From 5d08e604d2f89ab37c3b79fa8ab6c3d27229f4ce Mon Sep 17 00:00:00 2001 From: Ben Vincent Date: Sat, 4 Jul 2026 21:25:07 +1000 Subject: [PATCH] Trim resolver forward zones to internal upstreams Drops the six forward zones that pointed at the 10.10.16.x upstreams (dmz/network/prod.unkin.net + 8/16/20.10.10.in-addr.arpa); 198.18.19.15 is the authoritative for the remaining unkin zones. Consul left as-is. --- .../resolvers/forward-zones.yaml | 97 +------------------ 1 file changed, 3 insertions(+), 94 deletions(-) diff --git a/apps/base/bind-internal/resolvers/forward-zones.yaml b/apps/base/bind-internal/resolvers/forward-zones.yaml index ac2a37b..6c23c1b 100644 --- a/apps/base/bind-internal/resolvers/forward-zones.yaml +++ b/apps/base/bind-internal/resolvers/forward-zones.yaml @@ -1,7 +1,6 @@ -# Conditional forward zones, mirrored from puppet openforwarder view. -# Upstreams are the puppet anycast servers (unkin 198.18.19.15, consul .14, -# k8s .20); flip to the in-cluster authoritative/externaldns LBs once zone -# data is migrated. +# Conditional forward zones, from the puppet openforwarder view. +# Upstreams: unkin authoritative 198.18.19.15, consul 198.18.19.14, k8s 198.18.19.20. +# (Zones that forwarded to 10.10.16.x were dropped; consul left as-is.) --- apiVersion: bind.unkin.net/v1alpha1 kind: BindZone @@ -33,51 +32,6 @@ spec: --- apiVersion: bind.unkin.net/v1alpha1 kind: BindZone -metadata: - name: fwd-dmz-unkin-net - namespace: bind-internal -spec: - clusterRef: bind-resolvers - viewRef: openforwarder - zoneName: dmz.unkin.net - type: forward - catalog: false - forwarders: - - 10.10.16.32 - - 10.10.16.33 ---- -apiVersion: bind.unkin.net/v1alpha1 -kind: BindZone -metadata: - name: fwd-network-unkin-net - namespace: bind-internal -spec: - clusterRef: bind-resolvers - viewRef: openforwarder - zoneName: network.unkin.net - type: forward - catalog: false - forwarders: - - 10.10.16.32 - - 10.10.16.33 ---- -apiVersion: bind.unkin.net/v1alpha1 -kind: BindZone -metadata: - name: fwd-prod-unkin-net - namespace: bind-internal -spec: - clusterRef: bind-resolvers - viewRef: openforwarder - zoneName: prod.unkin.net - type: forward - catalog: false - forwarders: - - 10.10.16.32 - - 10.10.16.33 ---- -apiVersion: bind.unkin.net/v1alpha1 -kind: BindZone metadata: name: fwd-consul namespace: bind-internal @@ -327,48 +281,3 @@ spec: catalog: false forwarders: - 198.18.19.15 ---- -apiVersion: bind.unkin.net/v1alpha1 -kind: BindZone -metadata: - name: fwd-8-10-10-in-addr-arpa - namespace: bind-internal -spec: - clusterRef: bind-resolvers - viewRef: openforwarder - zoneName: 8.10.10.in-addr.arpa - type: forward - catalog: false - forwarders: - - 10.10.16.32 - - 10.10.16.33 ---- -apiVersion: bind.unkin.net/v1alpha1 -kind: BindZone -metadata: - name: fwd-16-10-10-in-addr-arpa - namespace: bind-internal -spec: - clusterRef: bind-resolvers - viewRef: openforwarder - zoneName: 16.10.10.in-addr.arpa - type: forward - catalog: false - forwarders: - - 10.10.16.32 - - 10.10.16.33 ---- -apiVersion: bind.unkin.net/v1alpha1 -kind: BindZone -metadata: - name: fwd-20-10-10-in-addr-arpa - namespace: bind-internal -spec: - clusterRef: bind-resolvers - viewRef: openforwarder - zoneName: 20.10.10.in-addr.arpa - type: forward - catalog: false - forwarders: - - 10.10.16.32 - - 10.10.16.33