bind: implement dyndns
This commit is contained in:
parent
8f64476c2a
commit
e562d1e519
|
@ -11,7 +11,7 @@ bind:
|
||||||
# dns.spaceboyz.net
|
# dns.spaceboyz.net
|
||||||
- 172.22.24.4
|
- 172.22.24.4
|
||||||
- 2a01:4f8:a0:33d0::4
|
- 2a01:4f8:a0:33d0::4
|
||||||
serial: 2017012300
|
serial: 2017031210
|
||||||
|
|
||||||
reverse-zones-inet:
|
reverse-zones-inet:
|
||||||
- 72.20.172.in-addr.arpa
|
- 72.20.172.in-addr.arpa
|
||||||
|
|
|
@ -0,0 +1,18 @@
|
||||||
|
#!yaml|gpg
|
||||||
|
dyndns:
|
||||||
|
anon1:
|
||||||
|
interface: ipredator
|
||||||
|
secret: |
|
||||||
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
|
hQEMA2PKcvDMvlKLAQgAjh9ugkiUCwnXHHJP7mJqmjnS6shfTXMqPYeR1KTwIWvC
|
||||||
|
xOSxQBvD/WYOg/p6Jai+dB5TAvI0l1G4oaaii3OoKot0flJPzWR5IgBHJBmDEuii
|
||||||
|
/pinHD4JpNTDPb2OBE/UXZjyJ4XGCwh8yVaOr5LmRPuB/DMfxk6FpPpDps6n5ioT
|
||||||
|
i9RkvgZTtyk8nyb3Q+Gg051vXKYOHiZbOtu08GRMDqBjkBwWAaVCWc/ts4Gs0SjG
|
||||||
|
GgxWR6VWhMSWIbuJmFY5Bix6rRuI6cVY48Xg+/aQXxrSMjI3SKjpeJ0Otn7Hi1Fh
|
||||||
|
vK6mIZtyESsNt3qHd65GPWJ0PPLiOg6M0peC9rfJgdJnAYq2n/f89jfraVTK3gYL
|
||||||
|
ch7EWeGAJbqf7srcDqjL/kHVSVrLlh3GSpFZsyD3hOeGMWrkQnnVrMBLo2oAoQSp
|
||||||
|
bVh+AjIkctnwHJSDS6FsijrQJicLVu/tG/Sg9PqELvWzMf+LvRL49Q==
|
||||||
|
=zrkj
|
||||||
|
-----END PGP MESSAGE-----
|
||||||
|
|
|
@ -0,0 +1,18 @@
|
||||||
|
#!yaml|gpg
|
||||||
|
dyndns:
|
||||||
|
upstream1:
|
||||||
|
interface: up1
|
||||||
|
secret: |
|
||||||
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
|
hQEMA2PKcvDMvlKLAQgAlT62OyjlGRcQ8/RivPsFfJfVSoNhGFFbSm+1yfA7Efav
|
||||||
|
d/ELCj86zXTvYoa4S8jEvd6iqsKOukINlCkYHR3p5Qs31bsSh/B+0B09fksp7d4O
|
||||||
|
NCE4VVInZe9HY7DpSFEsu44gbit2MJKhhbtozkyEwn3dGaXHmGEWqS1V20fLFeUA
|
||||||
|
r1ZwqyI6nFHT28thugt36r6/ZblkeZDqH77JuR/AnIsCFtykErZsiTQiiuiiOrvU
|
||||||
|
/m0kTz0jHBVSRuil3+4uibOWf2eDPuLukD2RXszGnaaq066vlRVyTKTchVjBnqDs
|
||||||
|
tNYls0rmr6UOOQid7N0BcCjYKKkoF6AVb3R1eA1yG9JnAeSx1KAmIrzfYLJ/eRkw
|
||||||
|
CPXogzxlMQt1i4fNRVUPWX+V9SHsbw/bp0CgaI1FJsfnVL4+BZejxTpGvybuKR+O
|
||||||
|
ejuUPineVymhVULbK2bbUGhpn0aaaKmV4CmZusueHg2W2lpJS0UozQ==
|
||||||
|
=krxI
|
||||||
|
-----END PGP MESSAGE-----
|
||||||
|
|
|
@ -0,0 +1,18 @@
|
||||||
|
#!yaml|gpg
|
||||||
|
dyndns:
|
||||||
|
upstream2:
|
||||||
|
interface: up2
|
||||||
|
secret: |
|
||||||
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
|
hQEMA2PKcvDMvlKLAQf/dsFJZ7Ud81pppjYXlOAEe1Zz+VqFaR+8kjzTE1uSxqNF
|
||||||
|
cI3asqGG1ltqY4CNJ0Sw6dzFKgCvBMxY2PlAKi2W/d4VXW+Eq3fuLA9g8AZ3FHxL
|
||||||
|
8LgBaxoIuue8lI3FpQk3rbkhnELbwTp8A6Y0TCqexDp7NyieaHdsFkkg9lJn268B
|
||||||
|
RsIsg2n3ZlpPw6PgQ1qz0hqTlSIi/FyVTX0JLQ7GIpiPZPPsEtT0A62adkla0x4+
|
||||||
|
fkrqPBC3jD5ICz/mytkmwWilmkZHO+VXF7juAmwLnmp69w1yhsohVK1mecme60Rt
|
||||||
|
w6i6cVhvg/EaQnqhKxusLi3DnroaVTwU9wvw3aBiN9JnATYs/Y9LotYP3/4tiPO1
|
||||||
|
c45aNN6Oz/s7RwjTjiZv0LqnoXVLYPF2a0xok5eIklwp2f/wp7jh/SelJCZHY7H4
|
||||||
|
dx2TiwNW89qYfN4GNmfie+LgJDqs9DEZPBDDwjYBIPDMsh7kZiTo5A==
|
||||||
|
=pVXt
|
||||||
|
-----END PGP MESSAGE-----
|
||||||
|
|
|
@ -30,14 +30,21 @@ base:
|
||||||
- bind.dns
|
- bind.dns
|
||||||
'upstream1':
|
'upstream1':
|
||||||
- upstream.upstream1
|
- upstream.upstream1
|
||||||
|
- bind.dyndns.upstream1
|
||||||
|
- bind.dns
