From 36b75e1c6ae9f15778750d9a5957b969f3a06154 Mon Sep 17 00:00:00 2001 From: Markus Hauschild Date: Fri, 30 Jul 2021 23:44:00 +0200 Subject: [PATCH] dns_intern: fix role for non-clustered setups --- roles/dns_intern/templates/dnsdist.conf.j2 | 2 ++ roles/dns_intern/templates/pdns.conf.j2 | 6 ++++-- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/roles/dns_intern/templates/dnsdist.conf.j2 b/roles/dns_intern/templates/dnsdist.conf.j2 index 2ddf3dc..a852e28 100644 --- a/roles/dns_intern/templates/dnsdist.conf.j2 +++ b/roles/dns_intern/templates/dnsdist.conf.j2 @@ -8,8 +8,10 @@ addLocal('{{ ansible_default_ipv4.address }}') newServer({address='127.0.0.1:5300', pool='authdns'}) newServer({address='127.0.0.1:5353', pool='resolve'}) +{% if dns_secondary is defined %} -- allow AXFR/IXFR only from slaves addAction(AndRule({OrRule({QTypeRule(dnsdist.AXFR), QTypeRule(dnsdist.IXFR)}), NotRule(makeRule("{{ dns_secondary }}"))}), RCodeAction(dnsdist.REFUSED)) +{% endif %} -- allow NOTIFY only from master addAction(AndRule({OpcodeRule(DNSOpcode.Notify), NotRule(makeRule("{{ dns_primary }}"))}), RCodeAction(dnsdist.REFUSED)) diff --git a/roles/dns_intern/templates/pdns.conf.j2 b/roles/dns_intern/templates/pdns.conf.j2 index 9945e4f..f1da075 100644 --- a/roles/dns_intern/templates/pdns.conf.j2 +++ b/roles/dns_intern/templates/pdns.conf.j2 @@ -5,7 +5,7 @@ # allow-dnsupdate-from A global setting to allow DNS updates from these IP ranges. # # allow-dnsupdate-from=127.0.0.0/8,::1 -allow-dnsupdate-from=127.0.0.0/8,::1,{{ dhcpd_primary }},{{ dhcpd_secondary }} +allow-dnsupdate-from=127.0.0.0/8,::1,{{ dhcpd_primary }}{% if dhcpd_secondary is defined %},{{ dhcpd_secondary }}{% endif %} ################################# # dnsupdate Enable/Disable DNS update (RFC2136) support. Default is no. @@ -45,12 +45,14 @@ local-port=5300 # master=no master=yes +{% if dns_secondary is defined %} ################################# # only-notify Only send AXFR NOTIFY to these IP addresses or netmasks # # only-notify=0.0.0.0/0,::/0 only-notify={{ dns_secondary }} {% endif %} +{% endif %} ################################# # security-poll-suffix Domain name from which to query security update notifications @@ -68,7 +70,7 @@ setgid=pdns # setuid=pdns -{% if ansible_default_ipv4.address == dns_secondary %} +{% if adns_secondary is defined and ansible_default_ipv4.address == dns_secondary %} ################################# # slave Act as a slave #