From 5422d3ad826a4d187280500c3e79b1769d7c8f8e Mon Sep 17 00:00:00 2001 From: Markus Hauschild Date: Wed, 25 Nov 2020 18:27:25 +0100 Subject: [PATCH] dns_*: remove TLS on localhost --- roles/dns_resolver/templates/dnsdist.conf.j2 | 2 -- roles/dns_split/templates/dnsdist.conf.j2 | 11 ++++++----- 2 files changed, 6 insertions(+), 7 deletions(-) diff --git a/roles/dns_resolver/templates/dnsdist.conf.j2 b/roles/dns_resolver/templates/dnsdist.conf.j2 index 773a1a6..b652b18 100644 --- a/roles/dns_resolver/templates/dnsdist.conf.j2 +++ b/roles/dns_resolver/templates/dnsdist.conf.j2 @@ -10,8 +10,6 @@ addACL('2001:678:ddc::/48') newServer({address='127.0.0.1:5300', qps=1, name='localhost'}) -addTLSLocal('127.0.0.1','/etc/dnsdist/{{ ansible_fqdn }}.crt', '/etc/dnsdist/{{ ansible_fqdn }}.key') -addTLSLocal('::1','/etc/dnsdist/{{ ansible_fqdn }}.crt', '/etc/dnsdist/{{ ansible_fqdn }}.key') addTLSLocal('{{ ansible_default_ipv4.address }}', '/etc/dnsdist/{{ ansible_fqdn }}.crt', '/etc/dnsdist/{{ ansible_fqdn }}.key') addTLSLocal('{{ ansible_default_ipv6.address }}', '/etc/dnsdist/{{ ansible_fqdn }}.crt', '/etc/dnsdist/{{ ansible_fqdn }}.key') diff --git a/roles/dns_split/templates/dnsdist.conf.j2 b/roles/dns_split/templates/dnsdist.conf.j2 index 5ec5687..38e555b 100644 --- a/roles/dns_split/templates/dnsdist.conf.j2 +++ b/roles/dns_split/templates/dnsdist.conf.j2 @@ -2,11 +2,12 @@ setLocal('127.0.0.1:5353') -newServer({address="127.0.0.1", qps=1, name="localhost"}) +newServer({address='127.0.0.1', qps=1, name='localhost'}) -addTLSLocal('127.0.0.1','/etc/dnsdist/{{ ansible_fqdn }}.crt', '/etc/dnsdist/{{ ansible_fqdn }}.key') -addTLSLocal('{{ batman_ipv4 | ipaddr('address') }}','/etc/dnsdist/{{ ansible_fqdn }}.crt', '/etc/dnsdist/{{ ansible_fqdn }}.key') -addTLSLocal('{{ batman_ipv6 | ipaddr('address') }}','/etc/dnsdist/{{ ansible_fqdn }}.crt', '/etc/dnsdist/{{ ansible_fqdn }}.key') +addTLSLocal('{{ batman_ipv4 | ipaddr('address') }}', '/etc/dnsdist/{{ ansible_fqdn }}.crt', '/etc/dnsdist/{{ ansible_fqdn }}.key') +addTLSLocal('{{ batman_ipv6 | ipaddr('address') }}', '/etc/dnsdist/{{ ansible_fqdn }}.crt', '/etc/dnsdist/{{ ansible_fqdn }}.key') + +webserver('0.0.0.0:8053', '{{ prometheus_dnsdist_pass }}', '{{ prometheus_dnsdist_pass }}', {}, '194.156.22.3, 2001:678:ddc::3') -- disable security status polling via DNS -setSecurityPollSuffix("") +setSecurityPollSuffix('')