bind: implement dyndns
This commit is contained in:
parent
8f64476c2a
commit
e562d1e519
|
@ -11,7 +11,7 @@ bind:
|
|||
# dns.spaceboyz.net
|
||||
- 172.22.24.4
|
||||
- 2a01:4f8:a0:33d0::4
|
||||
serial: 2017012300
|
||||
serial: 2017031210
|
||||
|
||||
reverse-zones-inet:
|
||||
- 72.20.172.in-addr.arpa
|
||||
|
|
18
salt-pillar/bind/dyndns/anon1.sls
Normal file
18
salt-pillar/bind/dyndns/anon1.sls
Normal file
|
@ -0,0 +1,18 @@
|
|||
#!yaml|gpg
|
||||
dyndns:
|
||||
anon1:
|
||||
interface: ipredator
|
||||
secret: |
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
hQEMA2PKcvDMvlKLAQgAjh9ugkiUCwnXHHJP7mJqmjnS6shfTXMqPYeR1KTwIWvC
|
||||
xOSxQBvD/WYOg/p6Jai+dB5TAvI0l1G4oaaii3OoKot0flJPzWR5IgBHJBmDEuii
|
||||
/pinHD4JpNTDPb2OBE/UXZjyJ4XGCwh8yVaOr5LmRPuB/DMfxk6FpPpDps6n5ioT
|
||||
i9RkvgZTtyk8nyb3Q+Gg051vXKYOHiZbOtu08GRMDqBjkBwWAaVCWc/ts4Gs0SjG
|
||||
GgxWR6VWhMSWIbuJmFY5Bix6rRuI6cVY48Xg+/aQXxrSMjI3SKjpeJ0Otn7Hi1Fh
|
||||
vK6mIZtyESsNt3qHd65GPWJ0PPLiOg6M0peC9rfJgdJnAYq2n/f89jfraVTK3gYL
|
||||
ch7EWeGAJbqf7srcDqjL/kHVSVrLlh3GSpFZsyD3hOeGMWrkQnnVrMBLo2oAoQSp
|
||||
bVh+AjIkctnwHJSDS6FsijrQJicLVu/tG/Sg9PqELvWzMf+LvRL49Q==
|
||||
=zrkj
|
||||
-----END PGP MESSAGE-----
|
||||
|
18
salt-pillar/bind/dyndns/upstream1.sls
Normal file
18
salt-pillar/bind/dyndns/upstream1.sls
Normal file
|
@ -0,0 +1,18 @@
|
|||
#!yaml|gpg
|
||||
dyndns:
|
||||
upstream1:
|
||||
interface: up1
|
||||
secret: |
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
hQEMA2PKcvDMvlKLAQgAlT62OyjlGRcQ8/RivPsFfJfVSoNhGFFbSm+1yfA7Efav
|
||||
d/ELCj86zXTvYoa4S8jEvd6iqsKOukINlCkYHR3p5Qs31bsSh/B+0B09fksp7d4O
|
||||
NCE4VVInZe9HY7DpSFEsu44gbit2MJKhhbtozkyEwn3dGaXHmGEWqS1V20fLFeUA
|
||||
r1ZwqyI6nFHT28thugt36r6/ZblkeZDqH77JuR/AnIsCFtykErZsiTQiiuiiOrvU
|
||||
/m0kTz0jHBVSRuil3+4uibOWf2eDPuLukD2RXszGnaaq066vlRVyTKTchVjBnqDs
|
||||
tNYls0rmr6UOOQid7N0BcCjYKKkoF6AVb3R1eA1yG9JnAeSx1KAmIrzfYLJ/eRkw
|
||||
CPXogzxlMQt1i4fNRVUPWX+V9SHsbw/bp0CgaI1FJsfnVL4+BZejxTpGvybuKR+O
|
||||
ejuUPineVymhVULbK2bbUGhpn0aaaKmV4CmZusueHg2W2lpJS0UozQ==
|
||||
=krxI
|
||||
-----END PGP MESSAGE-----
|
||||
|
18
salt-pillar/bind/dyndns/upstream2.sls
Normal file
18
salt-pillar/bind/dyndns/upstream2.sls
Normal file
|
@ -0,0 +1,18 @@
|
|||
#!yaml|gpg
|
||||
dyndns:
|
||||
upstream2:
|
||||
interface: up2
|
||||
secret: |
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
hQEMA2PKcvDMvlKLAQf/dsFJZ7Ud81pppjYXlOAEe1Zz+VqFaR+8kjzTE1uSxqNF
|
||||
cI3asqGG1ltqY4CNJ0Sw6dzFKgCvBMxY2PlAKi2W/d4VXW+Eq3fuLA9g8AZ3FHxL
|
||||
8LgBaxoIuue8lI3FpQk3rbkhnELbwTp8A6Y0TCqexDp7NyieaHdsFkkg9lJn268B
|
||||
RsIsg2n3ZlpPw6PgQ1qz0hqTlSIi/FyVTX0JLQ7GIpiPZPPsEtT0A62adkla0x4+
|
||||
fkrqPBC3jD5ICz/mytkmwWilmkZHO+VXF7juAmwLnmp69w1yhsohVK1mecme60Rt
|
||||
w6i6cVhvg/EaQnqhKxusLi3DnroaVTwU9wvw3aBiN9JnATYs/Y9LotYP3/4tiPO1
|
