[ansible] Update zones for rpmfusion

commit 43f7500f0ece51bd8e8639b93c097dfda349787b Author: Nicolas Chauvet <kwizart(a)gmail.com&gt; Date: Fri Dec 2 11:31:32 2016 +0100 Update zones for rpmfusion roles/dns/files/named.conf | 371 +------------------------------------------ roles/dns/files/zones.conf | 14 +- 2 files changed, 18 insertions(+), 367 deletions(-) --- diff --git a/roles/dns/files/named.conf b/roles/dns/files/named.conf index 7db4cf0..6205e8b 100644 --- a/roles/dns/files/named.conf +++ b/roles/dns/files/named.conf @@ -13,19 +13,13 @@ include "/var/named/GeoIP.acl"; //include rndckey include "/etc/rndc.key"; -// dns1.j2solutions.net - run by Jesse Keating <jkeating(a)redhat.com&gt; -acl "slaves" { 209.124.61.35; }; +//acl "slaves" { 46.105.55.71; 2001:41d0:2:ad32::1/128; }; // acl "everyone-v4" { 0.0.0.0/0; }; acl "everyone-v6" { ::0/0; }; acl "everyone" { 0.0.0.0/0; ::0/0; }; // -acl "ns_redhat" { 66.187.233.210; 209.132.183.2; 66.187.229.10; }; -// -acl "phx2net" { 10.4.124.128/25; 10.5.78.0/24; 10.5.79.0/24; 10.5.125.0/24; 10.5.126.0/24; 10.5.127.0/24; 10.5.129.0/24; }; -acl "qanet" { 10.5.124.128/25; 10.5.131.0/24; }; -acl "rh-slaves" { 10.5.30.78; 10.11.5.70; }; -acl "rh" { 10.0.0.0/8; }; +acl "ns_kimsufi" { 213.186.33.199; 2001:41d0:8:2b87::/128; }; // options { directory "/"; @@ -34,7 +28,7 @@ options { dnssec-enable yes; query-source address * port *; query-source-v6 address * port *; - allow-transfer { localhost; slaves; rh-slaves; rh;}; + allow-transfer { localhost; slaves; ns_kimsufi;}; transfer-source * port 53; pid-file "/var/run/named/named.pid"; statistics-file "/var/log/named.stats"; @@ -85,369 +79,22 @@ logging { // Who can rndc our server (only localhost)... // controls { - inet 127.0.0.1 port 953 allow { localhost; } keys { rndckey; }; -}; - -view "QA" { - match-clients { qanet; }; - allow-recursion { localhost; qanet; rh-slaves; rh; }; - recursion yes; - // no rate-limit on internal requests - rate-limit { - exempt-clients { qanet; }; - }; - - # make sure we forward only for redhat.com lookups - zone "redhat.com" { - type forward; - forward only; - forwarders { 10.5.26.20; 10.5.26.21; }; - }; - - - zone "beaker-project.org" { - type forward; - forward only; - forwarders { 10.5.26.20; 10.5.26.21; }; - }; - - zone "88.5.10.in-addr.arpa" { - type forward; - forward only; - forwarders { 10.5.26.20; 10.5.26.21; }; - }; - - zone "4.10.in-addr.arpa" { - type forward; - forward only; - forwarders { 10.5.26.20; 10.5.26.21; }; - }; - - zone "5.10.in-addr.arpa" { - type forward; - forward only; - forwarders { 10.5.26.20; 10.5.26.21; }; - }; - - zone "10.in-addr.arpa" { - type forward; - forward only; - forwarders { 10.5.26.20; 10.5.26.21; }; - }; - - zone "186.132.209.in-addr.arpa." { - type forward; - forward only; - forwarders { 10.5.26.20; 10.5.26.21; }; - }; - - zone "qa.fedoraproject.org" { - type master; - file "/var/named/master/built/qa.fedoraproject.org"; - }; - - zone "phx2.fedoraproject.org" { - type master; - file "/var/named/master/built/phx2.fedoraproject.org"; - }; - - zone "mgmt.fedoraproject.org" { - type master; - file "/var/named/master/built/mgmt.fedoraproject.org"; - }; - - zone "arm.fedoraproject.org" { - type master; - file "/var/named/master/built/arm.fedoraproject.org"; - }; - - zone "ppc.fedoraproject.org" { - type master; - file "/var/named/master/built/ppc.fedoraproject.org"; - }; - - zone "s390.fedoraproject.org" { - type master; - file "/var/named/master/built/s390.fedoraproject.org"; - }; - - zone "78.5.10.in-addr.arpa" { - type master; - file "/var/named/master/built/78.5.10.in-addr.arpa"; - }; - - zone "79.5.10.in-addr.arpa" { - type master; - file "/var/named/master/built/79.5.10.in-addr.arpa"; - }; - - zone "124.5.10.in-addr.arpa" { - type master; - file "/var/named/master/built/124.5.10.in-addr.arpa"; - }; - - zone "125.5.10.in-addr.arpa" { - type master; - file "/var/named/master/built/125.5.10.in-addr.arpa"; - }; - - zone "126.5.10.in-addr.arpa" { - type master; - file "/var/named/master/built/126.5.10.in-addr.arpa"; - }; - - zone "127.5.10.in-addr.arpa" { - type master; - file "/var/named/master/built/127.5.10.in-addr.arpa"; - }; - - zone "128.5.10.in-addr.arpa" { - type master; - file "/var/named/master/built/128.5.10.in-addr.arpa"; - }; - - zone "129.5.10.in-addr.arpa" { - type master; - file "/var/named/master/built/129.5.10.in-addr.arpa"; - }; - - zone "130.5.10.in-addr.arpa" { - type master; - file "/var/named/master/built/130.5.10.in-addr.arpa"; - }; - - zone "131.5.10.in-addr.arpa" { - type master; - file "/var/named/master/built/131.5.10.in-addr.arpa"; - }; - - - zone "fedoraproject.org" { - type master; - file "/var/named/master/built/QA/fedoraproject.org.signed"; - }; - zone "cloud.fedoraproject.org" { - type master; - file "/var/named/master/built/QA/cloud.fedoraproject.org.signed"; - }; - zone "getfedora.org" { - type master; - file "/var/named/master/built/QA/getfedora.org.signed"; - }; - - include "/etc/named/zones.conf"; -}; - -view "PHX2" { - match-clients { phx2net; rh-slaves; 192.168.0.0/16; 172.16.0.0/12; }; - allow-recursion { localhost; phx2net; rh-slaves; rh; }; - recursion yes; - // no rate-limit on internal requests - rate-limit { - exempt-clients { phx2net; }; - }; - # make sure we forward only for redhat.com lookups - zone "redhat.com" { - type forward; - forward only; - forwarders { 10.5.26.20; 10.5.26.21; }; - }; - - zone "beaker-project.org" { - type forward; - forward only; - forwarders { 10.5.26.20; 10.5.26.21; }; - }; - - # also, we need to forward some jboss.org for fuse-fabric/bugzilla2fedmsg - zone "jboss.org" { - type forward; - forward only; - forwarders { 10.5.26.20; 10.5.26.21; }; - }; - - zone "88.5.10.in-addr.arpa" { - type forward; - forward only; - forwarders { 10.5.26.20; 10.5.26.21; }; - }; - - zone "4.10.in-addr.arpa" { - type forward; - forward only; - forwarders { 10.5.26.20; 10.5.26.21; }; - }; - - zone "5.10.in-addr.arpa" { - type forward; - forward only; - forwarders { 10.5.26.20; 10.5.26.21; }; - }; - - zone "10.in-addr.arpa" { - type forward; - forward only; - forwarders { 10.5.26.20; 10.5.26.21; }; - }; - - zone "186.132.209.in-addr.arpa." { - type forward; - forward only; - forwarders { 10.5.26.20; 10.5.26.21; }; - }; - - zone "qa.fedoraproject.org" { - type master; - file "/var/named/master/built/qa.fedoraproject.org"; - }; - - zone "phx2.fedoraproject.org" { - type master; - file "/var/named/master/built/phx2.fedoraproject.org"; - }; - - zone "mgmt.fedoraproject.org" { - type master; - file "/var/named/master/built/mgmt.fedoraproject.org"; - }; - - zone "arm.fedoraproject.org" { - type master; - file "/var/named/master/built/arm.fedoraproject.org"; - }; - - zone "ppc.fedoraproject.org" { - type master; - file "/var/named/master/built/ppc.fedoraproject.org"; - }; - - zone "s390.fedoraproject.org" { - type master; - file "/var/named/master/built/s390.fedoraproject.org"; - }; - - zone "78.5.10.in-addr.arpa" { - type master; - file "/var/named/master/built/78.5.10.in-addr.arpa"; - }; - - zone "79.5.10.in-addr.arpa" { - type master; - file "/var/named/master/built/79.5.10.in-addr.arpa"; - }; - - zone "124.5.10.in-addr.arpa" { - type master; - file "/var/named/master/built/124.5.10.in-addr.arpa"; - }; - - zone "125.5.10.in-addr.arpa" { - type master; - file "/var/named/master/built/125.5.10.in-addr.arpa"; - }; - - zone "126.5.10.in-addr.arpa" { - type master; - file "/var/named/master/built/126.5.10.in-addr.arpa"; - }; - - zone "127.5.10.in-addr.arpa" { - type master; - file "/var/named/master/built/127.5.10.in-addr.arpa"; - }; - - zone "128.5.10.in-addr.arpa" { - type master; - file "/var/named/master/built/128.5.10.in-addr.arpa"; - }; - - zone "129.5.10.in-addr.arpa" { - type master; - file "/var/named/master/built/129.5.10.in-addr.arpa"; - }; - - zone "130.5.10.in-addr.arpa" { - type master; - file "/var/named/master/built/130.5.10.in-addr.arpa"; - }; - - zone "131.5.10.in-addr.arpa" { - type master; - file "/var/named/master/built/131.5.10.in-addr.arpa"; - }; - - - zone "fedoraproject.org" { - type master; - file "/var/named/master/built/PHX2/fedoraproject.org.signed"; - }; - zone "cloud.fedoraproject.org" { - type master; - file "/var/named/master/built/PHX2/cloud.fedoraproject.org.signed"; - }; - zone "getfedora.org" { - type master; - file "/var/named/master/built/PHX2/getfedora.org.signed"; - }; - - include "/etc/named/zones.conf"; -}; - -// The zones -view "NA" { - match-clients { US; CA; MX; }; - recursion no; - zone "fedoraproject.org" { - type master; - file "/var/named/master/built/NA/fedoraproject.org.signed"; - }; - zone "cloud.fedoraproject.org" { - type master; - file "/var/named/master/built/NA/cloud.fedoraproject.org.signed"; - }; - zone "getfedora.org" { - type master; - file "/var/named/master/built/NA/getfedora.org.signed"; - }; - include "/etc/named/zones.conf"; -}; - - -// This is not "EU" countries, I just wanted a short way to represent Europe. -view "EU" { - match-clients { AT; BE; BG; CY; CZ; DE; DK; EE; ES; FI; FR; GR; HU; IT; LT; LU; LV; MT; NL; PL; PT; RO; RU; SE; UA; GB; IE; IS; NO; }; - recursion no; - zone "fedoraproject.org" { - type master; - file "/var/named/master/built/EU/fedoraproject.org.signed"; - }; - zone "cloud.fedoraproject.org" { - type master; - file "/var/named/master/built/EU/cloud.fedoraproject.org.signed"; - }; - zone "getfedora.org" { - type master; - file "/var/named/master/built/EU/getfedora.org.signed"; - }; - include "/etc/named/zones.conf"; + inet 127.0.0.1 port 953 allow { localhost; } keys { rndc-key; }; }; view "DEFAULT" { match-clients { any; }; recursion no; - zone "fedoraproject.org" { - type master; - file "/var/named/master/built/DEFAULT/fedoraproject.org.signed"; - }; - zone "cloud.fedoraproject.org" { + zone "rpmfusion.org" { type master; - file "/var/named/master/built/DEFAULT/cloud.fedoraproject.org.signed"; + file "/var/named/master/built/DEFAULT/rpmfusion.org"; }; - zone "getfedora.org" { + zone "rpmfusion.net" { type master; - file "/var/named/master/built/DEFAULT/getfedora.org.signed"; + file "/var/named/master/built/DEFAULT/rpmfusion.net"; }; +; include "/etc/named/zones.conf"; }; diff --git a/roles/dns/files/zones.conf b/roles/dns/files/zones.conf index 3c2b36e..b593158 100644 --- a/roles/dns/files/zones.conf +++ b/roles/dns/files/zones.conf @@ -3,16 +3,20 @@ zone "." { file "/var/named/named.ca"; }; +zone "rpmfusion.net" { + type master; + file "/var/named/master/built/rpmfusion.net"; +}; -//zone "fedoraproject.org" { -// type master; -// file "/var/named/master/built/fedoraproject.org.signed"; -//}; +zone "rpmfusion.org" { + type master; + file "/var/named/master/built/rpmfusion.org"; +}; zone "168.192.in-addr.arpa" { type master; - file "/var/named/master/built/168.192.in-addr.arpa.signed"; + file "/var/named/master/built/168.192.in-addr.arpa"; };