bind, unbound: prepare dns in ctx
This commit is contained in:
parent
201780d2e2
commit
72e3718bf5
|
@ -1,6 +1,10 @@
|
|||
bind:
|
||||
root-domain: zentralwerk.org
|
||||
master-ns: dns.serv.zentralwerk.org
|
||||
root-domain:
|
||||
dn42: zentralwerk.dn42
|
||||
up1: zentralwerk.org
|
||||
master-ns:
|
||||
dn42: dns.serv.zentralwerk.dn42
|
||||
up1: dns.serv.zentralwerk.org
|
||||
public-ns:
|
||||
- ns.c3d2.de
|
||||
- ns.spaceboyz.net
|
||||
|
@ -11,7 +15,7 @@ bind:
|
|||
# dns.spaceboyz.net
|
||||
- 172.22.24.4
|
||||
- 2a01:4f8:a0:33d0::4
|
||||
serial: 2017031210
|
||||
serial: 2018062300
|
||||
|
||||
reverse-zones-inet:
|
||||
- 72.20.172.in-addr.arpa
|
||||
|
@ -24,5 +28,9 @@ bind:
|
|||
- 79.20.172.in-addr.arpa
|
||||
|
||||
reverse-zones-inet6:
|
||||
- 8.5.0.2.d.3.c.2.4.0.0.3.2.d.f.ip6.arpa
|
||||
- c.5.0.2.d.3.c.2.4.0.0.3.2.d.f.ip6.arpa
|
||||
dn42:
|
||||
- 8.5.0.2.d.3.c.2.4.0.0.3.2.d.f.ip6.arpa
|
||||
- c.5.0.2.d.3.c.2.4.0.0.3.2.d.f.ip6.arpa
|
||||
up1:
|
||||
- 8.2.5.8.0.2.0.6.0.1.8.2.0.a.2.ip6.arpa
|
||||
- c.2.5.8.0.2.0.6.0.1.8.2.0.a.2.ip6.arpa
|
||||
|
|
|
@ -1,8 +1,8 @@
|
|||
$ORIGIN {{ domain }}.
|
||||
$TTL 10M
|
||||
|
||||
@ IN SOA {{ pillar['bind']['master-ns'] }}. astro.spaceboyz.net. (
|
||||
1 ; serial
|
||||
@ IN SOA {{ pillar['bind']['master-ns']['up1'] }}. astro.spaceboyz.net. (
|
||||
2 ; serial
|
||||
1H ; refresh
|
||||
1M ; retry
|
||||
2H ; expire
|
||||
|
|
|
@ -16,17 +16,19 @@ bind9:
|
|||
- source: salt://bind/named.conf
|
||||
- template: 'jinja'
|
||||
|
||||
{%- for ctx, root_domain in pillar['bind']['root-domain'].items() %}
|
||||
# zentralwerk.org
|
||||
/etc/bind/{{ pillar['bind']['root-domain'] }}.zone:
|
||||
/etc/bind/{{ root_domain }}.zone:
|
||||
file.managed:
|
||||
- source: salt://bind/root-domain.zone
|
||||
- template: 'jinja'
|
||||
- context:
|
||||
domain: {{ pillar['bind']['root-domain'] }}
|
||||
domain: {{ root_domain }}
|
||||
ctx: {{ ctx }}
|
||||
|
||||
# *.zentralwerk.org
|
||||
{%- for net, subnet4 in pillar['subnets-inet'].items() %}
|
||||
{%- set domain = net ~ '.' ~ pillar['bind']['root-domain'] %}
|
||||
{%- for net, subnet4 in pillar['subnets-inet'].items() %}
|
||||
{%- set domain = net ~ '.' ~ root_domain %}
|
||||
/etc/bind/{{ domain }}.zone:
|
||||
file.managed:
|
||||
- source: salt://bind/net-domain.zone
|
||||
|
@ -34,12 +36,13 @@ bind9:
|
|||
- context:
|
||||
domain: {{ domain }}
|
||||
net: {{ net }}
|
||||
ctx: dn42
|
||||
ctx: {{ ctx }}
|
||||
|
||||
{%- endfor %}
|
||||
{%- endfor %}
|
||||
|
||||
# dyn.zentralwerk.org
|
||||
{%- set domain = 'dyn.' ~ pillar['bind']['root-domain'] %}
|
||||
{%- set domain = 'dyn.' ~ pillar['bind']['root-domain']['up1'] %}
|
||||
/etc/bind/{{ domain }}.zone:
|
||||
file.managed:
|
||||
- source: salt://bind/dyn-domain.zone
|
||||
|
@ -55,16 +58,20 @@ bind9:
|
|||
- template: 'jinja'
|
||||
- context:
