crans
/
ansible
mirror of http://gitlab.adm.crans.org/nounous/ansible.git
19
0
Fork 0
Code Issues Projects Releases Wiki Activity

[bind authoritative] Revert to debian conf

certbot_on_virtu
Alexandre Iooss 2020-04-25 18:44:25 +02:00 committed by Bombar Maxime
parent 4c660152b5
commit 3ba546a309
2 changed files with 21 additions and 49 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
roles/bind-authoritative/templates/bind/named.conf.local.j2
View File

@ -1,5 +1,9 @@
{{ ansible_header | comment(decoration='// ') }} {{ ansible_header | comment(decoration='// ') }}
// Consider adding the 1918 zones here, if they are not used in your
// organization
//include "/etc/bind/zones.rfc1918";
{% if not bind.master %} {% if not bind.master %}
{% for zone in bind.zones %} {% for zone in bind.zones %}
zone "{{ zone }}" { zone "{{ zone }}" {

34
roles/bind-authoritative/templates/bind/named.conf.options.j2
View File

@ -1,15 +1,5 @@
{{ ansible_header | comment(decoration='// ') }} {{ ansible_header | comment(decoration='// ') }}
// Listes d'acces
acl "isolement" { 10.52.0.0/16; };
acl "accueil" { 10.51.0.0/16; };
acl "switches" { 10.231.100.0/24; };
acl "event" { 10.231.137.0/24; 2a0c:700:0:10::/64; };
acl "fil-new" { 10.54.1.0/24; 10.54.2.0/23; 10.54.4.0/22; 10.54.8.0/21; 10.54.16.0/21; 10.54.24.0/23; 10.54.0.0/24; 2a0c:700:0:21::/64; };
acl "wifi-new" { 10.53.1.0/24; 10.53.2.0/23; 10.53.4.0/22; 10.53.8.0/21; 10.53.16.0/22; 10.53.20.0/24; 10.53.0.0/24; 10.53.21.0/24; 10.53.22.0/23; 10.53.24.0/23; 2a0c:700:0:22::/64; };
acl "crans" { 2a0c:700:0:1::/64; 138.231.137.0/24; 138.231.138.0/23; 138.231.140.0/22; 185.230.77.0/24; 2a0c:700:0:21::/64; 2a0c:700:0:23::/64; 185.230.78.0/24; 185.230.76.0/24; 2a0c:700:0:22::/64; 138.231.136.0/24; };
acl "cransadm" { 2a0c:700:0:2::/64; 10.231.136.0/24; };
acl "bornes" { fd01:240:fe3d:3::/64; 10.231.148.0/24; };
options { options {
directory "/var/cache/bind"; directory "/var/cache/bind";
@ -30,29 +20,7 @@ options {
// If BIND logs error messages about the root key being expired, // If BIND logs error messages about the root key being expired,
// you will need to update your keys. See https://www.isc.org/bind-keys // you will need to update your keys. See https://www.isc.org/bind-keys
//======================================================================== //========================================================================
dnssec-validation auto;
allow-query-cache { 127.0.0.1; crans; cransadm; bornes; };
allow-recursion { 127.0.0.1; crans; cransadm; bornes; };
notify no;
allow-transfer { "none"; };
recursive-clients 5000;
allow-query { any; };
auth-nxdomain no; # conform to RFC1035
listen-on { any; };
listen-on-v6 { any; }; listen-on-v6 { any; };
dnssec-enable no;
dnssec-validation no;
};
logging{
// Remove "REFUSED unexpected RCODE resolving" from the logfile
category lame-servers { null; };
};
// to allow for rndc flush
include "/etc/bind/rndc.key";
controls {
inet 127.0.0.1 allow { 127.0.0.1; } keys { "key"; };
}; };