From d36e0d5a0a23ea3c2b58f9db5c54b7519154348b Mon Sep 17 00:00:00 2001 From: "Dustin C. Hatch" Date: Sun, 12 Aug 2018 17:19:40 -0500 Subject: [PATCH] pyrocufflink-dns: Split named_zones definition In order to support adding a second DNS server, the BIND zone configuration needs to be partially modularized. While the forwarder definitions for *pyrocufflink.blue*, etc. will remain the same, the *pyrocufflink.red* zone will be different, as it will be a slave zone on the second server. This commit breaks up the definition of the `named_zones` variable into two parts: * `pyrocufflink_red_zones`: This is a list of zone objects for *pyrocufflink.red* and its corresponding reverse zone. On *dns1.pyrocufflink.blue*, these are master zones. On the new server, these will be slaves. * `pyrocufflink_common_zones`: This is a list of zone objects for the zones that are the same on both servers, since they are all forwarding zones. Similarly, the `named_keys` variable only needs to be defined on the master, since DHCP will only send updates there. --- group_vars/pyrocufflink-dns.yml | 25 ++----------------------- host_vars/dns0.pyrocufflink.blue.yml | 24 ++++++++++++++++++++++++ 2 files changed, 26 insertions(+), 23 deletions(-) create mode 100644 host_vars/dns0.pyrocufflink.blue.yml diff --git a/group_vars/pyrocufflink-dns.yml b/group_vars/pyrocufflink-dns.yml index cdde26f..6823091 100644 --- a/group_vars/pyrocufflink-dns.yml +++ b/group_vars/pyrocufflink-dns.yml @@ -8,25 +8,7 @@ named_allow_query: - any named_dnssec_validation: false -named_zones: -- zone: pyrocufflink.red - type: master - default_records: - - name: - value: 172.30.0.4 - - name: - type: AAAA - value: 2605:6000:3ccc:fb00::4:1 - allow_update: - - '{ !{ !172.30.0.1; any; }; key dhcp-ddns; }' - - '{ !{ !localhost; any; }; key local-ddns; }' - ttl: 30 -- zone: 1.31.172.in-addr.arpa - type: master - allow_update: - - '{ !{ !172.30.0.1; any; }; key dhcp-ddns; }' - - '{ !{ !localhost; any; }; key local-ddns; }' - ttl: 30 +pyrocufflink_common_zones: - zone: pyrocufflink.blue type: forward forward: only @@ -64,7 +46,4 @@ named_zones: - fd99:8cd7:6528:fe1e::10:1 - fd99:8cd7:6528:fe1e::9:1 -named_keys: -- name: dhcp-ddns - algorithm: hmac-md5 - secret: +0zVSpY8oFrxl2F1qB8tT2HMgbuD31JurL9w4zilNCg= +named_zones: '{{ pyrocufflink_red_zones + pyrocufflink_common_zones }}' diff --git a/host_vars/dns0.pyrocufflink.blue.yml b/host_vars/dns0.pyrocufflink.blue.yml new file mode 100644 index 0000000..43b3aef --- /dev/null +++ b/host_vars/dns0.pyrocufflink.blue.yml @@ -0,0 +1,24 @@ +pyrocufflink_red_zones: +- zone: pyrocufflink.red + type: master + default_records: + - name: + value: 172.30.0.4 + - name: + type: AAAA + value: 2605:6000:3ccc:fb00::4:1 + allow_update: + - '{ !{ !172.30.0.1; any; }; key dhcp-ddns; }' + - '{ !{ !localhost; any; }; key local-ddns; }' + ttl: 30 +- zone: 1.31.172.in-addr.arpa + type: master + allow_update: + - '{ !{ !172.30.0.1; any; }; key dhcp-ddns; }' + - '{ !{ !localhost; any; }; key local-ddns; }' + ttl: 30 + +named_keys: +- name: dhcp-ddns + algorithm: hmac-md5 + secret: +0zVSpY8oFrxl2F1qB8tT2HMgbuD31JurL9w4zilNCg=