Infrastructure/ansible
1
0
Fork 0
Code Issues Pull requests 6 Projects Releases Packages Wiki Activity Actions
ansible/roles/dns/files/named.conf

678 lines
20 KiB
Text
Raw Blame History

// named.conf file for ns-master.fedoraproject.org
// located in /var/named/chroot/etc/named.conf
// By: Elliot Lee <sopwith@redhat.com>
// 2005/12/21 for fedoraproject.org
// Based on the same file for ns-master.gnome.org
// By: Matthew Galgoci <mgalgoci@redhat.com>
// 2003/10/13 for gnome.org
//
// Setup for GeoDNS
include "/var/named/GeoIP.acl";
//include rndckey
include "/etc/rndc.key";
// general acls
acl "everyone-v4" { 0.0.0.0/0; };
acl "everyone-v6" { ::0/0; };
acl "everyone" { 0.0.0.0/0; ::0/0; };
//
acl "ns_redhat" { 66.187.233.210; 209.132.183.22; 209.132.183.30; 209.132.183.2; 66.187.229.10; };
//
acl "iad2net" { 10.3.160.0/19; 10.16.0.0/24; };
acl "rdu2net" { 172.31.1.0/24; 172.31.2.0/24; };
acl "rh-slaves" { 10.5.30.78; 10.11.5.70; 10.5.30.45; 10.5.30.46; };
acl "rh" { 10.0.0.0/8; };
//
options {
directory "/";
auth-nxdomain yes;
allow-query { everyone; };
dnssec-enable yes;
query-source address * port *;
query-source-v6 address * port *;
allow-transfer { localhost; rh-slaves; rh;};
transfer-source * port 53;
pid-file "/var/run/named/named.pid";
statistics-file "/var/log/named.stats";
provide-ixfr no;
version "cowbell++";
listen-on port 53 {
any;
};
listen-on-v6 port 53 {
any;
};
notify yes;
minimal-responses yes;
// rate-limit requests
rate-limit {
responses-per-second 25;
window 5;
};
};
//
logging {
channel "normal" {
syslog;
severity info;
print-time yes;
print-category yes;
print-severity yes;
};
category "default" { "normal"; };
category "general" { "normal"; };
category "database" { "null"; };
category "security" { "normal"; };
category "config" { "normal"; };
category "resolver" { "normal"; };
category "xfer-in" { "normal"; };
category "xfer-out" { "normal"; };
category "notify" { "normal"; };
category "client" { "null"; };
category "network" { "null"; };
category "update" { "normal"; };
category "queries" { "null"; };
category "dispatch" { "null"; };
category "dnssec" { "normal"; };
category "lame-servers" { "null"; };
};
//
// Who can rndc our server (only localhost)...
//
controls {
inet 127.0.0.1 port 953 allow { localhost; } keys { rndckey; };
};
view "IAD2" {
match-clients { iad2net; rh-slaves; 192.168.0.0/16; rh; };
allow-recursion { localhost; iad2net; rh-slaves; rh; };
recursion yes;
// no rate-limit on internal requests
rate-limit {
exempt-clients { iad2net; rh-slaves; };
};
# make sure we forward only for redhat.com lookups
zone "redhat.com" {
type forward;
forward only;
forwarders { 10.5.26.20; 10.5.26.21; };
};
zone "projectatomic.io" {
type forward;
forward only;
forwarders { 8.8.8.8; 8.8.4.4; };
};
zone "beaker-project.org" {
type forward;
forward only;
forwarders { 8.8.8.8; 8.8.4.4; };
};
# also, we need to forward some jboss.org for fuse-fabric/bugzilla2fedmsg
zone "jboss.org" {
type forward;
forward only;
forwarders { 8.8.8.8; 8.8.4.4; };
};
# We can't access the internal Zanata servers. Just use external
zone "zanata.org" {
type forward;
forward only;
forwarders { 8.8.8.8; 8.8.4.4; };
};
