zentralwerk/network
zentralwerk
/
network
12
4
Fork 2
Code Issues 3 Pull Requests 1 Releases Wiki Activity

bind, unbound: prepare dns in ctx

This commit is contained in:
Astro 2018-06-23 02:04:35 +02:00
parent 201780d2e2
commit 72e3718bf5
9 changed files with 61 additions and 34 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
salt-pillar/bind/dns.sls
View File

@ -1,6 +1,10 @@
bind: bind:
root-domain: zentralwerk.org root-domain:
master-ns: dns.serv.zentralwerk.org dn42: zentralwerk.dn42
up1: zentralwerk.org
master-ns:
dn42: dns.serv.zentralwerk.dn42
up1: dns.serv.zentralwerk.org
public-ns: public-ns:
- ns.c3d2.de - ns.c3d2.de
- ns.spaceboyz.net - ns.spaceboyz.net
@ -11,7 +15,7 @@ bind:
# dns.spaceboyz.net # dns.spaceboyz.net
- 172.22.24.4 - 172.22.24.4
- 2a01:4f8:a0:33d0::4 - 2a01:4f8:a0:33d0::4
serial: 2017031210 serial: 2018062300
reverse-zones-inet: reverse-zones-inet:
- 72.20.172.in-addr.arpa - 72.20.172.in-addr.arpa
@ -24,5 +28,9 @@ bind:
- 79.20.172.in-addr.arpa - 79.20.172.in-addr.arpa
reverse-zones-inet6: reverse-zones-inet6:
- 8.5.0.2.d.3.c.2.4.0.0.3.2.d.f.ip6.arpa dn42:
- c.5.0.2.d.3.c.2.4.0.0.3.2.d.f.ip6.arpa - 8.5.0.2.d.3.c.2.4.0.0.3.2.d.f.ip6.arpa
- c.5.0.2.d.3.c.2.4.0.0.3.2.d.f.ip6.arpa
up1:
- 8.2.5.8.0.2.0.6.0.1.8.2.0.a.2.ip6.arpa
- c.2.5.8.0.2.0.6.0.1.8.2.0.a.2.ip6.arpa

4
salt/bind/dyn-domain.zone
View File

@ -1,8 +1,8 @@
$ORIGIN {{ domain }}. $ORIGIN {{ domain }}.
$TTL 10M $TTL 10M
@ IN SOA {{ pillar['bind']['master-ns'] }}. astro.spaceboyz.net. ( @ IN SOA {{ pillar['bind']['master-ns']['up1'] }}. astro.spaceboyz.net. (
1 ; serial 2 ; serial
1H ; refresh 1H ; refresh
1M ; retry 1M ; retry
2H ; expire 2H ; expire

21
salt/bind/init.sls
View File

@ -16,17 +16,19 @@ bind9:
- source: salt://bind/named.conf - source: salt://bind/named.conf
- template: 'jinja' - template: 'jinja'
{%- for ctx, root_domain in pillar['bind']['root-domain'].items() %}
# zentralwerk.org # zentralwerk.org
/etc/bind/{{ pillar['bind']['root-domain'] }}.zone: /etc/bind/{{ root_domain }}.zone:
file.managed: file.managed:
- source: salt://bind/root-domain.zone - source: salt://bind/root-domain.zone
- template: 'jinja' - template: 'jinja'
- context: - context:
domain: {{ pillar['bind']['root-domain'] }} domain: {{ root_domain }}
ctx: {{ ctx }}
# *.zentralwerk.org # *.zentralwerk.org
{%- for net, subnet4 in pillar['subnets-inet'].items() %} {%- for net, subnet4 in pillar['subnets-inet'].items() %}
{%- set domain = net ~ '.' ~ pillar['bind']['root-domain'] %} {%- set domain = net ~ '.' ~ root_domain %}
/etc/bind/{{ domain }}.zone: /etc/bind/{{ domain }}.zone:
file.managed: file.managed:
- source: salt://bind/net-domain.zone - source: salt://bind/net-domain.zone
@ -34,12 +36,13 @@ bind9:
- context: - context:
domain: {{ domain }} domain: {{ domain }}
net: {{ net }} net: {{ net }}
ctx: dn42 ctx: {{ ctx }}
{%- endfor %}
{%- endfor %} {%- endfor %}
# dyn.zentralwerk.org # dyn.zentralwerk.org
{%- set domain = 'dyn.' ~ pillar['bind']['root-domain'] %} {%- set domain = 'dyn.' ~ pillar['bind']['root-domain']['up1'] %}
/etc/bind/{{ domain }}.zone: /etc/bind/{{ domain }}.zone:
file.managed: file.managed:
- source: salt://bind/dyn-domain.zone - source: salt://bind/dyn-domain.zone
@ -55,16 +58,20 @@ bind9:
- template: 'jinja' - template: 'jinja'
- context: - context:
domain: {{ domain }} domain: {{ domain }}
ctx: {{ ctx }}
{%- endfor %} {%- endfor %}
# IPv6 reverse # IPv6 reverse
{%- for domain in pillar['bind']['reverse-zones-inet6'] %} {%- for ctx, domains in pillar['bind']['reverse-zones-inet6'].items() %}
{%- for domain in domains %}
/etc/bind/{{ domain }}.zone: /etc/bind/{{ domain }}.zone:
file.managed: file.managed:
- source: salt://bind/reverse.zone - source: salt://bind/reverse.zone
- template: 'jinja' - template: 'jinja'
- context: - context:
domain: {{ domain }} domain: {{ domain }}
ctx: {{ ctx }}
{%- endfor %}
{%- endfor %} {%- endfor %}
rndc reload: rndc reload:

9
salt/bind/named.conf
View File

@ -16,12 +16,13 @@
{%- endmacro %} {%- endmacro %}
# root domain # root domain
{%- set domain = pillar['bind']['root-domain'] %} {%- for ctx, domain in pillar['bind']['root-domain'].items() %}
zone "{{ domain }}" IN { zone "{{ domain }}" IN {
type master; type master;
file "/etc/bind/{{ domain }}.zone"; file "/etc/bind/{{ domain }}.zone";
{{ slaves() }} {{ slaves() }}
}; };
{%- endfor %}
# net zones # net zones
{%- for net, subnet4 in pillar['subnets-inet'].items() %} {%- for net, subnet4 in pillar['subnets-inet'].items() %}
@ -42,11 +43,13 @@ zone "{{ domain }}" IN {
{%- endfor %} {%- endfor %}
# IPv6 reverse zones # IPv6 reverse zones
{%- for domain in pillar['bind']['reverse-zones-inet6'] %} {%- for ctx, domains in pillar['bind']['reverse-zones-inet6'].items() %}
{%- for domain in domains %}
zone "{{ domain }}" IN { zone "{{ domain }}" IN {
type master; type master;
file "/etc/bind/{{ domain }}.zone"; file "/etc/bind/{{ domain }}.zone";
}; };
{%- endfor %}
{%- endfor %} {%- endfor %}
@ -59,7 +62,7 @@ key "{{ name }}" {
{%- endfor %} {%- endfor %}
# DynDNS zone # DynDNS zone
{%- set domain = 'dyn.' ~ pillar['bind']['root-domain'] %} {%- set domain = 'dyn.' ~ pillar['bind']['root-domain']['up1'] %}
zone "{{ domain }}" IN { zone "{{ domain }}" IN {
type master; type master;
file "/etc/bind/{{ domain }}.zone"; file "/etc/bind/{{ domain }}.zone";

2
salt/bind/net-domain.zone
View File

@ -1,7 +1,7 @@
$ORIGIN {{ domain }}. $ORIGIN {{ domain }}.
$TTL 10M $TTL 10M
@ IN SOA {{ pillar['bind']['master-ns'] }}. astro.spaceboyz.net. ( @ IN SOA {{ pillar['bind']['master-ns'][ctx] }}. astro.spaceboyz.net. (
{{ pillar['bind']['serial'] }} ; serial {{ pillar['bind']['serial'] }} ; serial
1H ; refresh 1H ; refresh
1M ; retry 1M ; retry

