diff options
| -rw-r--r-- | roles/dns/tasks/main.yml | 8 | ||||
| -rw-r--r-- | roles/dns/templates/zones/1314233.xyz.zone.j2 | 23 | ||||
| -rw-r--r-- | roles/dns/templates/zones/233233.xyz.zone.j2 | 39 | ||||
| -rw-r--r-- | roles/dns/templates/zones/liwt.net.zone.j2 | 46 |
4 files changed, 80 insertions, 36 deletions
diff --git a/roles/dns/tasks/main.yml b/roles/dns/tasks/main.yml index fe2a53a..cc5c07a 100644 --- a/roles/dns/tasks/main.yml +++ b/roles/dns/tasks/main.yml @@ -70,9 +70,11 @@ - name: NSD - generate zone files template: - src: "zones/{{ item }}.zone.j2" - dest: "/usr/local/etc/nsd/zones/{{ item }}.zone" - with_items: "{{ domains }}" + src: "{{ item }}" + dest: /usr/local/etc/nsd/zones/{{ item | basename | regex_replace('\.j2', '') }} + # NOTE: `with_fileglob` always operates from `files/` + with_fileglob: + - "../templates/zones/*.j2" notify: reload-nsd - name: NSD - enable and start service diff --git a/roles/dns/templates/zones/1314233.xyz.zone.j2 b/roles/dns/templates/zones/1314233.xyz.zone.j2 index ede92da..5511c6e 100644 --- a/roles/dns/templates/zones/1314233.xyz.zone.j2 +++ b/roles/dns/templates/zones/1314233.xyz.zone.j2 @@ -1,21 +1,26 @@ -$ORIGIN 1314233.xyz. -$TTL 1h +{% set domain = "1314233.xyz" %} +{% set hostmaster = "hostmaster." + network.domain %} +; {{ ansible_managed }} +$ORIGIN {{ domain }}. +$TTL 1h -@ IN SOA ns.1314233.xyz. admin.1314233.xyz. ( - 2018022120 ; serial number +@ IN SOA {{ nameservers[0].ns[0] }}. {{ hostmaster }}. ( + {{ domain | next_serial }} ; serial number 1d ; refresh 2h ; retry 4w ; expire 1h ; minimum TTL ) -@ IN NS ns2.afraid.org. +{% for server in nameservers %} +{% for ns in server.ns %} +@ IN NS {{ ns }}. ; {{ server.name }} +{% endfor %} +{% endfor %} @ IN A {{ network.ipv4.address }} @ IN AAAA {{ network.ipv6.address }} -www IN CNAME www.233233.xyz. -g IN CNAME g.233233.xyz. -zw IN CNAME zw.233233.xyz. +* IN CNAME @ -; vim: set ft=bindzone : +; vim: set ft=bindzone: diff --git a/roles/dns/templates/zones/233233.xyz.zone.j2 b/roles/dns/templates/zones/233233.xyz.zone.j2 index 9a71750..4067cea 100644 --- a/roles/dns/templates/zones/233233.xyz.zone.j2 +++ b/roles/dns/templates/zones/233233.xyz.zone.j2 @@ -1,38 +1,29 @@ -$ORIGIN 233233.xyz. -$TTL 1h - -; WARNING: -; A CNAME record is NOT allowed to coexist with *any other* data! -; Therefore one can't have a CNAME Record at the zone root, because -; the zone root must have two mandatory records: SOA and NS. -; -; According to the specification: if a CNAME RR is present at a node, -; no other data should be present; this ensures that the data for a -; canonical name and its aliases cannot be different. This rule also -; insures that a cached CNAME can be used without checking with an -; authoritative server for other RR types. - -@ IN SOA ns.233233.xyz. admin.233233.xyz. ( - 2018022123 ; serial number +{% set domain = "233233.xyz" %} +{% set hostmaster = "hostmaster." + network.domain %} +; {{ ansible_managed }} +$ORIGIN {{ domain }}. +$TTL 1h + +@ IN SOA {{ nameservers[0].ns[0] }}. {{ hostmaster }}. ( + {{ domain | next_serial }} ; serial number 1d ; refresh 2h ; retry 4w ; expire 1h ; minimum TTL ) -@ IN NS ns2.afraid.org. - -;@ IN MX 10 mail.233233.xyz. +{% for server in nameservers %} +{% for ns in server.ns %} +@ IN NS {{ ns }}. ; {{ server.name }} +{% endfor %} +{% endfor %} @ IN A {{ network.ipv4.address }} @ IN AAAA {{ network.ipv6.address }} -;mail IN A {{ network.ipv4.address }} -;mail IN AAAA {{ network.ipv6.address }} www IN CNAME @ g IN CNAME @ zw IN CNAME @ +* IN CNAME @ -;@ IN TXT "v=spf1 mx -all" - -; vim: set ft=bindzone : +; vim: set ft=bindzone: diff --git a/roles/dns/templates/zones/liwt.net.zone.j2 b/roles/dns/templates/zones/liwt.net.zone.j2 new file mode 100644 index 0000000..fc44279 --- /dev/null +++ b/roles/dns/templates/zones/liwt.net.zone.j2 @@ -0,0 +1,46 @@ +{% set domain = "liwt.net" %} +{% set hostmaster = "hostmaster." + network.domain %} +; {{ ansible_managed }} +$ORIGIN {{ domain }}. +$TTL 1h + +; WARNING: +; +; The DNS CNAME ("canonical name") record exists to provide the canonical +; name associated with an alias name. There may be only one such canonical +; name for any one alias. That name should generally be a name that exists +; elsewhere in the DNS, though there are some rare applications for aliases +; with the accompanying canonical name undefined in the DNS. An alias name +; (label of a CNAME record) may, if DNSSEC is in use, have SIG, NXT, and +; KEY RRs, but may have no other data. +; +; Credit: https://serverfault.com/a/613830 + +@ IN SOA {{ nameservers[0].ns[0] }}. {{ hostmaster }}. ( + {{ domain | next_serial }} ; serial number + 1d ; refresh + 2h ; retry + 4w ; expire + 1h ; minimum + ) + +{% for server in nameservers %} +{% for ns in server.ns %} +@ IN NS {{ ns }}. ; {{ server.name }} +{% endfor %} +{% endfor %} + +@ IN A {{ network.ipv4.address }} +@ IN AAAA {{ network.ipv6.address }} +mail IN A {{ network.ipv4.address }} +mail IN AAAA {{ network.ipv6.address }} + +www IN CNAME @ +git IN CNAME @ +vultr IN CNAME @ +* IN CNAME @ + +@ IN MX 10 mail +@ IN TXT "v=spf1 mx -all" + +; vim: set ft=bindzone: |