|
||||||
'upstream2':
|
'upstream2':
|
||||||
- upstream.upstream2
|
- upstream.upstream2
|
||||||
|
- bind.dyndns.upstream2
|
||||||
'anon*':
|
'anon*':
|
||||||
- bird.ospf
|
- bird.ospf
|
||||||
- vpn.anon1
|
- vpn.anon1
|
||||||
- upstream.anon1
|
- upstream.anon1
|
||||||
- collectd.upstream
|
- collectd.upstream
|
||||||
|
- bind.dyndns.anon1
|
||||||
'dns':
|
'dns':
|
||||||
- bind.dns
|
- bind.dns
|
||||||
|
- bind.dyndns.upstream1
|
||||||
|
- bind.dyndns.upstream2
|
||||||
|
- bind.dyndns.anon1
|
||||||
'stats':
|
'stats':
|
||||||
- collectd.stats-server
|
- collectd.stats-server
|
||||||
|
|
|
@ -0,0 +1,13 @@
|
||||||
|
$ORIGIN {{ domain }}.
|
||||||
|
$TTL 10M
|
||||||
|
|
||||||
|
@ IN SOA {{ pillar['bind']['master-ns'] }}. astro.spaceboyz.net. (
|
||||||
|
{{ pillar['bind']['serial'] }} ; serial
|
||||||
|
1H ; refresh
|
||||||
|
1M ; retry
|
||||||
|
2H ; expire
|
||||||
|
5M ; minimum
|
||||||
|
)
|
||||||
|
{%- for ns in pillar['bind']['public-ns'] %}
|
||||||
|
IN NS {{ ns }}.
|
||||||
|
{%- endfor %}
|
|
@ -37,6 +37,15 @@ bind9:
|
||||||
|
|
||||||
{%- endfor %}
|
{%- endfor %}
|
||||||
|
|
||||||
|
# dyn.zentralwerk.online
|
||||||
|
{%- set domain = 'dyn.' ~ pillar['bind']['root-domain'] %}
|
||||||
|
/etc/bind/{{ domain }}.zone:
|
||||||
|
file.managed:
|
||||||
|
- source: salt://bind/dyn-domain.zone
|
||||||
|
- template: 'jinja'
|
||||||
|
- context:
|
||||||
|
domain: {{ domain }}
|
||||||
|
|
||||||
# IPv4 reverse
|
# IPv4 reverse
|
||||||
{%- for domain in pillar['bind']['reverse-zones-inet'] %}
|
{%- for domain in pillar['bind']['reverse-zones-inet'] %}
|
||||||
/etc/bind/{{ domain }}.zone:
|
/etc/bind/{{ domain }}.zone:
|
||||||
|
@ -56,3 +65,6 @@ bind9:
|
||||||
- context:
|
- context:
|
||||||
domain: {{ domain }}
|
domain: {{ domain }}
|
||||||
{%- endfor %}
|
{%- endfor %}
|
||||||
|
|
||||||
|
rndc reload:
|
||||||
|
cmd.run: []
|
||||||
|
|
|
@ -41,9 +41,32 @@ zone "{{ domain }}" IN {
|
||||||
};
|
};
|
||||||
{%- endfor %}
|
{%- endfor %}
|
||||||
|
|
||||||
|
# IPv6 reverse zones
|
||||||
{%- for domain in pillar['bind']['reverse-zones-inet6'] %}
|
{%- for domain in pillar['bind']['reverse-zones-inet6'] %}
|
||||||
zone "{{ domain }}" IN {
|
zone "{{ domain }}" IN {
|
||||||
type master;
|
type master;
|
||||||
file "/etc/bind/{{ domain }}.zone";
|
file "/etc/bind/{{ domain }}.zone";
|
||||||
};
|
};
|
||||||
{%- endfor %}
|
{%- endfor %}
|
||||||
|
|
||||||
|
|
||||||
|
# DynDNS
|
||||||
|
{%- for name, conf in pillar['dyndns'].items() %}
|
||||||
|
key "{{ name }}" {
|
||||||
|
algorithm hmac-sha256;
|
||||||
|
secret "{{ conf['secret'] }}";
|
||||||
|
};
|
||||||
|
{%- endfor %}
|
||||||
|
|
||||||
|
# DynDNS zone
|
||||||
|
{%- set domain = 'dyn.' ~ pillar['bind']['root-domain'] %}
|
||||||
|
zone "{{ domain }}" IN {
|
||||||
|
type master;
|
||||||
|
file "/etc/bind/{{ domain }}.zone";
|
||||||
|
{{ slaves() }}
|
||||||
|
update-policy {
|
||||||
|
{%- for name, conf in pillar['dyndns'].items() %}
|
||||||
|
grant {{ name }} name {{ name }}.{{ domain }} ANY;
|
||||||
|
{%- endfor %}
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
|
@ -17,3 +17,7 @@ $TTL 10M
|
||||||
{{ net }} IN NS {{ ns }}.
