mirror of
https://pagure.io/fedora-infra/ansible.git
synced 2026-03-20 03:57:02 +08:00
dns / rdu3: add in rdu3 zones to dns
This should setup the rdu3 vlans with initial dns, which is just a copy of our iad2 networks with 10.3 changing to 10.16. Once rdu3 machines have network we should be able to use these to let rdu3 hosts query the regular dns servers for things. Signed-off-by: Kevin Fenzi <kevin@scrye.com>
This commit is contained in:
Kevin Fenzi
@@ -22,6 +22,7 @@ acl "ns_redhat" { 66.187.233.210; 209.132.183.22; 209.132.183.30; 209.132.183.2;
|
||||
//
|
||||
acl "iad2net" { 10.3.160.0/19; 10.16.0.0/24; 10.1.102.0/24; };
|
||||
acl "rdu2net" { 172.31.1.0/24; 172.31.2.0/24; };
|
||||
acl "rdu3net" { 10.16.160.0/19; 10.1.102.0/24; };
|
||||
acl "rh-slaves" { 10.11.5.70; };
|
||||
acl "rh" { 10.0.0.0/8; };
|
||||
//
|
||||
@@ -180,6 +181,10 @@ view "IAD2" {
|
||||
type master;
|
||||
file "/var/named/master/built/iad2.fedoraproject.org.signed";
|
||||
};
|
||||
zone "rdu3.fedoraproject.org" {
|
||||
type master;
|
||||
file "/var/named/master/built/rdu3.fedoraproject.org.signed";
|
||||
};
|
||||
zone "mgmt.iad2.fedoraproject.org" {
|
||||
type master;
|
||||
file "/var/named/master/built/mgmt.iad2.fedoraproject.org";
|
||||
@@ -538,6 +543,225 @@ view "RDU2" {
|
||||
include "/etc/named/zones.conf";
|
||||
};
|
||||
|
||||
view "RDU3" {
|
||||
match-clients { rdu3net; rh-slaves; 192.168.0.0/16; rh; };
|
||||
allow-recursion { localhost; rdu3net; rh-slaves; rh; };
|
||||
recursion yes;
|
||||
// no rate-limit on internal requests
|
||||
rate-limit {
|
||||
exempt-clients { rdu3net; rh-slaves; };
|
||||
};
|
||||
|
||||
# make sure we forward only for redhat.com lookups
|
||||
zone "redhat.com" {
|
||||
type forward;
|
||||
forward only;
|
||||
forwarders { 10.2.32.1; 10.11.5.19; 10.38.5.26; 10.68.5.26; };
|
||||
};
|
||||
|
||||
zone "projectatomic.io" {
|
||||
type forward;
|
||||
forward only;
|
||||
forwarders { 8.8.8.8; 8.8.4.4; };
|
||||
};
|
||||
|
||||
zone "beaker-project.org" {
|
||||
type forward;
|
||||
forward only;
|
||||
forwarders { 8.8.8.8; 8.8.4.4; };
|
||||
};
|
||||
|
||||
# also, we need to forward some jboss.org for fuse-fabric/bugzilla2fedmsg
|
||||
zone "jboss.org" {
|
||||
type forward;
|
||||
forward only;
|
||||
forwarders { 8.8.8.8; 8.8.4.4; };
|
||||
};
|
||||
|
||||
# We can't access the internal Zanata servers. Just use external
|
||||
zone "zanata.org" {
|
||||
type forward;
|
||||
forward only;
|
||||
forwarders { 8.8.8.8; 8.8.4.4; };
|
||||
};
|
||||
|
||||
# We can't access the softwarefactory-project.io. because ns1/ns2 give unroutable ips. Need to use external
|
||||
zone "softwarefactory-project.io" {
|
||||
type forward;
|
||||
forward only;
|
||||
forwarders { 8.8.8.8; 8.8.4.4; };
|
||||
};
|
||||
|
||||
zone "3.10.in-addr.arpa" {
|
||||
type forward;
|
||||
forward only;
|
||||
forwarders { 10.2.32.1; 10.11.5.19; 10.38.5.26; 10.68.5.26; };
|
||||
};
|
||||
|
||||
zone "4.10.in-addr.arpa" {
|
||||
type forward;
|
||||
forward only;
|
||||
forwarders { 10.2.32.1; 10.11.5.19; 10.38.5.26; 10.68.5.26; };
|
||||
};
|
||||
|
||||
zone "5.10.in-addr.arpa" {
|
||||
type forward;
|
||||
forward only;
|
||||
forwarders { 10.2.32.1; 10.11.5.19; 10.38.5.26; 10.68.5.26; };
|
||||
};
|
||||
|
||||
zone "10.in-addr.arpa" {
|
||||
type forward;
|
||||
forward only;
|
||||
forwarders { 10.2.32.1; 10.11.5.19; 10.38.5.26; 10.68.5.26; };
|
||||
};
|
||||
|
||||
zone "186.132.209.in-addr.arpa." {
|
||||
type forward;
|
||||
forward only;
|
||||
forwarders { 10.39.144.11; 10.69.144.11; 10.11.191.1; };
|
||||
};
|
||||
|
||||
zone "mgmt.rdu3.fedoraproject.org" {
|
||||
type master;
|
||||
file "/var/named/master/built/mgmt.iad2.fedoraproject.org";
|
||||
};
|
||||
|
||||
zone "mgmt.rdu-cc.fedoraproject.org" {
|
||||
type master;
|
||||
file "/var/named/master/built/mgmt.rdu-cc.fedoraproject.org";
|
||||
};
|
||||
|
||||
zone "stg.rdu3.fedoraproject.org" {
|
||||
type master;
|
||||
file "/var/named/master/built/stg.rdu3.fedoraproject.org";
|
||||
};
|
||||
|
||||
zone "rdu2.fedoraproject.org" {
|
||||
type master;
|
||||
file "/var/named/master/built/rdu2.fedoraproject.org";
|
||||
};
|
||||
|
||||
zone "s390.fedoraproject.org" {
|
||||
type master;
|
||||
file "/var/named/master/built/s390.fedoraproject.org";
|
||||
};
|
||||
|
||||
zone "0.16.10.in-addr.arpa" {
|
||||
type master;
|
||||
file "/var/named/master/built/0.16.10.in-addr.arpa";
|
||||
};
|
||||
|
||||
zone "102.1.10.in-addr.arpa" {
|
||||
type master;
|
||||
file "/var/named/master/built/102.1.10.in-addr.arpa";
|
||||
};
|
||||
|
||||
zone "2.31.172.in-addr.arpa" {
|
||||
type master;
|
||||
file "/var/named/master/built/2.31.172.in-addr.arpa";
|
||||
};
|
||||
|
||||
zone "160.16.10.in-addr.arpa" {
|
||||
type master;
|
||||
file "/var/named/master/built/160.16.10.in-addr.arpa";
|
||||
};
|
||||
zone "161.16.10.in-addr.arpa" {
|
||||
type master;
|
||||
file "/var/named/master/built/161.16.10.in-addr.arpa";
|
||||
};
|
||||
zone "162.16.10.in-addr.arpa" {
|
||||
type master;
|
||||
file "/var/named/master/built/162.16.10.in-addr.arpa";
|
||||
};
|
||||
zone "163.16.10.in-addr.arpa" {
|
||||
type master;
|
||||
file "/var/named/master/built/163.16.10.in-addr.arpa";
|
||||
};
|
||||
zone "164.16.10.in-addr.arpa" {
|
||||
type master;
|
||||
file "/var/named/master/built/164.16.10.in-addr.arpa";
|
||||
};
|
||||
zone "165.16.10.in-addr.arpa" {
|
||||
type master;
|
||||
file "/var/named/master/built/165.16.10.in-addr.arpa";
|
||||
};
|
||||
zone "166.16.10.in-addr.arpa" {
|
||||
type master;
|
||||
file "/var/named/master/built/166.16.10.in-addr.arpa";
|
||||
};
|
||||
zone "167.16.10.in-addr.arpa" {
|
||||
type master;
|
||||
file "/var/named/master/built/167.16.10.in-addr.arpa";
|
||||
};
|
||||
zone "168.16.10.in-addr.arpa" {
|
||||
type master;
|
||||
file "/var/named/master/built/168.16.10.in-addr.arpa";
|
||||
};
|
||||
zone "169.16.10.in-addr.arpa" {
|
||||
type master;
|
||||
file "/var/named/master/built/169.16.10.in-addr.arpa";
|
||||
};
|
||||
zone "170.16.10.in-addr.arpa" {
|
||||
type master;
|
||||
file "/var/named/master/built/170.16.10.in-addr.arpa";
|
||||
};
|
||||
zone "171.16.10.in-addr.arpa" {
|
||||
type master;
|
||||
file "/var/named/master/built/171.16.10.in-addr.arpa";
|
||||
};
|
||||
zone "172.16.10.in-addr.arpa" {
|
||||
type master;
|
||||
file "/var/named/master/built/172.16.10.in-addr.arpa";
|
||||
};
|
||||
zone "173.16.10.in-addr.arpa" {
|
||||
type master;
|
||||
file "/var/named/master/built/173.16.10.in-addr.arpa";
|
||||
};
|
||||
zone "174.16.10.in-addr.arpa" {
|
||||
type master;
|
||||
file "/var/named/master/built/174.16.10.in-addr.arpa";
|
||||
};
|
||||
zone "175.16.10.in-addr.arpa" {
|
||||
type master;
|
||||
file "/var/named/master/built/175.16.10.in-addr.arpa";
|
||||
};
|
||||
zone "176.16.10.in-addr.arpa" {
|
||||
type master;
|
||||
file "/var/named/master/built/176.16.10.in-addr.arpa";
|
||||
};
|
||||
zone "177.16.10.in-addr.arpa" {
|
||||
type master;
|
||||
file "/var/named/master/built/177.16.10.in-addr.arpa";
|
||||
};
|
||||
zone "178.16.10.in-addr.arpa" {
|
||||
type master;
|
||||
file "/var/named/master/built/178.16.10.in-addr.arpa";
|
||||
};
|
||||
|
||||
zone "fedoraproject.org" {
|
||||
type master;
|
||||
file "/var/named/master/built/IAD2/fedoraproject.org.signed";
|
||||
};
|
||||
|
||||
zone "cloud.fedoraproject.org" {
|
||||
type master;
|
||||
file "/var/named/master/built/IAD2/cloud.fedoraproject.org.signed";
|
||||
};
|
||||
|
||||
zone "getfedora.org" {
|
||||
type master;
|
||||
file "/var/named/master/built/IAD2/getfedora.org.signed";
|
||||
};
|
||||
|
||||
zone "pagure.io" {
|
||||
type master;
|
||||
file "/var/named/master/built/IAD2/pagure.io";
|
||||
};
|
||||
|
||||
include "/etc/named/zones.conf";
|
||||
};
|
||||
|
||||
// The zones
|
||||
view "NA" {
|
||||
match-clients { US; CA; MX; BM; GL; AG; AI; BS; BZ; CR; CU; DO; GT; HN; HT; JM; KY; NI; PM; PR; SV; TC; VG; VI; };
|
||||
|
||||
Reference in New Issue
Block a user