diff --git a/dns.yml b/dns.yml
new file mode 100644
index 0000000000000000000000000000000000000000..306708c52950e65bc4a61dd5f7ef6fcad9b9c92b
--- /dev/null
+++ b/dns.yml
@@ -0,0 +1,4 @@
+---
+- hosts: dns_secondary
+ roles:
+ - dns
diff --git a/group_vars/dns_secondary.yml b/group_vars/dns_secondary.yml
index 445c8282e72ad4c8a94aa5829ff9a1647f1c456c..acb2a2451e532260d79d7690c77b0154dee99e92 100644
--- a/group_vars/dns_secondary.yml
+++ b/group_vars/dns_secondary.yml
@@ -1,40 +1,71 @@
---
-# NOTE: primary zones are configured in host_vars/dns01.freifunk-stuttgart.net/dns_primary.yml
+# NOTE: primary zones are configured in
+# NOTE: host_vars/dns01.freifunk-stuttgart.de/dns_primary.yml
+# NOTE: host_vars/dns02.as208772.net/dns_primary.yml
+# NOTE: host_vars/dns03.freifunk-stuttgart.eu/dns_primary.yml
# primary servers
# the key in this dict is referred to by the primaries key in dns_secondary_zones.
dns_primaries:
- ffs:
+ ffs_dns01: # dns01.freifunk-stuttgart.de
ips:
- 2a0f:d607:e:1::211
- 91.216.35.211
+ key: gw.freifunk-stuttgart.de
+ ffs_dns02: # dns02.as208772.net
+ ips:
+ - 2001:bf7:b201::14
+ - 77.87.49.14
+ ffs_dns03: # dns03.freifunk-stuttgart.eu
+ ips:
+ - 2a01:4f8:141:4083::201
+ - 78.46.42.84
dns_secondary_zones:
# 2001:67c:d78::/48
8.7.d.0.c.7.6.0.1.0.0.2.ip6.arpa:
- primary: ffs
+ primary: ffs_dns01
# 2a0f:d607::/44
0.0.0.7.0.6.d.f.0.a.2.ip6.arpa:
- primary: ffs
+ primary: ffs_dns01
35.216.91.in-addr.arpa:
- primary: ffs
+ primary: ffs_dns01
as208772.net:
- primary: ffs
+ primary: ffs_dns02
ffno.de:
- primary: ffs
+ primary: ffs_dns01
freifunk-beuren.de:
- primary: ffs
+ primary: ffs_dns01
freifunk-stuttgart.de:
- primary: ffs
- freifunk-stuttgart.eu:
- primary: ffs
- freifunk-stuttgart.net:
- primary: ffs
+ primary: ffs_dns01
gw.freifunk-stuttgart.de:
- primary: ffs
+ primary: ffs_dns01
segassign.freifunk-stuttgart.de:
- primary: ffs
+ primary: ffs_dns01
nodes.freifunk-stuttgart.de:
- primary: ffs
+ primary: ffs_dns01
+ freifunk-stuttgart.net:
+ primary: ffs_dns02
+ gw.freifunk-stuttgart.net:
+ primary: ffs_dns02
+ segassign.freifunk-stuttgart.net:
+ primary: ffs_dns02
+ nodes.freifunk-stuttgart.net:
+ primary: ffs_dns02
+ freifunk-stuttgart.eu:
+ primary: ffs_dns03
+ gw.freifunk-stuttgart.eu:
+ primary: ffs_dns03
+ segassign.freifunk-stuttgart.eu:
+ primary: ffs_dns03
+ nodes.freifunk-stuttgart.eu:
+ primary: ffs_dns03
stuttgart.freifunk.net:
- primary: ffs
+ primary: ffs_dns02
+ gw.stuttgart.freifunk.net:
+ primary: ffs_dns02
+ segassign.stuttgart.freifunk.net:
+ primary: ffs_dns02
+ nodes.stuttgart.freifunk.net:
+ primary: ffs_dns02
+
diff --git a/host_vars/dns01.freifunk-stuttgart.net/dns_primary.yml b/host_vars/dns01.freifunk-stuttgart.de/dns_primary.yml
similarity index 55%
rename from host_vars/dns01.freifunk-stuttgart.net/dns_primary.yml
rename to host_vars/dns01.freifunk-stuttgart.de/dns_primary.yml
index 02e15067e3d607ae2e04ba0cb391fb7cad5f0deb..77c53671073da8cfedd5545fa4c190c42944c988 100644
--- a/host_vars/dns01.freifunk-stuttgart.net/dns_primary.yml
+++ b/host_vars/dns01.freifunk-stuttgart.de/dns_primary.yml
@@ -2,15 +2,6 @@
# NOTE: secondary zones are configured in group_vars/dns_secondary.yml
# NOTE: TSIG keyfiles are not managed by ansible and need to be placed manually to /etc/bind/named.conf.tsig
dns_primary_zones:
- freifunk-beuren.de:
- tsig_keys:
- - gw.freifunk-stuttgart.de
- freifunk-stuttgart.eu:
- tsig_keys:
- - gw.freifunk-stuttgart.de
- as208772.net:
- tsig_keys:
- - gw.freifunk-stuttgart.de
# 2001:67c:d78::/48
8.7.d.0.c.7.6.0.1.0.0.2.ip6.arpa:
tsig_keys:
@@ -22,40 +13,22 @@ dns_primary_zones:
35.216.91.in-addr.arpa:
tsig_keys:
- gw.freifunk-stuttgart.de
- stuttgart.freifunk.net:
+ ffno.de:
+ tsig_keys:
+ - gw.freifunk-stuttgart.de
+ freifunk-beuren.de:
tsig_keys:
- gw.freifunk-stuttgart.de
-
-dns_primaries:
- lihas:
- ips:
- - 2a0f:d600::15
- - 45.150.152.15
