zentralwerk/network
zentralwerk
/
network
12
4
Fork 2
Code Issues 3 Pull Requests 1 Releases Wiki Activity

bind, unbound: prepare dns in ctx

This commit is contained in:
Astro 2018-06-23 02:04:35 +02:00
parent 201780d2e2
commit 72e3718bf5
9 changed files with 61 additions and 34 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
salt-pillar/bind/dns.sls
View File

@ -1,6 +1,10 @@
bind:
root-domain: zentralwerk.org
master-ns: dns.serv.zentralwerk.org
root-domain:
dn42: zentralwerk.dn42
up1: zentralwerk.org
master-ns:
dn42: dns.serv.zentralwerk.dn42
up1: dns.serv.zentralwerk.org
public-ns:
- ns.c3d2.de
- ns.spaceboyz.net
@ -11,7 +15,7 @@ bind:
# dns.spaceboyz.net
- 172.22.24.4
- 2a01:4f8:a0:33d0::4
serial: 2017031210
serial: 2018062300
reverse-zones-inet:
- 72.20.172.in-addr.arpa
@ -24,5 +28,9 @@ bind:
- 79.20.172.in-addr.arpa
reverse-zones-inet6:
- 8.5.0.2.d.3.c.2.4.0.0.3.2.d.f.ip6.arpa
- c.5.0.2.d.3.c.2.4.0.0.3.2.d.f.ip6.arpa
dn42:
- 8.5.0.2.d.3.c.2.4.0.0.3.2.d.f.ip6.arpa
- c.5.0.2.d.3.c.2.4.0.0.3.2.d.f.ip6.arpa
up1:
- 8.2.5.8.0.2.0.6.0.1.8.2.0.a.2.ip6.arpa
- c.2.5.8.0.2.0.6.0.1.8.2.0.a.2.ip6.arpa

4
salt/bind/dyn-domain.zone
View File

@ -1,8 +1,8 @@
$ORIGIN {{ domain }}.
$TTL 10M
@ IN SOA {{ pillar['bind']['master-ns'] }}. astro.spaceboyz.net. (
1 ; serial
@ IN SOA {{ pillar['bind']['master-ns']['up1'] }}. astro.spaceboyz.net. (
2 ; serial
1H ; refresh
1M ; retry
2H ; expire

21
salt/bind/init.sls
View File

@ -16,17 +16,19 @@ bind9:
- source: salt://bind/named.conf
- template: 'jinja'
{%- for ctx, root_domain in pillar['bind']['root-domain'].items() %}
# zentralwerk.org
/etc/bind/{{ pillar['bind']['root-domain'] }}.zone:
/etc/bind/{{ root_domain }}.zone:
file.managed:
- source: salt://bind/root-domain.zone
- template: 'jinja'
- context:
domain: {{ pillar['bind']['root-domain'] }}
domain: {{ root_domain }}
ctx: {{ ctx }}
# *.zentralwerk.org
{%- for net, subnet4 in pillar['subnets-inet'].items() %}
{%- set domain = net ~ '.' ~ pillar['bind']['root-domain'] %}
{%- for net, subnet4 in pillar['subnets-inet'].items() %}
{%- set domain = net ~ '.' ~ root_domain %}
/etc/bind/{{ domain }}.zone:
file.managed:
- source: salt://bind/net-domain.zone
@ -34,12 +36,13 @@ bind9:
- context:
domain: {{ domain }}
net: {{ net }}
ctx: dn42
ctx: {{ ctx }}
{%- endfor %}
{%- endfor %}
# dyn.zentralwerk.org
{%- set domain = 'dyn.' ~ pillar['bind']['root-domain'] %}
{%- set domain = 'dyn.' ~ pillar['bind']['root-domain']['up1'] %}
/etc/bind/{{ domain }}.zone:
file.managed:
- source: salt://bind/dyn-domain.zone
@ -55,16 +58,20 @@ bind9:
- template: 'jinja'
- context:
domain: {{ domain }}
ctx: {{ ctx }}
{%- endfor %}
# IPv6 reverse
{%- for domain in pillar['bind']['reverse-zones-inet6'] %}
{%- for ctx, domains in pillar['bind']['reverse-zones-inet6'].items() %}
{%- for domain in domains %}
/etc/bind/{{ domain }}.zone:
file.managed:
- source: salt://bind/reverse.zone
- template: 'jinja'
- context:
domain: {{ domain }}
ctx: {{ ctx }}
{%- endfor %}
{%- endfor %}
rndc reload:

9
salt/bind/named.conf
View File

@ -16,12 +16,13 @@
{%- endmacro %}
# root domain
{%- set domain = pillar['bind']['root-domain'] %}
{%- for ctx, domain in pillar['bind']['root-domain'].items() %}
zone "{{ domain }}" IN {
type master;
file "/etc/bind/{{ domain }}.zone";
{{ slaves() }}
};
{%- endfor %}
# net zones
{%- for net, subnet4 in pillar['subnets-inet'].items() %}
@ -42,11 +43,13 @@ zone "{{ domain }}" IN {
{%- endfor %}
# IPv6 reverse zones
{%- for domain in pillar['bind']['reverse-zones-inet6'] %}
{%- for ctx, domains in pillar['bind']['reverse-zones-inet6'].items() %}
{%- for domain in domains %}
zone "{{ domain }}" IN {
type master;
file "/etc/bind/{{ domain }}.zone";
};
{%- endfor %}
{%- endfor %}
@ -59,7 +62,7 @@ key "{{ name }}" {
{%- endfor %}
# DynDNS zone
{%- set domain = 'dyn.' ~ pillar['bind']['root-domain'] %}
{%- set domain = 'dyn.' ~ pillar['bind']['root-domain']['up1'] %}
zone "{{ domain }}" IN {
type master;
file "/etc/bind/{{ domain }}.zone";

2
salt/bind/net-domain.zone
View File

@ -1,7 +1,7 @@
$ORIGIN {{ domain }}.
$TTL 10M
@ IN SOA {{ pillar['bind']['master-ns'] }}. astro.spaceboyz.net. (
@ IN SOA {{ pillar['bind']['master-ns'][ctx] }}. astro.spaceboyz.net. (
{{ pillar['bind']['serial'] }} ; serial
1H ; refresh
1M ; retry

22
salt/bind/reverse.zone
View File

@ -1,7 +1,7 @@
$ORIGIN {{ domain }}.
$TTL 10M
@ IN SOA {{ pillar['bind']['master-ns'] }}. astro.spaceboyz.net. (
@ IN SOA {{ pillar['bind']['master-ns'][ctx] }}. astro.spaceboyz.net. (
{{ pillar['bind']['serial'] }} ; serial
1H ; refresh
1M ; retry
@ -10,20 +10,22 @@ $TTL 10M
)
IN NS {{ pillar['bind']['master-ns'] }}.
{%- for net, hosts in pillar['hosts-inet'].items() %}
{%- for host, aaaa in hosts.items() %}
{%- set reverse = salt['network.reverse_ip'](aaaa) %}
{%- if reverse.endswith(domain) %}
{{ reverse.replace('.' ~ domain, '') }} IN PTR {{ host }}.{{ net }}.{{ pillar['bind']['root-domain'] }}.
{%- endif %}
{%- if ctx == 'dn42' %]
{%- for net, hosts in pillar['hosts-inet'].items() %}
{%- for host, aaaa in hosts.items() %}
{%- set reverse = salt['network.reverse_ip'](aaaa) %}
{%- if reverse.endswith(domain) %}
{{ reverse.replace('.' ~ domain, '') }} IN PTR {{ host }}.{{ net }}.{{ pillar['bind']['root-domain'][ctx] }}.
{%- endif %}
{%- endfor %}
{%- endfor %}
{%- endfor %}
{%- endif %}
{%- for net, hosts in pillar['hosts-inet6']['dn42'].items() %}
{%- for net, hosts in pillar['hosts-inet6'][ctx].items() %}
{%- for host, aaaa in hosts.items() %}
{%- set reverse = salt['network.reverse_ip'](aaaa) %}
{%- if reverse.endswith(domain) %}
{{ reverse.replace('.' ~ domain, '') }} IN PTR {{ host }}.{{ net }}.{{ pillar['bind']['root-domain'] }}.
{{ reverse.replace('.' ~ domain, '') }} IN PTR {{ host }}.{{ net }}.{{ pillar['bind']['root-domain'][ctx] }}.
{%- endif %}
{%- endfor %}
{%- endfor %}

2
salt/bind/root-domain.zone
View File

@ -1,7 +1,7 @@
$ORIGIN {{ domain }}.
$TTL 10M
@ IN SOA {{ pillar['bind']['master-ns'] }}. astro.spaceboyz.net. (
@ IN SOA {{ pillar['bind']['master-ns'][ctx] }}. astro.spaceboyz.net. (
{{ pillar['bind']['serial'] }} ; serial
1H ; refresh
1M ; retry

1
salt/unbound/listen.conf
View File

@ -8,6 +8,7 @@ server:
interface: ::
access-control: fd23:42:c3d2:500::/56 allow
access-control: 2a02:8106:208:5200::/56 allow
access-control: ::172.20.72.0/117 allow
access-control: ::172.22.99.0/120 allow
access-control: ::1/128 allow

16
salt/unbound/local-zones.conf
View File

@ -1,10 +1,14 @@
server:
domain-insecure: "{{ pillar['bind']['root-domain'] }}"
{%- for ctx, domain in pillar['bind']['root-domain'] %}
domain-insecure: "{{ domain }}"
{%- endfor %}
forward-zone:
name: "{{ pillar['bind']['root-domain'] }}"
{%- for ctx, domain in pillar['bind']['root-domain'] %}
name: "{{ domain }}"
forward-addr: {{ pillar['hosts-inet']['serv']['dns'] }}
forward-addr: {{ pillar['hosts-inet6']['dn42']['serv']['dns'] }}
forward-addr: {{ pillar['hosts-inet6'][ctx]['serv']['dns'] }}
{%- endfor %}
{%- for domain in pillar['bind']['reverse-zones-inet'] %}
forward-zone:
@ -13,9 +17,11 @@ forward-zone:
forward-addr: {{ pillar['hosts-inet6']['dn42']['serv']['dns'] }}
{%- endfor %}
{%- for domain in pillar['bind']['reverse-zones-inet6'] %}
{%- for ctx, domains in pillar['bind']['reverse-zones-inet6'].items() %}
{%- for domain in domains %}
forward-zone:
name: "{{ domain }}"
forward-addr: {{ pillar['hosts-inet']['serv']['dns'] }}
forward-addr: {{ pillar['hosts-inet6']['dn42']['serv']['dns'] }}
forward-addr: {{ pillar['hosts-inet6'][ctx]['serv']['dns'] }}
{%- endfor %}
{%- endfor %}