|
{{ net }} IN NS {{ ns }}.
|
||||||
{%- endfor %}
|
{%- endfor %}
|
||||||
{%- endfor %}
|
{%- endfor %}
|
||||||
|
|
||||||
|
{%- for ns in pillar['bind']['public-ns'] %}
|
||||||
|
dyn IN NS {{ ns }}.
|
||||||
|
{%- endfor %}
|
||||||
|
|
|
@ -34,6 +34,7 @@ base:
|
||||||
- unbound
|
- unbound
|
||||||
- upstream.dhcp
|
- upstream.dhcp
|
||||||
- upstream.shaping
|
- upstream.shaping
|
||||||
|
- upstream.dyndns
|
||||||
- collectd
|
- collectd
|
||||||
'upstream2':
|
'upstream2':
|
||||||
- upstream.port-forwarding
|
- upstream.port-forwarding
|
||||||
|
@ -45,6 +46,7 @@ base:
|
||||||
- upstream.masquerade
|
- upstream.masquerade
|
||||||
- upstream.shaping
|
- upstream.shaping
|
||||||
- upstream.nat66
|
- upstream.nat66
|
||||||
|
- upstream.dyndns
|
||||||
- collectd
|
- collectd
|
||||||
'dns':
|
'dns':
|
||||||
- no-ssh
|
- no-ssh
|
||||||
|
|
|
@ -0,0 +1,12 @@
|
||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
if [ "$IFACE" = "{{ interface }}" ]; then
|
||||||
|
IP=`ip a| grep inet |grep $IFACE|awk '{print $2}'|sed -e 's#/.*##'`
|
||||||
|
|
||||||
|
nsupdate -k /etc/dyndns.key << EOF
|
||||||
|
server {{ pillar['hosts-inet']['serv']['dns'] }}
|
||||||
|
update delete {{ hostname }}. IN A
|
||||||
|
update add {{ hostname }}. 10 IN A $IP
|
||||||
|
send
|
||||||
|
EOF
|
||||||
|
fi
|
|
@ -0,0 +1,4 @@
|
||||||
|
key "{{ name }}" {
|
||||||
|
algorithm hmac-sha256;
|
||||||
|
secret "{{ secret }}";
|
||||||
|
};
|
|
@ -0,0 +1,26 @@
|
||||||
|
{%- set conf = pillar['dyndns'][salt['grains.get']('id')] %}
|
||||||
|
|
||||||
|
/etc/network/if-up.d/dyndns:
|
||||||
|
file.managed:
|
||||||
|
- source: salt://upstream/dyndns
|
||||||
|
- template: 'jinja'
|
||||||
|
- context:
|
||||||
|
interface: {{ conf['interface'] }}
|
||||||
|
hostname: {{ salt['grains.get']('id') }}.dyn.{{ pillar['bind']['root-domain'] }}
|
||||||
|
- mode: 755
|
||||||
|
- require:
|
||||||
|
- pkg: dnsutils
|
||||||
|
|
||||||
|
/etc/dyndns.key:
|
||||||
|
file.managed:
|
||||||
|
- source: salt://upstream/dyndns.key
|
||||||
|
- template: 'jinja'
|
||||||
|
- context:
|
||||||
|
name: {{ salt['grains.get']('id') }}
|
||||||
|
secret: "{{ conf['secret'] }}"
|
||||||
|
- mode: 600
|
||||||
|
- require:
|
||||||
|
- pkg: dnsutils
|
||||||
|
|
||||||
|
dnsutils:
|
||||||
|
pkg.installed: []
|
Loading…
Reference in New Issue