Skip to content

Commit 7a09ff5

Browse files
mathiashromathiashro
committed
nameserver-secondary: adopt primary/secondary naming
We use here the more recent BIND zone type defintion, either primary or secondary at this role. This changes the named config files as well as the ferm config file.
1 parent 90ead7e commit 7a09ff5

File tree

4 files changed

+21
-20
lines changed

4 files changed

+21
-20
lines changed

roles/nameserver-secondary/defaults/main.yml

+7-6
Original file line numberDiff line numberDiff line change
@@ -1,10 +1,11 @@
1-
dns_zone_masters_ipv4:
2-
- 139.30.241.202
3-
- 192.168.10.2
1+
dns_zone_primaries_ipv4:
2+
- 192.168.10.7
3+
- 139.30.241.205
44

5-
dns_zone_masters_ipv6:
6-
- 2001:638:804:2228:5652:ff:fe41:6e19
5+
dns_zone_primaries_ipv6:
6+
- fd32:d8d3:87da::10:7
7+
- 2001:638:804:2228:216:3eff:feb0:9e05
78

8-
dns_zone_master_with_dnskey: heartofgold.opennet-initiative.de
9+
dns_zone_primary_with_dnskey: ns.opennet-initiative.de
910

1011
nameserver_secondary_ipv6: fd32:d8d3:87da::53

roles/nameserver-secondary/tasks/bind.yml

+2-2
Original file line numberDiff line numberDiff line change
@@ -3,8 +3,8 @@
33

44
- block:
55
- name: bind - dnskey vom primaeren DNS-Server abholen
6-
delegate_to: root@{{ dns_zone_master_with_dnskey }}
7-
shell: grep -w 'secret' /etc/bind/named.conf.options | cut -f 2 -d '"'
6+
delegate_to: root@{{ dns_zone_primary_with_dnskey }}
7+
shell: grep -w 'secret' /etc/bind/keys/opennet-transfer.key | cut -f 2 -d '"'
88
register: dnskey_secret_fetch
99
changed_when: False
1010
run_once: yes

roles/nameserver-secondary/templates/ferm/320_dns-zone-slave.inc

+4-4
Original file line numberDiff line numberDiff line change
@@ -3,9 +3,9 @@
33
# Lokale Anpassungen koennen unter /etc/ferm/ferm.d/ abgelegt werden.
44
###############################################################################
55

6-
@def $DNS_ZONE_MASTERS_IPv4 = ({{ dns_zone_masters_ipv4|join(' ') }});
7-
@def $DNS_ZONE_MASTERS_IPv6 = ({{ dns_zone_masters_ipv6|join(' ') }});
6+
@def $DNS_ZONE_PRIMARIES_IPv4 = ({{ dns_zone_primaries_ipv4|join(' ') }});
7+
@def $DNS_ZONE_PRIMARIES_IPv6 = ({{ dns_zone_primaries_ipv6|join(' ') }});
88

99
# DNS-Zonentransfers
10-
domain ip table filter chain service-input proto tcp dport domain saddr $DNS_ZONE_MASTERS_IPv4 ACCEPT;
11-
domain ip6 table filter chain service-input proto tcp dport domain saddr $DNS_ZONE_MASTERS_IPv6 ACCEPT;
10+
domain ip table filter chain service-input proto tcp dport domain saddr $DNS_ZONE_PRIMARIES_IPv4 ACCEPT;
11+
domain ip6 table filter chain service-input proto tcp dport domain saddr $DNS_ZONE_PRIMARIES_IPv6 ACCEPT;

roles/nameserver-secondary/templates/named.conf.local

+8-8
Original file line numberDiff line numberDiff line change
@@ -2,7 +2,7 @@
22

33
acl opennet {
44
127.0.0.0/8; 10.0.0.0/8; 192.168.0.0/16;
5-
{{ (dns_zone_masters_ipv4 + dns_zone_masters_ipv6)|join('; ') }};
5+
{{ (dns_zone_primaries_ipv6 + dns_zone_primaries_ipv4)|join('; ') }};
66
::1; fd32:d8d3:87da::/48; 2a0a:4580:1010::/48;
77
};
88

@@ -14,8 +14,8 @@ key dnskey.opennet {
1414

1515

1616
// diesen Schluessel allen Verbindungen mit den Opennet-DNS-Mastern zuordnen
17-
{% for master in (dns_zone_masters_ipv4 + dns_zone_masters_ipv6) %}
18-
server {{ master }} { keys dnskey.opennet; };
17+
{% for primary in (dns_zone_primaries_ipv6 + dns_zone_primaries_ipv4) %}
18+
server {{ primary }} { keys dnskey.opennet; };
1919
{% endfor %}
2020

2121

@@ -50,33 +50,33 @@ logging {
5050
zone "on." {
5151
type slave;
5252
file "db.on";
53-
masters { {{ (dns_zone_masters_ipv4 + dns_zone_masters_ipv6)|join('; ') }}; };
53+
primaries { {{ (dns_zone_primaries_ipv6 + dns_zone_primaries_ipv4)|join('; ') }}; };
5454
};
5555

5656
//on - reverse
5757
zone "168.192.in-addr.arpa" {
5858
type slave;
5959
file "db.192.168";
60-
masters { {{ (dns_zone_masters_ipv4 + dns_zone_masters_ipv6)|join('; ') }}; };
60+
primaries { {{ (dns_zone_primaries_ipv6 + dns_zone_primaries_ipv4)|join('; ') }}; };
6161
};
6262

6363
//on-vpn - reverse
6464
zone "1.10.in-addr.arpa" {
6565
type slave;
6666
file "db.10.1";
67-
masters { {{ (dns_zone_masters_ipv4 + dns_zone_masters_ipv6)|join('; ') }}; };
67+
primaries { {{ (dns_zone_primaries_ipv6 + dns_zone_primaries_ipv4)|join('; ') }}; };
6868
};
6969

7070
//on-ugw reverse
7171
zone "2.10.in-addr.arpa" {
7272
type slave;
7373
file "db.10.2";
74-
masters { {{ (dns_zone_masters_ipv4 + dns_zone_masters_ipv6)|join('; ') }}; };
74+
primaries { {{ (dns_zone_primaries_ipv6 + dns_zone_primaries_ipv4)|join('; ') }}; };
7575
};
7676

7777
//on-v6-ula - reverse
7878
zone "a.d.7.8.3.d.8.d.2.3.d.f.ip6.arpa" {
7979
type slave;
8080
file "db.fd32_d8d3_87da";
81-
masters { {{ (dns_zone_masters_ipv4 + dns_zone_masters_ipv6)|join('; ') }}; };
81+
primaries { {{ (dns_zone_primaries_ipv6 + dns_zone_primaries_ipv4)|join('; ') }}; };
8282
};

0 commit comments

Comments
 (0)