Markus Hauschild
e8dcf169e2
clients in the 172.23.3.0/24 subnet are now provided with dynamic dns entries in the users.binary.kitchen domain - forward entries only
26 lines
891 B
Django/Jinja
26 lines
891 B
Django/Jinja
-- {{ ansible_managed }}
|
|
|
|
setLocal('127.0.0.1')
|
|
addLocal('::1')
|
|
addLocal('{{ ansible_default_ipv4.address }}')
|
|
|
|
-- define downstream servers/pools
|
|
newServer({address='127.0.0.1:5300', pool='authdns'})
|
|
newServer({address='127.0.0.1:5353', pool='resolve'})
|
|
|
|
-- allow AXFR/IXFR only from slaves
|
|
addAction(AndRule({OrRule({QTypeRule(dnsdist.AXFR), QTypeRule(dnsdist.IXFR)}), NotRule(makeRule("{{ dns_secondary }}"))}), RCodeAction(dnsdist.REFUSED))
|
|
|
|
-- allow NOTIFY only from master
|
|
addAction(AndRule({OpcodeRule(DNSOpcode.Notify), NotRule(makeRule("{{ dns_primary }}"))}), RCodeAction(dnsdist.REFUSED))
|
|
|
|
-- use auth servers for own zones
|
|
addAction('binary.kitchen', PoolAction('authdns'))
|
|
addAction('23.172.in-addr.arpa', PoolAction('authdns'))
|
|
|
|
-- use resolver for anything else
|
|
addAction(AllRule(), PoolAction('resolve'))
|
|
|
|
-- disable security status polling via DNS
|
|
setSecurityPollSuffix('')
|