From e0707696ff351f363a0461d2df0eaf811a0914ff Mon Sep 17 00:00:00 2001
From: Ben Vincent <ben@unkin.net>
Date: Sun, 6 Apr 2025 16:41:48 +1000
Subject: [PATCH] feat: update dns resolver acls

- add dmz acl
- add common acl
- add loopback/ceph/physical subnets to main acl
---
 hieradata/roles/infra/dns/resolver.yaml | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/hieradata/roles/infra/dns/resolver.yaml b/hieradata/roles/infra/dns/resolver.yaml
index f39588c..f978202 100644
--- a/hieradata/roles/infra/dns/resolver.yaml
+++ b/hieradata/roles/infra/dns/resolver.yaml
@@ -10,6 +10,22 @@ profiles::dns::resolver::acls:
       - 198.18.15.0/24
       - 198.18.16.0/24
       - 198.18.17.0/24
+      - 198.18.18.0/24
+      - 198.18.19.0/24
+      - 198.18.20.0/24
+      - 198.18.21.0/24
+      - 198.18.22.0/24
+      - 198.18.23.0/24
+  acl-dmz:
+    addresses:
+      - 198.18.24.0/24
+  acl-common:
+    addresses:
+      - 198.18.25.0/24
+      - 198.18.26.0/24
+      - 198.18.27.0/24
+      - 198.18.28.0/24
+      - 198.18.29.0/24
   acl-nomad-jobs:
     addresses:
       - 198.18.64.0/24
@@ -83,3 +99,4 @@ profiles::dns::resolver::views:
     match_clients:
       - acl-main.unkin.net
       - acl-nomad-jobs
+      - acl-common
-- 
2.47.3