From ed6534c0cf37aa883db34b93c3fb352016fda494 Mon Sep 17 00:00:00 2001 From: Stephen Smoogen Date: Mon, 15 Jun 2020 15:53:02 -0400 Subject: [PATCH] remove phx2 zones from nameservers. thank you again phx2 --- playbooks/groups/dns.yml | 2 +- roles/dns/files/named.conf | 620 +------------------------------------ 2 files changed, 11 insertions(+), 611 deletions(-) diff --git a/playbooks/groups/dns.yml b/playbooks/groups/dns.yml index b6ca4a2c9d..7cceb367af 100644 --- a/playbooks/groups/dns.yml +++ b/playbooks/groups/dns.yml @@ -23,7 +23,7 @@ - rsyncd - sudo - { role: openvpn/client, - when: datacenter != "phx2" and datacenter != "rdu" and datacenter != 'iad2' } + when: datacenter != "rdu" and datacenter != 'iad2' } - dns pre_tasks: diff --git a/roles/dns/files/named.conf b/roles/dns/files/named.conf index 8d5ae18a4a..d4736dc100 100644 --- a/roles/dns/files/named.conf +++ b/roles/dns/files/named.conf @@ -20,10 +20,8 @@ acl "everyone" { 0.0.0.0/0; ::0/0; }; // acl "ns_redhat" { 66.187.233.210; 209.132.183.22; 209.132.183.30; 209.132.183.2; 66.187.229.10; }; // -acl "phx2net" { 10.5.124.128/25; 10.5.78.0/24; 10.5.79.0/24; 10.5.125.0/24; 10.5.126.0/24; 10.5.127.0/24; 10.5.128.0/24; 10.5.129.0/24; 10.5.130.0/24; }; acl "iad2net" { 10.3.160.0/19; 10.16.0.0/24; }; acl "rdu2net" { 172.31.1.0/24; 172.31.2.0/24; }; -acl "qanet" { 10.5.124.128/25; 10.5.131.0/24; }; acl "rh-slaves" { 10.5.30.78; 10.11.5.70; 10.5.30.45; 10.5.30.46; }; acl "rh" { 10.0.0.0/8; }; // @@ -88,286 +86,13 @@ controls { inet 127.0.0.1 port 953 allow { localhost; } keys { rndckey; }; }; -view "QA" { - match-clients { qanet; }; - allow-recursion { localhost; qanet; rh-slaves; rh; }; +view "IAD2" { + match-clients { iad2net; rh-slaves; 192.168.0.0/16; rh; localhost; }; + allow-recursion { localhost; iad2net; rh-slaves; rh; }; recursion yes; // no rate-limit on internal requests rate-limit { - exempt-clients { qanet; phx2net; iad2net; }; - }; - - # make sure we forward only for redhat.com lookups - zone "redhat.com" { - type forward; - forward only; - forwarders { 10.5.26.20; 10.5.26.21; }; - }; - - - zone "beaker-project.org" { - type forward; - forward only; - forwarders { 10.39.144.11; 10.5.19.1; 10.11.191.1; }; - }; - - # We can't access the softwarefactory-project.io. because ns1/ns2 give unroutable ips. Need to use external - zone "softwarefactory-project.io" { - type forward; - forward only; - forwarders { 10.39.144.11; 10.5.19.1; 10.11.191.1; }; - }; - - - zone "88.5.10.in-addr.arpa" { - type forward; - forward only; - forwarders { 10.5.26.20; 10.5.26.21; }; - }; - - zone "3.10.in-addr.arpa" { - type forward; - forward only; - forwarders { 10.5.26.20; 10.5.26.21; }; - }; - - zone "4.10.in-addr.arpa" { - type forward; - forward only; - forwarders { 10.5.26.20; 10.5.26.21; }; - }; - - zone "5.10.in-addr.arpa" { - type forward; - forward only; - forwarders { 10.5.26.20; 10.5.26.21; }; - }; - - zone "10.in-addr.arpa" { - type forward; - forward only; - forwarders { 10.5.26.20; 10.5.26.21; }; - }; - - zone "186.132.209.in-addr.arpa." { - type forward; - forward only; - forwarders { 10.5.26.20; 10.5.26.21; }; - }; - - zone "qa.fedoraproject.org" { - type master; - file "/var/named/master/built/qa.fedoraproject.org"; - }; - - zone "rdu2.fedoraproject.org" { - type master; - file "/var/named/master/built/rdu2.fedoraproject.org"; - }; - - zone "phx2.fedoraproject.org" { - type master; - file "/var/named/master/built/phx2.fedoraproject.org.signed"; - }; - - zone "stg.phx2.fedoraproject.org" { - type master; - file "/var/named/master/built/stg.phx2.fedoraproject.org"; - }; - - zone "mgmt.fedoraproject.org" { - type master; - file "/var/named/master/built/mgmt.fedoraproject.org"; - }; - - zone "iad2.fedoraproject.org" { - type master; - file "/var/named/master/built/iad2.fedoraproject.org"; - }; - zone "mgmt.iad2.fedoraproject.org" { - type master; - file "/var/named/master/built/mgmt.iad2.fedoraproject.org"; - }; - zone "stg.iad2.fedoraproject.org" { - type master; - file "/var/named/master/built/stg.iad2.fedoraproject.org"; - }; - - zone "arm.fedoraproject.org" { - type master; - file "/var/named/master/built/arm.fedoraproject.org"; - }; - - zone "ppc.fedoraproject.org" { - type master; - file "/var/named/master/built/ppc.fedoraproject.org"; - }; - - zone "s390.fedoraproject.org" { - type master; - file "/var/named/master/built/s390.fedoraproject.org"; - }; - - zone "78.5.10.in-addr.arpa" { - type master; - file "/var/named/master/built/78.5.10.in-addr.arpa"; - }; - - zone "79.5.10.in-addr.arpa" { - type master; - file "/var/named/master/built/79.5.10.in-addr.arpa"; - }; - - zone "0.16.10.in-addr.arpa" { - type master; - file "/var/named/master/built/0.16.10.in-addr.arpa"; - }; - - zone "124.5.10.in-addr.arpa" { - type master; - file "/var/named/master/built/124.5.10.in-addr.arpa"; - }; - - zone "125.5.10.in-addr.arpa" { - type master; - file "/var/named/master/built/125.5.10.in-addr.arpa"; - }; - - zone "126.5.10.in-addr.arpa" { - type master; - file "/var/named/master/built/126.5.10.in-addr.arpa"; - }; - - zone "127.5.10.in-addr.arpa" { - type master; - file "/var/named/master/built/127.5.10.in-addr.arpa"; - }; - - zone "128.5.10.in-addr.arpa" { - type master; - file "/var/named/master/built/128.5.10.in-addr.arpa"; - }; - - zone "129.5.10.in-addr.arpa" { - type master; - file "/var/named/master/built/129.5.10.in-addr.arpa"; - }; - - zone "130.5.10.in-addr.arpa" { - type master; - file "/var/named/master/built/130.5.10.in-addr.arpa"; - }; - - zone "131.5.10.in-addr.arpa" { - type master; - file "/var/named/master/built/131.5.10.in-addr.arpa"; - }; - - zone "160.3.10.in-addr.arpa" { - type master; - file "/var/named/master/built/160.3.10.in-addr.arpa"; - }; - zone "161.3.10.in-addr.arpa" { - type master; - file "/var/named/master/built/161.3.10.in-addr.arpa"; - }; - zone "162.3.10.in-addr.arpa" { - type master; - file "/var/named/master/built/162.3.10.in-addr.arpa"; - }; - zone "163.3.10.in-addr.arpa" { - type master; - file "/var/named/master/built/163.3.10.in-addr.arpa"; - }; - zone "164.3.10.in-addr.arpa" { - type master; - file "/var/named/master/built/164.3.10.in-addr.arpa"; - }; - zone "165.3.10.in-addr.arpa" { - type master; - file "/var/named/master/built/165.3.10.in-addr.arpa"; - }; - zone "166.3.10.in-addr.arpa" { - type master; - file "/var/named/master/built/166.3.10.in-addr.arpa"; - }; - zone "167.3.10.in-addr.arpa" { - type master; - file "/var/named/master/built/167.3.10.in-addr.arpa"; - }; - zone "168.3.10.in-addr.arpa" { - type master; - file "/var/named/master/built/168.3.10.in-addr.arpa"; - }; - zone "169.3.10.in-addr.arpa" { - type master; - file "/var/named/master/built/169.3.10.in-addr.arpa"; - }; - zone "170.3.10.in-addr.arpa" { - type master; - file "/var/named/master/built/170.3.10.in-addr.arpa"; - }; - zone "171.3.10.in-addr.arpa" { - type master; - file "/var/named/master/built/171.3.10.in-addr.arpa"; - }; - zone "172.3.10.in-addr.arpa" { - type master; - file "/var/named/master/built/172.3.10.in-addr.arpa"; - }; - zone "173.3.10.in-addr.arpa" { - type master; - file "/var/named/master/built/173.3.10.in-addr.arpa"; - }; - zone "174.3.10.in-addr.arpa" { - type master; - file "/var/named/master/built/174.3.10.in-addr.arpa"; - }; - zone "175.3.10.in-addr.arpa" { - type master; - file "/var/named/master/built/175.3.10.in-addr.arpa"; - }; - zone "176.3.10.in-addr.arpa" { - type master; - file "/var/named/master/built/176.3.10.in-addr.arpa"; - }; - zone "177.3.10.in-addr.arpa" { - type master; - file "/var/named/master/built/177.3.10.in-addr.arpa"; - }; - zone "178.3.10.in-addr.arpa" { - type master; - file "/var/named/master/built/178.3.10.in-addr.arpa"; - }; - - - zone "fedoraproject.org" { - type master; - file "/var/named/master/built/QA/fedoraproject.org.signed"; - }; - zone "cloud.fedoraproject.org" { - type master; - file "/var/named/master/built/QA/cloud.fedoraproject.org.signed"; - }; - zone "getfedora.org" { - type master; - file "/var/named/master/built/QA/getfedora.org.signed"; - }; - zone "pagure.io" { - type master; - file "/var/named/master/built/QA/pagure.io"; - }; - - include "/etc/named/zones.conf"; -}; - -view "PHX2" { - match-clients { phx2net; rh-slaves; 192.168.0.0/16; }; - allow-recursion { localhost; phx2net; rh-slaves; rh; }; - recursion yes; - // no rate-limit on internal requests - rate-limit { - exempt-clients { phx2net; }; + exempt-clients { iad2net; rh-slaves; }; }; # make sure we forward only for redhat.com lookups @@ -447,26 +172,6 @@ view "PHX2" { forwarders { 10.39.144.11; 10.5.19.1; 10.11.191.1; }; }; - zone "qa.fedoraproject.org" { - type master; - file "/var/named/master/built/qa.fedoraproject.org"; - }; - - zone "phx2.fedoraproject.org" { - type master; - file "/var/named/master/built/phx2.fedoraproject.org.signed"; - }; - - zone "stg.phx2.fedoraproject.org" { - type master; - file "/var/named/master/built/stg.phx2.fedoraproject.org"; - }; - - zone "mgmt.fedoraproject.org" { - type master; - file "/var/named/master/built/mgmt.fedoraproject.org"; - }; - zone "iad2.fedoraproject.org" { type master; file "/var/named/master/built/iad2.fedoraproject.org"; @@ -475,6 +180,7 @@ view "PHX2" { type master; file "/var/named/master/built/mgmt.iad2.fedoraproject.org"; }; + zone "stg.iad2.fedoraproject.org" { type master; file "/var/named/master/built/stg.iad2.fedoraproject.org"; @@ -485,82 +191,11 @@ view "PHX2" { file "/var/named/master/built/rdu2.fedoraproject.org"; }; - zone "arm.fedoraproject.org" { - type master; - file "/var/named/master/built/arm.fedoraproject.org"; - }; - - zone "ppc.fedoraproject.org" { - type master; - file "/var/named/master/built/ppc.fedoraproject.org"; - }; - zone "s390.fedoraproject.org" { type master; file "/var/named/master/built/s390.fedoraproject.org"; }; - zone "78.5.10.in-addr.arpa" { - type master; - file "/var/named/master/built/78.5.10.in-addr.arpa"; - }; - - zone "79.5.10.in-addr.arpa" { - type master; - file "/var/named/master/built/79.5.10.in-addr.arpa"; - }; - - zone "0.16.10.in-addr.arpa" { - type master; - file "/var/named/master/built/0.16.10.in-addr.arpa"; - }; - - zone "124.5.10.in-addr.arpa" { - type master; - file "/var/named/master/built/124.5.10.in-addr.arpa"; - }; - - zone "2.31.172.in-addr.arpa" { - type master; - file "/var/named/master/built/2.31.172.in-addr.arpa"; - }; - - zone "125.5.10.in-addr.arpa" { - type master; - file "/var/named/master/built/125.5.10.in-addr.arpa"; - }; - - zone "126.5.10.in-addr.arpa" { - type master; - file "/var/named/master/built/126.5.10.in-addr.arpa"; - }; - - zone "127.5.10.in-addr.arpa" { - type master; - file "/var/named/master/built/127.5.10.in-addr.arpa"; - }; - - zone "128.5.10.in-addr.arpa" { - type master; - file "/var/named/master/built/128.5.10.in-addr.arpa"; - }; - - zone "129.5.10.in-addr.arpa" { - type master; - file "/var/named/master/built/129.5.10.in-addr.arpa"; - }; - - zone "130.5.10.in-addr.arpa" { - type master; - file "/var/named/master/built/130.5.10.in-addr.arpa"; - }; - - zone "131.5.10.in-addr.arpa" { - type master; - file "/var/named/master/built/131.5.10.in-addr.arpa"; - }; - - zone "160.3.10.in-addr.arpa" { type master; file "/var/named/master/built/160.3.10.in-addr.arpa"; @@ -640,24 +275,25 @@ view "PHX2" { zone "fedoraproject.org" { type master; - file "/var/named/master/built/PHX2/fedoraproject.org.signed"; + file "/var/named/master/built/IAD2/fedoraproject.org.signed"; }; zone "cloud.fedoraproject.org" { type master; - file "/var/named/master/built/PHX2/cloud.fedoraproject.org.signed"; + file "/var/named/master/built/IAD2/cloud.fedoraproject.org.signed"; }; zone "getfedora.org" { type master; - file "/var/named/master/built/PHX2/getfedora.org.signed"; + file "/var/named/master/built/IAD2/getfedora.org.signed"; }; zone "pagure.io" { type master; - file "/var/named/master/built/PHX2/pagure.io"; + file "/var/named/master/built/IAD2/pagure.io"; }; include "/etc/named/zones.conf"; }; + view "RDU2" { match-clients { rdu2net; 192.168.0.0/16; }; allow-recursion { localhost; rdu2net; }; @@ -959,242 +595,6 @@ view "APAC" { include "/etc/named/zones.conf"; }; -view "IAD2" { - match-clients { iad2net; rh-slaves; 192.168.0.0/16; }; - allow-recursion { localhost; iad2net; rh-slaves; rh; }; - recursion yes; - // no rate-limit on internal requests - rate-limit { - exempt-clients { iad2net; phx2net; }; - }; - - # make sure we forward only for redhat.com lookups - zone "redhat.com" { - type forward; - forward only; - forwarders { 10.5.26.20; 10.5.26.21; }; - }; - - zone "projectatomic.io" { - type forward; - forward only; - forwarders { 10.39.144.11; 10.5.19.1; 10.11.191.1; }; - }; - - zone "beaker-project.org" { - type forward; - forward only; - forwarders { 10.39.144.11; 10.5.19.1; 10.11.191.1; }; - }; - - # also, we need to forward some jboss.org for fuse-fabric/bugzilla2fedmsg - zone "jboss.org" { - type forward; - forward only; - forwarders { 10.39.144.11; 10.5.19.1; 10.11.191.1; }; - }; - - # We can't access the internal Zanata servers. Just use external - zone "zanata.org" { - type forward; - forward only; - forwarders { 8.8.8.8; 8.8.4.4; }; - }; - - # We can't access the softwarefactory-project.io. because ns1/ns2 give unroutable ips. Need to use external - zone "softwarefactory-project.io" { - type forward; - forward only; - forwarders { 10.39.144.11; 10.5.19.1; 10.11.191.1; }; - }; - - - zone "88.5.10.in-addr.arpa" { - type forward; - forward only; - forwarders { 10.5.26.20; 10.5.26.21; }; - }; - - zone "3.10.in-addr.arpa" { - type forward; - forward only; - forwarders { 10.5.26.20; 10.5.26.21; }; - }; - - zone "4.10.in-addr.arpa" { - type forward; - forward only; - forwarders { 10.5.26.20; 10.5.26.21; }; - }; - - zone "5.10.in-addr.arpa" { - type forward; - forward only; - forwarders { 10.5.26.20; 10.5.26.21; }; - }; - - zone "10.in-addr.arpa" { - type forward; - forward only; - forwarders { 10.5.26.20; 10.5.26.21; }; - }; - - zone "186.132.209.in-addr.arpa." { - type forward; - forward only; - forwarders { 10.39.144.11; 10.5.19.1; 10.11.191.1; }; - }; - - zone "qa.fedoraproject.org" { - type master; - file "/var/named/master/built/qa.fedoraproject.org"; - }; - - zone "phx2.fedoraproject.org" { - type master; - file "/var/named/master/built/phx2.fedoraproject.org.signed"; - }; - - zone "stg.phx2.fedoraproject.org" { - type master; - file "/var/named/master/built/stg.phx2.fedoraproject.org"; - }; - - zone "mgmt.fedoraproject.org" { - type master; - file "/var/named/master/built/mgmt.fedoraproject.org"; - }; - - zone "iad2.fedoraproject.org" { - type master; - file "/var/named/master/built/iad2.fedoraproject.org"; - }; - zone "mgmt.iad2.fedoraproject.org" { - type master; - file "/var/named/master/built/mgmt.iad2.fedoraproject.org"; - }; - zone "stg.iad2.fedoraproject.org" { - type master; - file "/var/named/master/built/stg.iad2.fedoraproject.org"; - }; - - zone "rdu2.fedoraproject.org" { - type master; - file "/var/named/master/built/rdu2.fedoraproject.org"; - }; - - zone "arm.fedoraproject.org" { - type master; - file "/var/named/master/built/arm.fedoraproject.org"; - }; - - zone "ppc.fedoraproject.org" { - type master; - file "/var/named/master/built/ppc.fedoraproject.org"; - }; - - zone "s390.fedoraproject.org" { - type master; - file "/var/named/master/built/s390.fedoraproject.org"; - }; - - zone "160.3.10.in-addr.arpa" { - type master; - file "/var/named/master/built/160.3.10.in-addr.arpa"; - }; - zone "161.3.10.in-addr.arpa" { - type master; - file "/var/named/master/built/161.3.10.in-addr.arpa"; - }; - zone "162.3.10.in-addr.arpa" { - type master; - file "/var/named/master/built/162.3.10.in-addr.arpa"; - }; - zone "163.3.10.in-addr.arpa" { - type master; - file "/var/named/master/built/163.3.10.in-addr.arpa"; - }; - zone "164.3.10.in-addr.arpa" { - type master; - file "/var/named/master/built/164.3.10.in-addr.arpa"; - }; - zone "165.3.10.in-addr.arpa" { - type master; - file "/var/named/master/built/165.3.10.in-addr.arpa"; - }; - zone "166.3.10.in-addr.arpa" { - type master; - file "/var/named/master/built/166.3.10.in-addr.arpa"; - }; - zone "167.3.10.in-addr.arpa" { - type master; - file "/var/named/master/built/167.3.10.in-addr.arpa"; - }; - zone "168.3.10.in-addr.arpa" { - type master; - file "/var/named/master/built/168.3.10.in-addr.arpa"; - }; - zone "169.3.10.in-addr.arpa" { - type master; - file "/var/named/master/built/169.3.10.in-addr.arpa"; - }; - zone "170.3.10.in-addr.arpa" { - type master; - file "/var/named/master/built/170.3.10.in-addr.arpa"; - }; - zone "171.3.10.in-addr.arpa" { - type master; - file "/var/named/master/built/171.3.10.in-addr.arpa"; - }; - zone "172.3.10.in-addr.arpa" { - type master; - file "/var/named/master/built/172.3.10.in-addr.arpa"; - }; - zone "173.3.10.in-addr.arpa" { - type master; - file "/var/named/master/built/173.3.10.in-addr.arpa"; - }; - zone "174.3.10.in-addr.arpa" { - type master; - file "/var/named/master/built/174.3.10.in-addr.arpa"; - }; - zone "175.3.10.in-addr.arpa" { - type master; - file "/var/named/master/built/175.3.10.in-addr.arpa"; - }; - zone "176.3.10.in-addr.arpa" { - type master; - file "/var/named/master/built/176.3.10.in-addr.arpa"; - }; - zone "177.3.10.in-addr.arpa" { - type master; - file "/var/named/master/built/177.3.10.in-addr.arpa"; - }; - zone "178.3.10.in-addr.arpa" { - type master; - file "/var/named/master/built/178.3.10.in-addr.arpa"; - }; - - zone "fedoraproject.org" { - type master; - file "/var/named/master/built/IAD2/fedoraproject.org.signed"; - }; - zone "cloud.fedoraproject.org" { - type master; - file "/var/named/master/built/IAD2/cloud.fedoraproject.org.signed"; - }; - zone "getfedora.org" { - type master; - file "/var/named/master/built/IAD2/getfedora.org.signed"; - }; - zone "pagure.io" { - type master; - file "/var/named/master/built/IAD2/pagure.io"; - }; - - include "/etc/named/zones.conf"; -}; - view "DEFAULT" { match-clients { any; }; recursion no;