-zone: "21.172.in-addr.arpa." nodefault
+      local-zone: "22.172.in-addr.arpa." nodefault
+      local-zone: "23.172.in-addr.arpa." nodefault
+      local-zone: "d.f.ip6.arpa." nodefault
+
+forward-zone: 
+      name: "dn42"
+      forward-addr: 172.22.0.53
+
+forward-zone: 
+      name: "20.172.in-addr.arpa"
+      forward-addr: 172.22.0.53
+
+forward-zone: 
+      name: "22.172.in-addr.arpa"
+      forward-addr: 172.22.0.53
+
+forward-zone: 
+      name: "23.172.in-addr.arpa"
+      forward-addr: 172.22.0.53
+
+forward-zone:
+      name: "d.f.ip6.arpa"
+      forward-addr: 172.22.0.53
diff --git a/salt/unbound/init.sls b/salt/unbound/init.sls
index db23f1c..023ff51 100644
--- a/salt/unbound/init.sls
+++ b/salt/unbound/init.sls
@@ -20,3 +20,13 @@ dns-root-data:
 /etc/unbound/unbound.conf.d/verbose.conf:
   file.managed:
     - source: salt://unbound/verbose.conf
+
+/etc/unbound/unbound.conf.d/local-zones.conf:
+  file.managed:
+    - source: salt://unbound/local-zones.conf
+    - template: 'jinja'
+
+/etc/unbound/unbound.conf.d/dn42-zones.conf:
+  file.managed:
+    - source: salt://unbound/dn42-zones.conf
+    - template: 'jinja'
diff --git a/salt/unbound/local-zones.conf b/salt/unbound/local-zones.conf
new file mode 100644
index 000000000..0771896
--- /dev/null
+++ b/salt/unbound/local-zones.conf
@@ -0,0 +1,21 @@
+server:
+  domain-insecure: "{{ pillar['bind']['root-domain'] }}"
+
+forward-zone:
+  name: "{{ pillar['bind']['root-domain'] }}"
+  forward-addr: {{ pillar['hosts-inet']['serv']['dns'] }}
+  forward-addr: {{ pillar['hosts-inet6']['serv']['dns'] }}
+
+{%- for domain in pillar['bind']['reverse-zones-inet'] %}
+forward-zone:
+  name: "{{ domain }}"
+  forward-addr: {{ pillar['hosts-inet']['serv']['dns'] }}
+  forward-addr: {{ pillar['hosts-inet6']['serv']['dns'] }}
+{%- endfor %}
+
+{%- for domain in pillar['bind']['reverse-zones-inet6'] %}
+forward-zone:
+  name: "{{ domain }}"
+  forward-addr: {{ pillar['hosts-inet']['serv']['dns'] }}
+  forward-addr: {{ pillar['hosts-inet6']['serv']['dns'] }}
+{%- endfor %}