Infrastructure/ansible
1
0
Fork 0
Code Issues Pull requests 6 Projects Releases Packages Wiki Activity Actions

fix IAD2 zone so it will work with internal DNS servers

Browse source
This commit is contained in:
Stephen Smoogen 2020-06-08 15:04:44 -04:00
parent 39179f6c00
commit e59e61ac6a
1 changed files with 68 additions and 13 deletions
Download patch file Download diff file Expand all files Collapse all files

81
roles/dns/files/named.conf
View file

@ -354,13 +354,14 @@ view "QA" {
};
view "PHX2" {
match-clients { phx2net; rh-slaves; 192.168.0.0/16; };
allow-recursion { localhost; phx2net; rh-slaves; rh; };
match-clients { iad2net; phx2net; rh-slaves; 192.168.0.0/16; };
allow-recursion { localhost; iad2net; phx2net; rh-slaves; rh; };
recursion yes;
// no rate-limit on internal requests
rate-limit {
exempt-clients { phx2net; };
exempt-clients { iad2net; phx2net };
};
# make sure we forward only for redhat.com lookups
zone "redhat.com" {
type forward;
@ -408,6 +409,12 @@ view "PHX2" {
forwarders { 10.5.26.20; 10.5.26.21; };
};
zone "3.10.in-addr.arpa" {
type forward;
forward only;
forwarders { 10.5.26.20; 10.5.26.21; };
};
zone "4.10.in-addr.arpa" {
type forward;
forward only;
@ -928,12 +935,12 @@ view "APAC" {
};
view "IAD2" {
match-clients { iad2net; 192.168.0.0/16; };
allow-recursion { localhost; iad2net; };
match-clients { iad2net; phx2net; rh-slaves; 192.168.0.0/16; };
allow-recursion { localhost; iad2net; phx2net; rh-slaves; rh; };
recursion yes;
// no rate-limit on internal requests
rate-limit {
exempt-clients { iad2net; };
exempt-clients { iad2net; phx2net };
};
# make sure we forward only for redhat.com lookups
@ -943,6 +950,11 @@ view "IAD2" {
forwarders { 10.5.26.20; 10.5.26.21; };
};
zone "projectatomic.io" {
type forward;
forward only;
forwarders { 10.39.144.11; 10.5.19.1; 10.11.191.1; };
};
zone "beaker-project.org" {
type forward;
@ -950,6 +962,20 @@ view "IAD2" {
forwarders { 10.39.144.11; 10.5.19.1; 10.11.191.1; };
};
# also, we need to forward some jboss.org for fuse-fabric/bugzilla2fedmsg
zone "jboss.org" {
type forward;
forward only;
forwarders { 10.39.144.11; 10.5.19.1; 10.11.191.1; };
};
# We can't access the internal Zanata servers. Just use external
zone "zanata.org" {
type forward;
forward only;
forwarders { 8.8.8.8; 8.8.4.4; };
};
# We can't access the softwarefactory-project.io. because ns1/ns2 give unroutable ips. Need to use external
zone "softwarefactory-project.io" {
type forward;
@ -991,7 +1017,27 @@ view "IAD2" {
zone "186.132.209.in-addr.arpa." {
type forward;
forward only;
forwarders { 10.5.26.20; 10.5.26.21; };
forwarders { 10.39.144.11; 10.5.19.1; 10.11.191.1; };
};
zone "qa.fedoraproject.org" {
type master;
file "/var/named/master/built/qa.fedoraproject.org";
};
zone "phx2.fedoraproject.org" {
type master;
file "/var/named/master/built/phx2.fedoraproject.org.signed";
};
zone "stg.phx2.fedoraproject.org" {
type master;
file "/var/named/master/built/stg.phx2.fedoraproject.org";
};
zone "mgmt.fedoraproject.org" {
type master;
file "/var/named/master/built/mgmt.fedoraproject.org";
};
zone "iad2.fedoraproject.org" {
@ -1007,16 +1053,26 @@ view "IAD2" {
file "/var/named/master/built/stg.iad2.fedoraproject.org";
};
zone "rdu2.fedoraproject.org" {
type master;
file "/var/named/master/built/rdu2.fedoraproject.org";
};
zone "arm.fedoraproject.org" {
type master;
file "/var/named/master/built/arm.fedoraproject.org";
};
zone "ppc.fedoraproject.org" {
type master;
file "/var/named/master/built/ppc.fedoraproject.org";
};
zone "s390.fedoraproject.org" {
type master;
file "/var/named/master/built/s390.fedoraproject.org";
};
zone "phx2.fedoraproject.org" {
type master;
file "/var/named/master/built/phx2.fedoraproject.org.signed";
};
zone "160.3.10.in-addr.arpa" {
type master;
file "/var/named/master/built/160.3.10.in-addr.arpa";
@ -1106,7 +1162,6 @@ view "IAD2" {
include "/etc/named/zones.conf";
};
view "DEFAULT" {
match-clients { any; };
recursion no;