# We can't access the softwarefactory-project.io. because ns1/ns2 give unroutable ips. Need to use external
zone "softwarefactory-project.io" {
type forward;
forward only;
forwarders { 8.8.8.8; 8.8.4.4; };
};
zone "3.10.in-addr.arpa" {
type forward;
forward only;
forwarders { 10.5.26.20; 10.5.26.21; };
};
zone "4.10.in-addr.arpa" {
type forward;
forward only;
forwarders { 10.5.26.20; 10.5.26.21; };
};
zone "5.10.in-addr.arpa" {
type forward;
forward only;
forwarders { 10.5.26.20; 10.5.26.21; };
};
zone "10.in-addr.arpa" {
type forward;
forward only;
forwarders { 10.5.26.20; 10.5.26.21; };
};
zone "186.132.209.in-addr.arpa." {
type forward;
forward only;
forwarders { 10.39.144.11; 10.5.19.1; 10.11.191.1; };
};
zone "phx2.fedoraproject.org" {
type master;
file "/var/named/master/built/phx2.fedoraproject.org.signed";
};
zone "iad2.fedoraproject.org" {
type master;
file "/var/named/master/built/iad2.fedoraproject.org.signed";
};
zone "mgmt.iad2.fedoraproject.org" {
type master;
file "/var/named/master/built/mgmt.iad2.fedoraproject.org";
};
zone "stg.iad2.fedoraproject.org" {
type master;
file "/var/named/master/built/stg.iad2.fedoraproject.org";
};
zone "mgmt.rdu-cc.fedoraproject.org" {
type master;
file "/var/named/master/built/mgmt.rdu-cc.fedoraproject.org";
};
zone "rdu2.fedoraproject.org" {
type master;
file "/var/named/master/built/rdu2.fedoraproject.org";
};
zone "s390.fedoraproject.org" {
type master;
file "/var/named/master/built/s390.fedoraproject.org";
};
zone "0.16.10.in-addr.arpa" {
type master;
file "/var/named/master/built/0.16.10.in-addr.arpa";
};
zone "2.31.172.in-addr.arpa" {
type master;
file "/var/named/master/built/2.31.172.in-addr.arpa";
};
zone "160.3.10.in-addr.arpa" {
type master;
file "/var/named/master/built/160.3.10.in-addr.arpa";
};
zone "161.3.10.in-addr.arpa" {
type master;
file "/var/named/master/built/161.3.10.in-addr.arpa";
};
zone "162.3.10.in-addr.arpa" {
type master;
file "/var/named/master/built/162.3.10.in-addr.arpa";
};
zone "163.3.10.in-addr.arpa" {
type master;
file "/var/named/master/built/163.3.10.in-addr.arpa";
};
zone "164.3.10.in-addr.arpa" {
type master;
file "/var/named/master/built/164.3.10.in-addr.arpa";
};
zone "165.3.10.in-addr.arpa" {
type master;
file "/var/named/master/built/165.3.10.in-addr.arpa";
};
zone "166.3.10.in-addr.arpa" {
type master;
file "/var/named/master/built/166.3.10.in-addr.arpa";
};
zone "167.3.10.in-addr.arpa" {
type master;
file "/var/named/master/built/167.3.10.in-addr.arpa";
};
zone "168.3.10.in-addr.arpa" {
type master;
file "/var/named/master/built/168.3.10.in-addr.arpa";
};
zone "169.3.10.in-addr.arpa" {
type master;
file "/var/named/master/built/169.3.10.in-addr.arpa";
};
zone "170.3.10.in-addr.arpa" {
type master;
file "/var/named/master/built/170.3.10.in-addr.arpa";
};
zone "171.3.10.in-addr.arpa" {
type master;
file "/var/named/master/built/171.3.10.in-addr.arpa";
};
zone "172.3.10.in-addr.arpa" {
type master;
file "/var/named/master/built/172.3.10.in-addr.arpa";
};
zone "173.3.10.in-addr.arpa" {
type master;
file "/var/named/master/built/173.3.10.in-addr.arpa";
};
zone "174.3.10.in-addr.arpa" {
type master;
file "/var/named/master/built/174.3.10.in-addr.arpa";
};
zone "175.3.10.in-addr.arpa" {
type master;
