diff --git a/roles/dns/files/named.conf b/roles/dns/files/named.conf index 23b769765d..d01e7d377b 100644 --- a/roles/dns/files/named.conf +++ b/roles/dns/files/named.conf @@ -354,13 +354,14 @@ view "QA" { }; view "PHX2" { - match-clients { phx2net; rh-slaves; 192.168.0.0/16; }; - allow-recursion { localhost; phx2net; rh-slaves; rh; }; + match-clients { iad2net; phx2net; rh-slaves; 192.168.0.0/16; }; + allow-recursion { localhost; iad2net; phx2net; rh-slaves; rh; }; recursion yes; // no rate-limit on internal requests rate-limit { - exempt-clients { phx2net; }; + exempt-clients { iad2net; phx2net }; }; + # make sure we forward only for redhat.com lookups zone "redhat.com" { type forward; @@ -408,6 +409,12 @@ view "PHX2" { forwarders { 10.5.26.20; 10.5.26.21; }; }; + zone "3.10.in-addr.arpa" { + type forward; + forward only; + forwarders { 10.5.26.20; 10.5.26.21; }; + }; + zone "4.10.in-addr.arpa" { type forward; forward only; @@ -928,12 +935,12 @@ view "APAC" { }; view "IAD2" { - match-clients { iad2net; 192.168.0.0/16; }; - allow-recursion { localhost; iad2net; }; + match-clients { iad2net; phx2net; rh-slaves; 192.168.0.0/16; }; + allow-recursion { localhost; iad2net; phx2net; rh-slaves; rh; }; recursion yes; // no rate-limit on internal requests rate-limit { - exempt-clients { iad2net; }; + exempt-clients { iad2net; phx2net }; }; # make sure we forward only for redhat.com lookups @@ -943,6 +950,11 @@ view "IAD2" { forwarders { 10.5.26.20; 10.5.26.21; }; }; + zone "projectatomic.io" { + type forward; + forward only; + forwarders { 10.39.144.11; 10.5.19.1; 10.11.191.1; }; + }; zone "beaker-project.org" { type forward; @@ -950,6 +962,20 @@ view "IAD2" { forwarders { 10.39.144.11; 10.5.19.1; 10.11.191.1; }; }; + # also, we need to forward some jboss.org for fuse-fabric/bugzilla2fedmsg + zone "jboss.org" { + type forward; + forward only; + forwarders { 10.39.144.11; 10.5.19.1; 10.11.191.1; }; + }; + + # We can't access the internal Zanata servers. Just use external + zone "zanata.org" { + type forward; + forward only; + forwarders { 8.8.8.8; 8.8.4.4; }; + }; + # We can't access the softwarefactory-project.io. because ns1/ns2 give unroutable ips. Need to use external zone "softwarefactory-project.io" { type forward; @@ -991,7 +1017,27 @@ view "IAD2" { zone "186.132.209.in-addr.arpa." { type forward; forward only; - forwarders { 10.5.26.20; 10.5.26.21; }; + forwarders { 10.39.144.11; 10.5.19.1; 10.11.191.1; }; + }; + + zone "qa.fedoraproject.org" { + type master; + file "/var/named/master/built/qa.fedoraproject.org"; + }; + + zone "phx2.fedoraproject.org" { + type master; + file "/var/named/master/built/phx2.fedoraproject.org.signed"; + }; + + zone "stg.phx2.fedoraproject.org" { + type master; + file "/var/named/master/built/stg.phx2.fedoraproject.org"; + }; + + zone "mgmt.fedoraproject.org" { + type master; + file "/var/named/master/built/mgmt.fedoraproject.org"; }; zone "iad2.fedoraproject.org" { @@ -1007,16 +1053,26 @@ view "IAD2" { file "/var/named/master/built/stg.iad2.fedoraproject.org"; }; + zone "rdu2.fedoraproject.org" { + type master; + file "/var/named/master/built/rdu2.fedoraproject.org"; + }; + + zone "arm.fedoraproject.org" { + type master; + file "/var/named/master/built/arm.fedoraproject.org"; + }; + + zone "ppc.fedoraproject.org" { + type master; + file "/var/named/master/built/ppc.fedoraproject.org"; + }; + zone "s390.fedoraproject.org" { type master; file "/var/named/master/built/s390.fedoraproject.org"; }; - zone "phx2.fedoraproject.org" { - type master; - file "/var/named/master/built/phx2.fedoraproject.org.signed"; - }; - zone "160.3.10.in-addr.arpa" { type master; file "/var/named/master/built/160.3.10.in-addr.arpa"; @@ -1106,7 +1162,6 @@ view "IAD2" { include "/etc/named/zones.conf"; }; - view "DEFAULT" { match-clients { any; }; recursion no;