crans/crans_bcfg2
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

[bind] On génère db.fake sans mentir sur les ip autorisées

Browse source 
Ignore-this: 775c2b6fb0004ac5a91eae977bdc387f

darcs-hash:20130207235911-3a55a-a27bff377befd7c7839f659e286d0686e885724d.gz
This commit is contained in:
Valentin Samir 2013-02-08 00:59:11 +01:00
parent 2c7a3df0c5
commit 0e762fcbde
6 changed files with 37 additions and 26 deletions
Download patch file Download diff file Expand all files Collapse all files

4
Bundler/bind.xml
View file

@ -21,10 +21,10 @@
<Action name="bind-permission"/> <Action name="bind-permission"/>
</Group> </Group>
<Group name="vlan-radin"> <Group name="vlan-radin">
<Path name="/etc/bind/db.fake"/> <Python name="/etc/bind/db.fake"/>
</Group> </Group>
<Group name="vlan-accueil"> <Group name="vlan-accueil">
<Path name="/etc/bind/db.fake"/> <Python name="/etc/bind/db.fake"/>
</Group> </Group>
<Package name="bind9"/> <Package name="bind9"/>
<Service name="bind9"/> <Service name="bind9"/>

14
Cfg/etc/bind/db.fake/db.fake
View file

@ -1,14 +0,0 @@
$TTL 10
@ IN SOA sable.crans.org root.crans.org (
1 ; serial
3600 ; refresh (1hr)
1800 ; retry (30mn)
604800 ; expire (7dy)
1 ; TTL (1s)
)
@ IN NS 10.51.0.10
@ IN A 10.51.0.10
* IN A 10.51.0.10

3
Cfg/etc/bind/db.fake/info.xml
View file

@ -1,3 +0,0 @@
<FileInfo>
<Info owner='root' group='bind' perms='0644'/>
</FileInfo>

32
Python/etc/bind/db.fake Normal file
View file

@ -0,0 +1,32 @@
# -*- mode: python; encoding: utf-8 -*-
info["owner"] = "root"
info["group"] = "bind"
info["perms"] = 0644
import config
comment_start = ";"
header("Zone du dns meuteur pour accueil")
@$TTL 1
@
@@ IN SOA sable.crans.org root.crans.org (
@ 1 ; serial
@ 3600 ; refresh (1hr)
@ 1800 ; retry (30mn)
@ 604800 ; expire (7dy)
@ 1 ; TTL (1s)
@ )
@
@@ IN NS 10.51.0.10
@
@@ IN A 10.51.0.10
@* IN A 10.51.0.10
@org in A 10.51.0.10
@*.org IN A 10.51.0.10
for ip in config.accueil_route.keys():
if 'hosts' in config.accueil_route[ip].keys():
for host in config.accueil_route[ip]['hosts']:
print "%s IN A %s" % (host,ip)

8
Python/etc/bind/named.conf.local
View file

@ -35,13 +35,7 @@ if has("vlan-accueil"):
@view "accueilview" { @view "accueilview" {
@ match-clients { "accueil"; }; @ match-clients { "accueil"; };
@ @
@// On resoud les zones crans @// On ment pour tout sauf quelques ips crans
direct_crans()
@
@// On effectue la resolution inverse pour les ips crans
reverse_crans()
@
@// On ment pour le reste
@ zone "." { @ zone "." {
@ type master; @ type master;
@ file "/etc/bind/db.fake"; @ file "/etc/bind/db.fake";

2
Python/etc/bind/named.conf.options
View file

@ -36,6 +36,8 @@ if has("dns-recursif") or has("dns-forward-only"):
zones.append("radins") zones.append("radins")
if has("vlan-accueil"): if has("vlan-accueil"):
zones.append("accueil") zones.append("accueil")
if has("vlan-isolement"):
zones.append("isolement")
print " allow-query-cache { %s; };" % '; '.join(zones) print " allow-query-cache { %s; };" % '; '.join(zones)
print " allow-recursion { %s; };" % '; '.join(zones) print " allow-recursion { %s; };" % '; '.join(zones)
@ recursive-clients 5000; @ recursive-clients 5000;