bind: implement dyndns

2017-03-12 03:16:48 +01:00 · 2017-03-12 03:16:48 +01:00 · e562d1e519
parent 8f64476c2a
commit e562d1e519
13 changed files with 158 additions and 1 deletions
--- a/salt-pillar/bind/dns.sls
+++ b/salt-pillar/bind/dns.sls
@ -11,7 +11,7 @@ bind:
    # dns.spaceboyz.net
    - 172.22.24.4
    - 2a01:4f8:a0:33d0::4
-  serial: 2017012300
+  serial: 2017031210
  
  reverse-zones-inet:
    - 72.20.172.in-addr.arpa
--- a/salt-pillar/bind/dyndns/anon1.sls
+++ b/salt-pillar/bind/dyndns/anon1.sls
@ -0,0 +1,18 @@
+#!yaml|gpg
+dyndns:
+  anon1:
+    interface: ipredator
+    secret: |
+      -----BEGIN PGP MESSAGE-----
+
+      hQEMA2PKcvDMvlKLAQgAjh9ugkiUCwnXHHJP7mJqmjnS6shfTXMqPYeR1KTwIWvC
+      xOSxQBvD/WYOg/p6Jai+dB5TAvI0l1G4oaaii3OoKot0flJPzWR5IgBHJBmDEuii
+      /pinHD4JpNTDPb2OBE/UXZjyJ4XGCwh8yVaOr5LmRPuB/DMfxk6FpPpDps6n5ioT
+      i9RkvgZTtyk8nyb3Q+Gg051vXKYOHiZbOtu08GRMDqBjkBwWAaVCWc/ts4Gs0SjG
+      GgxWR6VWhMSWIbuJmFY5Bix6rRuI6cVY48Xg+/aQXxrSMjI3SKjpeJ0Otn7Hi1Fh
+      vK6mIZtyESsNt3qHd65GPWJ0PPLiOg6M0peC9rfJgdJnAYq2n/f89jfraVTK3gYL
+      ch7EWeGAJbqf7srcDqjL/kHVSVrLlh3GSpFZsyD3hOeGMWrkQnnVrMBLo2oAoQSp
+      bVh+AjIkctnwHJSDS6FsijrQJicLVu/tG/Sg9PqELvWzMf+LvRL49Q==
+      =zrkj
+      -----END PGP MESSAGE-----
+
--- a/salt-pillar/bind/dyndns/upstream1.sls
+++ b/salt-pillar/bind/dyndns/upstream1.sls
@ -0,0 +1,18 @@
+#!yaml|gpg
+dyndns:
+  upstream1:
+    interface: up1
+    secret: |
+      -----BEGIN PGP MESSAGE-----
+
+      hQEMA2PKcvDMvlKLAQgAlT62OyjlGRcQ8/RivPsFfJfVSoNhGFFbSm+1yfA7Efav
+      d/ELCj86zXTvYoa4S8jEvd6iqsKOukINlCkYHR3p5Qs31bsSh/B+0B09fksp7d4O
+      NCE4VVInZe9HY7DpSFEsu44gbit2MJKhhbtozkyEwn3dGaXHmGEWqS1V20fLFeUA
+      r1ZwqyI6nFHT28thugt36r6/ZblkeZDqH77JuR/AnIsCFtykErZsiTQiiuiiOrvU
+      /m0kTz0jHBVSRuil3+4uibOWf2eDPuLukD2RXszGnaaq066vlRVyTKTchVjBnqDs
+      tNYls0rmr6UOOQid7N0BcCjYKKkoF6AVb3R1eA1yG9JnAeSx1KAmIrzfYLJ/eRkw
+      CPXogzxlMQt1i4fNRVUPWX+V9SHsbw/bp0CgaI1FJsfnVL4+BZejxTpGvybuKR+O