- key: gw.freifunk-stuttgart.de
- ffs_hetzner:
- ips:
- - 2a01:4f8:141:4083::201
- key: gw.freifunk-stuttgart.de
- nrb:
- ips:
- - 217.160.211.246
- - 2a02:247a:23d:a800:1::1
-
-dns_secondary_zones:
- ffno.de:
- primary: nrb
freifunk-stuttgart.de:
- primary: lihas
- allow_update_forwarding: true
- freifunk-stuttgart.net:
- primary: lihas
- allow_update_forwarding: true
+ tsig_keys:
+ - gw.freifunk-stuttgart.de
gw.freifunk-stuttgart.de:
- primary: lihas
- allow_update_forwarding: true
+ tsig_keys:
+ - gw.freifunk-stuttgart.de
segassign.freifunk-stuttgart.de:
- primary: lihas
- allow_update_forwarding: true
+ tsig_keys:
+ - gw.freifunk-stuttgart.de
nodes.freifunk-stuttgart.de:
- primary: lihas
- allow_update_forwarding: true
+ tsig_keys:
+ - gw.freifunk-stuttgart.de
+
diff --git a/host_vars/dns02.as208772.net/dns_primary.yml b/host_vars/dns02.as208772.net/dns_primary.yml
new file mode 100644
index 0000000000000000000000000000000000000000..c4a89931e827b48ebe869b4a82eefca2e7649961
--- /dev/null
+++ b/host_vars/dns02.as208772.net/dns_primary.yml
@@ -0,0 +1,32 @@
+---
+# NOTE: secondary zones are configured in group_vars/dns_secondary.yml
+# NOTE: TSIG keyfiles are not managed by ansible and need to be placed manually to /etc/bind/named.conf.tsig
+dns_primary_zones:
+ as208772.net:
+ tsig_keys:
+ - gw.freifunk-stuttgart.de
+ freifunk-stuttgart.net:
+ tsig_keys:
+ - gw.freifunk-stuttgart.de
+ gw.freifunk-stuttgart.net:
+ tsig_keys:
+ - gw.freifunk-stuttgart.de
+ segassign.freifunk-stuttgart.net:
+ tsig_keys:
+ - gw.freifunk-stuttgart.de
+ nodes.freifunk-stuttgart.net:
+ tsig_keys:
+ - gw.freifunk-stuttgart.de
+ stuttgart.freifunk.net:
+ tsig_keys:
+ - gw.freifunk-stuttgart.de
+ gw.stuttgart.freifunk.net:
+ tsig_keys:
+ - gw.freifunk-stuttgart.de
+ segassign.stuttgart.freifunk.net:
+ tsig_keys:
+ - gw.freifunk-stuttgart.de
+ nodes.stuttgart.freifunk.net:
+ tsig_keys:
+ - gw.freifunk-stuttgart.de
+
diff --git a/host_vars/dns03.freifunk-stuttgart.eu/dns_primary.yml b/host_vars/dns03.freifunk-stuttgart.eu/dns_primary.yml
new file mode 100644
index 0000000000000000000000000000000000000000..aca1fe804dc924fedc94ff9f55eb648810ef8765
--- /dev/null
+++ b/host_vars/dns03.freifunk-stuttgart.eu/dns_primary.yml
@@ -0,0 +1,17 @@
+---
+# NOTE: secondary zones are configured in group_vars/dns_secondary.yml
+# NOTE: TSIG keyfiles are not managed by ansible and need to be placed manually to /etc/bind/named.conf.tsig
+dns_primary_zones:
+ freifunk-stuttgart.eu:
+ tsig_keys:
+ - gw.freifunk-stuttgart.de
+ gw.freifunk-stuttgart.eu:
+ tsig_keys:
+ - gw.freifunk-stuttgart.de
+ segassign.freifunk-stuttgart.eu:
+ tsig_keys:
+ - gw.freifunk-stuttgart.de
+ nodes.freifunk-stuttgart.eu:
+ tsig_keys:
+ - gw.freifunk-stuttgart.de
+
diff --git a/inventory/dns_secondary b/inventory/dns_secondary
new file mode 100644
index 0000000000000000000000000000000000000000..b759c31ed5317dd6602494746c8aeb49c91f6715
--- /dev/null
+++ b/inventory/dns_secondary
@@ -0,0 +1,9 @@
+---
+dns_secondary:
+ hosts:
+ dns01.vm.freifunk-stuttgart.de:
+ ansible_ssh_user: root
+ dns02.vm.freifunk-stuttgart.net:
+ ansible_ssh_user: root
+ dns03.vm.freifunk-stuttgart.eu:
+ ansible_ssh_user: root
diff --git a/roles/dns/templates/named.conf.secondary.j2 b/roles/dns/templates/named.conf.secondary.j2
index dbf274c477292f5cb639f491a62105dee96d355e..3e61496aa519ab5737c256f66b8542c72ecdc9aa 100644
--- a/roles/dns/templates/named.conf.secondary.j2
+++ b/roles/dns/templates/named.conf.secondary.j2
@@ -11,6 +11,7 @@ primaries {{ primary_name }} {
{% endfor %}
{% for zonename, zone in dns_secondary_zones.items() %}
+{% if zonename not in dns_primary_zones.keys() %}
zone "{{ zonename }}" {
type secondary;
file "{{ dns_secondary_zonefile_dir }}/{{ zonename }}";
@@ -21,4 +22,5 @@ zone "{{ zonename }}" {
allow-update-forwarding { any; };
{% endif %}
};
+{% endif %}
{% endfor %}