|
||||
domain: {{ domain }}
|
||||
ctx: {{ ctx }}
|
||||
{%- endfor %}
|
||||
|
||||
# IPv6 reverse
|
||||
{%- for domain in pillar['bind']['reverse-zones-inet6'] %}
|
||||
{%- for ctx, domains in pillar['bind']['reverse-zones-inet6'].items() %}
|
||||
{%- for domain in domains %}
|
||||
/etc/bind/{{ domain }}.zone:
|
||||
file.managed:
|
||||
- source: salt://bind/reverse.zone
|
||||
- template: 'jinja'
|
||||
- context:
|
||||
domain: {{ domain }}
|
||||
ctx: {{ ctx }}
|
||||
{%- endfor %}
|
||||
{%- endfor %}
|
||||
|
||||
rndc reload:
|
||||
|
|
|
@ -16,12 +16,13 @@
|
|||
{%- endmacro %}
|
||||
|
||||
# root domain
|
||||
{%- set domain = pillar['bind']['root-domain'] %}
|
||||
{%- for ctx, domain in pillar['bind']['root-domain'].items() %}
|
||||
zone "{{ domain }}" IN {
|
||||
type master;
|
||||
file "/etc/bind/{{ domain }}.zone";
|
||||
{{ slaves() }}
|
||||
};
|
||||
{%- endfor %}
|
||||
|
||||
# net zones
|
||||
{%- for net, subnet4 in pillar['subnets-inet'].items() %}
|
||||
|
@ -42,11 +43,13 @@ zone "{{ domain }}" IN {
|
|||
{%- endfor %}
|
||||
|
||||
# IPv6 reverse zones
|
||||
{%- for domain in pillar['bind']['reverse-zones-inet6'] %}
|
||||
{%- for ctx, domains in pillar['bind']['reverse-zones-inet6'].items() %}
|
||||
{%- for domain in domains %}
|
||||
zone "{{ domain }}" IN {
|
||||
type master;
|
||||
file "/etc/bind/{{ domain }}.zone";
|
||||
};
|
||||
{%- endfor %}
|
||||
{%- endfor %}
|
||||
|
||||
|
||||
|
@ -59,7 +62,7 @@ key "{{ name }}" {
|
|||
{%- endfor %}
|
||||
|
||||
# DynDNS zone
|
||||
{%- set domain = 'dyn.' ~ pillar['bind']['root-domain'] %}
|
||||
{%- set domain = 'dyn.' ~ pillar['bind']['root-domain']['up1'] %}
|
||||
zone "{{ domain }}" IN {
|
||||
type master;
|
||||
file "/etc/bind/{{ domain }}.zone";
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
$ORIGIN {{ domain }}.
|
||||
$TTL 10M
|
||||
|
||||
@ IN SOA {{ pillar['bind']['master-ns'] }}. astro.spaceboyz.net. (
|
||||
@ IN SOA {{ pillar['bind']['master-ns'][ctx] }}. astro.spaceboyz.net. (
|
||||
{{ pillar['bind']['serial'] }} ; serial
|
||||
1H ; refresh
|
||||
1M ; retry
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
$ORIGIN {{ domain }}.
|
||||
$TTL 10M
|
||||
|
||||
@ IN SOA {{ pillar['bind']['master-ns'] }}. astro.spaceboyz.net. (
|
||||
@ IN SOA {{ pillar['bind']['master-ns'][ctx] }}. astro.spaceboyz.net. (
|
||||
{{ pillar['bind']['serial'] }} ; serial
|
||||
1H ; refresh
|
||||
1M ; retry
|
||||
|
@ -10,20 +10,22 @@ $TTL 10M
|
|||
)
|
||||
IN NS {{ pillar['bind']['master-ns'] }}.
|
||||
|
||||
{%- for net, hosts in pillar['hosts-inet'].items() %}
|
||||
{%- for host, aaaa in hosts.items() %}
|
||||
{%- set reverse = salt['network.reverse_ip'](aaaa) %}
|
||||
{%- if reverse.endswith(domain) %}
|
||||
{{ reverse.replace('.' ~ domain, '') }} IN PTR {{ host }}.{{ net }}.{{ pillar['bind']['root-domain'] }}.
|
||||
{%- endif %}
|
||||
{%- if ctx == 'dn42' %]
|
||||
{%- for net, hosts in pillar['hosts-inet'].items() %}
|
||||
{%- for host, aaaa in hosts.items() %}
|
||||
{%- set reverse = salt['network.reverse_ip'](aaaa) %}
|
||||
{%- if reverse.endswith(domain) %}
|
||||
{{ reverse.replace('.' ~ domain, '') }} IN PTR {{ host }}.{{ net }}.{{ pillar['bind']['root-domain'][ctx] }}.
|
||||
{%- endif %}
|
||||
{%- endfor %}
|
||||
{%- endfor %}
|
||||
{%- endfor %}
|
||||
{%- endif %}
|
||||
|
||||
{%- for net, hosts in pillar['hosts-inet6']['dn42'].items() %}
|
||||
{%- for net, hosts in pillar['hosts-inet6'][ctx].items() %}
|
||||
{%- for host, aaaa in hosts.items() %}
|
||||
{%- set reverse = salt['network.reverse_ip'](aaaa) %}
|
||||
{%- if reverse.endswith(domain) %}
|
||||
{{ reverse.replace('.' ~ domain, '') }} IN PTR {{ host }}.{{ net }}.{{ pillar['bind']['root-domain'] }}.
|
||||
{{ reverse.replace('.' ~ domain, '') }} IN PTR {{ host }}.{{ net }}.{{ pillar['bind']['root-domain'][ctx] }}.
|
||||
{%- endif %}
|
||||
{%- endfor %}
|
||||
{%- endfor %}
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
$ORIGIN {{ domain }}.
|
||||
$TTL 10M
|
||||
|
||||
@ IN SOA {{ pillar['bind']['master-ns'] }}. astro.spaceboyz.net. (
|
||||
@ IN SOA {{ pillar['bind']['master-ns'][ctx] }}. astro.spaceboyz.net. (
|
||||
{{ pillar['bind']['serial'] }} ; serial
|
||||
1H ; refresh
|
||||
1M ; retry
|
||||
|
|
|
@ -8,6 +8,7 @@ server:
|
|||
|
||||
interface: ::
|
||||
access-control: fd23:42:c3d2:500::/56 allow
|
||||
access-control: 2a02:8106:208:5200::/56 allow
|
||||
access-control: ::172.20.72.0/117 allow
|
||||
access-control: ::172.22.99.0/120 allow
|
||||
access-control: ::1/128 allow
|
||||
|
|
|
@ -1,10 +1,14 @@
|
|||
server:
|
||||
domain-insecure: "{{ pillar['bind']['root-domain'] }}"
|
||||
{%- for ctx, domain in pillar['bind']['root-domain'] %}
|
||||
domain-insecure: "{{ domain }}"
|
||||
{%- endfor %}
|
||||
|
||||
forward-zone:
|
||||
name: "{{ pillar['bind']['root-domain'] }}"
|
||||
{%- for ctx, domain in pillar['bind']['root-domain'] %}
|
||||
name: "{{ domain }}"
|
||||
forward-addr: {{ pillar['hosts-inet']['serv']['dns'] }}
|
||||
forward-addr: {{ pillar['hosts-inet6']['dn42']['serv']['dns'] }}
|
||||
forward-addr: {{ pillar['hosts-inet6'][ctx]['serv']['dns'] }}
|
||||
{%- endfor %}
|
||||
|
||||
{%- for domain in pillar['bind']['reverse-zones-inet'] %}
|
||||
forward-zone:
|
||||
|
@ -13,9 +17,11 @@ forward-zone:
|
|||
forward-addr: {{ pillar['hosts-inet6']['dn42']['serv']['dns'] }}
|
||||
{%- endfor %}
|
||||
|
||||
{%- for domain in pillar['bind']['reverse-zones-inet6'] %}
|
||||
{%- for ctx, domains in pillar['bind']['reverse-zones-inet6'].items() %}
|
||||
{%- for domain in domains %}
|
||||
forward-zone:
|
||||
name: "{{ domain }}"
|
||||
forward-addr: {{ pillar['hosts-inet']['serv']['dns'] }}
|
||||
forward-addr: {{ pillar['hosts-inet6']['dn42']['serv']['dns'] }}
|
||||
forward-addr: {{ pillar['hosts-inet6'][ctx]['serv']['dns'] }}
|
||||
{%- endfor %}
|
||||
{%- endfor %}
|
||||
|
|
Loading…
Reference in New Issue
Block a user