+      ejuUPineVymhVULbK2bbUGhpn0aaaKmV4CmZusueHg2W2lpJS0UozQ==
+      =krxI
+      -----END PGP MESSAGE-----
+
--- a/salt-pillar/bind/dyndns/upstream2.sls
+++ b/salt-pillar/bind/dyndns/upstream2.sls
@ -0,0 +1,18 @@
+#!yaml|gpg
+dyndns:
+  upstream2:
+    interface: up2
+    secret: |
+      -----BEGIN PGP MESSAGE-----
+
+      hQEMA2PKcvDMvlKLAQf/dsFJZ7Ud81pppjYXlOAEe1Zz+VqFaR+8kjzTE1uSxqNF
+      cI3asqGG1ltqY4CNJ0Sw6dzFKgCvBMxY2PlAKi2W/d4VXW+Eq3fuLA9g8AZ3FHxL
+      8LgBaxoIuue8lI3FpQk3rbkhnELbwTp8A6Y0TCqexDp7NyieaHdsFkkg9lJn268B
+      RsIsg2n3ZlpPw6PgQ1qz0hqTlSIi/FyVTX0JLQ7GIpiPZPPsEtT0A62adkla0x4+
+      fkrqPBC3jD5ICz/mytkmwWilmkZHO+VXF7juAmwLnmp69w1yhsohVK1mecme60Rt
+      w6i6cVhvg/EaQnqhKxusLi3DnroaVTwU9wvw3aBiN9JnATYs/Y9LotYP3/4tiPO1
+      c45aNN6Oz/s7RwjTjiZv0LqnoXVLYPF2a0xok5eIklwp2f/wp7jh/SelJCZHY7H4
+      dx2TiwNW89qYfN4GNmfie+LgJDqs9DEZPBDDwjYBIPDMsh7kZiTo5A==
+      =pVXt
+      -----END PGP MESSAGE-----
+
--- a/salt-pillar/top.sls
+++ b/salt-pillar/top.sls
@ -30,14 +30,21 @@ base:
    - bind.dns
  'upstream1':
    - upstream.upstream1
+    - bind.dyndns.upstream1
+    - bind.dns
  'upstream2':
    - upstream.upstream2
+    - bind.dyndns.upstream2
  'anon*':
    - bird.ospf
    - vpn.anon1
    - upstream.anon1
    - collectd.upstream
+    - bind.dyndns.anon1
  'dns':
    - bind.dns
+    - bind.dyndns.upstream1
+    - bind.dyndns.upstream2
+    - bind.dyndns.anon1
  'stats':
    - collectd.stats-server
--- a/salt/bind/dyn-domain.zone
+++ b/salt/bind/dyn-domain.zone
@ -0,0 +1,13 @@
+$ORIGIN {{ domain }}.
+$TTL 10M
+
+@		IN SOA	{{ pillar['bind']['master-ns'] }}. astro.spaceboyz.net. (
+				{{ pillar['bind']['serial'] }} ; serial
+				1H ; refresh
+				1M ; retry
+				2H ; expire
+				5M ; minimum
+			)
+{%- for ns in pillar['bind']['public-ns'] %}
+		IN NS	{{ ns }}.
+{%- endfor %}
--- a/salt/bind/init.sls
+++ b/salt/bind/init.sls
@ -37,6 +37,15 @@ bind9:

 {%- endfor %}

+# dyn.zentralwerk.online
+{%- set domain = 'dyn.' ~ pillar['bind']['root-domain'] %}
+/etc/bind/{{ domain }}.zone:
+  file.managed:
+    - source: salt://bind/dyn-domain.zone
+    - template: 'jinja'
+    - context:
+        domain: {{ domain }}
+
 # IPv4 reverse
 {%- for domain in pillar['bind']['reverse-zones-inet'] %}
 /etc/bind/{{ domain }}.zone:
@ -56,3 +65,6 @@ bind9:
    - context:
        domain: {{ domain }}
 {%- endfor %}
+
+rndc reload:
+  cmd.run: []
--- a/salt/bind/named.conf
+++ b/salt/bind/named.conf
@ -41,9 +41,32 @@ zone "{{ domain }}" IN {
 };
 {%- endfor %}

+# IPv6 reverse zones
 {%- for domain in pillar['bind']['reverse-zones-inet6'] %}
 zone "{{ domain }}" IN {
     type master;
     file "/etc/bind/{{ domain }}.zone";
 };
 {%- endfor %}
+
+
+# DynDNS
+{%- for name, conf in pillar['dyndns'].items() %}
+key "{{ name }}" {
+    algorithm hmac-sha256;
+    secret "{{ conf['secret'] }}";
+};
+{%- endfor %}
+
+# DynDNS zone
+{%- set domain = 'dyn.' ~ pillar['bind']['root-domain'] %}
+zone "{{ domain }}" IN {
+     type master;
+     file "/etc/bind/{{ domain }}.zone";
+     {{ slaves() }}
+     update-policy {
+{%- for name, conf in pillar['dyndns'].items() %}
+        grant {{ name }} name {{ name }}.{{ domain }} ANY;
+{%- endfor %}
+     };
+};
--- a/salt/bind/root-domain.zone
+++ b/salt/bind/root-domain.zone
@ -17,3 +17,7 @@ $TTL 10M
 {{ net }}		IN NS	{{ ns }}.
 {%-   endfor %}
 {%- endfor %}
+
+{%-   for ns in pillar['bind']['public-ns'] %}
+dyn		IN NS	{{ ns }}.
+{%-   endfor %}
--- a/salt/top.sls
+++ b/salt/top.sls
@ -34,6 +34,7 @@ base:
    - unbound
    - upstream.dhcp
    - upstream.shaping
+    - upstream.dyndns
    - collectd
  'upstream2':
    - upstream.port-forwarding
@ -45,6 +46,7 @@ base:
    - upstream.masquerade
    - upstream.shaping
    - upstream.nat66
+    - upstream.dyndns
    - collectd
  'dns':
    - no-ssh
--- a/salt/upstream/dyndns
+++ b/salt/upstream/dyndns
@ -0,0 +1,12 @@
+#!/bin/sh
+
+if [ "$IFACE" = "{{ interface }}" ]; then
+   IP=`ip a| grep inet |grep $IFACE|awk '{print $2}'|sed -e 's#/.*##'`
+
+   nsupdate -k /etc/dyndns.key << EOF
+server {{ pillar['hosts-inet']['serv']['dns'] }}
+update delete {{ hostname }}. IN A
+update add {{ hostname }}. 10 IN A $IP
+send
+EOF
+fi
--- a/salt/upstream/dyndns.key
+++ b/salt/upstream/dyndns.key
@ -0,0 +1,4 @@
+key "{{ name }}" {
+        algorithm hmac-sha256;
+        secret "{{ secret }}";
+};             
--- a/salt/upstream/dyndns.sls
+++ b/salt/upstream/dyndns.sls
@ -0,0 +1,26 @@
+{%- set conf = pillar['dyndns'][salt['grains.get']('id')] %}
+
+/etc/network/if-up.d/dyndns:
+  file.managed:
+    - source: salt://upstream/dyndns
+    - template: 'jinja'
+    - context:
+        interface: {{ conf['interface'] }}
+        hostname: {{ salt['grains.get']('id') }}.dyn.{{ pillar['bind']['root-domain'] }}
+    - mode: 755
+    - require:
+        - pkg: dnsutils
+
+/etc/dyndns.key:
+  file.managed:
+    - source: salt://upstream/dyndns.key
+    - template: 'jinja'
+    - context:
+        name: {{ salt['grains.get']('id') }}
+        secret: "{{ conf['secret'] }}"
+    - mode: 600
+    - require:
+        - pkg: dnsutils
+
+dnsutils:
+  pkg.installed: []