role/dns: configure NSD as the stealth master with 2 domains

* Add "network" and "nsd" variables
* Install and configure NSD as the authoritative stealth master server
* Allow notify and transfer to slave masters:
  - freedns.afraid.org
  - 1984hosting.com
* Add preliminary zone files for domains:
  - 233233.xyz
  - 1314233.xyz

1 files changed, 38 insertions, 0 deletions

diff --git a/roles/dns/templates/zones/233233.xyz.zone.j2 b/roles/dns/templates/zones/233233.xyz.zone.j2
new file mode 100644
index 0000000..9a71750
--- /dev/null
+++ b/roles/dns/templates/zones/233233.xyz.zone.j2
@@ -0,0 +1,38 @@
+$ORIGIN 233233.xyz.
+$TTL 1h
+
+; WARNING:
+; A CNAME record is NOT allowed to coexist with *any other* data!
+; Therefore one can't have a CNAME Record at the zone root, because
+; the zone root must have two mandatory records: SOA and NS.
+;
+; According to the specification: if a CNAME RR is present at a node,
+; no other data should be present; this ensures that the data for a
+; canonical name and its aliases cannot be different.  This rule also
+; insures that a cached CNAME can be used without checking with an
+; authoritative server for other RR types.
+
+@           IN  SOA     ns.233233.xyz.  admin.233233.xyz.  (
+                        2018022123  ; serial number
+                        1d          ; refresh
+                        2h          ; retry
+                        4w          ; expire
+                        1h          ; minimum TTL
+                        )
+
+@           IN  NS      ns2.afraid.org.
+
+;@           IN  MX  10  mail.233233.xyz.
+
+@           IN  A       {{ network.ipv4.address }}
+@           IN  AAAA    {{ network.ipv6.address }}
+;mail        IN  A       {{ network.ipv4.address }}
+;mail        IN  AAAA    {{ network.ipv6.address }}
+
+www         IN  CNAME   @
+g           IN  CNAME   @
+zw          IN  CNAME   @
+
+;@           IN  TXT     "v=spf1 mx -all"
+
+; vim: set ft=bindzone :