From 71dfbbe0291218bcb3ffaa9997d8aaf6d98a3259 Mon Sep 17 00:00:00 2001
From: Aaron LI <aly@aaronly.me>
Date: Thu, 22 Feb 2018 00:25:36 +0800
Subject: role/dns: configure NSD as the stealth master with 2 domains

* Add "network" and "nsd" variables
* Install and configure NSD as the authoritative stealth master server
* Allow notify and transfer to slave masters:
  - freedns.afraid.org
  - 1984hosting.com
* Add preliminary zone files for domains:
  - 233233.xyz
  - 1314233.xyz
---
 roles/dns/templates/zones/1314233.xyz.zone.j2 | 21 +++++++++++++++
 roles/dns/templates/zones/233233.xyz.zone.j2  | 38 +++++++++++++++++++++++++++
 2 files changed, 59 insertions(+)
 create mode 100644 roles/dns/templates/zones/1314233.xyz.zone.j2
 create mode 100644 roles/dns/templates/zones/233233.xyz.zone.j2

(limited to 'roles/dns/templates/zones')

diff --git a/roles/dns/templates/zones/1314233.xyz.zone.j2 b/roles/dns/templates/zones/1314233.xyz.zone.j2
new file mode 100644
index 0000000..ede92da
--- /dev/null
+++ b/roles/dns/templates/zones/1314233.xyz.zone.j2
@@ -0,0 +1,21 @@
+$ORIGIN 1314233.xyz.
+$TTL 1h
+
+@           IN  SOA     ns.1314233.xyz.  admin.1314233.xyz.  (
+                        2018022120  ; serial number
+                        1d          ; refresh
+                        2h          ; retry
+                        4w          ; expire
+                        1h          ; minimum TTL
+                        )
+
+@           IN  NS      ns2.afraid.org.
+
+@           IN  A       {{ network.ipv4.address }}
+@           IN  AAAA    {{ network.ipv6.address }}
+
+www         IN  CNAME   www.233233.xyz.
+g           IN  CNAME   g.233233.xyz.
+zw          IN  CNAME   zw.233233.xyz.
+
+; vim: set ft=bindzone :
diff --git a/roles/dns/templates/zones/233233.xyz.zone.j2 b/roles/dns/templates/zones/233233.xyz.zone.j2
new file mode 100644
index 0000000..9a71750
--- /dev/null
+++ b/roles/dns/templates/zones/233233.xyz.zone.j2
@@ -0,0 +1,38 @@
+$ORIGIN 233233.xyz.
+$TTL 1h
+
+; WARNING:
+; A CNAME record is NOT allowed to coexist with *any other* data!
+; Therefore one can't have a CNAME Record at the zone root, because
+; the zone root must have two mandatory records: SOA and NS.
+;
+; According to the specification: if a CNAME RR is present at a node,
+; no other data should be present; this ensures that the data for a
+; canonical name and its aliases cannot be different.  This rule also
+; insures that a cached CNAME can be used without checking with an
+; authoritative server for other RR types.
+
+@           IN  SOA     ns.233233.xyz.  admin.233233.xyz.  (
+                        2018022123  ; serial number
+                        1d          ; refresh
+                        2h          ; retry
+                        4w          ; expire
+                        1h          ; minimum TTL
+                        )
+
+@           IN  NS      ns2.afraid.org.
+
+;@           IN  MX  10  mail.233233.xyz.
+
+@           IN  A       {{ network.ipv4.address }}
+@           IN  AAAA    {{ network.ipv6.address }}
+;mail        IN  A       {{ network.ipv4.address }}
+;mail        IN  AAAA    {{ network.ipv6.address }}
+
+www         IN  CNAME   @
+g           IN  CNAME   @
+zw          IN  CNAME   @
+
+;@           IN  TXT     "v=spf1 mx -all"
+
+; vim: set ft=bindzone :
-- 
cgit v1.2.2