file "/var/named/master/built/175.3.10.in-addr.arpa";
};
zone "176.3.10.in-addr.arpa" {
type master;
file "/var/named/master/built/176.3.10.in-addr.arpa";
};
zone "177.3.10.in-addr.arpa" {
type master;
file "/var/named/master/built/177.3.10.in-addr.arpa";
};
zone "178.3.10.in-addr.arpa" {
type master;
file "/var/named/master/built/178.3.10.in-addr.arpa";
};
zone "fedoraproject.org" {
type master;
file "/var/named/master/built/IAD2/fedoraproject.org.signed";
};
zone "cloud.fedoraproject.org" {
type master;
file "/var/named/master/built/IAD2/cloud.fedoraproject.org.signed";
};
zone "getfedora.org" {
type master;
file "/var/named/master/built/IAD2/getfedora.org.signed";
};
zone "pagure.io" {
type master;
file "/var/named/master/built/IAD2/pagure.io";
};
include "/etc/named/zones.conf";
};
view "RDU2" {
match-clients { rdu2net; 192.168.0.0/16; };
allow-recursion { localhost; rdu2net; };
recursion yes;
// no rate-limit on internal requests
rate-limit {
exempt-clients { rdu2net; };
};
# make sure we forward only for redhat.com lookups
zone "redhat.com" {
type forward;
forward only;
forwarders { 10.5.26.20; 10.5.26.21; };
};
zone "projectatomic.io" {
type forward;
forward only;
forwarders { 8.8.8.8; 8.8.4.4; };
};
zone "beaker-project.org" {
type forward;
forward only;
forwarders { 8.8.8.8; 8.8.4.4; };
};
# also, we need to forward some jboss.org for fuse-fabric/bugzilla2fedmsg
zone "jboss.org" {
type forward;
forward only;
forwarders { 8.8.8.8; 8.8.4.4; };
};
# We can't access the internal Zanata servers. Just use external
zone "zanata.org" {
type forward;
forward only;
forwarders { 8.8.8.8; 8.8.4.4; };
};
# We can't access the softwarefactory-project.io. because ns1/ns2 give unroutable ips. Need to use external
zone "softwarefactory-project.io" {
type forward;
forward only;
forwarders { 8.8.8.8; 8.8.4.4; };
};
zone "3.10.in-addr.arpa" {
type forward;
forward only;
forwarders { 10.5.26.20; 10.5.26.21; };
};
zone "4.10.in-addr.arpa" {
type forward;
forward only;
forwarders { 10.5.26.20; 10.5.26.21; };
};
zone "5.10.in-addr.arpa" {
type forward;
forward only;
forwarders { 10.5.26.20; 10.5.26.21; };
};
zone "10.in-addr.arpa" {
type forward;
forward only;
forwarders { 10.5.26.20; 10.5.26.21; };
};
zone "186.132.209.in-addr.arpa." {
type forward;
forward only;
forwarders { 10.39.144.11; 10.5.19.1; 10.11.191.1; };
};
zone "phx2.fedoraproject.org" {
type master;
file "/var/named/master/built/phx2.fedoraproject.org.signed";
};
zone "iad2.fedoraproject.org" {
type master;
file "/var/named/master/built/iad2.fedoraproject.org.signed";
};
zone "mgmt.iad2.fedoraproject.org" {
type master;
file "/var/named/master/built/mgmt.iad2.fedoraproject.org";
};
zone "stg.iad2.fedoraproject.org" {
type master;
file "/var/named/master/built/stg.iad2.fedoraproject.org";
};
zone "mgmt.rdu-cc.fedoraproject.org" {
type master;
file "/var/named/master/built/mgmt.rdu-cc.fedoraproject.org";
};
zone "rdu2.fedoraproject.org" {
type master;
file "/var/named/master/built/rdu2.fedoraproject.org";
};
zone "s390.fedoraproject.org" {
type master;
file "/var/named/master/built/s390.fedoraproject.org";
};
zone "0.16.10.in-addr.arpa" {
type master;
file "/var/named/master/built/0.16.10.in-addr.arpa";
