; -*- mode: dns; -*- ; {{ ansible_managed }} {% set hostmaster = "hostmaster." + network.domain %} $ORIGIN {{ domain }}. $TTL {{ dns.ttl }} ; WARNING: ; ; The DNS CNAME ("canonical name") record exists to provide the canonical ; name associated with an alias name. There may be only one such canonical ; name for any one alias. That name should generally be a name that exists ; elsewhere in the DNS, though there are some rare applications for aliases ; with the accompanying canonical name undefined in the DNS. An alias name ; (label of a CNAME record) may, if DNSSEC is in use, have SIG, NXT, and ; KEY RRs, but may have no other data. ; ; Credit: https://serverfault.com/a/613830 @ IN SOA {{ nameservers[0].ns[0] }}. {{ hostmaster }}. ( {{ domain | next_serial }} ; serial number {{ dns.refresh }} ; refresh {{ dns.retry }} ; retry {{ dns.expire }} ; expire {{ dns.minimum }} ; minimum ) ; Name servers {% for server in nameservers %} {% for ns in server.ns %} @ IN NS {{ ns }}. ; {{ server.name }} {% endfor %} {% endfor %} @ IN A {{ network.ipv4.address }} @ IN AAAA {{ network.ipv6.address }} {% for name in ["vultr", "www", "git", "dav", "*"] %} {{ name }} IN CNAME @ {% endfor %} ; Mail server {% if domain == network.domain %} mail IN A {{ network.ipv4.address }} mail IN AAAA {{ network.ipv6.address }} @ IN MX 10 mail {% endif %} @ IN TXT "v=spf1 mx -all" @ IN TXT "google-site-verification={{ mail['google-site-verification'][domain] }}" {% set ruatxt = " rua=mailto:" + mail.dmarc.rua[domain] + ";" %} {% set ruf = mail.dmarc.ruf | default({}) %} {% if ruf[domain] is defined %} {% set ruftxt = " ruf=mailto:" + ruf[domain] + ";" %} {% else %} {% set ruftxt = "" %} {% endif %} _dmarc IN TXT "v=DMARC1; p={{ mail.dmarc.p }}; sp={{ mail.dmarc.sp }}; pct={{ mail.dmarc.pct }}; adkim={{ mail.dmarc.adkim }}; aspf={{ mail.dmarc.aspf }}; fo={{ mail.dmarc.fo }};{{ ruatxt }}{{ ruftxt }}" {% if domain_key is defined %} {{ domain_key | dkim_record(selector=mail.dkim.selector) | join("\n") }} {% endif %} ; vim: set ft=bindzone: