dns_*: remove TLS on localhost

2020-11-25 18:27:25 +01:00 · 2020-11-25 18:27:25 +01:00 · 5422d3ad82
commit 5422d3ad82
parent 0baec7972f
2 changed files with 6 additions and 7 deletions
--- a/roles/dns_resolver/templates/dnsdist.conf.j2
+++ b/roles/dns_resolver/templates/dnsdist.conf.j2
@ -10,8 +10,6 @@ addACL('2001:678:ddc::/48')

 newServer({address='127.0.0.1:5300', qps=1, name='localhost'})

-addTLSLocal('127.0.0.1','/etc/dnsdist/{{ ansible_fqdn }}.crt', '/etc/dnsdist/{{ ansible_fqdn }}.key')
-addTLSLocal('::1','/etc/dnsdist/{{ ansible_fqdn }}.crt', '/etc/dnsdist/{{ ansible_fqdn }}.key')
 addTLSLocal('{{ ansible_default_ipv4.address }}', '/etc/dnsdist/{{ ansible_fqdn }}.crt', '/etc/dnsdist/{{ ansible_fqdn }}.key')
 addTLSLocal('{{ ansible_default_ipv6.address }}', '/etc/dnsdist/{{ ansible_fqdn }}.crt', '/etc/dnsdist/{{ ansible_fqdn }}.key')

--- a/roles/dns_split/templates/dnsdist.conf.j2
+++ b/roles/dns_split/templates/dnsdist.conf.j2
@ -2,11 +2,12 @@

 setLocal('127.0.0.1:5353')

-newServer({address="127.0.0.1", qps=1, name="localhost"})
+newServer({address='127.0.0.1', qps=1, name='localhost'})

-addTLSLocal('127.0.0.1','/etc/dnsdist/{{ ansible_fqdn }}.crt', '/etc/dnsdist/{{ ansible_fqdn }}.key')
-addTLSLocal('{{ batman_ipv4 | ipaddr('address') }}','/etc/dnsdist/{{ ansible_fqdn }}.crt', '/etc/dnsdist/{{ ansible_fqdn }}.key')
-addTLSLocal('{{ batman_ipv6 | ipaddr('address') }}','/etc/dnsdist/{{ ansible_fqdn }}.crt', '/etc/dnsdist/{{ ansible_fqdn }}.key')
+addTLSLocal('{{ batman_ipv4 | ipaddr('address') }}', '/etc/dnsdist/{{ ansible_fqdn }}.crt', '/etc/dnsdist/{{ ansible_fqdn }}.key')
+addTLSLocal('{{ batman_ipv6 | ipaddr('address') }}', '/etc/dnsdist/{{ ansible_fqdn }}.crt', '/etc/dnsdist/{{ ansible_fqdn }}.key')
+
+webserver('0.0.0.0:8053', '{{ prometheus_dnsdist_pass }}', '{{ prometheus_dnsdist_pass }}', {}, '194.156.22.3, 2001:678:ddc::3')

 -- disable security status polling via DNS
-setSecurityPollSuffix("")
+setSecurityPollSuffix('')