unbound: add local & dn42 forward-zones
This commit is contained in:
parent
beec71f387
commit
2e4d0e6fb0
|
@ -21,6 +21,9 @@ base:
|
||||||
'anon1':
|
'anon1':
|
||||||
- vpn.anon1
|
- vpn.anon1
|
||||||
- upstream.anon1
|
- upstream.anon1
|
||||||
|
'upstream*':
|
||||||
|
# for forward-zones in unbound
|
||||||
|
- bind.dns
|
||||||
'upstream1':
|
'upstream1':
|
||||||
- upstream.upstream1
|
- upstream.upstream1
|
||||||
'upstream2':
|
'upstream2':
|
||||||
|
|
|
@ -0,0 +1,34 @@
|
||||||
|
# https://dn42.net/services/dns/Configuration#forwarder-setup_unbound
|
||||||
|
|
||||||
|
server:
|
||||||
|
domain-insecure: "dn42"
|
||||||
|
domain-insecure: "20.172.in-addr.arpa"
|
||||||
|
domain-insecure: "21.172.in-addr.arpa"
|
||||||
|
domain-insecure: "22.172.in-addr.arpa"
|
||||||
|
domain-insecure: "23.172.in-addr.arpa"
|
||||||
|
domain-insecure: "d.f.ip6.arpa"
|
||||||
|
local-zone: "20.172.in-addr.arpa." nodefault
|
||||||
|
local-zone: "21.172.in-addr.arpa." nodefault
|
||||||
|
local-zone: "22.172.in-addr.arpa." nodefault
|
||||||
|
local-zone: "23.172.in-addr.arpa." nodefault
|
||||||
|
local-zone: "d.f.ip6.arpa." nodefault
|
||||||
|
|
||||||
|
forward-zone:
|
||||||
|
name: "dn42"
|
||||||
|
forward-addr: 172.22.0.53
|
||||||
|
|
||||||
|
forward-zone:
|
||||||
|
name: "20.172.in-addr.arpa"
|
||||||
|
forward-addr: 172.22.0.53
|
||||||
|
|
||||||
|
forward-zone:
|
||||||
|
name: "22.172.in-addr.arpa"
|
||||||
|
forward-addr: 172.22.0.53
|
||||||
|
|
||||||
|
forward-zone:
|
||||||
|
name: "23.172.in-addr.arpa"
|
||||||
|
forward-addr: 172.22.0.53
|
||||||
|
|
||||||
|
forward-zone:
|
||||||
|
name: "d.f.ip6.arpa"
|
||||||
|
forward-addr: 172.22.0.53
|
|
@ -20,3 +20,13 @@ dns-root-data:
|
||||||
/etc/unbound/unbound.conf.d/verbose.conf:
|
/etc/unbound/unbound.conf.d/verbose.conf:
|
||||||
file.managed:
|
file.managed:
|
||||||
- source: salt://unbound/verbose.conf
|
- source: salt://unbound/verbose.conf
|
||||||
|
|
||||||
|
/etc/unbound/unbound.conf.d/local-zones.conf:
|
||||||
|
file.managed:
|
||||||
|
- source: salt://unbound/local-zones.conf
|
||||||
|
- template: 'jinja'
|
||||||
|
|
||||||
|
/etc/unbound/unbound.conf.d/dn42-zones.conf:
|
||||||
|
file.managed:
|
||||||
|
- source: salt://unbound/dn42-zones.conf
|
||||||
|
- template: 'jinja'
|
||||||
|
|
|
@ -0,0 +1,21 @@
|
||||||
|
server:
|
||||||
|
domain-insecure: "{{ pillar['bind']['root-domain'] }}"
|
||||||
|
|
||||||
|
forward-zone:
|
||||||
|
name: "{{ pillar['bind']['root-domain'] }}"
|
||||||
|
forward-addr: {{ pillar['hosts-inet']['serv']['dns'] }}
|
||||||
|
forward-addr: {{ pillar['hosts-inet6']['serv']['dns'] }}
|
||||||
|
|
||||||
|
{%- for domain in pillar['bind']['reverse-zones-inet'] %}
|
||||||
|
forward-zone:
|
||||||
|
name: "{{ domain }}"
|
||||||
|
forward-addr: {{ pillar['hosts-inet']['serv']['dns'] }}
|
||||||
|
forward-addr: {{ pillar['hosts-inet6']['serv']['dns'] }}
|
||||||
|
{%- endfor %}
|
||||||
|
|
||||||
|
{%- for domain in pillar['bind']['reverse-zones-inet6'] %}
|
||||||
|
forward-zone:
|
||||||
|
name: "{{ domain }}"
|
||||||
|
forward-addr: {{ pillar['hosts-inet']['serv']['dns'] }}
|
||||||
|
forward-addr: {{ pillar['hosts-inet6']['serv']['dns'] }}
|
||||||
|
{%- endfor %}
|
Loading…
Reference in New Issue