hieradata/country/au/region/syd1/infra/halb/haproxy2.yaml

@@ -8,6 +8,7 @@ profiles::haproxy::dns::vrrp_cnames:
   - prowlarr.main.unkin.net
   - nzbget.main.unkin.net
   - git.unkin.net
+  - fafflix.unkin.net
 
 profiles::haproxy::mappings:
   fe_http:

hieradata/roles/infra/dns/master.yaml

@@ -22,6 +22,12 @@ profiles::dns::master::acls:
       - 198.18.29.0/24
 
 profiles::dns::master::zones:
+  unkin.net:
+    domain: 'unkin.net'
+    zone_type: 'master'
+    dynamic: false
+    ns_notify: true
+    source: '/var/named/sources/unkin.net.conf'
   main.unkin.net:
     domain: 'main.unkin.net'
     zone_type: 'master'
@@ -129,6 +135,7 @@ profiles::dns::master::views:
   master-zones:
     recursion: false
     zones:
+      - unkin.net
       - main.unkin.net
       - 13.18.198.in-addr.arpa
       - 14.18.198.in-addr.arpa

hieradata/roles/infra/dns/resolver.yaml

@@ -81,6 +81,11 @@ profiles::dns::resolver::zones:
       - 10.10.16.32
       - 10.10.16.33
     forward: 'only'
+  unkin.net-forward:
+    domain: 'unkin.net'
+    zone_type: 'forward'
+    forwarders: "%{alias('profiles_dns_upstream_forwarder_unkin')}"
+    forward: 'only'
   main.unkin.net-forward:
     domain: 'main.unkin.net'
     zone_type: 'forward'
@@ -176,6 +181,7 @@ profiles::dns::resolver::views:
   openforwarder:
     recursion: true
     zones:
+      - unkin.net-forward
       - main.unkin.net-forward
       - dmz.unkin.net-forward
       - network.unkin.net-forward

site/profiles/manifests/dns/master.pp

@@ -26,6 +26,18 @@ class profiles::dns::master (
     }
   }
 
+  # create a hash of hostname => ip, which will be used to create glue records
+  $glue_records_map = $ns_role ? {
+    undef => {
+      $facts['networking']['fqdn'] => $facts['networking']['ip']
+    },
+    default => $nameservers_array.reduce({}) |$acc, $fqdn| {
+      $result = query_nodes("networking.fqdn='${fqdn}'", 'networking.ip')
+      $ip = $result[0]
+      $acc + { "${fqdn}." => $ip }
+    }
+  }
+
   # if nameservers is empty, use the current host, otherwise use nameservers_array as nameservers
   $nameservers = empty($nameservers_array) ? {
     true  => [$facts['networking']['fqdn']],
@@ -51,14 +63,23 @@ class profiles::dns::master (
 
   # create zones
   $zones.each | String $name, Hash $data | {
+
+    # only add glue records when the domain isnt reverse dns, or main.unkin.net
+    # - since the hosts will already be in main.unkin.net
     if $data['zone_type'] == 'master' {
+      $glue_records = $data['domain'] ? {
+        /in-addr\.arpa$/ => undef,
+        'main.unkin.net' => undef,
+        default => $glue_records_map,
+      }
       profiles::dns::zone { $name:
-        zone        => $data['domain'],
+        zone         => $data['domain'],
-        basedir     => $basedir,
+        basedir      => $basedir,
-        nameservers => sort($nameservers),
+        nameservers  => sort($nameservers),
-        owner       => $owner,
+        owner        => $owner,
-        group       => $group,
+        group        => $group,
-        before      => Bind::Zone[$name]
+        before       => Bind::Zone[$name],
+        glue_records => $glue_records,
       }
     }
   }

site/profiles/manifests/dns/zone.pp

@@ -5,6 +5,7 @@ define profiles::dns::zone (
   Stdlib::AbsolutePath $basedir,
   String               $owner,
   String               $group,
+  Optional[Hash[String, String]] $glue_records = {},
 ) {
 
   # Define the concat resource for the zone file

site/profiles/manifests/haproxy/dns.pp

@@ -18,11 +18,13 @@ class profiles::haproxy::dns (
 
   # export cnames for haproxy applications
   $cnames.each |$cname| {
+    $parts = split($cname, '\.')
+    $domain = join($parts[1, $parts.length], '.')
     profiles::dns::record { "${::facts['networking']['fqdn']}_${cname}_CNAME":
       value  => "${location_environment}-halb",
       type   => 'CNAME',
       record => "${cname}.",
-      zone   => $::facts['networking']['domain'],
+      zone   => $domain,
       order  => $order,
     }
   }
@@ -41,20 +43,24 @@ class profiles::haproxy::dns (
 
     # if this is the first host in the returned filter, export a/cnames for haproxy applications
     if $servers_array[0] == $trusted['certname'] {
-      profiles::dns::record { "${facts['networking']['fqdn']}_vrrp_${location_environment}-halb-vrrp":
+      ['main.unkin.net', 'unkin.net'].each |$domain| {
-        value  => $ipaddr,
+        profiles::dns::record { "${facts['networking']['fqdn']}_vrrp_${domain}_${location_environment}-halb-vrrp":
-        type   => 'A',
+          value  => $ipaddr,
-        record => "${location_environment}-halb-vrrp",
+          type   => 'A',
-        zone   => $::facts['networking']['domain'],
+          record => "${location_environment}-halb-vrrp",
-        order  => $order,
+          zone   => $domain,
+          order  => $order,
+        }
       }
 
       $vrrp_cnames.each |$cname| {
+        $parts = split($cname, '\.')
+        $domain = join($parts[1, $parts.length], '.')
         profiles::dns::record { "${::facts['networking']['fqdn']}_${cname}_CNAME":
           value  => "${location_environment}-halb-vrrp",
           type   => 'CNAME',
           record => "${cname}.",
-          zone   => $::facts['networking']['domain'],
+          zone   => $domain,
           order  => $order,
         }
       }

site/profiles/templates/base/hosts.erb

@@ -4,7 +4,6 @@
 <%= @facts['networking']['ip'] %> <%= @fqdn %> <%= @hostname %>
 127.0.0.1 localhost.localdomain localhost
 127.0.0.1 localhost4.localdomain4 localhost4
-198.18.19.17 git.unkin.net
 
 <% @additional_hosts.each do |host| -%>
 <%= host['ip'] %>  <%= host['hostname'] %>  <%= host['aliases'].join(' ') if host['aliases'] %>

site/profiles/templates/dns/zone_header.erb

@@ -8,6 +8,13 @@ $TTL 600
         2419200    ; Expire
         600 )      ; Negative Cache TTL
 
+<% unless @glue_records.empty? -%>
+; Glue records for nameservers
+<% @glue_records.each do |fqdn, ip| -%>
+<%= fqdn %> IN A <%= ip %>
+<% end -%>
+
+<% end -%>
 ; Name servers
 <% @nameservers.each do |ns| -%>
 @   IN  NS    <%= ns %>.