ansible/roles/dns_intern/templates/dnsdist.conf.j2

-- {{ ansible_managed }}

setLocal('127.0.0.1')
addLocal('::1')
addLocal('{{ ansible_default_ipv4.address }}')

-- define downstream servers/pools
newServer({address='127.0.0.1:5300', pool='authdns'})
newServer({address='127.0.0.1:5353', pool='resolve'})

{% if dns_secondary is defined %}
-- allow AXFR/IXFR only from secondary
addAction(AndRule({OrRule({QTypeRule(DNSQType.AXFR), QTypeRule(DNSQType.IXFR)}), NotRule(makeRule("{{ dns_secondary }}"))}), RCodeAction(DNSRCode.REFUSED))
{% endif %}

-- allow NOTIFY only from primary
addAction(AndRule({OpcodeRule(DNSOpcode.Notify), NotRule(makeRule("{{ dns_primary }}"))}), RCodeAction(DNSRCode.REFUSED))

-- use auth servers for own zones
addAction('binary.kitchen', PoolAction('authdns'))
addAction('23.172.in-addr.arpa', PoolAction('authdns'))

-- function to set RA flag
function setRA(dq)
  dq.dh:setRA(true)
  return DNSResponseAction.None
end

-- set RA flag for queries to own zones
addResponseAction('binary.kitchen', LuaResponseAction(setRA))
addResponseAction('23.172.in-addr.arpa', LuaResponseAction(setRA))

-- use resolver for anything else
addAction(AllRule(), PoolAction('resolve'))

-- disable security status polling via DNS
setSecurityPollSuffix('')
dhcpd, dns_intern: provide dynamic dns entries clients in the 172.23.3.0/24 subnet are now provided with dynamic dns entries in the users.binary.kitchen domain - forward entries only 2021-05-16 18:35:29 +02:00			`-- {{ ansible_managed }}`

			`setLocal('127.0.0.1')`
			`addLocal('::1')`
			`addLocal('{{ ansible_default_ipv4.address }}')`

			`-- define downstream servers/pools`
			`newServer({address='127.0.0.1:5300', pool='authdns'})`
			`newServer({address='127.0.0.1:5353', pool='resolve'})`

dns_intern: fix role for non-clustered setups 2021-07-30 23:44:00 +02:00			`{% if dns_secondary is defined %}`
dns_intern: set RA flag on answers from auth for own zones 2024-11-17 19:32:02 +01:00			`-- allow AXFR/IXFR only from secondary`
dns_intern: make compatiable with Debian 12 2023-10-10 19:25:04 +02:00			`addAction(AndRule({OrRule({QTypeRule(DNSQType.AXFR), QTypeRule(DNSQType.IXFR)}), NotRule(makeRule("{{ dns_secondary }}"))}), RCodeAction(DNSRCode.REFUSED))`
dns_intern: fix role for non-clustered setups 2021-07-30 23:44:00 +02:00			`{% endif %}`
dhcpd, dns_intern: provide dynamic dns entries clients in the 172.23.3.0/24 subnet are now provided with dynamic dns entries in the users.binary.kitchen domain - forward entries only 2021-05-16 18:35:29 +02:00
dns_intern: set RA flag on answers from auth for own zones 2024-11-17 19:32:02 +01:00			`-- allow NOTIFY only from primary`
dns_intern: make compatiable with Debian 12 2023-10-10 19:25:04 +02:00			`addAction(AndRule({OpcodeRule(DNSOpcode.Notify), NotRule(makeRule("{{ dns_primary }}"))}), RCodeAction(DNSRCode.REFUSED))`
dhcpd, dns_intern: provide dynamic dns entries clients in the 172.23.3.0/24 subnet are now provided with dynamic dns entries in the users.binary.kitchen domain - forward entries only 2021-05-16 18:35:29 +02:00
			`-- use auth servers for own zones`
			`addAction('binary.kitchen', PoolAction('authdns'))`
			`addAction('23.172.in-addr.arpa', PoolAction('authdns'))`

dns_intern: set RA flag on answers from auth for own zones 2024-11-17 19:32:02 +01:00			`-- function to set RA flag`
			`function setRA(dq)`
			`dq.dh:setRA(true)`
			`return DNSResponseAction.None`
			`end`

			`-- set RA flag for queries to own zones`
			`addResponseAction('binary.kitchen', LuaResponseAction(setRA))`
			`addResponseAction('23.172.in-addr.arpa', LuaResponseAction(setRA))`

dhcpd, dns_intern: provide dynamic dns entries clients in the 172.23.3.0/24 subnet are now provided with dynamic dns entries in the users.binary.kitchen domain - forward entries only 2021-05-16 18:35:29 +02:00			`-- use resolver for anything else`
			`addAction(AllRule(), PoolAction('resolve'))`

			`-- disable security status polling via DNS`
			`setSecurityPollSuffix('')`