From e9aa03b6dc0f32c98d3088e4bcac5e847de4b08d Mon Sep 17 00:00:00 2001
From: Aaron LI <aly@aaronly.me>
Date: Fri, 2 Mar 2018 09:07:58 +0800
Subject: dns: update zones templates and add liwt.net zone

---
 roles/dns/templates/zones/1314233.xyz.zone.j2 | 23 ++++++++------
 roles/dns/templates/zones/233233.xyz.zone.j2  | 39 +++++++++--------------
 roles/dns/templates/zones/liwt.net.zone.j2    | 46 +++++++++++++++++++++++++++
 3 files changed, 75 insertions(+), 33 deletions(-)
 create mode 100644 roles/dns/templates/zones/liwt.net.zone.j2

(limited to 'roles/dns/templates')

diff --git a/roles/dns/templates/zones/1314233.xyz.zone.j2 b/roles/dns/templates/zones/1314233.xyz.zone.j2
index ede92da..5511c6e 100644
--- a/roles/dns/templates/zones/1314233.xyz.zone.j2
+++ b/roles/dns/templates/zones/1314233.xyz.zone.j2
@@ -1,21 +1,26 @@
-$ORIGIN 1314233.xyz.
-$TTL 1h
+{% set domain = "1314233.xyz" %}
+{% set hostmaster = "hostmaster." + network.domain %}
+; {{ ansible_managed }}
+$ORIGIN     {{ domain }}.
+$TTL        1h
 
-@           IN  SOA     ns.1314233.xyz.  admin.1314233.xyz.  (
-                        2018022120  ; serial number
+@           IN  SOA     {{ nameservers[0].ns[0] }}.  {{ hostmaster }}.  (
+                        {{ domain | next_serial }}  ; serial number
                         1d          ; refresh
                         2h          ; retry
                         4w          ; expire
                         1h          ; minimum TTL
                         )
 
-@           IN  NS      ns2.afraid.org.
+{% for server in nameservers %}
+{% for ns in server.ns %}
+@           IN  NS      {{ ns }}.  ; {{ server.name }}
+{% endfor %}
+{% endfor %}
 
 @           IN  A       {{ network.ipv4.address }}
 @           IN  AAAA    {{ network.ipv6.address }}
 
-www         IN  CNAME   www.233233.xyz.
-g           IN  CNAME   g.233233.xyz.
-zw          IN  CNAME   zw.233233.xyz.
+*           IN  CNAME   @
 
-; vim: set ft=bindzone :
+; vim: set ft=bindzone:
diff --git a/roles/dns/templates/zones/233233.xyz.zone.j2 b/roles/dns/templates/zones/233233.xyz.zone.j2
index 9a71750..4067cea 100644
--- a/roles/dns/templates/zones/233233.xyz.zone.j2
+++ b/roles/dns/templates/zones/233233.xyz.zone.j2
@@ -1,38 +1,29 @@
-$ORIGIN 233233.xyz.
-$TTL 1h
-
-; WARNING:
-; A CNAME record is NOT allowed to coexist with *any other* data!
-; Therefore one can't have a CNAME Record at the zone root, because
-; the zone root must have two mandatory records: SOA and NS.
-;
-; According to the specification: if a CNAME RR is present at a node,
-; no other data should be present; this ensures that the data for a
-; canonical name and its aliases cannot be different.  This rule also
-; insures that a cached CNAME can be used without checking with an
-; authoritative server for other RR types.
-
-@           IN  SOA     ns.233233.xyz.  admin.233233.xyz.  (
-                        2018022123  ; serial number
+{% set domain = "233233.xyz" %}
+{% set hostmaster = "hostmaster." + network.domain %}
+; {{ ansible_managed }}
+$ORIGIN     {{ domain }}.
+$TTL        1h
+
+@           IN  SOA     {{ nameservers[0].ns[0] }}.  {{ hostmaster }}.  (
+                        {{ domain | next_serial }}  ; serial number
                         1d          ; refresh
                         2h          ; retry
                         4w          ; expire
                         1h          ; minimum TTL
                         )
 
-@           IN  NS      ns2.afraid.org.
-
-;@           IN  MX  10  mail.233233.xyz.
+{% for server in nameservers %}
+{% for ns in server.ns %}
+@           IN  NS      {{ ns }}.  ; {{ server.name }}
+{% endfor %}
+{% endfor %}
 
 @           IN  A       {{ network.ipv4.address }}
 @           IN  AAAA    {{ network.ipv6.address }}
-;mail        IN  A       {{ network.ipv4.address }}
-;mail        IN  AAAA    {{ network.ipv6.address }}
 
 www         IN  CNAME   @
 g           IN  CNAME   @
 zw          IN  CNAME   @
+*           IN  CNAME   @
 
-;@           IN  TXT     "v=spf1 mx -all"
-
-; vim: set ft=bindzone :
+; vim: set ft=bindzone:
diff --git a/roles/dns/templates/zones/liwt.net.zone.j2 b/roles/dns/templates/zones/liwt.net.zone.j2
new file mode 100644
index 0000000..fc44279
--- /dev/null
+++ b/roles/dns/templates/zones/liwt.net.zone.j2
@@ -0,0 +1,46 @@
+{% set domain = "liwt.net" %}
+{% set hostmaster = "hostmaster." + network.domain %}
+; {{ ansible_managed }}
+$ORIGIN     {{ domain }}.
+$TTL        1h
+
+; WARNING:
+;
+; The DNS CNAME ("canonical name") record exists to provide the canonical
+; name associated with an alias name.  There may be only one such canonical
+; name for any one alias.  That name should generally be a name that exists
+; elsewhere in the DNS, though there are some rare applications for aliases
+; with the accompanying canonical name undefined in the DNS.  An alias name
+; (label of a CNAME record) may, if DNSSEC is in use, have SIG, NXT, and
+; KEY RRs, but may have no other data.
+;
+; Credit: https://serverfault.com/a/613830
+
+@           IN  SOA     {{ nameservers[0].ns[0] }}.  {{ hostmaster }}.  (
+                        {{ domain | next_serial }}  ; serial number
+                        1d          ; refresh
+                        2h          ; retry
+                        4w          ; expire
+                        1h          ; minimum
+                        )
+
+{% for server in nameservers %}
+{% for ns in server.ns %}
+@           IN  NS      {{ ns }}.  ; {{ server.name }}
+{% endfor %}
+{% endfor %}
+
+@           IN  A       {{ network.ipv4.address }}
+@           IN  AAAA    {{ network.ipv6.address }}
+mail        IN  A       {{ network.ipv4.address }}
+mail        IN  AAAA    {{ network.ipv6.address }}
+
+www         IN  CNAME   @
+git         IN  CNAME   @
+vultr       IN  CNAME   @
+*           IN  CNAME   @
+
+@           IN  MX      10  mail
+@           IN  TXT     "v=spf1 mx -all"
+
+; vim: set ft=bindzone:
-- 
cgit v1.2.2