aboutsummaryrefslogtreecommitdiffstats
path: root/roles/dns
diff options
context:
space:
mode:
authorAaron LI <aly@aaronly.me>2018-03-03 00:20:58 +0800
committerAaron LI <aly@aaronly.me>2018-03-14 11:35:07 +0800
commit815ca6c58cf9c1e7469ff1bc9659aca426ac293e (patch)
tree80e08030b30fdac3d1031679e08d2c4f78a9a4a7 /roles/dns
parente3e2ee76b6df3f16f8aac92914c07a38170953e8 (diff)
downloadansible-dfly-vps-815ca6c58cf9c1e7469ff1bc9659aca426ac293e.tar.bz2
dns/zones: add zone aaronly.me; update zone liwt.net with mail records
Diffstat (limited to 'roles/dns')
-rw-r--r--roles/dns/templates/zones/aaronly.me.zone.j242
-rw-r--r--roles/dns/templates/zones/liwt.net.zone.j218
2 files changed, 56 insertions, 4 deletions
diff --git a/roles/dns/templates/zones/aaronly.me.zone.j2 b/roles/dns/templates/zones/aaronly.me.zone.j2
new file mode 100644
index 0000000..02b5e9b
--- /dev/null
+++ b/roles/dns/templates/zones/aaronly.me.zone.j2
@@ -0,0 +1,42 @@
+; -*- mode: dns; -*-
+; {{ ansible_managed }}
+{% set domain = "aaronly.me" %}
+{% set hostmaster = "hostmaster." + network.domain %}
+$ORIGIN {{ domain }}.
+$TTL 1h
+
+@ IN SOA {{ nameservers[0].ns[0] }}. {{ hostmaster }}. (
+ {{ domain | next_serial }} ; serial number
+ 1d ; refresh
+ 2h ; retry
+ 4w ; expire
+ 1h ; minimum
+ )
+
+; Name servers
+{% for server in nameservers %}
+{% for ns in server.ns %}
+@ IN NS {{ ns }}. ; {{ server.name }}
+{% endfor %}
+{% endfor %}
+
+@ IN A {{ network.ipv4.address }}
+@ IN AAAA {{ network.ipv6.address }}
+dorm-x42 IN A 58.196.142.84
+office IN A 202.120.52.45
+cluster IN A 202.120.52.63
+liteserver IN A 5.2.70.218
+
+www IN CNAME @
+* IN CNAME @
+
+; Mail server
+{% if domain != network.domain %}
+@ IN MX 10 mail.{{ network.domain }}.
+{% endif %}
+@ IN TXT "v=spf1 mx -all"
+@ IN TXT "google-site-verification={{ mail['google-site-verification'][domain] }}"
+_dmarc IN TXT "v=DMARC1; p={{ mail.dmarc.p }}; sp={{ mail.dmarc.sp }}; pct={{ mail.dmarc.pct }}; aspf={{ mail.dmarc.aspf }}; rua=mailto:{{ mail.dmarc.rua[domain] }};"
+{{ mail.dkim.selector }}._domainkey IN TXT "v=DKIM1; k=rsa; s={{ mail.dkim.selector }}; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu7LZbXj5HBjT5yoMCnCd5eBLBZ1s/WP0hPQSignjEu4pCtOsPf7f/knhDDD7eMOSlOAa91Dq6e8B0aNKfV2m7e88SvHLnWVhH+kUNIdSQRTrTL6Pt1WAH0XjgDcd0f2MB+ho5GIeRJnLWHoRtrSUoBKgMxnvW8aco/Z/z0/qn5Tcsrz7wP/W7c/eX38SRuanrKUVnE8FqvvshZzaPfqe46WrqKDI6mfeYa0up/1ikUWgAHKVZEXTUCPVBUXxHbyK7a6MgZW+BYkYEeypMnYViq9k+TIHNNjlGbOLXqujn2j/L0r7ORjZX16C1qNf54qvMeklDK1+8KW872F6s+kVKwIDAQAB"
+
+; vim: set ft=bindzone:
diff --git a/roles/dns/templates/zones/liwt.net.zone.j2 b/roles/dns/templates/zones/liwt.net.zone.j2
index fc44279..02e649c 100644
--- a/roles/dns/templates/zones/liwt.net.zone.j2
+++ b/roles/dns/templates/zones/liwt.net.zone.j2
@@ -1,6 +1,7 @@
+; -*- mode: dns; -*-
+; {{ ansible_managed }}
{% set domain = "liwt.net" %}
{% set hostmaster = "hostmaster." + network.domain %}
-; {{ ansible_managed }}
$ORIGIN {{ domain }}.
$TTL 1h
@@ -24,6 +25,7 @@ $TTL 1h
1h ; minimum
)
+; Name servers
{% for server in nameservers %}
{% for ns in server.ns %}
@ IN NS {{ ns }}. ; {{ server.name }}
@@ -32,15 +34,23 @@ $TTL 1h
@ IN A {{ network.ipv4.address }}
@ IN AAAA {{ network.ipv6.address }}
-mail IN A {{ network.ipv4.address }}
-mail IN AAAA {{ network.ipv6.address }}
+vultr IN CNAME @
www IN CNAME @
git IN CNAME @
-vultr IN CNAME @
+carddav IN CNAME @
+caldav IN CNAME @
* IN CNAME @
+; Mail server
+{% if domain == network.domain %}
+mail IN A {{ network.ipv4.address }}
+mail IN AAAA {{ network.ipv6.address }}
@ IN MX 10 mail
+{% endif %}
@ IN TXT "v=spf1 mx -all"
+@ IN TXT "google-site-verification={{ mail['google-site-verification'][domain] }}"
+_dmarc IN TXT "v=DMARC1; p={{ mail.dmarc.p }}; sp={{ mail.dmarc.sp }}; pct={{ mail.dmarc.pct }}; aspf={{ mail.dmarc.aspf }}; rua=mailto:{{ mail.dmarc.rua[domain] }};"
+{{ mail.dkim.selector }}._domainkey IN TXT "v=DKIM1; k=rsa; s={{ mail.dkim.selector }}; p=???"
; vim: set ft=bindzone: