diff --git a/lookup_plugins/ldap.py b/lookup_plugins/ldap.py index 05965e6a..ea46f771 100644 --- a/lookup_plugins/ldap.py +++ b/lookup_plugins/ldap.py @@ -136,6 +136,18 @@ class LookupModule(LookupBase): result = [ip.decode('utf-8') for dn, entry in result[1] for ip in entry['ipHostNumber'] if ipaddress.ip_address(ip.decode('utf-8')) in subnet] return result + def zones_new(self): + search_dn = f'ou=dns,{self.base_dn}' + query_id = self.base.search(search_dn, ldap.SCOPE_SUBTREE, "sOARecord=*") + query_result = self.base.result(query_id) + result = [] + for dn, entry in query_result[1]: + result.append('.'.join([dc[3:] for dc in dn[:-len(search_dn)-1].split(',')])) + return result + + def zones_reverse(self): + return ['76.230.185.in-addr.arpa', '77.230.185.in-addr.arpa', '78.230.185.in-addr.arpa', '79.230.185.in-addr.arpa', '0.0.7.0.c.0.a.2.ip6.arpa'] + def run(self, terms, variables=None, **kwargs): if terms[0] == 'query': result = self.query(*terms[1:]) @@ -192,6 +204,10 @@ class LookupModule(LookupBase): else: res.append(f"{network}.crans.org") result = res + elif terms[0] == 'zones_new': + result = self.zones_new() + elif terms[0] == 'zones_reverse': + result = self.zones_reverse() elif terms[0] == 'vlanid': network = terms[1] query_id = self.base.search(f"cn={network},ou=networks,{self.base_dn}", ldap.SCOPE_BASE, "objectClass=ipNetwork") diff --git a/plays/dns-authoritative.yml b/plays/dns-authoritative.yml index 928a751e..757ad944 100755 --- a/plays/dns-authoritative.yml +++ b/plays/dns-authoritative.yml @@ -8,8 +8,8 @@ bind: masters: "{{ query('ldap', 'role', 'dns-primary') }}" slaves: "{{ query('ldap', 'role', 'dns-secondary') }}" - zones: "{{ (lookup('re2oapi', 'dnszones') + query('ldap', 'zones')) | unique }}" - reverse: "{{ lookup('re2oapi', 'dnsreverse') }}" + zones: "{{ query('ldap', 'zones_new')) }}" + reverse: "{{ lookup('ldap', 'zones_reverse') }}" roles: - bind-authoritative