diff --git a/roles/dns/files/named.conf b/roles/dns/files/named.conf index 7a13c28677..cbda87bc2c 100644 --- a/roles/dns/files/named.conf +++ b/roles/dns/files/named.conf @@ -23,6 +23,7 @@ acl "everyone" { 0.0.0.0/0; ::0/0; }; acl "ns_redhat" { 66.187.233.210; 209.132.183.2; 66.187.229.10; }; // acl "phx2net" { 10.4.124.128/25; 10.5.78.0/24; 10.5.79.0/24; 10.5.125.0/24; 10.5.126.0/24; 10.5.127.0/24; 10.5.128.0/24; 10.5.129.0/24; 10.5.130.0/24; 10.16.0.0/24; }; +acl "rdu2net" { 172.31.1.0/24; 172.31.2.0/24 }; acl "qanet" { 10.5.124.128/25; 10.5.131.0/24; }; acl "rh-slaves" { 10.5.30.78; 10.11.5.70; }; acl "rh" { 10.0.0.0/8; }; @@ -430,6 +431,133 @@ view "PHX2" { include "/etc/named/zones.conf"; }; +view "RDU2" { + match-clients { rdu2net; phx2net; 192.168.0.0/16; 172.16.0.0/12; }; + allow-recursion { localhost; phx2net; rdu2net; }; + recursion yes; + // no rate-limit on internal requests + rate-limit { + exempt-clients { phx2net; rdu2net; }; + }; + # make sure we forward only for redhat.com lookups + zone "access.redhat.com" { + type forward; + forward only; + forwarders { 152.19.134.150; 140.211.169.201; 66.35.62.163; }; + }; + + zone "qa.fedoraproject.org" { + type master; + file "/var/named/master/built/qa.fedoraproject.org"; + }; + + zone "phx2.fedoraproject.org" { + type master; + file "/var/named/master/built/phx2.fedoraproject.org.signed"; + }; + + zone "stg.phx2.fedoraproject.org" { + type master; + file "/var/named/master/built/stg.phx2.fedoraproject.org"; + }; + + zone "mgmt.fedoraproject.org" { + type master; + file "/var/named/master/built/mgmt.fedoraproject.org"; + }; + + zone "rdu2.fedoraproject.org" { + type master; + file "/var/named/master/built/rdu2.fedoraproject.org"; + }; + + zone "arm.fedoraproject.org" { + type master; + file "/var/named/master/built/arm.fedoraproject.org"; + }; + + zone "ppc.fedoraproject.org" { + type master; + file "/var/named/master/built/ppc.fedoraproject.org"; + }; + + zone "s390.fedoraproject.org" { + type master; + file "/var/named/master/built/s390.fedoraproject.org"; + }; + + zone "78.5.10.in-addr.arpa" { + type master; + file "/var/named/master/built/78.5.10.in-addr.arpa"; + }; + + zone "79.5.10.in-addr.arpa" { + type master; + file "/var/named/master/built/79.5.10.in-addr.arpa"; + }; + + zone "124.5.10.in-addr.arpa" { + type master; + file "/var/named/master/built/124.5.10.in-addr.arpa"; + }; + + zone "2.31.172.in-addr.arpa" { + type master; + file "/var/named/master/built/2.31.172.in-addr.arpa"; + }; + + zone "125.5.10.in-addr.arpa" { + type master; + file "/var/named/master/built/125.5.10.in-addr.arpa"; + }; + + zone "126.5.10.in-addr.arpa" { + type master; + file "/var/named/master/built/126.5.10.in-addr.arpa"; + }; + + zone "127.5.10.in-addr.arpa" { + type master; + file "/var/named/master/built/127.5.10.in-addr.arpa"; + }; + + zone "128.5.10.in-addr.arpa" { + type master; + file "/var/named/master/built/128.5.10.in-addr.arpa"; + }; + + zone "129.5.10.in-addr.arpa" { + type master; + file "/var/named/master/built/129.5.10.in-addr.arpa"; + }; + + zone "130.5.10.in-addr.arpa" { + type master; + file "/var/named/master/built/130.5.10.in-addr.arpa"; + }; + + zone "131.5.10.in-addr.arpa" { + type master; + file "/var/named/master/built/131.5.10.in-addr.arpa"; + }; + + zone "fedoraproject.org" { + type master; + file "/var/named/master/built/PHX2/fedoraproject.org.signed"; + }; + zone "cloud.fedoraproject.org" { + type master; + file "/var/named/master/built/PHX2/cloud.fedoraproject.org.signed"; + }; + zone "getfedora.org" { + type master; + file "/var/named/master/built/PHX2/getfedora.org.signed"; + }; + + include "/etc/named/zones.conf"; +}; + + // The zones view "NA" { match-clients { US; CA; MX; };