};
zone "2.31.172.in-addr.arpa" {
type master;
file "/var/named/master/built/2.31.172.in-addr.arpa";
};
zone "160.3.10.in-addr.arpa" {
type master;
file "/var/named/master/built/160.3.10.in-addr.arpa";
};
zone "161.3.10.in-addr.arpa" {
type master;
file "/var/named/master/built/161.3.10.in-addr.arpa";
};
zone "162.3.10.in-addr.arpa" {
type master;
file "/var/named/master/built/162.3.10.in-addr.arpa";
};
zone "163.3.10.in-addr.arpa" {
type master;
file "/var/named/master/built/163.3.10.in-addr.arpa";
};
zone "164.3.10.in-addr.arpa" {
type master;
file "/var/named/master/built/164.3.10.in-addr.arpa";
};
zone "165.3.10.in-addr.arpa" {
type master;
file "/var/named/master/built/165.3.10.in-addr.arpa";
};
zone "166.3.10.in-addr.arpa" {
type master;
file "/var/named/master/built/166.3.10.in-addr.arpa";
};
zone "167.3.10.in-addr.arpa" {
type master;
file "/var/named/master/built/167.3.10.in-addr.arpa";
};
zone "168.3.10.in-addr.arpa" {
type master;
file "/var/named/master/built/168.3.10.in-addr.arpa";
};
zone "169.3.10.in-addr.arpa" {
type master;
file "/var/named/master/built/169.3.10.in-addr.arpa";
};
zone "170.3.10.in-addr.arpa" {
type master;
file "/var/named/master/built/170.3.10.in-addr.arpa";
};
zone "171.3.10.in-addr.arpa" {
type master;
file "/var/named/master/built/171.3.10.in-addr.arpa";
};
zone "172.3.10.in-addr.arpa" {
type master;
file "/var/named/master/built/172.3.10.in-addr.arpa";
};
zone "173.3.10.in-addr.arpa" {
type master;
file "/var/named/master/built/173.3.10.in-addr.arpa";
};
zone "174.3.10.in-addr.arpa" {
type master;
file "/var/named/master/built/174.3.10.in-addr.arpa";
};
zone "175.3.10.in-addr.arpa" {
type master;
file "/var/named/master/built/175.3.10.in-addr.arpa";
};
zone "176.3.10.in-addr.arpa" {
type master;
file "/var/named/master/built/176.3.10.in-addr.arpa";
};
zone "177.3.10.in-addr.arpa" {
type master;
file "/var/named/master/built/177.3.10.in-addr.arpa";
};
zone "178.3.10.in-addr.arpa" {
type master;
file "/var/named/master/built/178.3.10.in-addr.arpa";
};
zone "fedoraproject.org" {
type master;
file "/var/named/master/built/NA/fedoraproject.org.signed";
};
zone "cloud.fedoraproject.org" {
type master;
file "/var/named/master/built/NA/cloud.fedoraproject.org.signed";
};
zone "getfedora.org" {
type master;
file "/var/named/master/built/NA/getfedora.org.signed";
};
zone "pagure.io" {
type master;
file "/var/named/master/built/NA/pagure.io";
};
include "/etc/named/zones.conf";
};
// The zones
view "NA" {
match-clients { US; CA; MX; BM; GL; AG; AI; BS; BZ; CR; CU; DO; GT; HN; HT; JM; KY; NI; PM; PR; SV; TC; VG; VI; };
recursion no;
// no rate-limit on internal requests
rate-limit {
exempt-clients { ns_redhat; };
};
zone "fedoraproject.org" {
type master;
file "/var/named/master/built/NA/fedoraproject.org.signed";
};
zone "cloud.fedoraproject.org" {
type master;
file "/var/named/master/built/NA/cloud.fedoraproject.org.signed";
};
zone "getfedora.org" {
type master;
file "/var/named/master/built/NA/getfedora.org.signed";
};
zone "pagure.io" {
type master;
file "/var/named/master/built/NA/pagure.io";
};
include "/etc/named/zones.conf";
};
// This should have been EME and during the next freeze break should be made as such.
