From 554d24a0cdd8890380dc46e057b49ccc22c0499f Mon Sep 17 00:00:00 2001 From: Ben Vincent Date: Sun, 6 Jul 2025 18:49:23 +1000 Subject: [PATCH] feat: add unkin.net domain - manage the unkin.net domain - ensure forwarding for unkin.net - split domain from cname list and set zone correctly - add fafflix to cnames list for haproxy2 --- .../au/region/syd1/infra/halb/haproxy2.yaml | 1 + hieradata/roles/infra/dns/master.yaml | 7 ++++ hieradata/roles/infra/dns/resolver.yaml | 6 ++++ site/profiles/manifests/dns/master.pp | 33 +++++++++++++++---- site/profiles/manifests/dns/zone.pp | 1 + site/profiles/manifests/haproxy/dns.pp | 22 ++++++++----- site/profiles/templates/base/hosts.erb | 1 - site/profiles/templates/dns/zone_header.erb | 7 ++++ 8 files changed, 63 insertions(+), 15 deletions(-) diff --git a/hieradata/country/au/region/syd1/infra/halb/haproxy2.yaml b/hieradata/country/au/region/syd1/infra/halb/haproxy2.yaml index 952ddeb..0c7dae0 100644 --- a/hieradata/country/au/region/syd1/infra/halb/haproxy2.yaml +++ b/hieradata/country/au/region/syd1/infra/halb/haproxy2.yaml @@ -8,6 +8,7 @@ profiles::haproxy::dns::vrrp_cnames: - prowlarr.main.unkin.net - nzbget.main.unkin.net - git.unkin.net + - fafflix.unkin.net profiles::haproxy::mappings: fe_http: diff --git a/hieradata/roles/infra/dns/master.yaml b/hieradata/roles/infra/dns/master.yaml index ddd92d0..19f0537 100644 --- a/hieradata/roles/infra/dns/master.yaml +++ b/hieradata/roles/infra/dns/master.yaml @@ -22,6 +22,12 @@ profiles::dns::master::acls: - 198.18.29.0/24 profiles::dns::master::zones: + unkin.net: + domain: 'unkin.net' + zone_type: 'master' + dynamic: false + ns_notify: true + source: '/var/named/sources/unkin.net.conf' main.unkin.net: domain: 'main.unkin.net' zone_type: 'master' @@ -129,6 +135,7 @@ profiles::dns::master::views: master-zones: recursion: false zones: + - unkin.net - main.unkin.net - 13.18.198.in-addr.arpa - 14.18.198.in-addr.arpa diff --git a/hieradata/roles/infra/dns/resolver.yaml b/hieradata/roles/infra/dns/resolver.yaml index c70ee5e..7ac0eb4 100644 --- a/hieradata/roles/infra/dns/resolver.yaml +++ b/hieradata/roles/infra/dns/resolver.yaml @@ -81,6 +81,11 @@ profiles::dns::resolver::zones: - 10.10.16.32 - 10.10.16.33 forward: 'only' + unkin.net-forward: + domain: 'unkin.net' + zone_type: 'forward' + forwarders: "%{alias('profiles_dns_upstream_forwarder_unkin')}" + forward: 'only' main.unkin.net-forward: domain: 'main.unkin.net' zone_type: 'forward' @@ -176,6 +181,7 @@ profiles::dns::resolver::views: openforwarder: recursion: true zones: + - unkin.net-forward - main.unkin.net-forward - dmz.unkin.net-forward - network.unkin.net-forward diff --git a/site/profiles/manifests/dns/master.pp b/site/profiles/manifests/dns/master.pp index 440325e..55b2946 100644 --- a/site/profiles/manifests/dns/master.pp +++ b/site/profiles/manifests/dns/master.pp @@ -26,6 +26,18 @@ class profiles::dns::master ( } } + # create a hash of hostname => ip, which will be used to create glue records + $glue_records_map = $ns_role ? { + undef => { + $facts['networking']['fqdn'] => $facts['networking']['ip'] + }, + default => $nameservers_array.reduce({}) |$acc, $fqdn| { + $result = query_nodes("networking.fqdn='${fqdn}'", 'networking.ip') + $ip = $result[0] + $acc + { "${fqdn}." => $ip } + } + } + # if nameservers is empty, use the current host, otherwise use nameservers_array as nameservers $nameservers = empty($nameservers_array) ? { true => [$facts['networking']['fqdn']], @@ -51,14 +63,23 @@ class profiles::dns::master ( # create zones $zones.each | String $name, Hash $data | { + + # only add glue records when the domain isnt reverse dns, or main.unkin.net + # - since the hosts will already be in main.unkin.net if $data['zone_type'] == 