blob: e33948b768add69e9ee96623fcbb8776c138f38c (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
|
; -*- mode: dns; -*-
; {{ ansible_managed }}
{% set hostmaster = "hostmaster." + network.domain %}
$ORIGIN {{ domain }}.
$TTL {{ dns.ttl }}
; WARNING:
;
; The DNS CNAME ("canonical name") record exists to provide the canonical
; name associated with an alias name. There may be only one such canonical
; name for any one alias. That name should generally be a name that exists
; elsewhere in the DNS, though there are some rare applications for aliases
; with the accompanying canonical name undefined in the DNS. An alias name
; (label of a CNAME record) may, if DNSSEC is in use, have SIG, NXT, and
; KEY RRs, but may have no other data.
;
; Credit: https://serverfault.com/a/613830
@ IN SOA {{ nameservers[0].ns[0] }}. {{ hostmaster }}. (
{{ domain | next_serial }} ; serial number
{{ dns.refresh }} ; refresh
{{ dns.retry }} ; retry
{{ dns.expire }} ; expire
{{ dns.minimum }} ; minimum
)
; Name servers
{% for server in nameservers %}
{% for ns in server.ns %}
@ IN NS {{ ns }}. ; {{ server.name }}
{% endfor %}
{% endfor %}
@ IN A {{ network.ipv4.address }}
@ IN AAAA {{ network.ipv6.address }}
{% set subdomains = [] %}
{% for name in domains -%}
{%- if name["name"] == domain -%}
{%- for sub in name["sub"] -%}
{{ subdomains.append(sub) }}
{%- endfor -%}
{%- endif -%}
{%- endfor %}
{% for name in subdomains | reject("==", "mail") | list %}
{{ name }} IN CNAME @
{% endfor %}
* IN CNAME @
; Mail server
{% if domain == network.domain %}
mail IN A {{ network.ipv4.address }}
mail IN AAAA {{ network.ipv6.address }}
@ IN MX 10 mail
{% endif %}
@ IN TXT "v=spf1 mx -all"
@ IN TXT "google-site-verification={{ mail['google-site-verification'][domain] }}"
{% set ruatxt = " rua=mailto:" + mail.dmarc.rua[domain] + ";" %}
{% set ruf = mail.dmarc.ruf | default({}) %}
{% if ruf[domain] is defined -%}
{%- set ruftxt = " ruf=mailto:" + ruf[domain] + ";" -%}
{%- else -%}
{%- set ruftxt = "" -%}
{%- endif %}
_dmarc IN TXT "v=DMARC1; p={{ mail.dmarc.p }}; sp={{ mail.dmarc.sp }}; pct={{ mail.dmarc.pct }}; adkim={{ mail.dmarc.adkim }}; aspf={{ mail.dmarc.aspf }}; fo={{ mail.dmarc.fo }};{{ ruatxt }}{{ ruftxt }}"
{% if domain_key is defined %}
{{ domain_key | dkim_record(selector=mail.dkim.selector) | join("\n") }}
{% endif %}
; vim: set ft=bindzone:
|
