mirror of
https://pagure.io/fedora-infra/ansible.git
synced 2026-05-04 08:02:08 +08:00
293 lines
8.0 KiB
Plaintext
293 lines
8.0 KiB
Plaintext
// named.conf file for ns-master.fedoraproject.org
|
|
// located in /var/named/chroot/etc/named.conf
|
|
// By: Elliot Lee <sopwith@redhat.com>
|
|
// 2005/12/21 for fedoraproject.org
|
|
// Based on the same file for ns-master.gnome.org
|
|
// By: Matthew Galgoci <mgalgoci@redhat.com>
|
|
// 2003/10/13 for gnome.org
|
|
//
|
|
|
|
// Setup for GeoDNS
|
|
include "/var/named/GeoIP.acl";
|
|
|
|
//include rndckey
|
|
include "/etc/rndc.key";
|
|
|
|
// dns1.j2solutions.net - run by Jesse Keating <jkeating@redhat.com>
|
|
acl "slaves" { 209.124.61.35; };
|
|
//
|
|
acl "everyone-v4" { 0.0.0.0/0; };
|
|
acl "everyone-v6" { ::0/0; };
|
|
acl "everyone" { 0.0.0.0/0; ::0/0; };
|
|
//
|
|
acl "ns_redhat" { 66.187.233.210; 209.132.183.2; 66.187.229.10; };
|
|
//
|
|
acl "phx2net" { 10.4.124.128/25; 10.5.78.0/24; 10.5.79.0/24; 10.5.125.0/24; 10.5.126.0/24; 10.5.127.0/24; };
|
|
acl "rh-slaves" { 172.16.52.28; 10.11.255.27; 10.11.255.3; };
|
|
acl "rh" { 10.0.0.0/8; };
|
|
//
|
|
options {
|
|
directory "/";
|
|
auth-nxdomain yes;
|
|
allow-query { everyone; };
|
|
dnssec-enable yes;
|
|
query-source address * port *;
|
|
query-source-v6 address * port *;
|
|
allow-transfer { localhost; slaves; rh-slaves; rh;};
|
|
transfer-source * port 53;
|
|
pid-file "/var/run/named/named.pid";
|
|
statistics-file "/var/log/named.stats";
|
|
provide-ixfr no;
|
|
|
|
version "cowbell++";
|
|
listen-on port 53 {
|
|
any;
|
|
};
|
|
listen-on-v6 port 53 {
|
|
any;
|
|
};
|
|
notify yes;
|
|
minimal-responses yes;
|
|
// rate-limit requests
|
|
rate-limit {
|
|
responses-per-second 25;
|
|
window 5;
|
|
};
|
|
};
|
|
//
|
|
logging {
|
|
channel "normal" {
|
|
syslog;
|
|
severity info;
|
|
print-time yes;
|
|
print-category yes;
|
|
print-severity yes;
|
|
};
|
|
category "default" { "normal"; };
|
|
category "general" { "normal"; };
|
|
category "database" { "null"; };
|
|
category "security" { "normal"; };
|
|
category "config" { "normal"; };
|
|
category "resolver" { "normal"; };
|
|
category "xfer-in" { "normal"; };
|
|
category "xfer-out" { "normal"; };
|
|
category "notify" { "normal"; };
|
|
category "client" { "null"; };
|
|
category "network" { "null"; };
|
|
category "update" { "normal"; };
|
|
category "queries" { "null"; };
|
|
category "dispatch" { "null"; };
|
|
category "dnssec" { "normal"; };
|
|
category "lame-servers" { "null"; };
|
|
};
|
|
//
|
|
// Who can rndc our server (only localhost)...
|
|
//
|
|
controls {
|
|
inet 127.0.0.1 port 953 allow { localhost; } keys { rndckey; };
|
|
};
|
|
|
|
view "PHX2" {
|
|
match-clients { 10.0.0.0/8; 192.168.0.0/16; 172.16.0.0/12; };
|
|
allow-recursion { localhost; phx2net; rh-slaves; rh; };
|
|
recursion yes;
|
|
// no rate-limit on internal requests
|
|
rate-limit {
|
|
exempt-clients { phx2net; };
|
|
};
|
|
# make sure we forward only for redhat.com lookups
|
|
zone "redhat.com" {
|
|
type forward;
|
|
forward only;
|
|
forwarders { 10.5.26.20; 10.5.26.21; };
|
|
};
|
|
|
|
zone "beaker-project.org" {
|
|
type forward;
|
|
forward only;
|
|
forwarders { 10.5.26.20; 10.5.26.21; };
|
|
};
|
|
|
|
# also, we need to forward some jboss.org for fuse-fabric/bugzilla2fedmsg
|
|
zone "jboss.org" {
|
|
type forward;
|
|
forward only;
|
|
forwarders { 10.5.26.20; 10.5.26.21; };
|
|
};
|
|
|
|
zone "88.5.10.in-addr.arpa" {
|
|
type forward;
|
|
forward only;
|
|
forwarders { 10.5.26.20; 10.5.26.21; };
|
|
};
|
|
|
|
zone "4.10.in-addr.arpa" {
|
|
type forward;
|
|
forward only;
|
|
forwarders { 10.5.26.20; 10.5.26.21; };
|
|
};
|
|
|
|
zone "5.10.in-addr.arpa" {
|
|
type forward;
|
|
forward only;
|
|
forwarders { 10.5.26.20; 10.5.26.21; };
|
|
};
|
|
|
|
zone "10.in-addr.arpa" {
|
|
type forward;
|
|
forward only;
|
|
forwarders { 10.5.26.20; 10.5.26.21; };
|
|
};
|
|
|
|
zone "186.132.209.in-addr.arpa." {
|
|
type forward;
|
|
forward only;
|
|
forwarders { 10.5.26.20; 10.5.26.21; };
|
|
};
|
|
|
|
zone "qa.fedoraproject.org" {
|
|
type master;
|
|
file "/var/named/master/built/qa.fedoraproject.org";
|
|
};
|
|
|
|
zone "phx2.fedoraproject.org" {
|
|
type master;
|
|
file "/var/named/master/built/phx2.fedoraproject.org";
|
|
};
|
|
|
|
zone "mgmt.fedoraproject.org" {
|
|
type master;
|
|
file "/var/named/master/built/mgmt.fedoraproject.org";
|
|
};
|
|
|
|
zone "arm.fedoraproject.org" {
|
|
type master;
|
|
file "/var/named/master/built/arm.fedoraproject.org";
|
|
};
|
|
|
|
zone "78.5.10.in-addr.arpa" {
|
|
type master;
|
|
file "/var/named/master/built/78.5.10.in-addr.arpa";
|
|
};
|
|
|
|
zone "79.5.10.in-addr.arpa" {
|
|
type master;
|
|
file "/var/named/master/built/79.5.10.in-addr.arpa";
|
|
};
|
|
|
|
zone "124.5.10.in-addr.arpa" {
|
|
type master;
|
|
file "/var/named/master/built/124.5.10.in-addr.arpa";
|
|
};
|
|
|
|
zone "125.5.10.in-addr.arpa" {
|
|
type master;
|
|
file "/var/named/master/built/125.5.10.in-addr.arpa";
|
|
};
|
|
|
|
zone "126.5.10.in-addr.arpa" {
|
|
type master;
|
|
file "/var/named/master/built/126.5.10.in-addr.arpa";
|
|
};
|
|
|
|
zone "127.5.10.in-addr.arpa" {
|
|
type master;
|
|
file "/var/named/master/built/127.5.10.in-addr.arpa";
|
|
};
|
|
|
|
zone "128.5.10.in-addr.arpa" {
|
|
type master;
|
|
file "/var/named/master/built/128.5.10.in-addr.arpa";
|
|
};
|
|
|
|
zone "130.5.10.in-addr.arpa" {
|
|
type master;
|
|
file "/var/named/master/built/130.5.10.in-addr.arpa";
|
|
};
|
|
|
|
zone "131.5.10.in-addr.arpa" {
|
|
type master;
|
|
file "/var/named/master/built/131.5.10.in-addr.arpa";
|
|
};
|
|
|
|
|
|
zone "fedoraproject.org" {
|
|
type master;
|
|
file "/var/named/master/built/PHX2/fedoraproject.org.signed";
|
|
};
|
|
zone "cloud.fedoraproject.org" {
|
|
type master;
|
|
file "/var/named/master/built/PHX2/cloud.fedoraproject.org.signed";
|
|
};
|
|
zone "getfedora.org" {
|
|
type master;
|
|
file "/var/named/master/built/PHX2/getfedora.org.signed";
|
|
};
|
|
|
|
include "/etc/named/zones.conf";
|
|
};
|
|
|
|
|
|
// The zones
|
|
view "NA" {
|
|
match-clients { US; CA; MX; };
|
|
recursion no;
|
|
zone "fedoraproject.org" {
|
|
type master;
|
|
file "/var/named/master/built/NA/fedoraproject.org.signed";
|
|
};
|
|
zone "cloud.fedoraproject.org" {
|
|
type master;
|
|
file "/var/named/master/built/NA/cloud.fedoraproject.org.signed";
|
|
};
|
|
zone "getfedora.org" {
|
|
type master;
|
|
file "/var/named/master/built/NA/getfedora.org.signed";
|
|
};
|
|
include "/etc/named/zones.conf";
|
|
};
|
|
|
|
|
|
// This is not "EU" countries, I just wanted a short way to represent Europe.
|
|
view "EU" {
|
|
match-clients { AT; BE; BG; CY; CZ; DE; DK; EE; ES; FI; FR; GR; HU; IT; LT; LU; LV; MT; NL; PL; PT; RO; RU; SE; UA; GB; IE; IS; NO; };
|
|
recursion no;
|
|
zone "fedoraproject.org" {
|
|
type master;
|
|
file "/var/named/master/built/EU/fedoraproject.org.signed";
|
|
};
|
|
zone "cloud.fedoraproject.org" {
|
|
type master;
|
|
file "/var/named/master/built/EU/cloud.fedoraproject.org.signed";
|
|
};
|
|
zone "getfedora.org" {
|
|
type master;
|
|
file "/var/named/master/built/EU/getfedora.org.signed";
|
|
};
|
|
include "/etc/named/zones.conf";
|
|
};
|
|
|
|
|
|
view "DEFAULT" {
|
|
match-clients { any; };
|
|
recursion no;
|
|
zone "fedoraproject.org" {
|
|
type master;
|
|
file "/var/named/master/built/DEFAULT/fedoraproject.org.signed";
|
|
};
|
|
zone "cloud.fedoraproject.org" {
|
|
type master;
|
|
file "/var/named/master/built/DEFAULT/cloud.fedoraproject.org.signed";
|
|
};
|
|
zone "getfedora.org" {
|
|
type master;
|
|
file "/var/named/master/built/DEFAULT/getfedora.org.signed";
|
|
};
|
|
include "/etc/named/zones.conf";
|
|
};
|
|
|
|
// Enabling bind9 statistics on localhost for collectd
|
|
statistics-channels {
|
|
inet 127.0.0.1 port 8053;
|
|
};
|