forked from infra/ansible
dns_intern: fix role for non-clustered setups
This commit is contained in:
parent
0dd467e564
commit
36b75e1c6a
@ -8,8 +8,10 @@ addLocal('{{ ansible_default_ipv4.address }}')
|
|||||||
newServer({address='127.0.0.1:5300', pool='authdns'})
|
newServer({address='127.0.0.1:5300', pool='authdns'})
|
||||||
newServer({address='127.0.0.1:5353', pool='resolve'})
|
newServer({address='127.0.0.1:5353', pool='resolve'})
|
||||||
|
|
||||||
|
{% if dns_secondary is defined %}
|
||||||
-- allow AXFR/IXFR only from slaves
|
-- allow AXFR/IXFR only from slaves
|
||||||
addAction(AndRule({OrRule({QTypeRule(dnsdist.AXFR), QTypeRule(dnsdist.IXFR)}), NotRule(makeRule("{{ dns_secondary }}"))}), RCodeAction(dnsdist.REFUSED))
|
addAction(AndRule({OrRule({QTypeRule(dnsdist.AXFR), QTypeRule(dnsdist.IXFR)}), NotRule(makeRule("{{ dns_secondary }}"))}), RCodeAction(dnsdist.REFUSED))
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
-- allow NOTIFY only from master
|
-- allow NOTIFY only from master
|
||||||
addAction(AndRule({OpcodeRule(DNSOpcode.Notify), NotRule(makeRule("{{ dns_primary }}"))}), RCodeAction(dnsdist.REFUSED))
|
addAction(AndRule({OpcodeRule(DNSOpcode.Notify), NotRule(makeRule("{{ dns_primary }}"))}), RCodeAction(dnsdist.REFUSED))
|
||||||
|
@ -5,7 +5,7 @@
|
|||||||
# allow-dnsupdate-from A global setting to allow DNS updates from these IP ranges.
|
# allow-dnsupdate-from A global setting to allow DNS updates from these IP ranges.
|
||||||
#
|
#
|
||||||
# allow-dnsupdate-from=127.0.0.0/8,::1
|
# allow-dnsupdate-from=127.0.0.0/8,::1
|
||||||
allow-dnsupdate-from=127.0.0.0/8,::1,{{ dhcpd_primary }},{{ dhcpd_secondary }}
|
allow-dnsupdate-from=127.0.0.0/8,::1,{{ dhcpd_primary }}{% if dhcpd_secondary is defined %},{{ dhcpd_secondary }}{% endif %}
|
||||||
|
|
||||||
#################################
|
#################################
|
||||||
# dnsupdate Enable/Disable DNS update (RFC2136) support. Default is no.
|
# dnsupdate Enable/Disable DNS update (RFC2136) support. Default is no.
|
||||||
@ -45,12 +45,14 @@ local-port=5300
|
|||||||
# master=no
|
# master=no
|
||||||
master=yes
|
master=yes
|
||||||
|
|
||||||
|
{% if dns_secondary is defined %}
|
||||||
#################################
|
#################################
|
||||||
# only-notify Only send AXFR NOTIFY to these IP addresses or netmasks
|
# only-notify Only send AXFR NOTIFY to these IP addresses or netmasks
|
||||||
#
|
#
|
||||||
# only-notify=0.0.0.0/0,::/0
|
# only-notify=0.0.0.0/0,::/0
|
||||||
only-notify={{ dns_secondary }}
|
only-notify={{ dns_secondary }}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
#################################
|
#################################
|
||||||
# security-poll-suffix Domain name from which to query security update notifications
|
# security-poll-suffix Domain name from which to query security update notifications
|
||||||
@ -68,7 +70,7 @@ setgid=pdns
|
|||||||
#
|
#
|
||||||
setuid=pdns
|
setuid=pdns
|
||||||
|
|
||||||
{% if ansible_default_ipv4.address == dns_secondary %}
|
{% if adns_secondary is defined and ansible_default_ipv4.address == dns_secondary %}
|
||||||
#################################
|
#################################
|
||||||
# slave Act as a slave
|
# slave Act as a slave
|
||||||
#
|
#
|
||||||
|
Loading…
Reference in New Issue
Block a user