||||
c45aNN6Oz/s7RwjTjiZv0LqnoXVLYPF2a0xok5eIklwp2f/wp7jh/SelJCZHY7H4
|
||||
dx2TiwNW89qYfN4GNmfie+LgJDqs9DEZPBDDwjYBIPDMsh7kZiTo5A==
|
||||
=pVXt
|
||||
-----END PGP MESSAGE-----
|
||||
|
|
@ -30,14 +30,21 @@ base:
|
|||
- bind.dns
|
||||
'upstream1':
|
||||
- upstream.upstream1
|
||||
- bind.dyndns.upstream1
|
||||
- bind.dns
|
||||
'upstream2':
|
||||
- upstream.upstream2
|
||||
- bind.dyndns.upstream2
|
||||
'anon*':
|
||||
- bird.ospf
|
||||
- vpn.anon1
|
||||
- upstream.anon1
|
||||
- collectd.upstream
|
||||
- bind.dyndns.anon1
|
||||
'dns':
|
||||
- bind.dns
|
||||
- bind.dyndns.upstream1
|
||||
- bind.dyndns.upstream2
|
||||
- bind.dyndns.anon1
|
||||
'stats':
|
||||
- collectd.stats-server
|
||||
|
|
13
salt/bind/dyn-domain.zone
Normal file
13
salt/bind/dyn-domain.zone
Normal file
|
@ -0,0 +1,13 @@
|
|||
$ORIGIN {{ domain }}.
|
||||
$TTL 10M
|
||||
|
||||
@ IN SOA {{ pillar['bind']['master-ns'] }}. astro.spaceboyz.net. (
|
||||
{{ pillar['bind']['serial'] }} ; serial
|
||||
1H ; refresh
|
||||
1M ; retry
|
||||
2H ; expire
|
||||
5M ; minimum
|
||||
)
|
||||
{%- for ns in pillar['bind']['public-ns'] %}
|
||||
IN NS {{ ns }}.
|
||||
{%- endfor %}
|
|
@ -37,6 +37,15 @@ bind9:
|
|||
|
||||
{%- endfor %}
|
||||
|
||||
# dyn.zentralwerk.online
|
||||
{%- set domain = 'dyn.' ~ pillar['bind']['root-domain'] %}
|
||||
/etc/bind/{{ domain }}.zone:
|
||||
file.managed:
|
||||
- source: salt://bind/dyn-domain.zone
|
||||
- template: 'jinja'
|
||||
- context:
|
||||
domain: {{ domain }}
|
||||
|
||||
# IPv4 reverse
|
||||
{%- for domain in pillar['bind']['reverse-zones-inet'] %}
|
||||
/etc/bind/{{ domain }}.zone:
|
||||
|
@ -56,3 +65,6 @@ bind9:
|
|||
- context:
|
||||
domain: {{ domain }}
|
||||
{%- endfor %}
|
||||
|
||||
rndc reload:
|
||||
cmd.run: []
|
||||
|
|
|
@ -41,9 +41,32 @@ zone "{{ domain }}" IN {
|
|||
};
|
||||
{%- endfor %}
|
||||
|
||||
# IPv6 reverse zones
|
||||
{%- for domain in pillar['bind']['reverse-zones-inet6'] %}
|
||||
zone "{{ domain }}" IN {
|
||||
type master;
|
||||
file "/etc/bind/{{ domain }}.zone";
|
||||
};
|
||||
{%- endfor %}
|
||||
|
||||
|
||||
# DynDNS
|
||||
{%- for name, conf in pillar['dyndns'].items() %}
|
||||
key "{{ name }}" {
|
||||
algorithm hmac-sha256;
|
||||
secret "{{ conf['secret'] }}";
|
||||
};
|
||||
{%- endfor %}
|
||||
|
||||
# DynDNS zone
|
||||
{%- set domain = 'dyn.' ~ pillar['bind']['root-domain'] %}
|
||||
zone "{{ domain }}" IN {
|
||||
type master;
|
||||
file "/etc/bind/{{ domain }}.zone";
|
||||
{{ slaves() }}
|
||||
update-policy {
|
||||
{%- for name, conf in pillar['dyndns'].items() %}
|
||||
grant {{ name }} name {{ name }}.{{ domain }} ANY;
|
||||
{%- endfor %}
|
||||
};
|
||||
};
|
||||
|
|
|
@ -17,3 +17,7 @@ $TTL 10M
|
|||
{{ net }} IN NS {{ ns }}.
