dns: different primaries per zone, but common secondaries and config for target setup

7b4ec01c · Adrian Reyer · Leonard Penzer · ffed1ed2 · 7b4ec01c · 7b4ec01c
Commit 7b4ec01c authored 2 months ago by Adrian Reyer Committed by Leonard Penzer 1 month ago
--- a/dns.yml
+++ b/dns.yml
+---
+- hosts: dns_secondary
+  roles:
+    - dns
+- hosts: dns01.freifunk-stuttgart.de,dns02.as208772.net,dns03.freifunk-stuttgart.eu
+  roles:
+    - dns
--- a/group_vars/dns_secondary.yml
+++ b/group_vars/dns_secondary.yml
 ---
-# NOTE: primary zones are configured in host_vars/dns01.freifunk-stuttgart.net/dns_primary.yml
+# NOTE: primary zones are configured in
+# NOTE:   host_vars/dns01.freifunk-stuttgart.de/dns_primary.yml
+# NOTE:   host_vars/dns02.as208772.net/dns_primary.yml
+# NOTE:   host_vars/dns03.freifunk-stuttgart.eu/dns_primary.yml

 # primary servers
 # the key in this dict is referred to by the primaries key in dns_secondary_zones.
 dns_primaries:
-  ffs:
+  ffs_dns01: # dns01.freifunk-stuttgart.de
    ips:
      - 2a0f:d607:e:1::211
      - 91.216.35.211
+    key: gw.freifunk-stuttgart.de
+  ffs_dns02: # dns02.as208772.net
+    ips:
+      - 2001:bf7:b201::14
+      - 77.87.49.14
+  ffs_dns03: # dns03.freifunk-stuttgart.eu
+    ips:
+      - 2a01:4f8:141:4083::201
+      - 78.46.42.84

