Infrastructure/ansible
3
0
Fork 0
Code Issues Pull requests 6 Projects Releases Packages Wiki Activity Actions

try to make rdu2 have proper dns view

Browse source
This commit is contained in:
Stephen Smoogen 2017-12-01 02:14:46 +00:00
parent 5980773461
commit c4ed34bea1
1 changed files with 128 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

128
roles/dns/files/named.conf
View file

@ -23,6 +23,7 @@ acl "everyone" { 0.0.0.0/0; ::0/0; };
acl "ns_redhat" { 66.187.233.210; 209.132.183.2; 66.187.229.10; }; acl "ns_redhat" { 66.187.233.210; 209.132.183.2; 66.187.229.10; };
// //
acl "phx2net" { 10.4.124.128/25; 10.5.78.0/24; 10.5.79.0/24; 10.5.125.0/24; 10.5.126.0/24; 10.5.127.0/24; 10.5.128.0/24; 10.5.129.0/24; 10.5.130.0/24; 10.16.0.0/24; }; acl "phx2net" { 10.4.124.128/25; 10.5.78.0/24; 10.5.79.0/24; 10.5.125.0/24; 10.5.126.0/24; 10.5.127.0/24; 10.5.128.0/24; 10.5.129.0/24; 10.5.130.0/24; 10.16.0.0/24; };
acl "rdu2net" { 172.31.1.0/24; 172.31.2.0/24 };
acl "qanet" { 10.5.124.128/25; 10.5.131.0/24; }; acl "qanet" { 10.5.124.128/25; 10.5.131.0/24; };
acl "rh-slaves" { 10.5.30.78; 10.11.5.70; }; acl "rh-slaves" { 10.5.30.78; 10.11.5.70; };
acl "rh" { 10.0.0.0/8; }; acl "rh" { 10.0.0.0/8; };
@ -430,6 +431,133 @@ view "PHX2" {
include "/etc/named/zones.conf"; include "/etc/named/zones.conf";
}; };
view "RDU2" {
match-clients { rdu2net; phx2net; 192.168.0.0/16; 172.16.0.0/12; };
allow-recursion { localhost; phx2net; rdu2net; };
recursion yes;
// no rate-limit on internal requests
rate-limit {
exempt-clients { phx2net; rdu2net; };
};
# make sure we forward only for redhat.com lookups
zone "access.redhat.com" {
type forward;
forward only;
forwarders { 152.19.134.150; 140.211.169.201; 66.35.62.163; };
};
zone "qa.fedoraproject.org" {
type master;
file "/var/named/master/built/qa.fedoraproject.org";
};
zone "phx2.fedoraproject.org" {
type master;
file "/var/named/master/built/phx2.fedoraproject.org.signed";
};
zone "stg.phx2.fedoraproject.org" {
type master;
file "/var/named/master/built/stg.phx2.fedoraproject.org";
};
zone "mgmt.fedoraproject.org" {
type master;
file "/var/named/master/built/mgmt.fedoraproject.org";
};
zone "rdu2.fedoraproject.org" {
type master;
file "/var/named/master/built/rdu2.fedoraproject.org";
};
zone "arm.fedoraproject.org" {
type master;
file "/var/named/master/built/arm.fedoraproject.org";
};
zone "ppc.fedoraproject.org" {
type master;
file "/var/named/master/built/ppc.fedoraproject.org";
};
zone "s390.fedoraproject.org" {
type master;
file "/var/named/master/built/s390.fedoraproject.org";
};
zone "78.5.10.in-addr.arpa" {
type master;
file "/var/named/master/built/78.5.10.in-addr.arpa";
};
zone "79.5.10.in-addr.arpa" {
type master;
file "/var/named/master/built/79.5.10.in-addr.arpa";
};
zone "124.5.10.in-addr.arpa" {
type master;
file "/var/named/master/built/124.5.10.in-addr.arpa";
};
zone "2.31.172.in-addr.arpa" {
type master;
file "/var/named/master/built/2.31.172.in-addr.arpa";
};
zone "125.5.10.in-addr.arpa" {
type master;
file "/var/named/master/built/125.5.10.in-addr.arpa";
};
zone "126.5.10.in-addr.arpa" {
type master;
file "/var/named/master/built/126.5.10.in-addr.arpa";
};
zone "127.5.10.in-addr.arpa" {
type master;
file "/var/named/master/built/127.5.10.in-addr.arpa";
};
zone "128.5.10.in-addr.arpa" {
type master;
file "/var/named/master/built/128.5.10.in-addr.arpa";
};
zone "129.5.10.in-addr.arpa" {
type master;
file "/var/named/master/built/129.5.10.in-addr.arpa";
};
zone "130.5.10.in-addr.arpa" {
type master;
file "/var/named/master/built/130.5.10.in-addr.arpa";
};
zone "131.5.10.in-addr.arpa" {
type master;
file "/var/named/master/built/131.5.10.in-addr.arpa";
};
zone "fedoraproject.org" {
type master;
file "/var/named/master/built/PHX2/fedoraproject.org.signed";
};
zone "cloud.fedoraproject.org" {
type master;
file "/var/named/master/built/PHX2/cloud.fedoraproject.org.signed";
};
zone "getfedora.org" {
type master;
file "/var/named/master/built/PHX2/getfedora.org.signed";
};
include "/etc/named/zones.conf";
};
// The zones // The zones
view "NA" { view "NA" {
match-clients { US; CA; MX; }; match-clients { US; CA; MX; };