[bind] On génère db.fake sans mentir sur les ip autorisées

Ignore-this: 775c2b6fb0004ac5a91eae977bdc387f darcs-hash:20130207235911-3a55a-a27bff377befd7c7839f659e286d0686e885724d.gz
2013-02-08 00:59:11 +01:00 · 2013-02-08 00:59:11 +01:00 · 0e762fcbde
commit 0e762fcbde
parent 2c7a3df0c5
6 changed files with 37 additions and 26 deletions
--- a/Bundler/bind.xml
+++ b/Bundler/bind.xml
@ -21,10 +21,10 @@
      <Action name="bind-permission"/>
  </Group>
  <Group name="vlan-radin">
-      <Path name="/etc/bind/db.fake"/>
+      <Python name="/etc/bind/db.fake"/>
  </Group>
  <Group name="vlan-accueil">
-      <Path name="/etc/bind/db.fake"/>
+      <Python name="/etc/bind/db.fake"/>
  </Group>
  <Package name="bind9"/>
  <Service name="bind9"/>
--- a/Cfg/etc/bind/db.fake/db.fake
+++ b/Cfg/etc/bind/db.fake/db.fake
@ -1,14 +0,0 @@
-$TTL 10
-
-@ IN SOA sable.crans.org root.crans.org (
-        1 ; serial
-        3600 ; refresh (1hr)
-        1800 ; retry (30mn)
-        604800 ; expire (7dy)
-        1 ; TTL (1s)
-        )
-
-@ IN NS 10.51.0.10
-
-@ IN A 10.51.0.10
-* IN A 10.51.0.10
--- a/Cfg/etc/bind/db.fake/info.xml
+++ b/Cfg/etc/bind/db.fake/info.xml
@ -1,3 +0,0 @@
-<FileInfo>
-    <Info owner='root' group='bind' perms='0644'/>
-</FileInfo>
--- a/Python/etc/bind/db.fake
+++ b/Python/etc/bind/db.fake
@ -0,0 +1,32 @@
+# -*- mode: python; encoding: utf-8 -*-
+
+info["owner"] = "root"
+info["group"] = "bind"
+info["perms"] = 0644
+
+
+import config
+comment_start = ";"
+
+header("Zone du dns meuteur pour accueil")
+
+@$TTL 1
+@
+@@ IN SOA sable.crans.org root.crans.org (
+@        1 ; serial
+@        3600 ; refresh (1hr)
+@        1800 ; retry (30mn)
+@        604800 ; expire (7dy)
+@        1 ; TTL (1s)
+@        )
+@
+@@ IN NS 10.51.0.10
+@
+@@ IN A 10.51.0.10
+@* IN A 10.51.0.10
+@org in A 10.51.0.10
+@*.org IN A 10.51.0.10
+for ip in config.accueil_route.keys():
+    if 'hosts' in config.accueil_route[ip].keys():
+        for host in config.accueil_route[ip]['hosts']:
+            print "%s IN A %s" % (host,ip)
--- a/Python/etc/bind/named.conf.local
+++ b/Python/etc/bind/named.conf.local
@ -35,13 +35,7 @@ if has("vlan-accueil"):
    @view "accueilview" {
    @   match-clients { "accueil"; };
    @    
-    @// On resoud les zones crans
-    direct_crans()
-    @
-    @// On effectue la resolution inverse pour les ips crans
-    reverse_crans()
-    @
-    @// On ment pour le reste
+    @// On ment pour tout sauf quelques ips crans
    @    zone "." {
    @        type master;
    @        file "/etc/bind/db.fake";
--- a/Python/etc/bind/named.conf.options
+++ b/Python/etc/bind/named.conf.options
@ -36,6 +36,8 @@ if has("dns-recursif") or has("dns-forward-only"):
        zones.append("radins")
    if has("vlan-accueil"):
        zones.append("accueil")
+    if has("vlan-isolement"):
+        zones.append("isolement")
    print "    allow-query-cache { %s; };" % '; '.join(zones)
    print "    allow-recursion { %s; };" % '; '.join(zones)
    @    recursive-clients 5000;