 dns_secondary_zones:
  # 2001:67c:d78::/48
  8.7.d.0.c.7.6.0.1.0.0.2.ip6.arpa:
-    primary: ffs
+    primary: ffs_dns01
  # 2a0f:d607::/44
  0.0.0.7.0.6.d.f.0.a.2.ip6.arpa:
-    primary: ffs
+    primary: ffs_dns01
  35.216.91.in-addr.arpa:
-    primary: ffs
+    primary: ffs_dns01
  as208772.net:
-    primary: ffs
+    primary: ffs_dns02
  ffno.de:
-    primary: ffs
+    primary: ffs_dns01
  freifunk-beuren.de:
-    primary: ffs
+    primary: ffs_dns01
  freifunk-stuttgart.de:
-    primary: ffs
-  freifunk-stuttgart.eu:
-    primary: ffs
-  freifunk-stuttgart.net:
-    primary: ffs
+    primary: ffs_dns01
  gw.freifunk-stuttgart.de:
-    primary: ffs
+    primary: ffs_dns01
  segassign.freifunk-stuttgart.de:
-    primary: ffs
+    primary: ffs_dns01
  nodes.freifunk-stuttgart.de:
-    primary: ffs
+    primary: ffs_dns01
+  freifunk-stuttgart.net:
+    primary: ffs_dns02
+  gw.freifunk-stuttgart.net:
+    primary: ffs_dns02
+  segassign.freifunk-stuttgart.net:
+    primary: ffs_dns02
+  nodes.freifunk-stuttgart.net:
+    primary: ffs_dns02
+  freifunk-stuttgart.eu:
+    primary: ffs_dns03
+  gw.freifunk-stuttgart.eu:
+    primary: ffs_dns03
+  segassign.freifunk-stuttgart.eu:
+    primary: ffs_dns03
+  nodes.freifunk-stuttgart.eu:
+    primary: ffs_dns03
  stuttgart.freifunk.net:
-    primary: ffs
+    primary: ffs_dns02
+  gw.stuttgart.freifunk.net:
+    primary: ffs_dns02
+  segassign.stuttgart.freifunk.net:
+    primary: ffs_dns02
+  nodes.stuttgart.freifunk.net:
+    primary: ffs_dns02
+
--- a/host_vars/dns01.freifunk-stuttgart.net/dns_primary.yml
+++ b/host_vars/dns01.freifunk-stuttgart.net/dns_primary.yml
@@ -2,15 +2,6 @@
 # NOTE: secondary zones are configured in group_vars/dns_secondary.yml
 # NOTE: TSIG keyfiles are not managed by ansible and need to be placed manually to /etc/bind/named.conf.tsig
 dns_primary_zones:
-  freifunk-beuren.de:
-    tsig_keys:
-      - gw.freifunk-stuttgart.de
-  freifunk-stuttgart.eu:
-    tsig_keys:
-      - gw.freifunk-stuttgart.de
-  as208772.net:
-    tsig_keys:
-      - gw.freifunk-stuttgart.de
  # 2001:67c:d78::/48
  8.7.d.0.c.7.6.0.1.0.0.2.ip6.arpa:
    tsig_keys:
@@ -22,40 +13,22 @@ dns_primary_zones:
  35.216.91.in-addr.arpa:
    tsig_keys:
      - gw.freifunk-stuttgart.de
-  stuttgart.freifunk.net:
+  ffno.de:
+    tsig_keys:
+      - gw.freifunk-stuttgart.de
+  freifunk-beuren.de:
    tsig_keys:
      - gw.freifunk-stuttgart.de
-
-dns_primaries:
-  lihas:
-    ips:
-      - 2a0f:d600::15
-      - 45.150.152.15
-    key: gw.freifunk-stuttgart.de
-  ffs_hetzner:
-    ips:
-      - 2a01:4f8:141:4083::201
-    key: gw.freifunk-stuttgart.de
-  nrb:
-    ips:
-      - 217.160.211.246
-      - 2a02:247a:23d:a800:1::1
-
-dns_secondary_zones:
-  ffno.de:
-    primary: nrb
  freifunk-stuttgart.de:
-    primary: lihas
-    allow_update_forwarding: true
-  freifunk-stuttgart.net:
-    primary: lihas
-    allow_update_forwarding: true
+    tsig_keys:
+      - gw.freifunk-stuttgart.de
  gw.freifunk-stuttgart.de:
-    primary: lihas
-    allow_update_forwarding: true
+    tsig_keys:
+      - gw.freifunk-stuttgart.de
  segassign.freifunk-stuttgart.de:
-    primary: lihas
-    allow_update_forwarding: true
+    tsig_keys:
+      - gw.freifunk-stuttgart.de
  nodes.freifunk-stuttgart.de:
-    primary: lihas
-    allow_update_forwarding: true
+    tsig_keys:
+      - gw.freifunk-stuttgart.de
+
--- a/host_vars/dns02.as208772.net/dns_primary.yml
+++ b/host_vars/dns02.as208772.net/dns_primary.yml
+---
+# NOTE: secondary zones are configured in group_vars/dns_secondary.yml
+# NOTE: TSIG keyfiles are not managed by ansible and need to be placed manually to /etc/bind/named.conf.tsig
+dns_primary_zones:
+  as208772.net:
+    tsig_keys:
+      - gw.freifunk-stuttgart.de
+  freifunk-stuttgart.net:
+    tsig_keys:
+      - gw.freifunk-stuttgart.de
+  gw.freifunk-stuttgart.net:
+    tsig_keys:
+      - gw.freifunk-stuttgart.de
+  segassign.freifunk-stuttgart.net:
+    tsig_keys:
+      - gw.freifunk-stuttgart.de
+  nodes.freifunk-stuttgart.net:
+    tsig_keys:
+      - gw.freifunk-stuttgart.de
+  stuttgart.freifunk.net:
+    tsig_keys:
+      - gw.freifunk-stuttgart.de
+  gw.stuttgart.freifunk.net:
+    tsig_keys:
+      - gw.freifunk-stuttgart.de
+  segassign.stuttgart.freifunk.net:
+    tsig_keys:
+      - gw.freifunk-stuttgart.de
+  nodes.stuttgart.freifunk.net:
+    tsig_keys:
+      - gw.freifunk-stuttgart.de
+
--- a/host_vars/dns03.freifunk-stuttgart.eu/dns_primary.yml
+++ b/host_vars/dns03.freifunk-stuttgart.eu/dns_primary.yml
+---
+# NOTE: secondary zones are configured in group_vars/dns_secondary.yml
+# NOTE: TSIG keyfiles are not managed by ansible and need to be placed manually to /etc/bind/named.conf.tsig
+dns_primary_zones:
+  freifunk-stuttgart.eu:
+    tsig_keys:
+      - gw.freifunk-stuttgart.de
+  gw.freifunk-stuttgart.eu:
+    tsig_keys:
+      - gw.freifunk-stuttgart.de
+  segassign.freifunk-stuttgart.eu:
+    tsig_keys:
+      - gw.freifunk-stuttgart.de
+  nodes.freifunk-stuttgart.eu:
+    tsig_keys:
+      - gw.freifunk-stuttgart.de
+  
--- a/roles/dns/templates/named.conf.secondary.j2
+++ b/roles/dns/templates/named.conf.secondary.j2
@@ -11,6 +11,7 @@ primaries {{ primary_name }} {
 {% endfor %}

 {% for zonename, zone in dns_secondary_zones.items() %}
+{%   if zonename not in dns_primary_zones.keys() %}
 zone "{{ zonename }}" {
 	type secondary;
 	file "{{ dns_secondary_zonefile_dir }}/{{ zonename }}";
@@ -21,4 +22,5 @@ zone "{{ zonename }}" {
 	allow-update-forwarding { any; };
 	{% endif %}
 };
+{%   endif %}
 {% endfor %}