WarlockFish/fedora-infra_ansible
1
0
Fork 0
mirror of https://pagure.io/fedora-infra/ansible.git synced 2026-03-20 03:57:02 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
a943654af2095b3da4c730ce38e5c6c53a258b0f
fedora-infra_ansible/roles/dns/files/named.conf
Kevin Fenzi 488ead0559 dns: add reverse zones for new isolated rdu3 vlans 
These vlans will be used by the stuff moving from the
rd2 community cage over to rdu3. We want it isolated
from the rest of our stuff (in particular pagure and copr builders).

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
2025-09-29 13:29:45 -07:00

578 lines
17 KiB
Plaintext
Raw Blame History

// named.conf file for ns-master.fedoraproject.org
// located in /var/named/chroot/etc/named.conf
// By: Elliot Lee <sopwith@redhat.com>
// 2005/12/21 for fedoraproject.org
// Based on the same file for ns-master.gnome.org
// By: Matthew Galgoci <mgalgoci@redhat.com>
// 2003/10/13 for gnome.org
//
// Setup for GeoDNS
include "/var/named/GeoIP.acl";
//include rndckey
include "/etc/rndc.key";
// general acls
acl "everyone-v4" { 0.0.0.0/0; };
acl "everyone-v6" { ::0/0; };
acl "everyone" { 0.0.0.0/0; ::0/0; };
//
acl "ns_redhat" { 66.187.233.210; 209.132.183.22; 209.132.183.30; 209.132.183.2; 66.187.229.10; };
//
acl "rdu2net" { 172.31.1.0/24; 172.31.2.0/24; };
acl "rdu3net" { 10.16.160.0/19; 10.1.102.0/24; };
acl "rh-slaves" { 10.11.5.70; };
acl "rh" { 10.0.0.0/8; };
//
options {
directory "/var/named";
auth-nxdomain yes;
allow-query { everyone; };
query-source address * port *;
query-source-v6 address * port *;
allow-transfer { localhost; rh-slaves; rh;};
//transfer-source * port 53;
pid-file "/var/run/named/named.pid";
statistics-file "/var/log/named.stats";
provide-ixfr no;
tcp-clients 10000;
version "cowbell++";
listen-on port 53 {
any;
};
listen-on-v6 port 53 {
any;
};
notify yes;
minimal-responses yes;
// rate-limit requests
max-ncache-ttl 3600;
max-cache-size 1024M;
rate-limit {
responses-per-second 50;
window 60;
max-table-size 2000000;
min-table-size 500000;
ipv4-prefix-length 32;
nxdomains-per-second 25;
};
};
//
logging {
channel "normal" {
syslog;
severity info;
print-time yes;
print-category yes;
print-severity yes;
};
category "default" { "normal"; };
category "general" { "normal"; };
category "database" { "null"; };
category "security" { "normal"; };
category "config" { "normal"; };
category "resolver" { "normal"; };
category "xfer-in" { "normal"; };
category "xfer-out" { "normal"; };
category "notify" { "normal"; };
category "client" { "null"; };
category "network" { "null"; };
category "update" { "normal"; };
category "queries" { "null"; };
category "dispatch" { "null"; };
category "dnssec" { "normal"; };
category "lame-servers" { "null"; };
};
//
// Who can rndc our server (only localhost)...
//
controls {
inet 127.0.0.1 port 953 allow { localhost; } keys { rndckey; };
};
view "RDU2" {
match-clients { rdu2net; 192.168.0.0/16; };
allow-recursion { localhost; rdu2net; };
recursion yes;
// no rate-limit on internal requests
rate-limit {
exempt-clients { rdu2net; };
};
# make sure we forward only for redhat.com lookups
zone "redhat.com" {
type forward;
forward only;
forwarders { 10.2.32.1; 10.11.5.19; 10.38.5.26; 10.68.5.26; };
};
zone "projectatomic.io" {
type forward;
forward only;
forwarders { 8.8.8.8; 8.8.4.4; };
};
zone "beaker-project.org" {
type forward;
forward only;
forwarders { 8.8.8.8; 8.8.4.4; };
};
# also, we need to forward some jboss.org for fuse-fabric/bugzilla2fedmsg
zone "jboss.org" {
type forward;
forward only;
forwarders { 8.8.8.8; 8.8.4.4; };
};
# We can't access the internal Zanata servers. Just use external
zone "zanata.org" {
type forward;
forward only;
forwarders { 8.8.8.8; 8.8.4.4; };
};
# We can't access the softwarefactory-project.io. because ns1/ns2 give unroutable ips. Need to use external
zone "softwarefactory-project.io" {
type forward;
forward only;
forwarders { 8.8.8.8; 8.8.4.4; };
};
zone "186.132.209.in-addr.arpa." {
type forward;
forward only;
forwarders { 10.39.144.11; 10.69.144.11; 10.11.191.1; };
};
zone "mgmt.rdu-cc.fedoraproject.org" {
type master;
file "/var/named/master/built/mgmt.rdu-cc.fedoraproject.org";
};
zone "rdu2.fedoraproject.org" {
type master;
file "/var/named/master/built/rdu2.fedoraproject.org";
};
zone "s390.fedoraproject.org" {
type master;
file "/var/named/master/built/s390.fedoraproject.org";
};
zone "0.16.10.in-addr.arpa" {
type master;
file "/var/named/master/built/0.16.10.in-addr.arpa";
};
zone "2.31.172.in-addr.arpa" {
type master;
file "/var/named/master/built/2.31.172.in-addr.arpa";
};
zone "fedoraproject.org" {
type master;
file "/var/named/master/built/NA/fedoraproject.org.signed";
};
zone "cloud.fedoraproject.org" {
type master;
file "/var/named/master/built/NA/cloud.fedoraproject.org.signed";
};
zone "getfedora.org" {
type master;
file "/var/named/master/built/NA/getfedora.org.signed";
};
zone "pagure.io" {
type master;
file "/var/named/master/built/NA/pagure.io";
};
include "/etc/named/zones.conf";
};
view "RDU3" {
match-clients { rdu3net; rh-slaves; 192.168.0.0/16; };
allow-recursion { localhost; rdu3net; rh-slaves; };
recursion yes;
// no rate-limit on internal requests
rate-limit {
exempt-clients { rdu3net; rh-slaves; };
};
# make sure we forward only for redhat.com lookups
zone "redhat.com" {
type forward;
forward only;
forwarders { 10.2.32.1; 10.11.5.19; 10.38.5.26; 10.68.5.26; };
};
zone "projectatomic.io" {
type forward;
forward only;
forwarders { 8.8.8.8; 8.8.4.4; };
};
zone "beaker-project.org" {
type forward;
forward only;
forwarders { 8.8.8.8; 8.8.4.4; };
};
# also, we need to forward some jboss.org for fuse-fabric/bugzilla2fedmsg
zone "jboss.org" {
type forward;
forward only;
forwarders { 8.8.8.8; 8.8.4.4; };
};
# We can't access the internal Zanata servers. Just use external
zone "zanata.org" {
type forward;
forward only;
forwarders { 8.8.8.8; 8.8.4.4; };
};
# We can't access the softwarefactory-project.io. because ns1/ns2 give unroutable ips. Need to use external
zone "softwarefactory-project.io" {
type forward;
forward only;
forwarders { 8.8.8.8; 8.8.4.4; };
};
zone "3.10.in-addr.arpa" {
type forward;
forward only;
forwarders { 10.2.32.1; 10.11.5.19; 10.38.5.26; 10.68.5.26; };
};
zone "4.10.in-addr.arpa" {
type forward;
forward only;
forwarders { 10.2.32.1; 10.11.5.19; 10.38.5.26; 10.68.5.26; };
};
zone "5.10.in-addr.arpa" {
type forward;
forward only;
forwarders { 10.2.32.1; 10.11.5.19; 10.38.5.26; 10.68.5.26; };
};
zone "10.in-addr.arpa" {
type forward;
forward only;
forwarders { 10.2.32.1; 10.11.5.19; 10.38.5.26; 10.68.5.26; };
};
zone "186.132.209.in-addr.arpa." {
type forward;
forward only;
forwarders { 10.39.144.11; 10.69.144.11; 10.11.191.1; };
};
zone "mgmt.rdu3.fedoraproject.org" {
type master;
file "/var/named/master/built/mgmt.rdu3.fedoraproject.org";
};
zone "mgmt.rdu-cc.fedoraproject.org" {
type master;
file "/var/named/master/built/mgmt.rdu-cc.fedoraproject.org";
};
zone "stg.rdu3.fedoraproject.org" {
type master;
file "/var/named/master/built/stg.rdu3.fedoraproject.org";
};
zone "rdu2.fedoraproject.org" {
type master;
file "/var/named/master/built/rdu2.fedoraproject.org";
};
zone "s390.fedoraproject.org" {
type master;
file "/var/named/master/built/s390.fedoraproject.org";
};
zone "0.16.10.in-addr.arpa" {
type master;
file "/var/named/master/built/0.16.10.in-addr.arpa";
};
zone "102.1.10.in-addr.arpa" {
type master;
file "/var/named/master/built/102.1.10.in-addr.arpa";
};
zone "2.31.172.in-addr.arpa" {
type master;
file "/var/named/master/built/2.31.172.in-addr.arpa";
};
zone "160.16.10.in-addr.arpa" {
type master;
file "/var/named/master/built/160.16.10.in-addr.arpa";
};
zone "161.16.10.in-addr.arpa" {
type master;
file "/var/named/master/built/161.16.10.in-addr.arpa";
};
zone "162.16.10.in-addr.arpa" {
type master;
file "/var/named/master/built/162.16.10.in-addr.arpa";
};
zone "163.16.10.in-addr.arpa" {
type master;
file "/var/named/master/built/163.16.10.in-addr.arpa";
};
zone "164.16.10.in-addr.arpa" {
type master;
file "/var/named/master/built/164.16.10.in-addr.arpa";
};
zone "165.16.10.in-addr.arpa" {
type master;
file "/var/named/master/built/165.16.10.in-addr.arpa";
};
zone "166.16.10.in-addr.arpa" {
type master;
file "/var/named/master/built/166.16.10.in-addr.arpa";
};
zone "167.16.10.in-addr.arpa" {
type master;
file "/var/named/master/built/167.16.10.in-addr.arpa";
};
zone "168.16.10.in-addr.arpa" {
type master;
file "/var/named/master/built/168.16.10.in-addr.arpa";
};
zone "169.16.10.in-addr.arpa" {
type master;
file "/var/named/master/built/169.16.10.in-addr.arpa";
};
zone "170.16.10.in-addr.arpa" {
type master;
file "/var/named/master/built/170.16.10.in-addr.arpa";
};
zone "171.16.10.in-addr.arpa" {
type master;
file "/var/named/master/built/171.16.10.in-addr.arpa";
};
zone "172.16.10.in-addr.arpa" {
type master;
file "/var/named/master/built/172.16.10.in-addr.arpa";
};
zone "173.16.10.in-addr.arpa" {
type master;
file "/var/named/master/built/173.16.10.in-addr.arpa";
};
zone "174.16.10.in-addr.arpa" {
type master;
file "/var/named/master/built/174.16.10.in-addr.arpa";
};
zone "175.16.10.in-addr.arpa" {
type master;
file "/var/named/master/built/175.16.10.in-addr.arpa";
};
zone "176.16.10.in-addr.arpa" {
type master;
file "/var/named/master/built/176.16.10.in-addr.arpa";
};
zone "177.16.10.in-addr.arpa" {
type master;
file "/var/named/master/built/177.16.10.in-addr.arpa";
};
zone "178.16.10.in-addr.arpa" {
type master;
file "/var/named/master/built/178.16.10.in-addr.arpa";
};
zone "179.16.10.in-addr.arpa" {
type master;
file "/var/named/master/built/179.16.10.in-addr.arpa";
};
zone "180.16.10.in-addr.arpa" {
type master;
file "/var/named/master/built/180.16.10.in-addr.arpa";
};
zone "fedoraproject.org" {
type master;
file "/var/named/master/built/RDU3/fedoraproject.org.signed";
};
zone "cloud.fedoraproject.org" {
type master;
file "/var/named/master/built/RDU3/cloud.fedoraproject.org.signed";
};
zone "getfedora.org" {
type master;
file "/var/named/master/built/RDU3/getfedora.org.signed";
};
zone "pagure.io" {
type master;
file "/var/named/master/built/RDU3/pagure.io";
};
zone "rdu3.fedoraproject.org" {
type master;
file "/var/named/master/built/rdu3.fedoraproject.org.signed";
};
include "/etc/named/zones.conf";
};
// The zones
view "NA" {
match-clients { US; CA; MX; BM; GL; AG; AI; BS; BZ; CR; CU; DO; GT; HN; HT; JM; KY; NI; PM; PR; SV; TC; VG; VI; };
recursion no;
// no rate-limit on internal requests
rate-limit {
exempt-clients { ns_redhat; };
};
zone "fedoraproject.org" {
type master;
file "/var/named/master/built/NA/fedoraproject.org.signed";
};
zone "cloud.fedoraproject.org" {
type master;
file "/var/named/master/built/NA/cloud.fedoraproject.org.signed";
};
zone "getfedora.org" {
type master;
file "/var/named/master/built/NA/getfedora.org.signed";
};
zone "pagure.io" {
type master;
file "/var/named/master/built/NA/pagure.io";
};
include "/etc/named/zones.conf";
};
// This should have been EME and during the next freeze break should be made as such.
view "EU" {
match-clients { AD; AL; AT; AX; BA; BE; BG; CH; CZ; DE; DK; EE; ES; FI; FO; FR; GB; GG; GI; GR; HR; HU; IE; IM; IS; IT; JE; LI; LT; LU; LV; MC; ME; MK; MT; NL; NO; PL; PT; RO; RS; RU; SE; SI; SJ; SK; SM; UA; VA; AE; AM; AZ; BH; CY; GE; IL; IQ; JO; KW; LB; OM; QA; SA; TR; YE; BY; MD; PS; SY; };
recursion no;
zone "fedoraproject.org" {
type master;
file "/var/named/master/built/EU/fedoraproject.org.signed";
};
zone "cloud.fedoraproject.org" {
type master;
file "/var/named/master/built/EU/cloud.fedoraproject.org.signed";
};
zone "getfedora.org" {
type master;
file "/var/named/master/built/EU/getfedora.org.signed";
};
zone "pagure.io" {
type master;
file "/var/named/master/built/EU/pagure.io";
};
include "/etc/named/zones.conf";
};
view "APAC" {
match-clients { AF; BD; BN; BT; CN; HK; ID; IN; JP; KG; KH; KZ; LA; LK; MM; MN; MO; MV; MY; NP; PH; PK; SG; TH; TJ; TL; TM; UZ; VN; AS; AU; CC; CK; CX; FJ; FM; GU; HM; KI; MH; MP; NC; NF; NR; NU; NZ; PF; PG; PN; PW; SB; TK; TO; TV; UM; VU; WF; WS; IR; KP; KR; TW; };
recursion no;
zone "fedoraproject.org" {
type master;
file "/var/named/master/built/APAC/fedoraproject.org.signed";
};
zone "cloud.fedoraproject.org" {
type master;
file "/var/named/master/built/APAC/cloud.fedoraproject.org.signed";
};
zone "getfedora.org" {
type master;
file "/var/named/master/built/APAC/getfedora.org.signed";
};
zone "pagure.io" {
type master;
file "/var/named/master/built/APAC/pagure.io";
};
include "/etc/named/zones.conf";
};
view "AFR" {
match-clients { AO; BF; BI; BJ; BW; CD; CF; CG; CI; CM; CV; DJ; DZ; EG; ER; ET; GA; GH; GM; GN; GQ; GW; KE; KM; LR; LS; LY; MA; MG; ML; MR; MU; MW; MZ; NA; NE; NG; RW; SC; SD; SL; SN; SO; SS; ST; SZ; TD; TG; TN; TZ; UG; ZA; ZM; ZW; BV; RE; SH; TF; YT; };
recursion no;
zone "fedoraproject.org" {
type master;
file "/var/named/master/built/AFR/fedoraproject.org.signed";
};
zone "cloud.fedoraproject.org" {
type master;
file "/var/named/master/built/AFR/cloud.fedoraproject.org.signed";
};
zone "getfedora.org" {
type master;
file "/var/named/master/built/AFR/getfedora.org.signed";
};
zone "pagure.io" {
type master;
file "/var/named/master/built/AFR/pagure.io";
};
include "/etc/named/zones.conf";
};
view "SA" {
match-clients { AR; BO; BR; CL; CO; EC; GY; PY; PE; SR; UY; VE; FK; GF; AQ; AW; BB; CW; DM; GD; GP; GS; KN; LC; MQ; MS; PA; SX; TT; VC; };
recursion no;
zone "fedoraproject.org" {
type master;
file "/var/named/master/built/SA/fedoraproject.org.signed";
};
zone "cloud.fedoraproject.org" {
type master;
file "/var/named/master/built/SA/cloud.fedoraproject.org.signed";
};
zone "getfedora.org" {
type master;
file "/var/named/master/built/SA/getfedora.org.signed";
};
zone "pagure.io" {
type master;
file "/var/named/master/built/SA/pagure.io";
};
include "/etc/named/zones.conf";
};
view "DEFAULT" {
match-clients { any; };
recursion no;
zone "fedoraproject.org" {
type master;
file "/var/named/master/built/DEFAULT/fedoraproject.org.signed";
};
zone "cloud.fedoraproject.org" {
type master;
file "/var/named/master/built/DEFAULT/cloud.fedoraproject.org.signed";
};
zone "getfedora.org" {
type master;
file "/var/named/master/built/DEFAULT/getfedora.org.signed";
};
zone "pagure.io" {
type master;
file "/var/named/master/built/DEFAULT/pagure.io";
};
include "/etc/named/zones.conf";
};
// Enabling bind9 statistics on localhost for collectd
statistics-channels {
inet 127.0.0.1 port 8053;
};
Reference in New Issue View Git Blame Copy Permalink