view "EU" {
match-clients { AD; AL; AT; AX; BA; BE; BG; CH; CZ; DE; DK; EE; ES; FI; FO; FR; GB; GG; GI; GR; HR; HU; IE; IM; IS; IT; JE; LI; LT; LU; LV; MC; ME; MK; MT; NL; NO; PL; PT; RO; RS; RU; SE; SI; SJ; SK; SM; UA; VA; AE; AM; AZ; BH; CY; GE; IL; IQ; JO; KW; LB; OM; QA; SA; TR; YE; BY; MD; PS; SY; };
recursion no;
zone "fedoraproject.org" {
type master;
file "/var/named/master/built/EU/fedoraproject.org.signed";
};
zone "cloud.fedoraproject.org" {
type master;
file "/var/named/master/built/EU/cloud.fedoraproject.org.signed";
};
zone "getfedora.org" {
type master;
file "/var/named/master/built/EU/getfedora.org.signed";
};
zone "pagure.io" {
type master;
file "/var/named/master/built/EU/pagure.io";
};
include "/etc/named/zones.conf";
};
view "APAC" {
match-clients { AF; BD; BN; BT; CN; HK; ID; IN; JP; KG; KH; KZ; LA; LK; MM; MN; MO; MV; MY; NP; PH; PK; SG; TH; TJ; TL; TM; UZ; VN; AS; AU; CC; CK; CX; FJ; FM; GU; HM; KI; MH; MP; NC; NF; NR; NU; NZ; PF; PG; PN; PW; SB; TK; TO; TV; UM; VU; WF; WS; IR; KP; KR; TW; };
recursion no;
zone "fedoraproject.org" {
type master;
file "/var/named/master/built/APAC/fedoraproject.org.signed";
};
zone "cloud.fedoraproject.org" {
type master;
file "/var/named/master/built/APAC/cloud.fedoraproject.org.signed";
};
zone "getfedora.org" {
type master;
file "/var/named/master/built/APAC/getfedora.org.signed";
};
zone "pagure.io" {
type master;
file "/var/named/master/built/APAC/pagure.io";
};
include "/etc/named/zones.conf";
};
view "AFR" {
match-clients { AO; BF; BI; BJ; BW; CD; CF; CG; CI; CM; CV; DJ; DZ; EG; ER; ET; GA; GH; GM; GN; GQ; GW; KE; KM; LR; LS; LY; MA; MG; ML; MR; MU; MW; MZ; NA; NE; NG; RW; SC; SD; SL; SN; SO; SS; ST; SZ; TD; TG; TN; TZ; UG; ZA; ZM; ZW; BV; RE; SH; TF; YT; };
recursion no;
zone "fedoraproject.org" {
type master;
file "/var/named/master/built/AFR/fedoraproject.org.signed";
};
zone "cloud.fedoraproject.org" {
type master;
file "/var/named/master/built/AFR/cloud.fedoraproject.org.signed";
};
zone "getfedora.org" {
type master;
file "/var/named/master/built/AFR/getfedora.org.signed";
};
zone "pagure.io" {
type master;
file "/var/named/master/built/AFR/pagure.io";
};
include "/etc/named/zones.conf";
};
view "SA" {
match-clients { AR; BO; BR; CL; CO; EC; GY; PY; PE; SR; UY; VE; FK; GF; AQ; AW; BB; CW; DM; GD; GP; GS; KN; LC; MQ; MS; PA; SX; TT; VC; };
recursion no;
zone "fedoraproject.org" {
type master;
file "/var/named/master/built/SA/fedoraproject.org.signed";
};
zone "cloud.fedoraproject.org" {
type master;
file "/var/named/master/built/SA/cloud.fedoraproject.org.signed";
};
zone "getfedora.org" {
type master;
file "/var/named/master/built/SA/getfedora.org.signed";
};
zone "pagure.io" {
type master;
file "/var/named/master/built/SA/pagure.io";
};
include "/etc/named/zones.conf";
};
view "DEFAULT" {
match-clients { any; };
recursion no;
zone "fedoraproject.org" {
type master;
file "/var/named/master/built/DEFAULT/fedoraproject.org.signed";
};
zone "cloud.fedoraproject.org" {
type master;
file "/var/named/master/built/DEFAULT/cloud.fedoraproject.org.signed";
};
zone "getfedora.org" {
type master;
file "/var/named/master/built/DEFAULT/getfedora.org.signed";
};
zone "pagure.io" {
type master;
file "/var/named/master/built/DEFAULT/pagure.io";
};
include "/etc/named/zones.conf";
};
// Enabling bind9 statistics on localhost for collectd
statistics-channels {
inet 127.0.0.1 port 8053;
};
Reference in a new issue View git blame Copy permalink