1
0
forked from infra/ansible

dns_intern: fix role for non-clustered setups

This commit is contained in:
Markus 2021-07-30 23:44:00 +02:00
parent 0dd467e564
commit 36b75e1c6a
2 changed files with 6 additions and 2 deletions

View File

@ -8,8 +8,10 @@ addLocal('{{ ansible_default_ipv4.address }}')
newServer({address='127.0.0.1:5300', pool='authdns'})
newServer({address='127.0.0.1:5353', pool='resolve'})
{% if dns_secondary is defined %}
-- allow AXFR/IXFR only from slaves
addAction(AndRule({OrRule({QTypeRule(dnsdist.AXFR), QTypeRule(dnsdist.IXFR)}), NotRule(makeRule("{{ dns_secondary }}"))}), RCodeAction(dnsdist.REFUSED))
{% endif %}
-- allow NOTIFY only from master
addAction(AndRule({OpcodeRule(DNSOpcode.Notify), NotRule(makeRule("{{ dns_primary }}"))}), RCodeAction(dnsdist.REFUSED))

View File

@ -5,7 +5,7 @@
# allow-dnsupdate-from A global setting to allow DNS updates from these IP ranges.
#
# allow-dnsupdate-from=127.0.0.0/8,::1
allow-dnsupdate-from=127.0.0.0/8,::1,{{ dhcpd_primary }},{{ dhcpd_secondary }}
allow-dnsupdate-from=127.0.0.0/8,::1,{{ dhcpd_primary }}{% if dhcpd_secondary is defined %},{{ dhcpd_secondary }}{% endif %}
#################################
# dnsupdate Enable/Disable DNS update (RFC2136) support. Default is no.
@ -45,12 +45,14 @@ local-port=5300
# master=no
master=yes
{% if dns_secondary is defined %}
#################################
# only-notify Only send AXFR NOTIFY to these IP addresses or netmasks
#
# only-notify=0.0.0.0/0,::/0
only-notify={{ dns_secondary }}
{% endif %}
{% endif %}
#################################
# security-poll-suffix Domain name from which to query security update notifications
@ -68,7 +70,7 @@ setgid=pdns
#
setuid=pdns
{% if ansible_default_ipv4.address == dns_secondary %}
{% if adns_secondary is defined and ansible_default_ipv4.address == dns_secondary %}
#################################
# slave Act as a slave
#