From 14c453eca75463635ca98560798df14b71466c46 Mon Sep 17 00:00:00 2001 From: Ben Vincent Date: Thu, 24 Apr 2025 23:36:45 +1000 Subject: [PATCH] feat: add reverse dns zones for incus - add reverse dns zones for incus hosts - update acls for openresolver --- hieradata/roles/infra/dns/master.yaml | 85 +++++++++++++++++++++++++ hieradata/roles/infra/dns/resolver.yaml | 11 ++++ 2 files changed, 96 insertions(+) diff --git a/hieradata/roles/infra/dns/master.yaml b/hieradata/roles/infra/dns/master.yaml index e9b81b7..c83c101 100644 --- a/hieradata/roles/infra/dns/master.yaml +++ b/hieradata/roles/infra/dns/master.yaml @@ -9,6 +9,14 @@ profiles::dns::master::acls: - 198.18.15.0/24 - 198.18.16.0/24 - 198.18.17.0/24 + - 198.18.19.0/24 + - 198.18.20.0/24 + - 198.18.24.0/24 + - 198.18.25.0/24 + - 198.18.26.0/24 + - 198.18.27.0/24 + - 198.18.28.0/24 + - 198.18.29.0/24 profiles::dns::master::zones: main.unkin.net: @@ -47,6 +55,72 @@ profiles::dns::master::zones: dynamic: false ns_notify: true source: '/var/named/sources/17.18.198.in-addr.arpa.conf' + 19.18.198.in-addr.arpa: + domain: '19.18.198.in-addr.arpa' + zone_type: 'master' + dynamic: false + ns_notify: true + source: '/var/named/sources/19.18.198.in-addr.arpa.conf' + 20.18.198.in-addr.arpa: + domain: '20.18.198.in-addr.arpa' + zone_type: 'master' + dynamic: false + ns_notify: true + source: '/var/named/sources/20.18.198.in-addr.arpa.conf' + 21.18.198.in-addr.arpa: + domain: '21.18.198.in-addr.arpa' + zone_type: 'master' + dynamic: false + ns_notify: true + source: '/var/named/sources/21.18.198.in-addr.arpa.conf' + 22.18.198.in-addr.arpa: + domain: '22.18.198.in-addr.arpa' + zone_type: 'master' + dynamic: false + ns_notify: true + source: '/var/named/sources/22.18.198.in-addr.arpa.conf' + 23.18.198.in-addr.arpa: + domain: '23.18.198.in-addr.arpa' + zone_type: 'master' + dynamic: false + ns_notify: true + source: '/var/named/sources/23.18.198.in-addr.arpa.conf' + 24.18.198.in-addr.arpa: + domain: '24.18.198.in-addr.arpa' + zone_type: 'master' + dynamic: false + ns_notify: true + source: '/var/named/sources/24.18.198.in-addr.arpa.conf' + 25.18.198.in-addr.arpa: + domain: '25.18.198.in-addr.arpa' + zone_type: 'master' + dynamic: false + ns_notify: true + source: '/var/named/sources/25.18.198.in-addr.arpa.conf' + 26.18.198.in-addr.arpa: + domain: '26.18.198.in-addr.arpa' + zone_type: 'master' + dynamic: false + ns_notify: true + source: '/var/named/sources/26.18.198.in-addr.arpa.conf' + 27.18.198.in-addr.arpa: + domain: '27.18.198.in-addr.arpa' + zone_type: 'master' + dynamic: false + ns_notify: true + source: '/var/named/sources/27.18.198.in-addr.arpa.conf' + 28.18.198.in-addr.arpa: + domain: '28.18.198.in-addr.arpa' + zone_type: 'master' + dynamic: false + ns_notify: true + source: '/var/named/sources/28.18.198.in-addr.arpa.conf' + 29.18.198.in-addr.arpa: + domain: '29.18.198.in-addr.arpa' + zone_type: 'master' + dynamic: false + ns_notify: true + source: '/var/named/sources/29.18.198.in-addr.arpa.conf' profiles::dns::master::views: master-zones: @@ -58,6 +132,17 @@ profiles::dns::master::views: - 15.18.198.in-addr.arpa - 16.18.198.in-addr.arpa - 17.18.198.in-addr.arpa + - 19.18.198.in-addr.arpa + - 20.18.198.in-addr.arpa + - 21.18.198.in-addr.arpa + - 22.18.198.in-addr.arpa + - 23.18.198.in-addr.arpa + - 24.18.198.in-addr.arpa + - 25.18.198.in-addr.arpa + - 26.18.198.in-addr.arpa + - 27.18.198.in-addr.arpa + - 28.18.198.in-addr.arpa + - 29.18.198.in-addr.arpa match_clients: - acl-main.unkin.net diff --git a/hieradata/roles/infra/dns/resolver.yaml b/hieradata/roles/infra/dns/resolver.yaml index f978202..9ec4add 100644 --- a/hieradata/roles/infra/dns/resolver.yaml +++ b/hieradata/roles/infra/dns/resolver.yaml @@ -93,6 +93,17 @@ profiles::dns::resolver::views: - 15.18.198.in-addr.arpa-forward - 16.18.198.in-addr.arpa-forward - 17.18.198.in-addr.arpa-forward + - 19.18.198.in-addr.arpa-forward + - 20.18.198.in-addr.arpa-forward + - 21.18.198.in-addr.arpa-forward + - 22.18.198.in-addr.arpa-forward + - 23.18.198.in-addr.arpa-forward + - 24.18.198.in-addr.arpa-forward + - 25.18.198.in-addr.arpa-forward + - 26.18.198.in-addr.arpa-forward + - 27.18.198.in-addr.arpa-forward + - 28.18.198.in-addr.arpa-forward + - 29.18.198.in-addr.arpa-forward - 8.10.10.in-addr.arpa-forward - 16.10.10.in-addr.arpa-forward - 20.10.10.in-addr.arpa-forward -- 2.47.3