|
||||
{%- endfor %}
|
||||
{%- endfor %}
|
||||
|
||||
{%- for ns in pillar['bind']['public-ns'] %}
|
||||
dyn IN NS {{ ns }}.
|
||||
{%- endfor %}
|
||||
|
|
|
@ -34,6 +34,7 @@ base:
|
|||
- unbound
|
||||
- upstream.dhcp
|
||||
- upstream.shaping
|
||||
- upstream.dyndns
|
||||
- collectd
|
||||
'upstream2':
|
||||
- upstream.port-forwarding
|
||||
|
@ -45,6 +46,7 @@ base:
|
|||
- upstream.masquerade
|
||||
- upstream.shaping
|
||||
- upstream.nat66
|
||||
- upstream.dyndns
|
||||
- collectd
|
||||
'dns':
|
||||
- no-ssh
|
||||
|
|
12
salt/upstream/dyndns
Normal file
12
salt/upstream/dyndns
Normal file
|
@ -0,0 +1,12 @@
|
|||
#!/bin/sh
|
||||
|
||||
if [ "$IFACE" = "{{ interface }}" ]; then
|
||||
IP=`ip a| grep inet |grep $IFACE|awk '{print $2}'|sed -e 's#/.*##'`
|
||||
|
||||
nsupdate -k /etc/dyndns.key << EOF
|
||||
server {{ pillar['hosts-inet']['serv']['dns'] }}
|
||||
update delete {{ hostname }}. IN A
|
||||
update add {{ hostname }}. 10 IN A $IP
|
||||
send
|
||||
EOF
|
||||
fi
|
4
salt/upstream/dyndns.key
Normal file
4
salt/upstream/dyndns.key
Normal file
|
@ -0,0 +1,4 @@
|
|||
key "{{ name }}" {
|
||||
algorithm hmac-sha256;
|
||||
secret "{{ secret }}";
|
||||
};
|
26
salt/upstream/dyndns.sls
Normal file
26
salt/upstream/dyndns.sls
Normal file
|
@ -0,0 +1,26 @@
|
|||
{%- set conf = pillar['dyndns'][salt['grains.get']('id')] %}
|
||||
|
||||
/etc/network/if-up.d/dyndns:
|
||||
file.managed:
|
||||
- source: salt://upstream/dyndns
|
||||
- template: 'jinja'
|
||||
- context:
|
||||
interface: {{ conf['interface'] }}
|
||||
hostname: {{ salt['grains.get']('id') }}.dyn.{{ pillar['bind']['root-domain'] }}
|
||||
- mode: 755
|
||||
- require:
|
||||
- pkg: dnsutils
|
||||
|
||||
/etc/dyndns.key:
|
||||
file.managed:
|
||||
- source: salt://upstream/dyndns.key
|
||||
- template: 'jinja'
|
||||
- context:
|
||||
name: {{ salt['grains.get']('id') }}
|
||||
secret: "{{ conf['secret'] }}"
|
||||
- mode: 600
|
||||
- require:
|
||||
- pkg: dnsutils
|
||||
|
||||
dnsutils:
|
||||
pkg.installed: []
|
Loading…
Reference in New Issue
Block a user