'master' { + $glue_records = $data['domain'] ? { + /in-addr\.arpa$/ => undef, + 'main.unkin.net' => undef, + default => $glue_records_map, + } profiles::dns::zone { $name: - zone => $data['domain'], - basedir => $basedir, - nameservers => sort($nameservers), - owner => $owner, - group => $group, - before => Bind::Zone[$name] + zone => $data['domain'], + basedir => $basedir, + nameservers => sort($nameservers), + owner => $owner, + group => $group, + before => Bind::Zone[$name], + glue_records => $glue_records, } } } diff --git a/site/profiles/manifests/dns/zone.pp b/site/profiles/manifests/dns/zone.pp index f3de4fd..84ad218 100644 --- a/site/profiles/manifests/dns/zone.pp +++ b/site/profiles/manifests/dns/zone.pp @@ -5,6 +5,7 @@ define profiles::dns::zone ( Stdlib::AbsolutePath $basedir, String $owner, String $group, + Optional[Hash[String, String]] $glue_records = {}, ) { # Define the concat resource for the zone file diff --git a/site/profiles/manifests/haproxy/dns.pp b/site/profiles/manifests/haproxy/dns.pp index 875da68..721f5f7 100644 --- a/site/profiles/manifests/haproxy/dns.pp +++ b/site/profiles/manifests/haproxy/dns.pp @@ -18,11 +18,13 @@ class profiles::haproxy::dns ( # export cnames for haproxy applications $cnames.each |$cname| { + $parts = split($cname, '\.') + $domain = join($parts[1, $parts.length], '.') profiles::dns::record { "${::facts['networking']['fqdn']}_${cname}_CNAME": value => "${location_environment}-halb", type => 'CNAME', record => "${cname}.", - zone => $::facts['networking']['domain'], + zone => $domain, order => $order, } } @@ -41,20 +43,24 @@ class profiles::haproxy::dns ( # if this is the first host in the returned filter, export a/cnames for haproxy applications if $servers_array[0] == $trusted['certname'] { - profiles::dns::record { "${facts['networking']['fqdn']}_vrrp_${location_environment}-halb-vrrp": - value => $ipaddr, - type => 'A', - record => "${location_environment}-halb-vrrp", - zone => $::facts['networking']['domain'], - order => $order, + ['main.unkin.net', 'unkin.net'].each |$domain| { + profiles::dns::record { "${facts['networking']['fqdn']}_vrrp_${domain}_${location_environment}-halb-vrrp": + value => $ipaddr, + type => 'A', + record => "${location_environment}-halb-vrrp", + zone => $domain, + order => $order, + } } $vrrp_cnames.each |$cname| { + $parts = split($cname, '\.') + $domain = join($parts[1, $parts.length], '.') profiles::dns::record { "${::facts['networking']['fqdn']}_${cname}_CNAME": value => "${location_environment}-halb-vrrp", type => 'CNAME', record => "${cname}.", - zone => $::facts['networking']['domain'], + zone => $domain, order => $order, } } diff --git a/site/profiles/templates/base/hosts.erb b/site/profiles/templates/base/hosts.erb index 9e40bb7..c41ef08 100644 --- a/site/profiles/templates/base/hosts.erb +++ b/site/profiles/templates/base/hosts.erb @@ -4,7 +4,6 @@ <%= @facts['networking']['ip'] %> <%= @fqdn %> <%= @hostname %> 127.0.0.1 localhost.localdomain localhost 127.0.0.1 localhost4.localdomain4 localhost4 -198.18.19.17 git.unkin.net <% @additional_hosts.each do |host| -%> <%= host['ip'] %> <%= host['hostname'] %> <%= host['aliases'].join(' ') if host['aliases'] %> diff --git a/site/profiles/templates/dns/zone_header.erb b/site/profiles/templates/dns/zone_header.erb index 563ccc9..6c1732e 100644 --- a/site/profiles/templates/dns/zone_header.erb +++ b/site/profiles/templates/dns/zone_header.erb @@ -8,6 +8,13 @@ $TTL 600 2419200 ; Expire 600 ) ; Negative Cache TTL +<% unless @glue_records.empty? -%> +; Glue records for nameservers +<% @glue_records.each do |fqdn, ip| -%> +<%= fqdn %> IN A <%= ip %> +<% end -%> + +<% end -%> ; Name servers <% @nameservers.each do |ns| -%> @ IN NS <%= ns %>. -- 2.47.3