77 lines
1.8 KiB
Plaintext
77 lines
1.8 KiB
Plaintext
# Slaves rely on static IPv4 addrs over dn42. Do not contact them over
|
|
# their public addrs because our source addr is dynamic!
|
|
{% macro slaves() -%}
|
|
{%- if pillar['bind']['slaves'] -%}
|
|
allow-transfer {
|
|
{%- for addr in pillar['bind']['slaves'] -%}
|
|
{{ addr }};
|
|
{%- endfor -%}
|
|
};
|
|
also-notify {
|
|
{%- for addr in pillar['bind']['slaves'] -%}
|
|
{{ addr }};
|
|
{%- endfor -%}
|
|
};
|
|
{%- endif -%}
|
|
{%- endmacro %}
|
|
|
|
# root domain
|
|
{%- for ctx, root_domain in pillar['bind']['root-domain'].items() %}
|
|
zone "{{ root_domain }}" IN {
|
|
type master;
|
|
file "/etc/bind/{{ root_domain }}.zone";
|
|
{{ slaves() }}
|
|
};
|
|
|
|
# net zones
|
|
{%- for net, subnet4 in pillar['subnets-inet'].items() %}
|
|
{%- set domain = net ~ '.' ~ root_domain %}
|
|
zone "{{ domain }}" IN {
|
|
type master;
|
|
file "/etc/bind/{{ domain }}.zone";
|
|
{{ slaves() }}
|
|
};
|
|
{%- endfor %}
|
|
{%- endfor %}
|
|
|
|
# IPv4 reverse zones
|
|
{%- for domain in pillar['bind']['reverse-zones-inet'] %}
|
|
zone "{{ domain }}" IN {
|
|
type master;
|
|
file "/etc/bind/{{ domain }}.zone";
|
|
};
|
|
{%- endfor %}
|
|
|
|
# IPv6 reverse zones
|
|
{%- for ctx, domains in pillar['bind']['reverse-zones-inet6'].items() %}
|
|
{%- for domain in domains %}
|
|
zone "{{ domain }}" IN {
|
|
type master;
|
|
file "/etc/bind/{{ domain }}.zone";
|
|
{{ slaves() }}
|
|
};
|
|
{%- endfor %}
|
|
{%- endfor %}
|
|
|
|
|
|
# DynDNS
|
|
{%- for name, conf in pillar['dyndns'].items() %}
|
|
key "{{ name }}" {
|
|
algorithm hmac-sha256;
|
|
secret "{{ conf['secret'] }}";
|
|
};
|
|
{%- endfor %}
|
|
|
|
# DynDNS zone
|
|
{%- set domain = 'dyn.' ~ pillar['bind']['root-domain']['up1'] %}
|
|
zone "{{ domain }}" IN {
|
|
type master;
|
|
file "/etc/bind/{{ domain }}.zone";
|
|
{{ slaves() }}
|
|
update-policy {
|
|
{%- for name, conf in pillar['dyndns'].items() %}
|
|
grant {{ name }} name {{ name }}.{{ domain }} ANY;
|
|
{%- endfor %}
|
|
};
|
|
};
|