From ab0c0cf7222c6d23a3e87612a7f6b72f86bb5367 Mon Sep 17 00:00:00 2001 From: Patrick Uiterwijk Date: Tue, 1 Dec 2015 17:59:33 +0000 Subject: [PATCH] Seems bind does first-match Signed-off-by: Patrick Uiterwijk --- roles/dns/files/named.conf | 257 ++++++++++++++++++------------------- 1 file changed, 128 insertions(+), 129 deletions(-) diff --git a/roles/dns/files/named.conf b/roles/dns/files/named.conf index 303369d567..df932b6a20 100644 --- a/roles/dns/files/named.conf +++ b/roles/dns/files/named.conf @@ -88,8 +88,135 @@ controls { inet 127.0.0.1 port 953 allow { localhost; } keys { rndckey; }; }; +view "QA" { + match-clients { qanet; }; + allow-recursion { localhost; qanet; rh-slaves; rh; }; + recursion yes; + // no rate-limit on internal requests + rate-limit { + exempt-clients { qanet; }; + }; + + zone "beaker-project.org" { + type forward; + forward only; + forwarders { 10.5.26.20; 10.5.26.21; }; + }; + + zone "88.5.10.in-addr.arpa" { + type forward; + forward only; + forwarders { 10.5.26.20; 10.5.26.21; }; + }; + + zone "4.10.in-addr.arpa" { + type forward; + forward only; + forwarders { 10.5.26.20; 10.5.26.21; }; + }; + + zone "5.10.in-addr.arpa" { + type forward; + forward only; + forwarders { 10.5.26.20; 10.5.26.21; }; + }; + + zone "10.in-addr.arpa" { + type forward; + forward only; + forwarders { 10.5.26.20; 10.5.26.21; }; + }; + + zone "186.132.209.in-addr.arpa." { + type forward; + forward only; + forwarders { 10.5.26.20; 10.5.26.21; }; + }; + + zone "qa.fedoraproject.org" { + type master; + file "/var/named/master/built/qa.fedoraproject.org"; + }; + + zone "phx2.fedoraproject.org" { + type master; + file "/var/named/master/built/phx2.fedoraproject.org"; + }; + + zone "mgmt.fedoraproject.org" { + type master; + file "/var/named/master/built/mgmt.fedoraproject.org"; + }; + + zone "arm.fedoraproject.org" { + type master; + file "/var/named/master/built/arm.fedoraproject.org"; + }; + + zone "78.5.10.in-addr.arpa" { + type master; + file "/var/named/master/built/78.5.10.in-addr.arpa"; + }; + + zone "79.5.10.in-addr.arpa" { + type master; + file "/var/named/master/built/79.5.10.in-addr.arpa"; + }; + + zone "124.5.10.in-addr.arpa" { + type master; + file "/var/named/master/built/124.5.10.in-addr.arpa"; + }; + + zone "125.5.10.in-addr.arpa" { + type master; + file "/var/named/master/built/125.5.10.in-addr.arpa"; + }; + + zone "126.5.10.in-addr.arpa" { + type master; + file "/var/named/master/built/126.5.10.in-addr.arpa"; + }; + + zone "127.5.10.in-addr.arpa" { + type master; + file "/var/named/master/built/127.5.10.in-addr.arpa"; + }; + + zone "128.5.10.in-addr.arpa" { + type master; + file "/var/named/master/built/128.5.10.in-addr.arpa"; + }; + + zone "130.5.10.in-addr.arpa" { + type master; + file "/var/named/master/built/130.5.10.in-addr.arpa"; + }; + + zone "131.5.10.in-addr.arpa" { + type master; + file "/var/named/master/built/131.5.10.in-addr.arpa"; + }; + + + zone "fedoraproject.org" { + type master; + file "/var/named/master/built/QA/fedoraproject.org.signed"; + }; + zone "cloud.fedoraproject.org" { + type master; + file "/var/named/master/built/QA/cloud.fedoraproject.org.signed"; + }; + zone "getfedora.org" { + type master; + file "/var/named/master/built/QA/getfedora.org.signed"; + }; + + include "/etc/named/zones.conf"; +}; + view "PHX2" { - match-clients { 10.0.0.0/8; 192.168.0.0/16; 172.16.0.0/12; }; + match-clients { phx2net; 192.168.0.0/16; 172.16.0.0/12; }; allow-recursion { localhost; phx2net; rh-slaves; rh; }; recursion yes; // no rate-limit on internal requests @@ -228,134 +355,6 @@ view "PHX2" { include "/etc/named/zones.conf"; }; -view "QA" { - match-clients { 10.5.124.128/25; 10.5.131.0/24; }; - allow-recursion { localhost; qanet; rh-slaves; rh; }; - recursion yes; - // no rate-limit on internal requests - rate-limit { - exempt-clients { qanet; }; - }; - - zone "beaker-project.org" { - type forward; - forward only; - forwarders { 10.5.26.20; 10.5.26.21; }; - }; - - zone "88.5.10.in-addr.arpa" { - type forward; - forward only; - forwarders { 10.5.26.20; 10.5.26.21; }; - }; - - zone "4.10.in-addr.arpa" { - type forward; - forward only; - forwarders { 10.5.26.20; 10.5.26.21; }; - }; - - zone "5.10.in-addr.arpa" { - type forward; - forward only; - forwarders { 10.5.26.20; 10.5.26.21; }; - }; - - zone "10.in-addr.arpa" { - type forward; - forward only; - forwarders { 10.5.26.20; 10.5.26.21; }; - }; - - zone "186.132.209.in-addr.arpa." { - type forward; - forward only; - forwarders { 10.5.26.20; 10.5.26.21; }; - }; - - zone "qa.fedoraproject.org" { - type master; - file "/var/named/master/built/qa.fedoraproject.org"; - }; - - zone "phx2.fedoraproject.org" { - type master; - file "/var/named/master/built/phx2.fedoraproject.org"; - }; - - zone "mgmt.fedoraproject.org" { - type master; - file "/var/named/master/built/mgmt.fedoraproject.org"; - }; - - zone "arm.fedoraproject.org" { - type master; - file "/var/named/master/built/arm.fedoraproject.org"; - }; - - zone "78.5.10.in-addr.arpa" { - type master; - file "/var/named/master/built/78.5.10.in-addr.arpa"; - }; - - zone "79.5.10.in-addr.arpa" { - type master; - file "/var/named/master/built/79.5.10.in-addr.arpa"; - }; - - zone "124.5.10.in-addr.arpa" { - type master; - file "/var/named/master/built/124.5.10.in-addr.arpa"; - }; - - zone "125.5.10.in-addr.arpa" { - type master; - file "/var/named/master/built/125.5.10.in-addr.arpa"; - }; - - zone "126.5.10.in-addr.arpa" { - type master; - file "/var/named/master/built/126.5.10.in-addr.arpa"; - }; - - zone "127.5.10.in-addr.arpa" { - type master; - file "/var/named/master/built/127.5.10.in-addr.arpa"; - }; - - zone "128.5.10.in-addr.arpa" { - type master; - file "/var/named/master/built/128.5.10.in-addr.arpa"; - }; - - zone "130.5.10.in-addr.arpa" { - type master; - file "/var/named/master/built/130.5.10.in-addr.arpa"; - }; - - zone "131.5.10.in-addr.arpa" { - type master; - file "/var/named/master/built/131.5.10.in-addr.arpa"; - }; - - - zone "fedoraproject.org" { - type master; - file "/var/named/master/built/QA/fedoraproject.org.signed"; - }; - zone "cloud.fedoraproject.org" { - type master; - file "/var/named/master/built/QA/cloud.fedoraproject.org.signed"; - }; - zone "getfedora.org" { - type master; - file "/var/named/master/built/QA/getfedora.org.signed"; - }; - - include "/etc/named/zones.conf"; -}; - - // The zones view "NA" { match-clients { US; CA; MX; };