22
salt/bind/reverse.zone
View File

@ -1,7 +1,7 @@
$ORIGIN {{ domain }}. $ORIGIN {{ domain }}.
$TTL 10M $TTL 10M
@ IN SOA {{ pillar['bind']['master-ns'] }}. astro.spaceboyz.net. ( @ IN SOA {{ pillar['bind']['master-ns'][ctx] }}. astro.spaceboyz.net. (
{{ pillar['bind']['serial'] }} ; serial {{ pillar['bind']['serial'] }} ; serial
1H ; refresh 1H ; refresh
1M ; retry 1M ; retry
@ -10,20 +10,22 @@ $TTL 10M
) )
IN NS {{ pillar['bind']['master-ns'] }}. IN NS {{ pillar['bind']['master-ns'] }}.
{%- for net, hosts in pillar['hosts-inet'].items() %} {%- if ctx == 'dn42' %]
{%- for host, aaaa in hosts.items() %} {%- for net, hosts in pillar['hosts-inet'].items() %}
{%- set reverse = salt['network.reverse_ip'](aaaa) %} {%- for host, aaaa in hosts.items() %}
{%- if reverse.endswith(domain) %} {%- set reverse = salt['network.reverse_ip'](aaaa) %}
{{ reverse.replace('.' ~ domain, '') }} IN PTR {{ host }}.{{ net }}.{{ pillar['bind']['root-domain'] }}. {%- if reverse.endswith(domain) %}
{%- endif %} {{ reverse.replace('.' ~ domain, '') }} IN PTR {{ host }}.{{ net }}.{{ pillar['bind']['root-domain'][ctx] }}.
{%- endif %}
{%- endfor %}
{%- endfor %} {%- endfor %}
{%- endfor %} {%- endif %}
{%- for net, hosts in pillar['hosts-inet6']['dn42'].items() %} {%- for net, hosts in pillar['hosts-inet6'][ctx].items() %}
{%- for host, aaaa in hosts.items() %} {%- for host, aaaa in hosts.items() %}
{%- set reverse = salt['network.reverse_ip'](aaaa) %} {%- set reverse = salt['network.reverse_ip'](aaaa) %}
{%- if reverse.endswith(domain) %} {%- if reverse.endswith(domain) %}
{{ reverse.replace('.' ~ domain, '') }} IN PTR {{ host }}.{{ net }}.{{ pillar['bind']['root-domain'] }}. {{ reverse.replace('.' ~ domain, '') }} IN PTR {{ host }}.{{ net }}.{{ pillar['bind']['root-domain'][ctx] }}.
{%- endif %} {%- endif %}
{%- endfor %} {%- endfor %}
{%- endfor %} {%- endfor %}

2
salt/bind/root-domain.zone
View File

@ -1,7 +1,7 @@
$ORIGIN {{ domain }}. $ORIGIN {{ domain }}.
$TTL 10M $TTL 10M
@ IN SOA {{ pillar['bind']['master-ns'] }}. astro.spaceboyz.net. ( @ IN SOA {{ pillar['bind']['master-ns'][ctx] }}. astro.spaceboyz.net. (
{{ pillar['bind']['serial'] }} ; serial {{ pillar['bind']['serial'] }} ; serial
1H ; refresh 1H ; refresh
1M ; retry 1M ; retry

1
salt/unbound/listen.conf
View File

@ -8,6 +8,7 @@ server:
interface: :: interface: ::
access-control: fd23:42:c3d2:500::/56 allow access-control: fd23:42:c3d2:500::/56 allow
access-control: 2a02:8106:208:5200::/56 allow
access-control: ::172.20.72.0/117 allow access-control: ::172.20.72.0/117 allow
access-control: ::172.22.99.0/120 allow access-control: ::172.22.99.0/120 allow
access-control: ::1/128 allow access-control: ::1/128 allow

16
salt/unbound/local-zones.conf
View File

@ -1,10 +1,14 @@
server: server:
domain-insecure: "{{ pillar['bind']['root-domain'] }}" {%- for ctx, domain in pillar['bind']['root-domain'] %}
domain-insecure: "{{ domain }}"
{%- endfor %}
forward-zone: forward-zone:
name: "{{ pillar['bind']['root-domain'] }}" {%- for ctx, domain in pillar['bind']['root-domain'] %}
name: "{{ domain }}"
forward-addr: {{ pillar['hosts-inet']['serv']['dns'] }} forward-addr: {{ pillar['hosts-inet']['serv']['dns'] }}
forward-addr: {{ pillar['hosts-inet6']['dn42']['serv']['dns'] }} forward-addr: {{ pillar['hosts-inet6'][ctx]['serv']['dns'] }}
{%- endfor %}
{%- for domain in pillar['bind']['reverse-zones-inet'] %} {%- for domain in pillar['bind']['reverse-zones-inet'] %}
forward-zone: forward-zone:
@ -13,9 +17,11 @@ forward-zone:
forward-addr: {{ pillar['hosts-inet6']['dn42']['serv']['dns'] }} forward-addr: {{ pillar['hosts-inet6']['dn42']['serv']['dns'] }}
{%- endfor %} {%- endfor %}
{%- for domain in pillar['bind']['reverse-zones-inet6'] %} {%- for ctx, domains in pillar['bind']['reverse-zones-inet6'].items() %}
{%- for domain in domains %}
forward-zone: forward-zone:
name: "{{ domain }}" name: "{{ domain }}"
forward-addr: {{ pillar['hosts-inet']['serv']['dns'] }} forward-addr: {{ pillar['hosts-inet']['serv']['dns'] }}
forward-addr: {{ pillar['hosts-inet6']['dn42']['serv']['dns'] }} forward-addr: {{ pillar['hosts-inet6'][ctx]['serv']['dns'] }}
{%- endfor %}
{%- endfor %} {%- endfor %}